summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--README.OE-Core.md10
-rwxr-xr-xbitbake/bin/bitbake-worker6
-rw-r--r--bitbake/contrib/hashserv/Dockerfile6
-rw-r--r--bitbake/lib/bb/build.py14
-rw-r--r--bitbake/lib/bb/cooker.py34
-rw-r--r--bitbake/lib/bb/data_smart.py10
-rw-r--r--bitbake/lib/bb/fetch2/__init__.py14
-rw-r--r--bitbake/lib/bb/fetch2/git.py4
-rw-r--r--bitbake/lib/bb/fetch2/npm.py16
-rw-r--r--bitbake/lib/bb/fetch2/perforce.py2
-rw-r--r--bitbake/lib/bb/fetch2/ssh.py2
-rw-r--r--bitbake/lib/bb/fetch2/wget.py2
-rw-r--r--bitbake/lib/bb/process.py2
-rw-r--r--bitbake/lib/bb/runqueue.py34
-rw-r--r--bitbake/lib/bb/server/process.py3
-rw-r--r--bitbake/lib/bb/server/xmlrpcserver.py1
-rw-r--r--bitbake/lib/bb/tests/fetch.py52
-rw-r--r--bitbake/lib/bb/tests/runqueue.py2
-rw-r--r--bitbake/lib/bb/ui/knotty.py11
-rw-r--r--bitbake/lib/bb/utils.py15
-rw-r--r--bitbake/lib/pyinotify.py30
-rw-r--r--bitbake/lib/toaster/orm/fixtures/oe-core.xml28
-rw-r--r--bitbake/lib/toaster/orm/fixtures/poky.xml80
-rw-r--r--bitbake/lib/toaster/orm/fixtures/settings.xml2
-rw-r--r--bitbake/lib/toaster/orm/models.py2
-rw-r--r--bitbake/lib/toaster/toastergui/templates/projectconf.html16
-rw-r--r--documentation/bsp-guide/bsp.rst7
-rw-r--r--documentation/conf.py23
-rw-r--r--documentation/dev-manual/common-tasks.rst2
-rw-r--r--documentation/kernel-dev/common.rst2
-rw-r--r--documentation/migration-guides/migration-3.1.rst5
-rw-r--r--documentation/migration-guides/migration-3.4.rst217
-rw-r--r--documentation/migration-guides/migration-general.rst26
-rw-r--r--documentation/overview-manual/yp-intro.rst4
-rw-r--r--documentation/poky.yaml29
-rw-r--r--documentation/ref-manual/classes.rst37
-rw-r--r--documentation/ref-manual/system-requirements.rst11
-rw-r--r--documentation/ref-manual/tasks.rst16
-rw-r--r--documentation/ref-manual/variables.rst47
-rw-r--r--documentation/releases.rst36
-rw-r--r--documentation/sphinx-static/switchers.js7
-rw-r--r--documentation/test-manual/reproducible-builds.rst12
-rw-r--r--meta-poky/conf/distro/include/gcsections.inc2
-rw-r--r--meta-poky/conf/distro/poky.conf2
-rw-r--r--meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb2
-rw-r--r--meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb.upgraded2
-rw-r--r--meta-selftest/recipes-test/git-submodule-test/git-submodule-test.bb17
-rw-r--r--meta-selftest/recipes-test/gitrepotest/gitrepotest.bb16
-rw-r--r--meta-selftest/recipes-test/gitrepotest/gitrepotest/0001-testpatch.patch9
-rw-r--r--meta-selftest/recipes-test/recipeutils/recipeutils-test_1.2.bb2
-rw-r--r--meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.10.bbappend16
-rw-r--r--meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.14.bbappend8
-rw-r--r--meta/classes/base.bbclass4
-rw-r--r--meta/classes/buildhistory.bbclass51
-rw-r--r--meta/classes/crate-fetch.bbclass24
-rw-r--r--meta/classes/create-spdx.bbclass50
-rw-r--r--meta/classes/cross-canadian.bbclass2
-rw-r--r--meta/classes/cve-check.bbclass4
-rw-r--r--meta/classes/devshell.bbclass2
-rw-r--r--meta/classes/devupstream.bbclass7
-rw-r--r--meta/classes/externalsrc.bbclass19
-rw-r--r--meta/classes/go.bbclass3
-rw-r--r--meta/classes/insane.bbclass30
-rw-r--r--meta/classes/license.bbclass4
-rw-r--r--meta/classes/license_image.bbclass4
-rw-r--r--meta/classes/meson.bbclass23
-rw-r--r--meta/classes/mirrors.bbclass2
-rw-r--r--meta/classes/nativesdk.bbclass2
-rw-r--r--meta/classes/patch.bbclass7
-rw-r--r--meta/classes/populate_sdk_base.bbclass4
-rw-r--r--meta/classes/qemuboot.bbclass4
-rw-r--r--meta/classes/rootfs-postcommands.bbclass28
-rw-r--r--meta/classes/sanity.bbclass7
-rw-r--r--meta/classes/sstate.bbclass34
-rw-r--r--meta/classes/staging.bbclass2
-rw-r--r--meta/classes/testimage.bbclass7
-rw-r--r--meta/classes/toaster.bbclass6
-rw-r--r--meta/classes/uboot-sign.bbclass16
-rw-r--r--meta/classes/uninative.bbclass2
-rw-r--r--meta/conf/bitbake.conf13
-rw-r--r--meta/conf/distro/include/cve-extra-exclusions.inc9
-rw-r--r--meta/conf/distro/include/default-distrovars.inc4
-rw-r--r--meta/conf/distro/include/maintainers.inc3
-rw-r--r--meta/conf/distro/include/yocto-uninative.inc11
-rw-r--r--meta/conf/documentation.conf2
-rw-r--r--meta/conf/machine/include/x86/qemuboot-x86.inc2
-rw-r--r--meta/files/toolchain-shar-relocate.sh2
-rw-r--r--meta/lib/oe/license.py6
-rw-r--r--meta/lib/oe/package_manager/__init__.py2
-rw-r--r--meta/lib/oe/packagedata.py2
-rw-r--r--meta/lib/oe/patch.py21
-rw-r--r--meta/lib/oe/reproducible.py2
-rw-r--r--meta/lib/oe/sdk.py4
-rw-r--r--meta/lib/oe/spdx.py6
-rw-r--r--meta/lib/oeqa/runtime/cases/parselogs.py16
-rw-r--r--meta/lib/oeqa/sdk/buildtools-cases/build.py2
-rw-r--r--meta/lib/oeqa/sdk/buildtools-cases/https.py4
-rw-r--r--meta/lib/oeqa/sdk/cases/buildepoxy.py2
-rw-r--r--meta/lib/oeqa/selftest/cases/bbtests.py31
-rw-r--r--meta/lib/oeqa/selftest/cases/devtool.py17
-rw-r--r--meta/lib/oeqa/selftest/cases/eSDK.py2
-rw-r--r--meta/lib/oeqa/selftest/cases/fetch.py2
-rw-r--r--meta/lib/oeqa/selftest/cases/git.py15
-rw-r--r--meta/lib/oeqa/selftest/cases/recipetool.py8
-rw-r--r--meta/lib/oeqa/selftest/cases/sstatetests.py27
-rw-r--r--meta/lib/oeqa/selftest/context.py2
-rw-r--r--meta/lib/oeqa/utils/dump.py2
-rw-r--r--meta/recipes-bsp/efibootmgr/efibootmgr_17.bb2
-rw-r--r--meta/recipes-bsp/efivar/efivar_37.bb2
-rw-r--r--meta/recipes-bsp/grub/files/CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch49
-rw-r--r--meta/recipes-bsp/grub/grub2.inc3
-rw-r--r--meta/recipes-bsp/opensbi/opensbi_0.9.bb2
-rw-r--r--meta/recipes-bsp/u-boot/libubootenv_0.3.2.bb2
-rw-r--r--meta/recipes-bsp/u-boot/u-boot-common.inc5
-rw-r--r--meta/recipes-connectivity/avahi/files/local-ping.patch1
-rw-r--r--meta/recipes-connectivity/bind/bind-9.16.20/CVE-2021-25219-1.patch76
-rw-r--r--meta/recipes-connectivity/bind/bind-9.16.20/CVE-2021-25219-2.patch65
-rw-r--r--meta/recipes-connectivity/bind/bind_9.16.20.bb2
-rw-r--r--meta/recipes-connectivity/connman/connman-gnome_0.7.bb2
-rw-r--r--meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.15.1.bb2
-rw-r--r--meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb3
-rw-r--r--meta/recipes-connectivity/libuv/libuv_1.42.0.bb2
-rw-r--r--meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb2
-rw-r--r--meta/recipes-connectivity/neard/neard_0.16.bb13
-rw-r--r--meta/recipes-connectivity/openssh/openssh/CVE-2021-41617.patch48
-rw-r--r--meta/recipes-connectivity/openssh/openssh_8.7p1.bb1
-rw-r--r--meta/recipes-connectivity/openssl/openssl/reproducibility.patch22
-rw-r--r--meta/recipes-connectivity/openssl/openssl_1.1.1o.bb (renamed from meta/recipes-connectivity/openssl/openssl_1.1.1l.bb)4
-rw-r--r--meta/recipes-connectivity/socat/socat_1.7.4.1.bb2
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb2
-rw-r--r--meta/recipes-core/busybox/busybox-inittab_1.34.1.bb (renamed from meta/recipes-core/busybox/busybox-inittab_1.34.0.bb)0
-rw-r--r--meta/recipes-core/busybox/busybox.inc2
-rw-r--r--meta/recipes-core/busybox/busybox_1.34.1.bb (renamed from meta/recipes-core/busybox/busybox_1.34.0.bb)2
-rw-r--r--meta/recipes-core/coreutils/coreutils_8.32.bb3
-rw-r--r--meta/recipes-core/dbus-wait/dbus-wait_git.bb2
-rw-r--r--meta/recipes-core/expat/expat_2.4.7.bb (renamed from meta/recipes-core/expat/expat_2.4.1.bb)2
-rw-r--r--meta/recipes-core/fts/fts_1.2.7.bb2
-rw-r--r--meta/recipes-core/glibc/cross-localedef-native_2.34.bb2
-rw-r--r--meta/recipes-core/glibc/glibc/0001-CVE-2021-3998.patch282
-rw-r--r--meta/recipes-core/glibc/glibc/0001-CVE-2021-3999.patch36
-rw-r--r--meta/recipes-core/glibc/glibc/0001-CVE-2022-23218.patch178
-rw-r--r--meta/recipes-core/glibc/glibc/0001-CVE-2022-23219.patch55
-rw-r--r--meta/recipes-core/glibc/glibc/0002-CVE-2021-3998.patch138
-rw-r--r--meta/recipes-core/glibc/glibc/0002-CVE-2021-3999.patch357
-rw-r--r--meta/recipes-core/glibc/glibc/0002-CVE-2022-23218.patch126
-rw-r--r--meta/recipes-core/glibc/glibc/0002-CVE-2022-23219.patch89
-rw-r--r--meta/recipes-core/glibc/glibc/CVE-2021-43396.patch184
-rw-r--r--meta/recipes-core/glibc/glibc_2.34.bb11
-rw-r--r--meta/recipes-core/ifupdown/ifupdown_0.8.36.bb2
-rw-r--r--meta/recipes-core/images/build-appliance-image_15.0.0.bb2
-rwxr-xr-xmeta/recipes-core/initrdscripts/initramfs-framework/finish12
-rw-r--r--meta/recipes-core/initscripts/init-system-helpers_1.60.bb2
-rw-r--r--meta/recipes-core/libxcrypt/libxcrypt.inc2
-rw-r--r--meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch99
-rw-r--r--meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch16
-rw-r--r--meta/recipes-core/libxml/libxml2_2.9.13.bb (renamed from meta/recipes-core/libxml/libxml2_2.9.12.bb)16
-rw-r--r--meta/recipes-core/musl/libucontext_git.bb2
-rw-r--r--meta/recipes-core/musl/musl-obstack.bb2
-rw-r--r--meta/recipes-core/musl/musl-utils.bb2
-rw-r--r--meta/recipes-core/musl/musl_git.bb2
-rw-r--r--meta/recipes-core/ncurses/files/CVE-2021-39537.patch65
-rw-r--r--meta/recipes-core/ncurses/ncurses.inc2
-rw-r--r--meta/recipes-core/ncurses/ncurses_6.2.bb1
-rw-r--r--meta/recipes-core/ovmf/ovmf_git.bb4
-rw-r--r--meta/recipes-core/packagegroups/nativesdk-packagegroup-sdk-host.bb2
-rw-r--r--meta/recipes-core/psplash/psplash_git.bb2
-rw-r--r--meta/recipes-core/systemd/systemd-boot_249.7.bb (renamed from meta/recipes-core/systemd/systemd-boot_249.3.bb)0
-rw-r--r--meta/recipes-core/systemd/systemd.inc4
-rw-r--r--meta/recipes-core/systemd/systemd/0002-don-t-use-glibc-specific-qsort_r.patch2
-rw-r--r--meta/recipes-core/systemd/systemd/0003-missing_type.h-add-__compare_fn_t-and-comparison_fn_.patch2
-rw-r--r--meta/recipes-core/systemd/systemd/0004-add-fallback-parse_printf_format-implementation.patch8
-rw-r--r--meta/recipes-core/systemd/systemd/0005-src-basic-missing.h-check-for-missing-strndupa.patch24
-rw-r--r--meta/recipes-core/systemd/systemd/0006-Include-netinet-if_ether.h.patch15
-rw-r--r--meta/recipes-core/systemd/systemd/0007-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch2
-rw-r--r--meta/recipes-core/systemd/systemd/0008-add-missing-FTW_-macros-for-musl.patch17
-rw-r--r--meta/recipes-core/systemd/systemd/0009-fix-missing-of-__register_atfork-for-non-glibc-build.patch4
-rw-r--r--meta/recipes-core/systemd/systemd/0010-Use-uintmax_t-for-handling-rlim_t.patch6
-rw-r--r--meta/recipes-core/systemd/systemd/0011-test-sizeof.c-Disable-tests-for-missing-typedefs-in-.patch4
-rw-r--r--meta/recipes-core/systemd/systemd/0012-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch2
-rw-r--r--meta/recipes-core/systemd/systemd/0013-Define-glibc-compatible-basename-for-non-glibc-syste.patch2
-rw-r--r--meta/recipes-core/systemd/systemd/0014-Do-not-disable-buffering-when-writing-to-oom_score_a.patch4
-rw-r--r--meta/recipes-core/systemd/systemd/0015-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch2
-rw-r--r--meta/recipes-core/systemd/systemd/0016-Hide-__start_BUS_ERROR_MAP-and-__stop_BUS_ERROR_MAP.patch2
-rw-r--r--meta/recipes-core/systemd/systemd/0017-missing_type.h-add-__compar_d_fn_t-definition.patch2
-rw-r--r--meta/recipes-core/systemd/systemd/0018-avoid-redefinition-of-prctl_mm_map-structure.patch2
-rw-r--r--meta/recipes-core/systemd/systemd/0019-Handle-missing-LOCK_EX.patch2
-rw-r--r--meta/recipes-core/systemd/systemd/0020-Fix-incompatible-pointer-type-struct-sockaddr_un.patch8
-rw-r--r--meta/recipes-core/systemd/systemd/0021-test-json.c-define-M_PIl.patch2
-rw-r--r--meta/recipes-core/systemd/systemd/0022-do-not-disable-buffer-in-writing-files.patch8
-rw-r--r--meta/recipes-core/systemd/systemd/0025-Handle-__cpu_mask-usage.patch4
-rw-r--r--meta/recipes-core/systemd/systemd/0026-Handle-missing-gshadow.patch2
-rw-r--r--meta/recipes-core/systemd/systemd/0028-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch2
-rw-r--r--meta/recipes-core/systemd/systemd_249.7.bb (renamed from meta/recipes-core/systemd/systemd_249.3.bb)4
-rw-r--r--meta/recipes-core/update-rc.d/update-rc.d_0.8.bb2
-rw-r--r--meta/recipes-core/util-linux/util-linux-libuuid_2.37.4.bb (renamed from meta/recipes-core/util-linux/util-linux-libuuid_2.37.2.bb)0
-rw-r--r--meta/recipes-core/util-linux/util-linux.inc2
-rw-r--r--meta/recipes-core/util-linux/util-linux_2.37.4.bb (renamed from meta/recipes-core/util-linux/util-linux_2.37.2.bb)0
-rw-r--r--meta/recipes-core/volatile-binds/files/volatile-binds.service.in2
-rw-r--r--meta/recipes-core/zlib/zlib/CVE-2018-25032.patch347
-rw-r--r--meta/recipes-core/zlib/zlib_1.2.11.bb1
-rw-r--r--meta/recipes-devtools/binutils/binutils-2.37.inc2
-rw-r--r--meta/recipes-devtools/binutils/binutils/0001-CVE-2021-42574.patch2001
-rw-r--r--meta/recipes-devtools/binutils/binutils/161e87d12167b1e36193385485c1f6ce92f74f02.patch247
-rw-r--r--meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb10
-rw-r--r--meta/recipes-devtools/btrfs-tools/btrfs-tools_5.13.1.bb2
-rw-r--r--meta/recipes-devtools/createrepo-c/createrepo-c_0.17.4.bb2
-rw-r--r--meta/recipes-devtools/distcc/distcc_3.4.bb2
-rw-r--r--meta/recipes-devtools/dnf/dnf_4.8.0.bb2
-rw-r--r--meta/recipes-devtools/dpkg/dpkg.inc4
-rw-r--r--meta/recipes-devtools/e2fsprogs/e2fsprogs.inc2
-rw-r--r--meta/recipes-devtools/erofs-utils/erofs-utils_1.3.bb2
-rw-r--r--meta/recipes-devtools/file/file_5.40.bb2
-rw-r--r--meta/recipes-devtools/gcc/gcc-11.2.inc12
-rw-r--r--meta/recipes-devtools/gcc/gcc-target.inc2
-rw-r--r--meta/recipes-devtools/gcc/gcc/0001-CVE-2021-35465.patch138
-rw-r--r--meta/recipes-devtools/gcc/gcc/0001-CVE-2021-42574.patch2282
-rw-r--r--meta/recipes-devtools/gcc/gcc/0001-CVE-2021-46195.patch128
-rw-r--r--meta/recipes-devtools/gcc/gcc/0002-CVE-2021-35465.patch39
-rw-r--r--meta/recipes-devtools/gcc/gcc/0002-CVE-2021-42574.patch1765
-rw-r--r--meta/recipes-devtools/gcc/gcc/0003-CVE-2021-35465.patch103
-rw-r--r--meta/recipes-devtools/gcc/gcc/0003-CVE-2021-42574.patch142
-rw-r--r--meta/recipes-devtools/gcc/gcc/0004-CVE-2021-35465.patch304
-rw-r--r--meta/recipes-devtools/gcc/gcc/0004-CVE-2021-42574.patch573
-rw-r--r--meta/recipes-devtools/glide/glide_0.13.3.bb2
-rw-r--r--meta/recipes-devtools/gnu-config/gnu-config_git.bb2
-rw-r--r--meta/recipes-devtools/go/go-1.16.15.inc (renamed from meta/recipes-devtools/go/go-1.16.7.inc)4
-rw-r--r--meta/recipes-devtools/go/go-binary-native_1.16.15.bb (renamed from meta/recipes-devtools/go/go-binary-native_1.16.7.bb)4
-rw-r--r--meta/recipes-devtools/go/go-cross-canadian_1.16.15.bb (renamed from meta/recipes-devtools/go/go-cross-canadian_1.16.7.bb)0
-rw-r--r--meta/recipes-devtools/go/go-cross_1.16.15.bb (renamed from meta/recipes-devtools/go/go-cross_1.16.7.bb)0
-rw-r--r--meta/recipes-devtools/go/go-crosssdk_1.16.15.bb (renamed from meta/recipes-devtools/go/go-crosssdk_1.16.7.bb)0
-rw-r--r--meta/recipes-devtools/go/go-native_1.16.15.bb (renamed from meta/recipes-devtools/go/go-native_1.16.7.bb)0
-rw-r--r--meta/recipes-devtools/go/go-runtime_1.16.15.bb (renamed from meta/recipes-devtools/go/go-runtime_1.16.7.bb)0
-rw-r--r--meta/recipes-devtools/go/go_1.16.15.bb (renamed from meta/recipes-devtools/go/go_1.16.7.bb)0
-rw-r--r--meta/recipes-devtools/libcomps/libcomps_0.1.17.bb2
-rw-r--r--meta/recipes-devtools/libdnf/libdnf_0.63.1.bb2
-rw-r--r--meta/recipes-devtools/librepo/librepo_1.14.1.bb2
-rw-r--r--meta/recipes-devtools/libtool/libtool-2.4.6.inc27
-rw-r--r--meta/recipes-devtools/libtool/libtool/0001-ltmain.in-Handle-trailing-slashes-on-install-command.patch35
-rw-r--r--meta/recipes-devtools/libtool/libtool/0002-libtool.m4-Rename-the-with-sysroot-option-to-avoid-c.patch (renamed from meta/recipes-devtools/libtool/libtool/rename-with-sysroot.patch)13
-rw-r--r--meta/recipes-devtools/libtool/libtool/0003-ltmain.in-Add-missing-sysroot-to-library-path.patch (renamed from meta/recipes-devtools/libtool/libtool/use-sysroot-in-libpath.patch)10
-rw-r--r--meta/recipes-devtools/libtool/libtool/0004-ltmain.sh-Fix-sysroot-paths-being-encoded-into-RPATH.patch (renamed from meta/recipes-devtools/libtool/libtool/fix-final-rpath.patch)16
-rw-r--r--meta/recipes-devtools/libtool/libtool/0005-ltmain.in-Don-t-encode-RATHS-which-match-default-lin.patch (renamed from meta/recipes-devtools/libtool/libtool/fix-rpath.patch)37
-rw-r--r--meta/recipes-devtools/libtool/libtool/0006-libtool.m4-Handle-as-a-sysroot-correctly.patch (renamed from meta/recipes-devtools/libtool/libtool/fix-resolve-lt-sysroot.patch)18
-rw-r--r--meta/recipes-devtools/libtool/libtool/0007-libtool-Fix-support-for-NIOS2-processor.patch (renamed from meta/recipes-devtools/libtool/libtool/0001-libtool-Fix-support-for-NIOS2-processor.patch)9
-rw-r--r--meta/recipes-devtools/libtool/libtool/0008-libtool-Check-for-static-libs-for-internal-compiler-.patch (renamed from meta/recipes-devtools/libtool/libtool/0001-libtool-Check-for-static-libs-for-internal-compiler-.patch)13
-rw-r--r--meta/recipes-devtools/libtool/libtool/0009-Makefile.am-make-sure-autoheader-run-before-autoconf.patch (renamed from meta/recipes-devtools/libtool/libtool/0001-Makefile.am-make-sure-autoheader-run-before-autoconf.patch)10
-rw-r--r--meta/recipes-devtools/libtool/libtool/0010-Makefile.am-make-sure-autoheader-run-before-automake.patch (renamed from meta/recipes-devtools/libtool/libtool/0001-Makefile.am-make-sure-autoheader-run-before-automake.patch)9
-rw-r--r--meta/recipes-devtools/libtool/libtool/0011-ltmain.in-Handle-prefix-map-compiler-options-correct.patch (renamed from meta/recipes-devtools/libtool/libtool/lto-prefix.patch)6
-rw-r--r--[-rwxr-xr-x]meta/recipes-devtools/libtool/libtool/0012-libtool.m4-For-reproducibility-stop-encoding-hostnam.patch (renamed from meta/recipes-devtools/libtool/libtool/debian-no_hostname.patch)12
-rw-r--r--meta/recipes-devtools/libtool/libtool/ARFLAGS-use-cr-instead-of-cru-by-default.patch133
-rw-r--r--meta/recipes-devtools/libtool/libtool/fixinstall.patch6
-rw-r--r--meta/recipes-devtools/libtool/libtool/libool.m4-add-ARFLAGS-variable.patch77
-rw-r--r--meta/recipes-devtools/libtool/libtool/norm-rpath.patch38
-rw-r--r--meta/recipes-devtools/libtool/libtool/trailingslash.patch35
-rw-r--r--meta/recipes-devtools/llvm/llvm_git.bb2
-rwxr-xr-xmeta/recipes-devtools/meson/meson/meson-setup.py8
-rwxr-xr-xmeta/recipes-devtools/meson/meson/meson-wrapper1
-rw-r--r--meta/recipes-devtools/meson/nativesdk-meson_0.58.1.bb52
-rw-r--r--meta/recipes-devtools/mtd/mtd-utils_git.bb2
-rw-r--r--meta/recipes-devtools/ninja/ninja_1.10.2.bb2
-rw-r--r--meta/recipes-devtools/opkg/opkg_0.4.5.bb2
-rw-r--r--meta/recipes-devtools/patchelf/patchelf_0.13.bb2
-rw-r--r--meta/recipes-devtools/perl/files/perl-rdepends.txt338
-rw-r--r--meta/recipes-devtools/perl/libxml-parser-perl_2.46.bb1
-rw-r--r--meta/recipes-devtools/perl/perl_5.34.0.bb12
-rw-r--r--meta/recipes-devtools/pseudo/pseudo_git.bb2
-rw-r--r--meta/recipes-devtools/python/python3-pyelftools_0.27.bb2
-rw-r--r--meta/recipes-devtools/python/python3-setuptools/0001-_distutils-sysconfig-append-STAGING_LIBDIR-python-sy.patch34
-rw-r--r--meta/recipes-devtools/python/python3-setuptools_57.4.0.bb5
-rw-r--r--meta/recipes-devtools/python/python3/0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch20
-rw-r--r--meta/recipes-devtools/python/python3_3.9.9.bb (renamed from meta/recipes-devtools/python/python3_3.9.6.bb)2
-rw-r--r--meta/recipes-devtools/qemu/qemu.inc8
-rw-r--r--meta/recipes-devtools/quilt/quilt.inc3
-rw-r--r--meta/recipes-devtools/rpm/rpm_4.16.1.3.bb5
-rw-r--r--meta/recipes-devtools/ruby/ruby_3.0.3.bb (renamed from meta/recipes-devtools/ruby/ruby_3.0.2.bb)4
-rw-r--r--meta/recipes-devtools/rust/rust-cross.inc2
-rw-r--r--meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-1.patch135
-rw-r--r--meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-2.patch108
-rw-r--r--meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-3.patch326
-rw-r--r--meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072.patch329
-rw-r--r--meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb6
-rw-r--r--meta/recipes-devtools/strace/strace/0001-Avoid-relying-on-presence-of-ipx.h.patch151
-rwxr-xr-xmeta/recipes-devtools/strace/strace/run-ptest9
-rw-r--r--meta/recipes-devtools/strace/strace_5.14.bb1
-rw-r--r--meta/recipes-devtools/systemd-bootchart/systemd-bootchart_234.bb2
-rw-r--r--meta/recipes-devtools/tcf-agent/tcf-agent_git.bb2
-rw-r--r--meta/recipes-devtools/unfs3/unfs3_git.bb2
-rw-r--r--meta/recipes-example/rust-hello-world/rust-hello-world_git.bb2
-rw-r--r--meta/recipes-extended/asciidoc/asciidoc_9.1.0.bb2
-rw-r--r--meta/recipes-extended/bzip2/bzip2_1.0.8.bb2
-rw-r--r--meta/recipes-extended/cups/cups.inc3
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781.patch236
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/CVE-2021-45949.patch68
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript_9.54.0.bb2
-rw-r--r--meta/recipes-extended/go-examples/go-helloworld_0.1.bb2
-rw-r--r--meta/recipes-extended/iputils/iputils_20210722.bb2
-rw-r--r--meta/recipes-extended/libaio/libaio_0.3.112.bb2
-rw-r--r--meta/recipes-extended/libarchive/libarchive_3.5.3.bb (renamed from meta/recipes-extended/libarchive/libarchive_3.5.1.bb)2
-rw-r--r--meta/recipes-extended/libnsl/libnsl2_git.bb2
-rw-r--r--meta/recipes-extended/libnss-nis/libnss-nis.bb2
-rw-r--r--meta/recipes-extended/libsolv/libsolv_0.7.19.bb2
-rw-r--r--meta/recipes-extended/lighttpd/lighttpd/0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch97
-rw-r--r--meta/recipes-extended/lighttpd/lighttpd_1.4.59.bb1
-rw-r--r--meta/recipes-extended/ltp/ltp_20210524.bb2
-rw-r--r--meta/recipes-extended/mc/files/0001-Ticket-4200-fix-FTBFS-with-ncurses-build-with-disabl.patch87
-rw-r--r--meta/recipes-extended/mc/mc_4.8.27.bb5
-rw-r--r--meta/recipes-extended/net-tools/net-tools_2.10.bb2
-rw-r--r--meta/recipes-extended/newt/libnewt_0.52.21.bb2
-rw-r--r--meta/recipes-extended/pigz/files/0001-Fix-bug-when-combining-l-with-d.patch50
-rw-r--r--meta/recipes-extended/pigz/pigz_2.6.bb3
-rw-r--r--meta/recipes-extended/procps/procps_3.3.17.bb2
-rw-r--r--meta/recipes-extended/psmisc/psmisc_23.4.bb2
-rw-r--r--meta/recipes-extended/rpcsvc-proto/rpcsvc-proto.bb2
-rw-r--r--meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch150
-rw-r--r--meta/recipes-extended/stress-ng/stress-ng/0001-Makefile-do-not-write-the-timestamp-into-compressed-.patch26
-rw-r--r--meta/recipes-extended/stress-ng/stress-ng_0.13.00.bb8
-rw-r--r--meta/recipes-extended/sysklogd/sysklogd_2.2.3.bb2
-rw-r--r--meta/recipes-extended/tar/tar_1.34.bb6
-rw-r--r--meta/recipes-extended/timezone/timezone.inc7
-rw-r--r--meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch67
-rw-r--r--meta/recipes-extended/unzip/unzip_6.0.bb1
-rw-r--r--meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb2
-rw-r--r--meta/recipes-extended/xz/xz/CVE-2022-1271.patch96
-rw-r--r--meta/recipes-extended/xz/xz_5.2.5.bb4
-rw-r--r--meta/recipes-extended/zip/zip-3.0/0001-configure-use-correct-CPP.patch47
-rw-r--r--meta/recipes-extended/zip/zip-3.0/0002-configure-support-PIC-code-build.patch34
-rw-r--r--meta/recipes-extended/zip/zip_3.0.bb2
-rw-r--r--meta/recipes-extended/zstd/zstd_1.5.0.bb2
-rw-r--r--meta/recipes-gnome/epiphany/epiphany_40.6.bb (renamed from meta/recipes-gnome/epiphany/epiphany_40.3.bb)2
-rw-r--r--meta/recipes-gnome/libportal/libportal_0.4.bb2
-rw-r--r--meta/recipes-graphics/drm/libdrm_2.4.109.bb (renamed from meta/recipes-graphics/drm/libdrm_2.4.107.bb)2
-rw-r--r--meta/recipes-graphics/glslang/glslang_11.5.0.bb2
-rw-r--r--meta/recipes-graphics/harfbuzz/harfbuzz_2.9.1.bb (renamed from meta/recipes-graphics/harfbuzz/harfbuzz_2.9.0.bb)2
-rw-r--r--meta/recipes-graphics/igt-gpu-tools/igt-gpu-tools_git.bb2
-rw-r--r--meta/recipes-graphics/libfakekey/libfakekey_git.bb2
-rw-r--r--meta/recipes-graphics/libmatchbox/libmatchbox_1.12.bb2
-rw-r--r--meta/recipes-graphics/libva/libva-utils_2.12.0.bb2
-rw-r--r--meta/recipes-graphics/matchbox-wm/matchbox-wm_1.2.2.bb2
-rw-r--r--meta/recipes-graphics/mesa/files/without-neon.patch53
-rw-r--r--meta/recipes-graphics/mesa/mesa-gl_21.2.4.bb (renamed from meta/recipes-graphics/mesa/mesa-gl_21.2.1.bb)0
-rw-r--r--meta/recipes-graphics/mesa/mesa.inc7
-rw-r--r--meta/recipes-graphics/mesa/mesa_21.2.4.bb (renamed from meta/recipes-graphics/mesa/mesa_21.2.1.bb)0
-rw-r--r--meta/recipes-graphics/spir/spirv-headers_1.5.4.bb2
-rw-r--r--meta/recipes-graphics/spir/spirv-tools_2021.2.bb2
-rw-r--r--meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0135.patch117
-rw-r--r--meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0175.patch107
-rw-r--r--meta/recipes-graphics/virglrenderer/virglrenderer_0.9.1.bb4
-rw-r--r--meta/recipes-graphics/vulkan/vulkan-headers_1.2.182.0.bb2
-rw-r--r--meta/recipes-graphics/vulkan/vulkan-loader_1.2.182.0.bb4
-rw-r--r--meta/recipes-graphics/vulkan/vulkan-samples_git.bb2
-rw-r--r--meta/recipes-graphics/vulkan/vulkan-tools_1.2.182.0.bb2
-rw-r--r--meta/recipes-graphics/waffle/waffle_1.6.1.bb10
-rw-r--r--meta/recipes-graphics/wayland/wayland_1.19.0.bb6
-rw-r--r--meta/recipes-graphics/xinput-calibrator/xinput-calibrator_git.bb2
-rw-r--r--meta/recipes-graphics/xorg-driver/xf86-video-intel_git.bb2
-rw-r--r--meta/recipes-graphics/xorg-lib/libx11-compose-data_1.6.8.bb2
-rw-r--r--meta/recipes-graphics/xorg-lib/libx11_1.7.2.bb2
-rw-r--r--meta/recipes-graphics/xorg-lib/libxshmfence_1.3.bb2
-rw-r--r--meta/recipes-graphics/xorg-xserver/xserver-xorg.inc10
-rw-r--r--meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb (renamed from meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.13.bb)2
-rw-r--r--meta/recipes-kernel/blktrace/blktrace_git.bb2
-rw-r--r--meta/recipes-kernel/cryptodev/cryptodev.inc2
-rw-r--r--meta/recipes-kernel/dtc/dtc.inc2
-rw-r--r--meta/recipes-kernel/dtc/python3-dtschema-wrapper/dt-doc-validate20
-rw-r--r--meta/recipes-kernel/dtc/python3-dtschema-wrapper/dt-mk-schema20
-rw-r--r--meta/recipes-kernel/dtc/python3-dtschema-wrapper/dt-validate20
-rw-r--r--meta/recipes-kernel/dtc/python3-dtschema-wrapper_2021.10.bb17
-rw-r--r--meta/recipes-kernel/kern-tools/kern-tools-native_git.bb7
-rw-r--r--meta/recipes-kernel/kmod/depmodwrapper-cross_1.0.bb4
-rw-r--r--meta/recipes-kernel/kmod/kmod.inc2
-rw-r--r--meta/recipes-kernel/linux-firmware/linux-firmware_20220509.bb (renamed from meta/recipes-kernel/linux-firmware/linux-firmware_20210818.bb)11
-rw-r--r--meta/recipes-kernel/linux/kernel-devsrc.bb14
-rw-r--r--meta/recipes-kernel/linux/linux-yocto-dev.bb1
-rw-r--r--meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb6
-rw-r--r--meta/recipes-kernel/linux/linux-yocto-rt_5.14.bb6
-rw-r--r--meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb8
-rw-r--r--meta/recipes-kernel/linux/linux-yocto-tiny_5.14.bb8
-rw-r--r--meta/recipes-kernel/linux/linux-yocto_5.10.bb29
-rw-r--r--meta/recipes-kernel/linux/linux-yocto_5.14.bb28
-rw-r--r--meta/recipes-kernel/lttng/lttng-modules/0001-Fix-compaction-migratepages-event-name.patch37
-rw-r--r--meta/recipes-kernel/lttng/lttng-modules/0001-fix-cpu-hotplug-Remove-deprecated-CPU-hotplug-functi.patch394
-rw-r--r--meta/recipes-kernel/lttng/lttng-modules/0002-Fix-tracepoint-event-allow-same-provider-and-event-n.patch48
-rw-r--r--meta/recipes-kernel/lttng/lttng-modules/0002-fix-Revert-Makefile-Enable-Wimplicit-fallthrough-for.patch829
-rw-r--r--meta/recipes-kernel/lttng/lttng-modules/0003-fix-sched-tracing-Don-t-re-read-p-state-when-emittin.patch183
-rw-r--r--meta/recipes-kernel/lttng/lttng-modules/0004-fix-block-remove-genhd.h-v5.18.patch45
-rw-r--r--meta/recipes-kernel/lttng/lttng-modules/0005-fix-scsi-block-Remove-REQ_OP_WRITE_SAME-support-v5.1.patch79
-rw-r--r--meta/recipes-kernel/lttng/lttng-modules/0006-fix-random-remove-unused-tracepoints-v5.18.patch47
-rw-r--r--meta/recipes-kernel/lttng/lttng-modules/0007-fix-kprobes-Use-rethook-for-kretprobe-if-possible-v5.patch72
-rw-r--r--meta/recipes-kernel/lttng/lttng-modules/0008-fix-scsi-core-Remove-scsi-scsi_request.h-v5.18.patch44
-rw-r--r--meta/recipes-kernel/lttng/lttng-modules/0009-Rename-genhd-wrapper-to-blkdev.patch76
-rw-r--r--meta/recipes-kernel/lttng/lttng-modules/0010-fix-mm-compaction-cleanup-the-compaction-trace-event.patch106
-rw-r--r--meta/recipes-kernel/lttng/lttng-modules_2.13.3.bb (renamed from meta/recipes-kernel/lttng/lttng-modules_2.13.0.bb)15
-rw-r--r--meta/recipes-kernel/lttng/lttng-tools/0001-Fix-Tests-race-condition-in-test_event_tracker.patch221
-rw-r--r--meta/recipes-kernel/lttng/lttng-tools/0001-tests-wait-some-more-before-analysing-traces-or-star.patch88
-rw-r--r--meta/recipes-kernel/lttng/lttng-tools/0002-Fix-Tests-race-condition-in-test_ns_contexts_change.patch46
-rw-r--r--meta/recipes-kernel/lttng/lttng-tools_2.13.0.bb3
-rwxr-xr-xmeta/recipes-kernel/perf/perf/sort-pmuevents.py28
-rw-r--r--meta/recipes-kernel/powertop/powertop_2.14.bb2
-rw-r--r--meta/recipes-kernel/systemtap/systemtap_git.inc2
-rw-r--r--meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.04.08.bb (renamed from meta/recipes-kernel/wireless-regdb/wireless-regdb_2021.07.14.bb)2
-rw-r--r--meta/recipes-multimedia/alsa/alsa-tools_1.2.5.bb1
-rw-r--r--meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch67
-rw-r--r--meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb3
-rw-r--r--meta/recipes-multimedia/gstreamer/gst-devtools_1.18.6.bb (renamed from meta/recipes-multimedia/gstreamer/gst-devtools_1.18.4.bb)2
-rw-r--r--meta/recipes-multimedia/gstreamer/gst-examples_1.18.6.bb (renamed from meta/recipes-multimedia/gstreamer/gst-examples_1.18.4.bb)2
-rw-r--r--meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.18.6.bb (renamed from meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.18.4.bb)2
-rw-r--r--meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.18.6.bb (renamed from meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.18.4.bb)2
-rw-r--r--meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.18.6.bb (renamed from meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.18.4.bb)2
-rw-r--r--meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/4ef5c91697a141fea7317aff7f0f28e5a861db99.patch50
-rw-r--r--meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.18.6.bb (renamed from meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.18.4.bb)3
-rw-r--r--meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0002-rtpjitterbuffer-Fix-parsing-of-the-mediaclk-direct-f.patch33
-rw-r--r--meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0003-Remove-volatile-from-static-vars-to-fix-build-with-g.patch100
-rw-r--r--meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.18.6.bb (renamed from meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.18.4.bb)4
-rw-r--r--meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.18.6.bb (renamed from meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.18.4.bb)2
-rw-r--r--meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.18.6.bb (renamed from meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.18.4.bb)2
-rw-r--r--meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.18.6.bb (renamed from meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.18.4.bb)2
-rw-r--r--meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.18.6.bb (renamed from meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.18.4.bb)2
-rw-r--r--meta/recipes-multimedia/gstreamer/gstreamer1.0/0002-Remove-unused-valgrind-detection.patch14
-rw-r--r--meta/recipes-multimedia/gstreamer/gstreamer1.0_1.18.6.bb (renamed from meta/recipes-multimedia/gstreamer/gstreamer1.0_1.18.4.bb)2
-rw-r--r--meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-4156.patch32
-rw-r--r--meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb1
-rw-r--r--meta/recipes-multimedia/libtiff/tiff/0001-tif_jbig.c-fix-crash-when-reading-a-file-with-multip.patch38
-rw-r--r--meta/recipes-multimedia/libtiff/tiff/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch43
-rw-r--r--meta/recipes-multimedia/libtiff/tiff/0002-tiffcrop-fix-issue-380-and-382-heap-buffer-overflow-.patch219
-rw-r--r--meta/recipes-multimedia/libtiff/tiff/0003-add-checks-for-return-value-of-limitMalloc-392.patch93
-rw-r--r--meta/recipes-multimedia/libtiff/tiff/0004-TIFFFetchNormalTag-avoid-calling-memcpy-with-a-null-.patch33
-rw-r--r--meta/recipes-multimedia/libtiff/tiff/0005-fix-the-FPE-in-tiffcrop-393.patch36
-rw-r--r--meta/recipes-multimedia/libtiff/tiff/0006-fix-heap-buffer-overflow-in-tiffcp-278.patch57
-rw-r--r--meta/recipes-multimedia/libtiff/tiff/561599c99f987dc32ae110370cfdd7df7975586b.patch30
-rw-r--r--meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch32
-rw-r--r--meta/recipes-multimedia/libtiff/tiff_4.3.0.bb12
-rw-r--r--meta/recipes-multimedia/speex/speex/CVE-2020-23903.patch30
-rw-r--r--meta/recipes-multimedia/speex/speex_1.2.0.bb4
-rw-r--r--meta/recipes-multimedia/x264/x264_git.bb2
-rw-r--r--meta/recipes-sato/images/core-image-sato-sdk.bb3
-rw-r--r--meta/recipes-sato/l3afpad/l3afpad_git.bb2
-rw-r--r--meta/recipes-sato/matchbox-config-gtk/matchbox-config-gtk_0.2.bb2
-rw-r--r--meta/recipes-sato/matchbox-desktop/matchbox-desktop_2.2.bb2
-rw-r--r--meta/recipes-sato/matchbox-panel-2/matchbox-panel-2_2.11.bb2
-rw-r--r--meta/recipes-sato/matchbox-terminal/matchbox-terminal_0.2.bb2
-rw-r--r--meta/recipes-sato/matchbox-theme-sato/matchbox-theme-sato_0.2.bb2
-rw-r--r--meta/recipes-sato/sato-screenshot/sato-screenshot_0.3.bb2
-rw-r--r--meta/recipes-sato/settings-daemon/settings-daemon_0.0.2.bb2
-rw-r--r--meta/recipes-sato/webkit/webkitgtk/0001-Enable-THREADS_PREFER_PTHREAD_FLAG.patch2
-rw-r--r--meta/recipes-sato/webkit/webkitgtk/reproducibility.patch22
-rw-r--r--meta/recipes-sato/webkit/webkitgtk_2.32.4.bb (renamed from meta/recipes-sato/webkit/webkitgtk_2.32.3.bb)3
-rw-r--r--meta/recipes-support/bmap-tools/bmap-tools_3.6.bb2
-rw-r--r--meta/recipes-support/boost/boost-build-native_4.4.1.bb2
-rw-r--r--meta/recipes-support/boost/boost/0001-BoostConfig.cmake-allow-searching-for-python310.patch50
-rw-r--r--meta/recipes-support/boost/boost/0002-math-allow-definition-of-boost_math_no_atomic_int-on-the-command-line.patch53
-rw-r--r--meta/recipes-support/boost/boost/0003-math-make-no-atomics-a-soft-failure-in-bernoulli_details_hpp.patch151
-rw-r--r--meta/recipes-support/boost/boost_1.77.0.bb3
-rw-r--r--meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch80
-rw-r--r--meta/recipes-support/ca-certificates/ca-certificates/sbindir.patch26
-rw-r--r--meta/recipes-support/ca-certificates/ca-certificates/update-ca-certificates-support-Toybox.patch33
-rw-r--r--meta/recipes-support/ca-certificates/ca-certificates_20211016.bb (renamed from meta/recipes-support/ca-certificates/ca-certificates_20210119.bb)7
-rw-r--r--meta/recipes-support/curl/curl/cve-2021-22945.patch34
-rw-r--r--meta/recipes-support/curl/curl/cve-2021-22946.patch332
-rw-r--r--meta/recipes-support/curl/curl/cve-2021-22947.patch355
-rw-r--r--meta/recipes-support/curl/curl_7.78.0.bb3
-rw-r--r--meta/recipes-support/dos2unix/dos2unix_7.4.2.bb2
-rw-r--r--meta/recipes-support/gmp/gmp/cve-2021-43618.patch27
-rw-r--r--meta/recipes-support/gmp/gmp_6.2.1.bb9
-rw-r--r--meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing_2021.1.bb2
-rw-r--r--meta/recipes-support/icu/icu_69.1.bb2
-rw-r--r--meta/recipes-support/libgit2/libgit2_1.1.1.bb2
-rw-r--r--meta/recipes-support/libjitterentropy/libjitterentropy_3.1.0.bb2
-rw-r--r--meta/recipes-support/libpcre/libpcre2_10.37.bb4
-rw-r--r--meta/recipes-support/libpcre/libpcre_8.45.bb2
-rw-r--r--meta/recipes-support/libseccomp/libseccomp_2.5.1.bb2
-rw-r--r--meta/recipes-support/libunistring/libunistring_0.9.10.bb1
-rw-r--r--meta/recipes-support/libusb/libusb1_1.0.24.bb6
-rw-r--r--meta/recipes-support/lz4/lz4_1.9.3.bb2
-rw-r--r--meta/recipes-support/numactl/numactl_git.bb2
-rw-r--r--meta/recipes-support/p11-kit/p11-kit_0.24.0.bb2
-rw-r--r--meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb2
-rw-r--r--meta/recipes-support/rng-tools/rng-tools_6.14.bb2
-rw-r--r--meta/recipes-support/shared-mime-info/shared-mime-info_git.bb2
-rw-r--r--meta/recipes-support/vim/files/0001-src-Makefile-improve-reproducibility.patch13
-rw-r--r--meta/recipes-support/vim/files/CVE-2021-3778.patch46
-rw-r--r--meta/recipes-support/vim/files/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch207
-rw-r--r--meta/recipes-support/vim/files/disable_acl_header_check.patch15
-rw-r--r--meta/recipes-support/vim/files/no-path-adjust.patch8
-rw-r--r--meta/recipes-support/vim/files/racefix.patch6
-rw-r--r--meta/recipes-support/vim/files/vim-add-knob-whether-elf.h-are-checked.patch13
-rw-r--r--meta/recipes-support/vim/vim.inc13
-rw-r--r--meta/recipes-support/xxhash/xxhash_0.8.0.bb2
-rwxr-xr-xscripts/buildhistory-diff5
-rwxr-xr-xscripts/contrib/convert-srcuri.py77
-rwxr-xr-xscripts/git26
-rw-r--r--scripts/lib/checklayer/cases/common.py2
-rw-r--r--scripts/lib/devtool/deploy.py2
-rw-r--r--scripts/lib/devtool/upgrade.py15
-rw-r--r--scripts/lib/recipetool/create.py16
-rw-r--r--scripts/lib/recipetool/create_buildsys.py3
-rw-r--r--scripts/lib/scriptutils.py7
-rw-r--r--scripts/lib/wic/engine.py6
-rw-r--r--scripts/lib/wic/help.py4
-rw-r--r--scripts/lib/wic/misc.py4
-rw-r--r--scripts/lib/wic/pluginbase.py8
-rw-r--r--scripts/lib/wic/plugins/imager/direct.py2
-rw-r--r--scripts/lib/wic/plugins/source/rootfs.py5
-rwxr-xr-xscripts/oe-pkgdata-browser8
-rwxr-xr-xscripts/oe-pkgdata-util2
-rwxr-xr-xscripts/runqemu5
-rwxr-xr-xscripts/runqemu-ifdown1
-rwxr-xr-xscripts/wic7
-rwxr-xr-xscripts/yocto-check-layer13
508 files changed, 17591 insertions, 3027 deletions
diff --git a/README.OE-Core.md b/README.OE-Core.md
index 521916cd4f..2f2127fb03 100644
--- a/README.OE-Core.md
+++ b/README.OE-Core.md
@@ -6,24 +6,24 @@ of OpenEmbedded. It is distro-less (can build a functional image with
DISTRO = "nodistro") and contains only emulated machine support.
For information about OpenEmbedded, see the OpenEmbedded website:
- http://www.openembedded.org/
+ https://www.openembedded.org/
The Yocto Project has extensive documentation about OE including a reference manual
which can be found at:
- http://yoctoproject.org/documentation
+ https://docs.yoctoproject.org/
Contributing
------------
Please refer to
-http://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded
+https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded
for guidelines on how to submit patches.
Mailing list:
- http://lists.openembedded.org/mailman/listinfo/openembedded-core
+ https://lists.openembedded.org/g/openembedded-core
Source code:
- http://git.openembedded.org/openembedded-core/
+ https://git.openembedded.org/openembedded-core/
diff --git a/bitbake/bin/bitbake-worker b/bitbake/bin/bitbake-worker
index 6a12e1fed2..7fde688764 100755
--- a/bitbake/bin/bitbake-worker
+++ b/bitbake/bin/bitbake-worker
@@ -417,7 +417,11 @@ class BitbakeWorker(object):
if self.queue.startswith(b"<" + item + b">"):
index = self.queue.find(b"</" + item + b">")
while index != -1:
- func(self.queue[(len(item) + 2):index])
+ try:
+ func(self.queue[(len(item) + 2):index])
+ except pickle.UnpicklingError:
+ workerlog_write("Unable to unpickle data: %s\n" % ":".join("{:02x}".format(c) for c in self.queue))
+ raise
self.queue = self.queue[(index + len(item) + 3):]
index = self.queue.find(b"</" + item + b">")
diff --git a/bitbake/contrib/hashserv/Dockerfile b/bitbake/contrib/hashserv/Dockerfile
index d6fc728f37..74b4a3be1d 100644
--- a/bitbake/contrib/hashserv/Dockerfile
+++ b/bitbake/contrib/hashserv/Dockerfile
@@ -1,7 +1,7 @@
# SPDX-License-Identifier: MIT
#
# Copyright (c) 2021 Joshua Watt <JPEWhacker@gmail.com>
-#
+#
# Dockerfile to build a bitbake hash equivalence server container
#
# From the root of the bitbake repository, run:
@@ -15,5 +15,9 @@ RUN apk add --no-cache python3
COPY bin/bitbake-hashserv /opt/bbhashserv/bin/
COPY lib/hashserv /opt/bbhashserv/lib/hashserv/
+COPY lib/bb /opt/bbhashserv/lib/bb/
+COPY lib/codegen.py /opt/bbhashserv/lib/codegen.py
+COPY lib/ply /opt/bbhashserv/lib/ply/
+COPY lib/bs4 /opt/bbhashserv/lib/bs4/
ENTRYPOINT ["/opt/bbhashserv/bin/bitbake-hashserv"]
diff --git a/bitbake/lib/bb/build.py b/bitbake/lib/bb/build.py
index 7e4ab9f64c..44d1d9d981 100644
--- a/bitbake/lib/bb/build.py
+++ b/bitbake/lib/bb/build.py
@@ -715,19 +715,23 @@ def _exec_task(fn, task, d, quieterr):
logger.debug2("Zero size logfn %s, removing", logfn)
bb.utils.remove(logfn)
bb.utils.remove(loglink)
- except bb.BBHandledException:
- event.fire(TaskFailed(task, fn, logfn, localdata, True), localdata)
- return 1
except (Exception, SystemExit) as exc:
+ handled = False
+ if isinstance(exc, bb.BBHandledException):
+ handled = True
+
if quieterr:
+ if not handled:
+ logger.warning(repr(exc))
event.fire(TaskFailedSilent(task, fn, logfn, localdata), localdata)
else:
errprinted = errchk.triggered
# If the output is already on stdout, we've printed the information in the
# logs once already so don't duplicate
- if verboseStdoutLogging:
+ if verboseStdoutLogging or handled:
errprinted = True
- logger.error(repr(exc))
+ if not handled:
+ logger.error(repr(exc))
event.fire(TaskFailed(task, fn, logfn, localdata, errprinted), localdata)
return 1
diff --git a/bitbake/lib/bb/cooker.py b/bitbake/lib/bb/cooker.py
index af794b4c42..288d73fd92 100644
--- a/bitbake/lib/bb/cooker.py
+++ b/bitbake/lib/bb/cooker.py
@@ -388,12 +388,22 @@ class BBCooker:
# Create a new hash server bound to a unix domain socket
if not self.hashserv:
dbfile = (self.data.getVar("PERSISTENT_DIR") or self.data.getVar("CACHE")) + "/hashserv.db"
+ upstream = self.data.getVar("BB_HASHSERVE_UPSTREAM") or None
+ if upstream:
+ import socket
+ try:
+ sock = socket.create_connection(upstream.split(":"), 5)
+ sock.close()
+ except socket.error as e:
+ bb.warn("BB_HASHSERVE_UPSTREAM is not valid, unable to connect hash equivalence server at '%s': %s"
+ % (upstream, repr(e)))
+
self.hashservaddr = "unix://%s/hashserve.sock" % self.data.getVar("TOPDIR")
self.hashserv = hashserv.create_server(
self.hashservaddr,
dbfile,
sync=False,
- upstream=self.data.getVar("BB_HASHSERVE_UPSTREAM") or None,
+ upstream=upstream,
)
self.hashserv.serve_as_process()
self.data.setVar("BB_HASHSERVE", self.hashservaddr)
@@ -804,7 +814,9 @@ class BBCooker:
for dep in rq.rqdata.runtaskentries[tid].depends:
(depmc, depfn, _, deptaskfn) = bb.runqueue.split_tid_mcfn(dep)
deppn = self.recipecaches[depmc].pkg_fn[deptaskfn]
- depend_tree["tdepends"][dotname].append("%s.%s" % (deppn, bb.runqueue.taskname_from_tid(dep)))
+ if depmc:
+ depmc = "mc:" + depmc + ":"
+ depend_tree["tdepends"][dotname].append("%s%s.%s" % (depmc, deppn, bb.runqueue.taskname_from_tid(dep)))
if taskfn not in seen_fns:
seen_fns.append(taskfn)
packages = []
@@ -2155,6 +2167,8 @@ class CookerParser(object):
self.total)
bb.event.fire(event, self.cfgdata)
+ else:
+ bb.error("Parsing halted due to errors")
for process in self.processes:
self.parser_quit.put(None)
@@ -2208,21 +2222,33 @@ class CookerParser(object):
yield not cached, mc, infos
def parse_generator(self):
- while True:
+ empty = False
+ while self.processes or not empty:
+ for process in self.processes.copy():
+ if not process.is_alive():
+ process.join()
+ self.processes.remove(process)
+
if self.parsed >= self.toparse:
break
try:
result = self.result_queue.get(timeout=0.25)
except queue.Empty:
+ empty = True
pass
else:
+ empty = False
value = result[1]
if isinstance(value, BaseException):
raise value
else:
yield result
+ if not (self.parsed >= self.toparse):
+ raise bb.parse.ParseError("Not all recipes parsed, parser thread killed/died? Exiting.", None)
+
+
def parse_next(self):
result = []
parsed = None
@@ -2233,7 +2259,7 @@ class CookerParser(object):
return False
except bb.BBHandledException as exc:
self.error += 1
- logger.error('Failed to parse recipe: %s' % exc.recipe)
+ logger.debug('Failed to parse recipe: %s' % exc.recipe)
self.shutdown(clean=False, force=True)
return False
except ParsingFailure as exc:
diff --git a/bitbake/lib/bb/data_smart.py b/bitbake/lib/bb/data_smart.py
index 8d235da121..e960327871 100644
--- a/bitbake/lib/bb/data_smart.py
+++ b/bitbake/lib/bb/data_smart.py
@@ -492,12 +492,12 @@ class DataSmart(MutableMapping):
def setVar(self, var, value, **loginfo):
#print("var=" + str(var) + " val=" + str(value))
- if "_append" in var or "_prepend" in var or "_remove" in var:
+ if not var.startswith("__anon_") and ("_append" in var or "_prepend" in var or "_remove" in var):
info = "%s" % var
- if "filename" in loginfo:
- info += " file: %s" % loginfo[filename]
- if "lineno" in loginfo:
- info += " line: %s" % loginfo[lineno]
+ if "file" in loginfo:
+ info += " file: %s" % loginfo["file"]
+ if "line" in loginfo:
+ info += " line: %s" % loginfo["line"]
bb.fatal("Variable %s contains an operation using the old override syntax. Please convert this layer/metadata before attempting to use with a newer bitbake." % info)
self.expand_cache = {}
diff --git a/bitbake/lib/bb/fetch2/__init__.py b/bitbake/lib/bb/fetch2/__init__.py
index 259b2637a6..25179bc2e6 100644
--- a/bitbake/lib/bb/fetch2/__init__.py
+++ b/bitbake/lib/bb/fetch2/__init__.py
@@ -430,6 +430,7 @@ def uri_replace(ud, uri_find, uri_replace, replacements, d, mirrortarball=None):
uri_replace_decoded = list(decodeurl(uri_replace))
logger.debug2("For url %s comparing %s to %s" % (uri_decoded, uri_find_decoded, uri_replace_decoded))
result_decoded = ['', '', '', '', '', {}]
+ # 0 - type, 1 - host, 2 - path, 3 - user, 4- pswd, 5 - params
for loc, i in enumerate(uri_find_decoded):
result_decoded[loc] = uri_decoded[loc]
regexp = i
@@ -449,6 +450,9 @@ def uri_replace(ud, uri_find, uri_replace, replacements, d, mirrortarball=None):
for l in replacements:
uri_replace_decoded[loc][k] = uri_replace_decoded[loc][k].replace(l, replacements[l])
result_decoded[loc][k] = uri_replace_decoded[loc][k]
+ elif (loc == 3 or loc == 4) and uri_replace_decoded[loc]:
+ # User/password in the replacement is just a straight replacement
+ result_decoded[loc] = uri_replace_decoded[loc]
elif (re.match(regexp, uri_decoded[loc])):
if not uri_replace_decoded[loc]:
result_decoded[loc] = ""
@@ -466,9 +470,13 @@ def uri_replace(ud, uri_find, uri_replace, replacements, d, mirrortarball=None):
# Kill parameters, they make no sense for mirror tarballs
uri_decoded[5] = {}
elif ud.localpath and ud.method.supports_checksum(ud):
- basename = os.path.basename(uri_decoded[loc])
- if basename and not result_decoded[loc].endswith(basename):
- result_decoded[loc] = os.path.join(result_decoded[loc], basename)
+ basename = os.path.basename(ud.localpath)
+ if basename:
+ uri_basename = os.path.basename(uri_decoded[loc])
+ if uri_basename and basename != uri_basename and result_decoded[loc].endswith(uri_basename):
+ result_decoded[loc] = result_decoded[loc].replace(uri_basename, basename)
+ elif not result_decoded[loc].endswith(basename):
+ result_decoded[loc] = os.path.join(result_decoded[loc], basename)
else:
return None
result = encodeurl(result_decoded)
diff --git a/bitbake/lib/bb/fetch2/git.py b/bitbake/lib/bb/fetch2/git.py
index e8ddf2c761..0a708ac85a 100644
--- a/bitbake/lib/bb/fetch2/git.py
+++ b/bitbake/lib/bb/fetch2/git.py
@@ -142,6 +142,10 @@ class Git(FetchMethod):
ud.proto = 'file'
else:
ud.proto = "git"
+ if ud.host == "github.com" and ud.proto == "git":
+ # github stopped supporting git protocol
+ # https://github.blog/2021-09-01-improving-git-protocol-security-github/#no-more-unauthenticated-git
+ ud.proto = "https"
if not ud.proto in ('git', 'file', 'ssh', 'http', 'https', 'rsync'):
raise bb.fetch2.ParameterError("Invalid protocol type", ud.url)
diff --git a/bitbake/lib/bb/fetch2/npm.py b/bitbake/lib/bb/fetch2/npm.py
index e497c38dc7..b3a3a444ee 100644
--- a/bitbake/lib/bb/fetch2/npm.py
+++ b/bitbake/lib/bb/fetch2/npm.py
@@ -72,23 +72,19 @@ def npm_unpack(tarball, destdir, d):
cmd += " --delay-directory-restore"
cmd += " --strip-components=1"
runfetchcmd(cmd, d, workdir=destdir)
- runfetchcmd("chmod -R +X %s" % (destdir), d, quiet=True, workdir=destdir)
+ runfetchcmd("chmod -R +X '%s'" % (destdir), d, quiet=True, workdir=destdir)
class NpmEnvironment(object):
"""
Using a npm config file seems more reliable than using cli arguments.
This class allows to create a controlled environment for npm commands.
"""
- def __init__(self, d, configs=None, npmrc=None):
+ def __init__(self, d, configs=[], npmrc=None):
self.d = d
- if configs:
- self.user_config = tempfile.NamedTemporaryFile(mode="w", buffering=1)
- self.user_config_name = self.user_config.name
- for key, value in configs:
- self.user_config.write("%s=%s\n" % (key, value))
- else:
- self.user_config_name = "/dev/null"
+ self.user_config = tempfile.NamedTemporaryFile(mode="w", buffering=1)
+ for key, value in configs:
+ self.user_config.write("%s=%s\n" % (key, value))
if npmrc:
self.global_config_name = npmrc
@@ -109,7 +105,7 @@ class NpmEnvironment(object):
workdir = tmpdir
def _run(cmd):
- cmd = "NPM_CONFIG_USERCONFIG=%s " % (self.user_config_name) + cmd
+ cmd = "NPM_CONFIG_USERCONFIG=%s " % (self.user_config.name) + cmd
cmd = "NPM_CONFIG_GLOBALCONFIG=%s " % (self.global_config_name) + cmd
return runfetchcmd(cmd, d, workdir=workdir)
diff --git a/bitbake/lib/bb/fetch2/perforce.py b/bitbake/lib/bb/fetch2/perforce.py
index e2a41a4a12..3b6fa4b1ec 100644
--- a/bitbake/lib/bb/fetch2/perforce.py
+++ b/bitbake/lib/bb/fetch2/perforce.py
@@ -134,7 +134,7 @@ class Perforce(FetchMethod):
ud.setup_revisions(d)
- ud.localfile = d.expand('%s_%s_%s_%s.tar.gz' % (cleanedhost, cleanedpath, cleandedmodule, ud.revision))
+ ud.localfile = d.expand('%s_%s_%s_%s.tar.gz' % (cleanedhost, cleanedpath, cleanedmodule, ud.revision))
def _buildp4command(self, ud, d, command, depot_filename=None):
"""
diff --git a/bitbake/lib/bb/fetch2/ssh.py b/bitbake/lib/bb/fetch2/ssh.py
index 2c8557e1f8..a104c9eb19 100644
--- a/bitbake/lib/bb/fetch2/ssh.py
+++ b/bitbake/lib/bb/fetch2/ssh.py
@@ -40,9 +40,9 @@ __pattern__ = re.compile(r'''
( # Optional username/password block
(?P<user>\S+) # username
(:(?P<pass>\S+))? # colon followed by the password (optional)
- )?
(?P<cparam>(;[^;]+)*)? # connection parameters block (optional)
@
+ )?
(?P<host>\S+?) # non-greedy match of the host
(:(?P<port>[0-9]+))? # colon followed by the port (optional)
/
diff --git a/bitbake/lib/bb/fetch2/wget.py b/bitbake/lib/bb/fetch2/wget.py
index 349891e852..fd9b304961 100644
--- a/bitbake/lib/bb/fetch2/wget.py
+++ b/bitbake/lib/bb/fetch2/wget.py
@@ -356,7 +356,7 @@ class Wget(FetchMethod):
except (TypeError, ImportError, IOError, netrc.NetrcParseError):
pass
- with opener.open(r) as response:
+ with opener.open(r, timeout=30) as response:
pass
except urllib.error.URLError as e:
if try_again:
diff --git a/bitbake/lib/bb/process.py b/bitbake/lib/bb/process.py
index d5a1775fce..af5d804a1d 100644
--- a/bitbake/lib/bb/process.py
+++ b/bitbake/lib/bb/process.py
@@ -60,7 +60,7 @@ class Popen(subprocess.Popen):
"close_fds": True,
"preexec_fn": subprocess_setup,
"stdout": subprocess.PIPE,
- "stderr": subprocess.STDOUT,
+ "stderr": subprocess.PIPE,
"stdin": subprocess.PIPE,
"shell": False,
}
diff --git a/bitbake/lib/bb/runqueue.py b/bitbake/lib/bb/runqueue.py
index 10511a09dc..cd10da8b3a 100644
--- a/bitbake/lib/bb/runqueue.py
+++ b/bitbake/lib/bb/runqueue.py
@@ -926,38 +926,36 @@ class RunQueueData:
#
# Once all active tasks are marked, prune the ones we don't need.
- delcount = {}
- for tid in list(self.runtaskentries.keys()):
- if tid not in runq_build:
- delcount[tid] = self.runtaskentries[tid]
- del self.runtaskentries[tid]
-
# Handle --runall
if self.cooker.configuration.runall:
# re-run the mark_active and then drop unused tasks from new list
+ reduced_tasklist = set(self.runtaskentries.keys())
+ for tid in list(self.runtaskentries.keys()):
+ if tid not in runq_build:
+ reduced_tasklist.remove(tid)
runq_build = {}
for task in self.cooker.configuration.runall:
if not task.startswith("do_"):
task = "do_{0}".format(task)
runall_tids = set()
- for tid in list(self.runtaskentries):
+ for tid in reduced_tasklist:
wanttid = "{0}:{1}".format(fn_from_tid(tid), task)
- if wanttid in delcount:
- self.runtaskentries[wanttid] = delcount[wanttid]
if wanttid in self.runtaskentries:
runall_tids.add(wanttid)
for tid in list(runall_tids):
- mark_active(tid,1)
+ mark_active(tid, 1)
if self.cooker.configuration.force:
invalidate_task(tid, False)
- for tid in list(self.runtaskentries.keys()):
- if tid not in runq_build:
- delcount[tid] = self.runtaskentries[tid]
- del self.runtaskentries[tid]
+ delcount = set()
+ for tid in list(self.runtaskentries.keys()):
+ if tid not in runq_build:
+ delcount.add(tid)
+ del self.runtaskentries[tid]
+ if self.cooker.configuration.runall:
if len(self.runtaskentries) == 0:
bb.msg.fatal("RunQueue", "Could not find any tasks with the tasknames %s to run within the recipes of the taskgraphs of the targets %s" % (str(self.cooker.configuration.runall), str(self.targets)))
@@ -971,16 +969,16 @@ class RunQueueData:
for task in self.cooker.configuration.runonly:
if not task.startswith("do_"):
task = "do_{0}".format(task)
- runonly_tids = { k: v for k, v in self.runtaskentries.items() if taskname_from_tid(k) == task }
+ runonly_tids = [k for k in self.runtaskentries.keys() if taskname_from_tid(k) == task]
- for tid in list(runonly_tids):
- mark_active(tid,1)
+ for tid in runonly_tids:
+ mark_active(tid, 1)
if self.cooker.configuration.force:
invalidate_task(tid, False)
for tid in list(self.runtaskentries.keys()):
if tid not in runq_build:
- delcount[tid] = self.runtaskentries[tid]
+ delcount.add(tid)
del self.runtaskentries[tid]
if len(self.runtaskentries) == 0:
diff --git a/bitbake/lib/bb/server/process.py b/bitbake/lib/bb/server/process.py
index 8fdcc66dc7..91c4637522 100644
--- a/bitbake/lib/bb/server/process.py
+++ b/bitbake/lib/bb/server/process.py
@@ -27,6 +27,7 @@ import re
import datetime
import pickle
import traceback
+import gc
import bb.server.xmlrpcserver
from bb import daemonize
from multiprocessing import queues
@@ -739,8 +740,10 @@ class ConnectionWriter(object):
def send(self, obj):
obj = multiprocessing.reduction.ForkingPickler.dumps(obj)
+ gc.disable()
with self.wlock:
self.writer.send_bytes(obj)
+ gc.enable()
def fileno(self):
return self.writer.fileno()
diff --git a/bitbake/lib/bb/server/xmlrpcserver.py b/bitbake/lib/bb/server/xmlrpcserver.py
index 2fa71be667..01f55538ae 100644
--- a/bitbake/lib/bb/server/xmlrpcserver.py
+++ b/bitbake/lib/bb/server/xmlrpcserver.py
@@ -11,6 +11,7 @@ import hashlib
import time
import inspect
from xmlrpc.server import SimpleXMLRPCServer, SimpleXMLRPCRequestHandler
+import bb.server.xmlrpcclient
import bb
diff --git a/bitbake/lib/bb/tests/fetch.py b/bitbake/lib/bb/tests/fetch.py
index c20f746f09..b597438729 100644
--- a/bitbake/lib/bb/tests/fetch.py
+++ b/bitbake/lib/bb/tests/fetch.py
@@ -431,6 +431,11 @@ class MirrorUriTest(FetcherTest):
("git://someserver.org/bitbake;tag=1234567890123456789012345678901234567890;branch=master", "git://someserver.org/bitbake;branch=master", "git://git.openembedded.org/bitbake;protocol=http")
: "git://git.openembedded.org/bitbake;tag=1234567890123456789012345678901234567890;branch=master;protocol=http",
+ ("git://user1@someserver.org/bitbake;tag=1234567890123456789012345678901234567890;branch=master", "git://someserver.org/bitbake;branch=master", "git://user2@git.openembedded.org/bitbake;protocol=http")
+ : "git://user2@git.openembedded.org/bitbake;tag=1234567890123456789012345678901234567890;branch=master;protocol=http",
+
+ ("gitsm://git.qemu.org/git/seabios.git/;protocol=https;name=roms/seabios;subpath=roms/seabios;bareclone=1;nobranch=1;rev=1234567890123456789012345678901234567890", "gitsm://.*/.*", "http://petalinux.xilinx.com/sswreleases/rel-v${XILINX_VER_MAIN}/downloads") : "http://petalinux.xilinx.com/sswreleases/rel-v%24%7BXILINX_VER_MAIN%7D/downloads/git2_git.qemu.org.git.seabios.git..tar.gz",
+
#Renaming files doesn't work
#("http://somewhere.org/somedir1/somefile_1.2.3.tar.gz", "http://somewhere.org/somedir1/somefile_1.2.3.tar.gz", "http://somewhere2.org/somedir3/somefile_2.3.4.tar.gz") : "http://somewhere2.org/somedir3/somefile_2.3.4.tar.gz"
#("file://sstate-xyz.tgz", "file://.*/.*", "file:///somewhere/1234/sstate-cache") : "file:///somewhere/1234/sstate-cache/sstate-xyz.tgz",
@@ -491,7 +496,7 @@ class GitDownloadDirectoryNamingTest(FetcherTest):
super(GitDownloadDirectoryNamingTest, self).setUp()
self.recipe_url = "git://git.openembedded.org/bitbake"
self.recipe_dir = "git.openembedded.org.bitbake"
- self.mirror_url = "git://github.com/openembedded/bitbake.git"
+ self.mirror_url = "git://github.com/openembedded/bitbake.git;protocol=https"
self.mirror_dir = "github.com.openembedded.bitbake.git"
self.d.setVar('SRCREV', '82ea737a0b42a8b53e11c9cde141e9e9c0bd8c40')
@@ -539,7 +544,7 @@ class TarballNamingTest(FetcherTest):
super(TarballNamingTest, self).setUp()
self.recipe_url = "git://git.openembedded.org/bitbake"
self.recipe_tarball = "git2_git.openembedded.org.bitbake.tar.gz"
- self.mirror_url = "git://github.com/openembedded/bitbake.git"
+ self.mirror_url = "git://github.com/openembedded/bitbake.git;protocol=https"
self.mirror_tarball = "git2_github.com.openembedded.bitbake.git.tar.gz"
self.d.setVar('BB_GENERATE_MIRROR_TARBALLS', '1')
@@ -573,7 +578,7 @@ class GitShallowTarballNamingTest(FetcherTest):
super(GitShallowTarballNamingTest, self).setUp()
self.recipe_url = "git://git.openembedded.org/bitbake"
self.recipe_tarball = "gitshallow_git.openembedded.org.bitbake_82ea737-1_master.tar.gz"
- self.mirror_url = "git://github.com/openembedded/bitbake.git"
+ self.mirror_url = "git://github.com/openembedded/bitbake.git;protocol=https"
self.mirror_tarball = "gitshallow_github.com.openembedded.bitbake.git_82ea737-1_master.tar.gz"
self.d.setVar('BB_GIT_SHALLOW', '1')
@@ -875,17 +880,25 @@ class FetcherNetworkTest(FetcherTest):
@skipIfNoNetwork()
def test_fetch_premirror_specify_downloadfilename_regex_uri(self):
self.d.setVar("PREMIRRORS", "http://.*/.* https://downloads.yoctoproject.org/releases/bitbake/")
- fetcher = bb.fetch.Fetch(["http://invalid.yoctoproject.org/releases/bitbake/bitbake-1.0.tar.gz;downloadfilename=bitbake-v1.0.0.tar.gz"], self.d)
+ fetcher = bb.fetch.Fetch(["http://invalid.yoctoproject.org/releases/bitbake/1.0.tar.gz;downloadfilename=bitbake-1.0.tar.gz"], self.d)
fetcher.download()
- self.assertEqual(os.path.getsize(self.dldir + "/bitbake-v1.0.0.tar.gz"), 57749)
+ self.assertEqual(os.path.getsize(self.dldir + "/bitbake-1.0.tar.gz"), 57749)
@skipIfNoNetwork()
# BZ13039
def test_fetch_premirror_specify_downloadfilename_specific_uri(self):
self.d.setVar("PREMIRRORS", "http://invalid.yoctoproject.org/releases/bitbake https://downloads.yoctoproject.org/releases/bitbake")
- fetcher = bb.fetch.Fetch(["http://invalid.yoctoproject.org/releases/bitbake/bitbake-1.0.tar.gz;downloadfilename=bitbake-v1.0.0.tar.gz"], self.d)
+ fetcher = bb.fetch.Fetch(["http://invalid.yoctoproject.org/releases/bitbake/1.0.tar.gz;downloadfilename=bitbake-1.0.tar.gz"], self.d)
fetcher.download()
- self.assertEqual(os.path.getsize(self.dldir + "/bitbake-v1.0.0.tar.gz"), 57749)
+ self.assertEqual(os.path.getsize(self.dldir + "/bitbake-1.0.tar.gz"), 57749)
+
+ @skipIfNoNetwork()
+ def test_fetch_premirror_use_downloadfilename_to_fetch(self):
+ # Ensure downloadfilename is used when fetching from premirror.
+ self.d.setVar("PREMIRRORS", "http://.*/.* https://downloads.yoctoproject.org/releases/bitbake")
+ fetcher = bb.fetch.Fetch(["http://invalid.yoctoproject.org/releases/bitbake/bitbake-1.1.tar.gz;downloadfilename=bitbake-1.0.tar.gz"], self.d)
+ fetcher.download()
+ self.assertEqual(os.path.getsize(self.dldir + "/bitbake-1.0.tar.gz"), 57749)
@skipIfNoNetwork()
def gitfetcher(self, url1, url2):
@@ -996,7 +1009,7 @@ class FetcherNetworkTest(FetcherTest):
def test_git_submodule_dbus_broker(self):
# The following external repositories have show failures in fetch and unpack operations
# We want to avoid regressions!
- url = "gitsm://github.com/bus1/dbus-broker;protocol=git;rev=fc874afa0992d0c75ec25acb43d344679f0ee7d2;branch=main"
+ url = "gitsm://github.com/bus1/dbus-broker;protocol=https;rev=fc874afa0992d0c75ec25acb43d344679f0ee7d2;branch=main"
fetcher = bb.fetch.Fetch([url], self.d)
fetcher.download()
# Previous cwd has been deleted
@@ -1012,7 +1025,7 @@ class FetcherNetworkTest(FetcherTest):
@skipIfNoNetwork()
def test_git_submodule_CLI11(self):
- url = "gitsm://github.com/CLIUtils/CLI11;protocol=git;rev=bd4dc911847d0cde7a6b41dfa626a85aab213baf"
+ url = "gitsm://github.com/CLIUtils/CLI11;protocol=https;rev=bd4dc911847d0cde7a6b41dfa626a85aab213baf;branch=main"
fetcher = bb.fetch.Fetch([url], self.d)
fetcher.download()
# Previous cwd has been deleted
@@ -1027,12 +1040,12 @@ class FetcherNetworkTest(FetcherTest):
@skipIfNoNetwork()
def test_git_submodule_update_CLI11(self):
""" Prevent regression on update detection not finding missing submodule, or modules without needed commits """
- url = "gitsm://github.com/CLIUtils/CLI11;protocol=git;rev=cf6a99fa69aaefe477cc52e3ef4a7d2d7fa40714"
+ url = "gitsm://github.com/CLIUtils/CLI11;protocol=https;rev=cf6a99fa69aaefe477cc52e3ef4a7d2d7fa40714;branch=main"
fetcher = bb.fetch.Fetch([url], self.d)
fetcher.download()
# CLI11 that pulls in a newer nlohmann-json
- url = "gitsm://github.com/CLIUtils/CLI11;protocol=git;rev=49ac989a9527ee9bb496de9ded7b4872c2e0e5ca"
+ url = "gitsm://github.com/CLIUtils/CLI11;protocol=https;rev=49ac989a9527ee9bb496de9ded7b4872c2e0e5ca;branch=main"
fetcher = bb.fetch.Fetch([url], self.d)
fetcher.download()
# Previous cwd has been deleted
@@ -1046,7 +1059,7 @@ class FetcherNetworkTest(FetcherTest):
@skipIfNoNetwork()
def test_git_submodule_aktualizr(self):
- url = "gitsm://github.com/advancedtelematic/aktualizr;branch=master;protocol=git;rev=d00d1a04cc2366d1a5f143b84b9f507f8bd32c44"
+ url = "gitsm://github.com/advancedtelematic/aktualizr;branch=master;protocol=https;rev=d00d1a04cc2366d1a5f143b84b9f507f8bd32c44"
fetcher = bb.fetch.Fetch([url], self.d)
fetcher.download()
# Previous cwd has been deleted
@@ -1066,7 +1079,7 @@ class FetcherNetworkTest(FetcherTest):
""" Prevent regression on deeply nested submodules not being checked out properly, even though they were fetched. """
# This repository also has submodules where the module (name), path and url do not align
- url = "gitsm://github.com/azure/iotedge.git;protocol=git;rev=d76e0316c6f324345d77c48a83ce836d09392699"
+ url = "gitsm://github.com/azure/iotedge.git;protocol=https;rev=d76e0316c6f324345d77c48a83ce836d09392699;branch=main"
fetcher = bb.fetch.Fetch([url], self.d)
fetcher.download()
# Previous cwd has been deleted
@@ -1124,7 +1137,7 @@ class SVNTest(FetcherTest):
bb.process.run("svn co %s svnfetch_co" % self.repo_url, cwd=self.tempdir)
# Github will emulate SVN. Use this to check if we're downloding...
- bb.process.run("svn propset svn:externals 'bitbake svn://vcs.pcre.org/pcre2/code' .",
+ bb.process.run("svn propset svn:externals 'bitbake https://github.com/PhilipHazel/pcre2.git' .",
cwd=os.path.join(self.tempdir, 'svnfetch_co', 'trunk'))
bb.process.run("svn commit --non-interactive -m 'Add external'",
cwd=os.path.join(self.tempdir, 'svnfetch_co', 'trunk'))
@@ -1242,7 +1255,7 @@ class FetchLatestVersionTest(FetcherTest):
test_git_uris = {
# version pattern "X.Y.Z"
- ("mx-1.0", "git://github.com/clutter-project/mx.git;branch=mx-1.4", "9b1db6b8060bd00b121a692f942404a24ae2960f", "")
+ ("mx-1.0", "git://github.com/clutter-project/mx.git;branch=mx-1.4;protocol=https", "9b1db6b8060bd00b121a692f942404a24ae2960f", "")
: "1.99.4",
# version pattern "vX.Y"
# mirror of git.infradead.org since network issues interfered with testing
@@ -1269,9 +1282,9 @@ class FetchLatestVersionTest(FetcherTest):
: "0.4.3",
("build-appliance-image", "git://git.yoctoproject.org/poky", "b37dd451a52622d5b570183a81583cc34c2ff555", r"(?P<pver>(([0-9][\.|_]?)+[0-9]))")
: "11.0.0",
- ("chkconfig-alternatives-native", "git://github.com/kergoth/chkconfig;branch=sysroot", "cd437ecbd8986c894442f8fce1e0061e20f04dee", r"chkconfig\-(?P<pver>((\d+[\.\-_]*)+))")
+ ("chkconfig-alternatives-native", "git://github.com/kergoth/chkconfig;branch=sysroot;protocol=https", "cd437ecbd8986c894442f8fce1e0061e20f04dee", r"chkconfig\-(?P<pver>((\d+[\.\-_]*)+))")
: "1.3.59",
- ("remake", "git://github.com/rocky/remake.git", "f05508e521987c8494c92d9c2871aec46307d51d", r"(?P<pver>(\d+\.(\d+\.)*\d*(\+dbg\d+(\.\d+)*)*))")
+ ("remake", "git://github.com/rocky/remake.git;protocol=https", "f05508e521987c8494c92d9c2871aec46307d51d", r"(?P<pver>(\d+\.(\d+\.)*\d*(\+dbg\d+(\.\d+)*)*))")
: "3.82+dbg0.9",
}
@@ -1365,9 +1378,6 @@ class FetchCheckStatusTest(FetcherTest):
"https://downloads.yoctoproject.org/releases/opkg/opkg-0.1.7.tar.gz",
"https://downloads.yoctoproject.org/releases/opkg/opkg-0.3.0.tar.gz",
"ftp://sourceware.org/pub/libffi/libffi-1.20.tar.gz",
- "http://ftp.gnu.org/gnu/autoconf/autoconf-2.60.tar.gz",
- "https://ftp.gnu.org/gnu/chess/gnuchess-5.08.tar.gz",
- "https://ftp.gnu.org/gnu/gmp/gmp-4.0.tar.gz",
# GitHub releases are hosted on Amazon S3, which doesn't support HEAD
"https://github.com/kergoth/tslib/releases/download/1.1/tslib-1.1.tar.xz"
]
@@ -2058,7 +2068,7 @@ class GitShallowTest(FetcherTest):
@skipIfNoNetwork()
def test_bitbake(self):
- self.git('remote add --mirror=fetch origin git://github.com/openembedded/bitbake', cwd=self.srcdir)
+ self.git('remote add --mirror=fetch origin https://github.com/openembedded/bitbake', cwd=self.srcdir)
self.git('config core.bare true', cwd=self.srcdir)
self.git('fetch', cwd=self.srcdir)
diff --git a/bitbake/lib/bb/tests/runqueue.py b/bitbake/lib/bb/tests/runqueue.py
index 3d51779d6c..4f335b8f19 100644
--- a/bitbake/lib/bb/tests/runqueue.py
+++ b/bitbake/lib/bb/tests/runqueue.py
@@ -361,7 +361,7 @@ class RunQueueTests(unittest.TestCase):
def shutdown(self, tempdir):
# Wait for the hashserve socket to disappear else we'll see races with the tempdir cleanup
- while os.path.exists(tempdir + "/hashserve.sock"):
+ while (os.path.exists(tempdir + "/hashserve.sock") or os.path.exists(tempdir + "cache/hashserv.db-wal")):
time.sleep(0.5)
diff --git a/bitbake/lib/bb/ui/knotty.py b/bitbake/lib/bb/ui/knotty.py
index 484545a684..3ba5579ca4 100644
--- a/bitbake/lib/bb/ui/knotty.py
+++ b/bitbake/lib/bb/ui/knotty.py
@@ -228,7 +228,9 @@ class TerminalFilter(object):
def keepAlive(self, t):
if not self.cuu:
- print("Bitbake still alive (%ds)" % t)
+ print("Bitbake still alive (no events for %ds). Active tasks:" % t)
+ for t in self.helper.running_tasks:
+ print(t)
sys.stdout.flush()
def updateFooter(self):
@@ -605,7 +607,8 @@ def main(server, eventHandler, params, tf = TerminalFilter):
warnings = 0
taskfailures = []
- printinterval = 5000
+ printintervaldelta = 10 * 60 # 10 minutes
+ printinterval = printintervaldelta
lastprint = time.time()
termfilter = tf(main, helper, console_handlers, params.options.quiet)
@@ -615,7 +618,7 @@ def main(server, eventHandler, params, tf = TerminalFilter):
try:
if (lastprint + printinterval) <= time.time():
termfilter.keepAlive(printinterval)
- printinterval += 5000
+ printinterval += printintervaldelta
event = eventHandler.waitEvent(0)
if event is None:
if main.shutdown > 1:
@@ -646,7 +649,7 @@ def main(server, eventHandler, params, tf = TerminalFilter):
if isinstance(event, logging.LogRecord):
lastprint = time.time()
- printinterval = 5000
+ printinterval = printintervaldelta
if event.levelno >= bb.msg.BBLogFormatter.ERROR:
errors = errors + 1
return_value = 1
diff --git a/bitbake/lib/bb/utils.py b/bitbake/lib/bb/utils.py
index 70634910f7..cd442dcd0d 100644
--- a/bitbake/lib/bb/utils.py
+++ b/bitbake/lib/bb/utils.py
@@ -16,7 +16,8 @@ import bb.msg
import multiprocessing
import fcntl
import importlib
-from importlib import machinery
+import importlib.machinery
+import importlib.util
import itertools
import subprocess
import glob
@@ -400,7 +401,7 @@ def better_exec(code, context, text = None, realfile = "<code>", pythonexception
code = better_compile(code, realfile, realfile)
try:
exec(code, get_context(), context)
- except (bb.BBHandledException, bb.parse.SkipRecipe, bb.data_smart.ExpansionError):
+ except (bb.BBHandledException, bb.parse.SkipRecipe, bb.data_smart.ExpansionError, bb.process.ExecutionError):
# Error already shown so passthrough, no need for traceback
raise
except Exception as e:
@@ -451,6 +452,10 @@ def lockfile(name, shared=False, retry=True, block=False):
consider the possibility of sending a signal to the process to break
out - at which point you want block=True rather than retry=True.
"""
+ if len(name) > 255:
+ root, ext = os.path.splitext(name)
+ name = root[:255 - len(ext)] + ext
+
dirname = os.path.dirname(name)
mkdirhier(dirname)
@@ -487,7 +492,7 @@ def lockfile(name, shared=False, retry=True, block=False):
return lf
lf.close()
except OSError as e:
- if e.errno == errno.EACCES:
+ if e.errno == errno.EACCES or e.errno == errno.ENAMETOOLONG:
logger.error("Unable to acquire lock '%s', %s",
e.strerror, name)
sys.exit(1)
@@ -1616,7 +1621,9 @@ def load_plugins(logger, plugins, pluginpath):
logger.debug('Loading plugin %s' % name)
spec = importlib.machinery.PathFinder.find_spec(name, path=[pluginpath] )
if spec:
- return spec.loader.load_module()
+ mod = importlib.util.module_from_spec(spec)
+ spec.loader.exec_module(mod)
+ return mod
logger.debug('Loading plugins from %s...' % pluginpath)
diff --git a/bitbake/lib/pyinotify.py b/bitbake/lib/pyinotify.py
index 6ae40a2d76..8c94b3e334 100644
--- a/bitbake/lib/pyinotify.py
+++ b/bitbake/lib/pyinotify.py
@@ -52,7 +52,6 @@ from collections import deque
from datetime import datetime, timedelta
import time
import re
-import asyncore
import glob
import locale
import subprocess
@@ -1475,35 +1474,6 @@ class ThreadedNotifier(threading.Thread, Notifier):
self.loop()
-class AsyncNotifier(asyncore.file_dispatcher, Notifier):
- """
- This notifier inherits from asyncore.file_dispatcher in order to be able to
- use pyinotify along with the asyncore framework.
-
- """
- def __init__(self, watch_manager, default_proc_fun=None, read_freq=0,
- threshold=0, timeout=None, channel_map=None):
- """
- Initializes the async notifier. The only additional parameter is
- 'channel_map' which is the optional asyncore private map. See
- Notifier class for the meaning of the others parameters.
-
- """
- Notifier.__init__(self, watch_manager, default_proc_fun, read_freq,
- threshold, timeout)
- asyncore.file_dispatcher.__init__(self, self._fd, channel_map)
-
- def handle_read(self):
- """
- When asyncore tells us we can read from the fd, we proceed processing
- events. This method can be overridden for handling a notification
- differently.
-
- """
- self.read_events()
- self.process_events()
-
-
class TornadoAsyncNotifier(Notifier):
"""
Tornado ioloop adapter.
diff --git a/bitbake/lib/toaster/orm/fixtures/oe-core.xml b/bitbake/lib/toaster/orm/fixtures/oe-core.xml
index b01a337012..25543f6ec4 100644
--- a/bitbake/lib/toaster/orm/fixtures/oe-core.xml
+++ b/bitbake/lib/toaster/orm/fixtures/oe-core.xml
@@ -23,9 +23,14 @@
<field type="CharField" name="branch">master</field>
</object>
<object model="orm.bitbakeversion" pk="4">
- <field type="CharField" name="name">gatesgarth</field>
+ <field type="CharField" name="name">hardknott</field>
<field type="CharField" name="giturl">git://git.openembedded.org/bitbake</field>
- <field type="CharField" name="branch">1.48</field>
+ <field type="CharField" name="branch">1.50</field>
+ </object>
+ <object model="orm.bitbakeversion" pk="5">
+ <field type="CharField" name="name">honister</field>
+ <field type="CharField" name="giturl">git://git.openembedded.org/bitbake</field>
+ <field type="CharField" name="branch">1.52</field>
</object>
<!-- Releases available -->
@@ -51,11 +56,18 @@
<field type="TextField" name="helptext">Toaster will run your builds using the tip of the &lt;a href=\"https://cgit.openembedded.org/openembedded-core/log/\"&gt;OpenEmbedded master&lt;/a&gt; branch.</field>
</object>
<object model="orm.release" pk="4">
- <field type="CharField" name="name">gatesgarth</field>
- <field type="CharField" name="description">Openembedded Gatesgarth</field>
+ <field type="CharField" name="name">hardknott</field>
+ <field type="CharField" name="description">Openembedded Hardknott</field>
<field rel="ManyToOneRel" to="orm.bitbakeversion" name="bitbake_version">4</field>
- <field type="CharField" name="branch_name">gatesgarth</field>
- <field type="TextField" name="helptext">Toaster will run your builds using the tip of the &lt;a href=\"https://cgit.openembedded.org/openembedded-core/log/?h=gatesgarth\"&gt;OpenEmbedded Gatesgarth&lt;/a&gt; branch.</field>
+ <field type="CharField" name="branch_name">hardknott</field>
+ <field type="TextField" name="helptext">Toaster will run your builds using the tip of the &lt;a href=\"https://cgit.openembedded.org/openembedded-core/log/?h=hardknott\"&gt;OpenEmbedded Hardknott&lt;/a&gt; branch.</field>
+ </object>
+ <object model="orm.release" pk="5">
+ <field type="CharField" name="name">honister</field>
+ <field type="CharField" name="description">Openembedded Honister</field>
+ <field rel="ManyToOneRel" to="orm.bitbakeversion" name="bitbake_version">5</field>
+ <field type="CharField" name="branch_name">honister</field>
+ <field type="TextField" name="helptext">Toaster will run your builds using the tip of the &lt;a href=\"https://cgit.openembedded.org/openembedded-core/log/?h=honister\"&gt;OpenEmbedded Honister&lt;/a&gt; branch.</field>
</object>
<!-- Default layers for each release -->
@@ -75,6 +87,10 @@
<field rel="ManyToOneRel" to="orm.release" name="release">4</field>
<field type="CharField" name="layer_name">openembedded-core</field>
</object>
+ <object model="orm.releasedefaultlayer" pk="5">
+ <field rel="ManyToOneRel" to="orm.release" name="release">5</field>
+ <field type="CharField" name="layer_name">openembedded-core</field>
+ </object>
<!-- Layer for the Local release -->
diff --git a/bitbake/lib/toaster/orm/fixtures/poky.xml b/bitbake/lib/toaster/orm/fixtures/poky.xml
index 363789d624..5811cfae0f 100644
--- a/bitbake/lib/toaster/orm/fixtures/poky.xml
+++ b/bitbake/lib/toaster/orm/fixtures/poky.xml
@@ -26,9 +26,15 @@
<field type="CharField" name="dirpath">bitbake</field>
</object>
<object model="orm.bitbakeversion" pk="4">
- <field type="CharField" name="name">gatesgarth</field>
+ <field type="CharField" name="name">hardknott</field>
<field type="CharField" name="giturl">git://git.yoctoproject.org/poky</field>
- <field type="CharField" name="branch">gatesgarth</field>
+ <field type="CharField" name="branch">hardknott</field>
+ <field type="CharField" name="dirpath">bitbake</field>
+ </object>
+ <object model="orm.bitbakeversion" pk="5">
+ <field type="CharField" name="name">honister</field>
+ <field type="CharField" name="giturl">git://git.yoctoproject.org/poky</field>
+ <field type="CharField" name="branch">honister</field>
<field type="CharField" name="dirpath">bitbake</field>
</object>
@@ -56,11 +62,18 @@
<field type="TextField" name="helptext">Toaster will run your builds using the tip of the &lt;a href="https://git.yoctoproject.org/cgit/cgit.cgi/poky/log/"&gt;Yocto Project Master branch&lt;/a&gt;.</field>
</object>
<object model="orm.release" pk="4">
- <field type="CharField" name="name">gatesgarth</field>
- <field type="CharField" name="description">Yocto Project 3.2 "Gatesgarth"</field>
+ <field type="CharField" name="name">hardknott</field>
+ <field type="CharField" name="description">Yocto Project 3.3 "Hardknott"</field>
<field rel="ManyToOneRel" to="orm.bitbakeversion" name="bitbake_version">4</field>
- <field type="CharField" name="branch_name">gatesgarth</field>
- <field type="TextField" name="helptext">Toaster will run your builds using the tip of the &lt;a href="https://git.yoctoproject.org/cgit/cgit.cgi/poky/log/?h=gatesgarth"&gt;Yocto Project Gatesgarth branch&lt;/a&gt;.</field>
+ <field type="CharField" name="branch_name">hardknott</field>
+ <field type="TextField" name="helptext">Toaster will run your builds using the tip of the &lt;a href="https://git.yoctoproject.org/cgit/cgit.cgi/poky/log/?h=hardknott"&gt;Yocto Project Hardknott branch&lt;/a&gt;.</field>
+ </object>
+ <object model="orm.release" pk="5">
+ <field type="CharField" name="name">honister</field>
+ <field type="CharField" name="description">Yocto Project 3.4 "Honister"</field>
+ <field rel="ManyToOneRel" to="orm.bitbakeversion" name="bitbake_version">5</field>
+ <field type="CharField" name="branch_name">honister</field>
+ <field type="TextField" name="helptext">Toaster will run your builds using the tip of the &lt;a href="https://git.yoctoproject.org/cgit/cgit.cgi/poky/log/?h=honister"&gt;Yocto Project Honister branch&lt;/a&gt;.</field>
</object>
<!-- Default project layers for each release -->
@@ -112,6 +125,18 @@
<field rel="ManyToOneRel" to="orm.release" name="release">4</field>
<field type="CharField" name="layer_name">meta-yocto-bsp</field>
</object>
+ <object model="orm.releasedefaultlayer" pk="13">
+ <field rel="ManyToOneRel" to="orm.release" name="release">5</field>
+ <field type="CharField" name="layer_name">openembedded-core</field>
+ </object>
+ <object model="orm.releasedefaultlayer" pk="14">
+ <field rel="ManyToOneRel" to="orm.release" name="release">5</field>
+ <field type="CharField" name="layer_name">meta-poky</field>
+ </object>
+ <object model="orm.releasedefaultlayer" pk="15">
+ <field rel="ManyToOneRel" to="orm.release" name="release">5</field>
+ <field type="CharField" name="layer_name">meta-yocto-bsp</field>
+ </object>
<!-- Default layers provided by poky
openembedded-core
@@ -152,7 +177,14 @@
<field rel="ManyToOneRel" to="orm.layer" name="layer">1</field>
<field type="IntegerField" name="layer_source">0</field>
<field rel="ManyToOneRel" to="orm.release" name="release">4</field>
- <field type="CharField" name="branch">gatesgarth</field>
+ <field type="CharField" name="branch">hardknott</field>
+ <field type="CharField" name="dirpath">meta</field>
+ </object>
+ <object model="orm.layer_version" pk="5">
+ <field rel="ManyToOneRel" to="orm.layer" name="layer">1</field>
+ <field type="IntegerField" name="layer_source">0</field>
+ <field rel="ManyToOneRel" to="orm.release" name="release">5</field>
+ <field type="CharField" name="branch">honister</field>
<field type="CharField" name="dirpath">meta</field>
</object>
@@ -164,14 +196,14 @@
<field type="CharField" name="vcs_web_tree_base_url">https://git.yoctoproject.org/cgit/cgit.cgi/poky/tree/%path%?h=%branch%</field>
<field type="CharField" name="vcs_web_file_base_url">https://git.yoctoproject.org/cgit/cgit.cgi/poky/tree/%path%?h=%branch%</field>
</object>
- <object model="orm.layer_version" pk="5">
+ <object model="orm.layer_version" pk="6">
<field rel="ManyToOneRel" to="orm.layer" name="layer">2</field>
<field type="IntegerField" name="layer_source">0</field>
<field rel="ManyToOneRel" to="orm.release" name="release">1</field>
<field type="CharField" name="branch">dunfell</field>
<field type="CharField" name="dirpath">meta-poky</field>
</object>
- <object model="orm.layer_version" pk="6">
+ <object model="orm.layer_version" pk="7">
<field rel="ManyToOneRel" to="orm.layer" name="layer">2</field>
<field type="IntegerField" name="layer_source">0</field>
<field rel="ManyToOneRel" to="orm.release" name="release">2</field>
@@ -179,18 +211,25 @@
<field type="CharField" name="commit">HEAD</field>
<field type="CharField" name="dirpath">meta-poky</field>
</object>
- <object model="orm.layer_version" pk="7">
+ <object model="orm.layer_version" pk="8">
<field rel="ManyToOneRel" to="orm.layer" name="layer">2</field>
<field type="IntegerField" name="layer_source">0</field>
<field rel="ManyToOneRel" to="orm.release" name="release">3</field>
<field type="CharField" name="branch">master</field>
<field type="CharField" name="dirpath">meta-poky</field>
</object>
- <object model="orm.layer_version" pk="8">
+ <object model="orm.layer_version" pk="9">
<field rel="ManyToOneRel" to="orm.layer" name="layer">2</field>
<field type="IntegerField" name="layer_source">0</field>
<field rel="ManyToOneRel" to="orm.release" name="release">4</field>
- <field type="CharField" name="branch">gatesgarth</field>
+ <field type="CharField" name="branch">hardknott</field>
+ <field type="CharField" name="dirpath">meta-poky</field>
+ </object>
+ <object model="orm.layer_version" pk="10">
+ <field rel="ManyToOneRel" to="orm.layer" name="layer">2</field>
+ <field type="IntegerField" name="layer_source">0</field>
+ <field rel="ManyToOneRel" to="orm.release" name="release">5</field>
+ <field type="CharField" name="branch">honister</field>
<field type="CharField" name="dirpath">meta-poky</field>
</object>
@@ -202,14 +241,14 @@
<field type="CharField" name="vcs_web_tree_base_url">https://git.yoctoproject.org/cgit/cgit.cgi/poky/tree/%path%?h=%branch%</field>
<field type="CharField" name="vcs_web_file_base_url">https://git.yoctoproject.org/cgit/cgit.cgi/poky/tree/%path%?h=%branch%</field>
</object>
- <object model="orm.layer_version" pk="9">
+ <object model="orm.layer_version" pk="11">
<field rel="ManyToOneRel" to="orm.layer" name="layer">3</field>
<field type="IntegerField" name="layer_source">0</field>
<field rel="ManyToOneRel" to="orm.release" name="release">1</field>
<field type="CharField" name="branch">dunfell</field>
<field type="CharField" name="dirpath">meta-yocto-bsp</field>
</object>
- <object model="orm.layer_version" pk="10">
+ <object model="orm.layer_version" pk="12">
<field rel="ManyToOneRel" to="orm.layer" name="layer">3</field>
<field type="IntegerField" name="layer_source">0</field>
<field rel="ManyToOneRel" to="orm.release" name="release">2</field>
@@ -217,18 +256,25 @@
<field type="CharField" name="commit">HEAD</field>
<field type="CharField" name="dirpath">meta-yocto-bsp</field>
</object>
- <object model="orm.layer_version" pk="11">
+ <object model="orm.layer_version" pk="13">
<field rel="ManyToOneRel" to="orm.layer" name="layer">3</field>
<field type="IntegerField" name="layer_source">0</field>
<field rel="ManyToOneRel" to="orm.release" name="release">3</field>
<field type="CharField" name="branch">master</field>
<field type="CharField" name="dirpath">meta-yocto-bsp</field>
</object>
- <object model="orm.layer_version" pk="12">
+ <object model="orm.layer_version" pk="14">
<field rel="ManyToOneRel" to="orm.layer" name="layer">3</field>
<field type="IntegerField" name="layer_source">0</field>
<field rel="ManyToOneRel" to="orm.release" name="release">4</field>
- <field type="CharField" name="branch">gatesgarth</field>
+ <field type="CharField" name="branch">hardknott</field>
+ <field type="CharField" name="dirpath">meta-yocto-bsp</field>
+ </object>
+ <object model="orm.layer_version" pk="15">
+ <field rel="ManyToOneRel" to="orm.layer" name="layer">3</field>
+ <field type="IntegerField" name="layer_source">0</field>
+ <field rel="ManyToOneRel" to="orm.release" name="release">5</field>
+ <field type="CharField" name="branch">honister</field>
<field type="CharField" name="dirpath">meta-yocto-bsp</field>
</object>
</django-objects>
diff --git a/bitbake/lib/toaster/orm/fixtures/settings.xml b/bitbake/lib/toaster/orm/fixtures/settings.xml
index 78c0fdca7f..ab3ea021f5 100644
--- a/bitbake/lib/toaster/orm/fixtures/settings.xml
+++ b/bitbake/lib/toaster/orm/fixtures/settings.xml
@@ -19,7 +19,7 @@
<field type="CharField" name="value">${TOPDIR}/../sstate-cache</field>
</object>
<object model="orm.toastersetting" pk="6">
- <field type="CharField" name="name">DEFCONF_IMAGE_INSTALL_append</field>
+ <field type="CharField" name="name">DEFCONF_IMAGE_INSTALL:append</field>
<field type="CharField" name="value"></field>
</object>
<object model="orm.toastersetting" pk="7">
diff --git a/bitbake/lib/toaster/orm/models.py b/bitbake/lib/toaster/orm/models.py
index 4c94b407d7..6d772367d8 100644
--- a/bitbake/lib/toaster/orm/models.py
+++ b/bitbake/lib/toaster/orm/models.py
@@ -1717,7 +1717,7 @@ class CustomImageRecipe(Recipe):
def generate_recipe_file_contents(self):
"""Generate the contents for the recipe file."""
- # If we have no excluded packages we only need to _append
+ # If we have no excluded packages we only need to :append
if self.excludes_set.count() == 0:
packages_conf = "IMAGE_INSTALL:append = \" "
diff --git a/bitbake/lib/toaster/toastergui/templates/projectconf.html b/bitbake/lib/toaster/toastergui/templates/projectconf.html
index bd49f1f585..c74adf0a7e 100644
--- a/bitbake/lib/toaster/toastergui/templates/projectconf.html
+++ b/bitbake/lib/toaster/toastergui/templates/projectconf.html
@@ -73,7 +73,7 @@
{% if image_install_append_defined %}
<dt>
- <span class="js-config-var-name js-config-var-managed-name">IMAGE_INSTALL_append</span>
+ <span class="js-config-var-name js-config-var-managed-name">IMAGE_INSTALL:append</span>
<span class="glyphicon glyphicon-question-sign get-help" title="Specifies additional packages to install into an image. If your build creates more than one image, the packages will be installed in all of them"></span>
</dt>
<dd class="variable-list">
@@ -83,7 +83,7 @@
<form id="change-image_install-form" class="form-inline" style="display:none;">
<div class="row">
<div class="col-md-4">
- <span class="help-block">To set IMAGE_INSTALL_append to more than one package, type the package names separated by a space.</span>
+ <span class="help-block">To set IMAGE_INSTALL:append to more than one package, type the package names separated by a space.</span>
</div>
</div>
<div class="form-group">
@@ -771,10 +771,10 @@ $(document).ready(function() {
{% if image_install_append_defined %}
- // init IMAGE_INSTALL_append trash icon
+ // init IMAGE_INSTALL:append trash icon
setDeleteTooltip($('#delete-image_install-icon'));
- // change IMAGE_INSTALL_append variable
+ // change IMAGE_INSTALL:append variable
$('#change-image_install-icon').click(function() {
// preset the edit value
var current_val = $("span#image_install").text().trim();
@@ -814,7 +814,7 @@ $(document).ready(function() {
$('#apply-change-image_install').click(function(){
// insure these non-empty values have single space prefix
var value = " " + $('#new-image_install').val().trim();
- postEditAjaxRequest({"configvarChange" : 'IMAGE_INSTALL_append:'+value});
+ postEditAjaxRequest({"configvarChange" : 'IMAGE_INSTALL:append:'+value});
$('#image_install').text(value);
$('#image_install').removeClass('text-muted');
$("#change-image_install-form").slideUp(function () {
@@ -826,10 +826,10 @@ $(document).ready(function() {
});
});
- // delete IMAGE_INSTALL_append variable value
+ // delete IMAGE_INSTALL:append variable value
$('#delete-image_install-icon').click(function(){
$(this).tooltip('hide');
- postEditAjaxRequest({"configvarChange" : 'IMAGE_INSTALL_append:'+''});
+ postEditAjaxRequest({"configvarChange" : 'IMAGE_INSTALL:append:'+''});
$('#image_install').parent().fadeOut(1000, function(){
$('#image_install').addClass('text-muted');
$('#image_install').text('Not set');
@@ -1011,7 +1011,7 @@ $(document).ready(function() {
$(".save").attr("disabled","disabled");
// Reload page if admin-removed core managed value is manually added back in
- if (0 <= " DISTRO DL_DIR IMAGE_FSTYPES IMAGE_INSTALL_append PACKAGE_CLASSES SSTATE_DIR ".indexOf( " "+variable+" " )) {
+ if (0 <= " DISTRO DL_DIR IMAGE_FSTYPES IMAGE_INSTALL:append PACKAGE_CLASSES SSTATE_DIR ".indexOf( " "+variable+" " )) {
// delayed reload to avoid race condition with postEditAjaxRequest
do_reload=true;
}
diff --git a/documentation/bsp-guide/bsp.rst b/documentation/bsp-guide/bsp.rst
index 65652ff898..1cc92d721d 100644
--- a/documentation/bsp-guide/bsp.rst
+++ b/documentation/bsp-guide/bsp.rst
@@ -166,8 +166,9 @@ section.
#. *Determine the BSP Layer You Want:* The Yocto Project supports many
BSPs, which are maintained in their own layers or in layers designed
to contain several BSPs. To get an idea of machine support through
- BSP layers, you can look at the `index of
- machines <&YOCTO_RELEASE_DL_URL;/machines>`__ for the release.
+ BSP layers, you can look at the
+ :yocto_dl:`index of machines </releases/yocto/yocto-&DISTRO;/machines>`
+ for the release.
#. *Optionally Clone the meta-intel BSP Layer:* If your hardware is
based on current Intel CPUs and devices, you can leverage this BSP
@@ -877,7 +878,7 @@ Yocto Project:
your BSP layer as listed in the ``recipes.txt`` file, which is found
in ``poky/meta`` directory of the :term:`Source Directory`
or in the OpenEmbedded-Core Layer (``openembedded-core``) at
- https://git.openembedded.org/openembedded-core/tree/meta.
+ :oe_git:`/openembedded-core/tree/meta`.
You should place recipes (``*.bb`` files) and recipe modifications
(``*.bbappend`` files) into ``recipes-*`` subdirectories by
diff --git a/documentation/conf.py b/documentation/conf.py
index 8e0847938e..22d0dd604a 100644
--- a/documentation/conf.py
+++ b/documentation/conf.py
@@ -15,8 +15,27 @@
import os
import sys
import datetime
+try:
+ import yaml
+except ImportError:
+ sys.stderr.write("The Yocto Project Sphinx documentation requires PyYAML.\
+ \nPlease make sure to install pyyaml python package.\n")
+ sys.exit(1)
-current_version = "dev"
+# current_version = "dev"
+# bitbake_version = "" # Leave empty for development branch
+# Obtain versions from poky.yaml instead
+with open("poky.yaml") as data:
+ buff = data.read()
+ subst_vars = yaml.safe_load(buff)
+ if "DOCCONF_VERSION" not in subst_vars:
+ sys.stderr.write("Please set DOCCONF_VERSION in poky.yaml")
+ sys.exit(1)
+ current_version = subst_vars["DOCCONF_VERSION"]
+ if "BITBAKE_SERIES" not in subst_vars:
+ sys.stderr.write("Please set BITBAKE_SERIES in poky.yaml")
+ sys.exit(1)
+ bitbake_version = subst_vars["BITBAKE_SERIES"]
# String used in sidebar
version = 'Version: ' + current_version
@@ -90,7 +109,7 @@ extlinks = {
# Intersphinx config to use cross reference with Bitbake user manual
intersphinx_mapping = {
- 'bitbake': ('https://docs.yoctoproject.org/bitbake/', None)
+ 'bitbake': ('https://docs.yoctoproject.org/bitbake/' + bitbake_version, None)
}
# Suppress "WARNING: unknown mimetype for ..."
diff --git a/documentation/dev-manual/common-tasks.rst b/documentation/dev-manual/common-tasks.rst
index 4683b1c045..fa9cd58b37 100644
--- a/documentation/dev-manual/common-tasks.rst
+++ b/documentation/dev-manual/common-tasks.rst
@@ -4781,7 +4781,7 @@ configuration would be as follows::
require conf/multilib.conf
MULTILIBS = "multilib:lib32"
DEFAULTTUNE:virtclass-multilib-lib32 = "x86"
- IMAGE_INSTALL:append = "lib32-glib-2.0"
+ IMAGE_INSTALL:append = " lib32-glib-2.0"
This example enables an additional library named
``lib32`` alongside the normal target packages. When combining these
diff --git a/documentation/kernel-dev/common.rst b/documentation/kernel-dev/common.rst
index d42ca5f99a..631c46631e 100644
--- a/documentation/kernel-dev/common.rst
+++ b/documentation/kernel-dev/common.rst
@@ -1062,7 +1062,7 @@ Section.
contents::
FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
- SRC_URI:append = "file://0001-calibrate.c-Added-some-printk-statements.patch"
+ SRC_URI:append = " file://0001-calibrate.c-Added-some-printk-statements.patch"
The :term:`FILESEXTRAPATHS` and :term:`SRC_URI` statements
enable the OpenEmbedded build system to find the patch file.
diff --git a/documentation/migration-guides/migration-3.1.rst b/documentation/migration-guides/migration-3.1.rst
index 80b8f6baa5..a7614e5da4 100644
--- a/documentation/migration-guides/migration-3.1.rst
+++ b/documentation/migration-guides/migration-3.1.rst
@@ -55,8 +55,9 @@ Reproducible builds now enabled by default
In order to avoid unnecessary differences in output files (aiding binary
reproducibility), the Poky distribution configuration
-(``DISTRO = "poky"``) now inherits the ``reproducible_build`` class by
-default.
+(``DISTRO = "poky"``) now inherits the
+:ref:`reproducible-build <ref-classes-reproducible-build>` class
+by default.
.. _migration-3.1-ptest-feature-impact:
diff --git a/documentation/migration-guides/migration-3.4.rst b/documentation/migration-guides/migration-3.4.rst
index e83e936b74..8143cd4813 100644
--- a/documentation/migration-guides/migration-3.4.rst
+++ b/documentation/migration-guides/migration-3.4.rst
@@ -7,17 +7,18 @@ Project 3.4 Release (codename "honister") from the prior release.
Override syntax changes
-----------------------
-This release requires changes to the metadata to indicate where overrides are
-being used in variable key names. This is done with the ``:`` character replacing
-the use of ``_`` previously. This means that an entry like::
+In this release, the ``:`` character replaces the use of ``_`` to
+refer to an override, most commonly when making a conditional assignment
+of a variable. This means that an entry like::
SRC_URI_qemux86 = "file://somefile"
-becomes::
+now becomes::
SRC_URI:qemux86 = "file://somefile"
-since ``qemux86`` is an override. This applies to any use of override syntax so::
+since ``qemux86`` is an override. This applies to any use of override
+syntax, so the following::
SRC_URI_append = " file://somefile"
SRC_URI_append_qemux86 = " file://somefile2"
@@ -29,7 +30,7 @@ since ``qemux86`` is an override. This applies to any use of override syntax so:
SRCREV_pn-bash = "abc"
BB_TASK_NICE_LEVEL_task-testimage = '0'
-becomes::
+would now become::
SRC_URI:append = " file://somefile"
SRC_URI:append:qemux86 = " file://somefile2"
@@ -63,8 +64,8 @@ suffix to variables in ``layer.conf`` files such as :term:`BBFILE_PATTERN`,
may be the same as a :term:`DISTRO` override causing some confusion. We do
plan to try and improve consistency as these issues are identified.
-To help with migration of layers there is a script in OE-Core. Once configured
-with the overrides used by a layer, this can be run as::
+To help with migration of layers, a script has been provided in OE-Core.
+Once configured with the overrides used by a layer, this can be run as::
<oe-core>/scripts/contrib/convert-overrides.py <layerdir>
@@ -74,10 +75,198 @@ with the overrides used by a layer, this can be run as::
expected to handle every case. In particular, it needs to be told which overrides
the layer uses (usually machine and distro names/overrides) and the result should
be carefully checked since it can be a little enthusiastic and will convert
- references to ``_append``, ``_remove`` and ``_prepend`` in function and variables names.
+ references to ``_append``, ``_remove`` and ``_prepend`` in function and variable
+ names.
-For reference, this conversion is important as it allows BitBake to know what is
-an override and what is not. This should allow us to proceed with other syntax
-improvements and simplifications for usability. It also means bitbake no longer
-has to guess and maintain large lookup lists just in case ``functionname`` in
-``my_functionname`` is an override and this should improve efficiency.
+For reference, this conversion is important as it allows BitBake to more reliably
+determine what is an override and what is not, as underscores are also used in
+variable names without intending to be overrides. This should allow us to proceed
+with other syntax improvements and simplifications for usability. It also means
+BitBake no longer has to guess and maintain large lookup lists just in case
+e.g. ``functionname`` in ``my_functionname`` is an override, and thus should improve
+efficiency.
+
+
+New host dependencies
+---------------------
+
+The ``lz4c``, ``pzstd`` and ``zstd`` commands are now required to be
+installed on the build host to support LZ4 and Zstandard compression
+functionality. These are typically provided by ``lz4`` and ``zstd``
+packages in most Linux distributions. Alternatively they are available
+as part of ``buildtools-tarball`` if your distribution does not provide
+them. For more information see
+:ref:`ref-manual/system-requirements:required packages for the build host`.
+
+
+Removed recipes
+---------------
+
+The following recipes have been removed in this release:
+
+- ``assimp``: problematic from a licensing perspective and no longer
+ needed by anything else
+- ``clutter-1.0``: legacy component moved to meta-gnome
+- ``clutter-gst-3.0``: legacy component moved to meta-gnome
+- ``clutter-gtk-1.0``: legacy component moved to meta-gnome
+- ``cogl-1.0``: legacy component moved to meta-gnome
+- ``core-image-clutter``: removed along with clutter
+- ``linux-yocto``: removed version 5.4 recipes (5.14 and 5.10 still
+ provided)
+- ``mklibs-native``: not actively tested and upstream mklibs still
+ requires Python 2
+- ``mx-1.0``: obsolete (last release 2012) and isn't used by anything in
+ any known layer
+- ``packagegroup-core-clutter``: removed along with clutter
+
+
+Removed classes
+---------------
+
+- ``clutter``: moved to meta-gnome along with clutter itself
+- ``image-mklibs``: not actively tested and upstream mklibs still
+ requires Python 2
+- ``meta``: no longer useful. Recipes that need to skip installing
+ packages should inherit ``nopackages`` instead.
+
+
+Prelinking disabled by default
+------------------------------
+
+Recent tests have shown that prelinking works only when PIE is not
+enabled (see `here <https://rlbl.me/prelink-1>`__ and `here <https://rlbl.me/prelink-2>`__),
+and as PIE is both a desirable security feature, and the only
+configuration provided and tested by the Yocto Project, there is
+simply no sense in continuing to enable prelink.
+
+There's also a concern that no one is maintaining the code, and there
+are open bugs (including :yocto_bugs:`this serious one </show_bug.cgi?id=14429>`).
+Given that prelink does intricate address arithmetic and rewriting
+of binaries the best option is to disable the feature. It is recommended
+that you consider disabling this feature in your own configuration if
+it is currently enabled.
+
+
+Virtual runtime provides
+------------------------
+
+Recipes shouldn't use the ``virtual/`` string in :term:`RPROVIDES` and
+:term:`RDEPENDS` - it is confusing because ``virtual/`` has no special
+meaning in :term:`RPROVIDES` and :term:`RDEPENDS` (unlike in the
+corresponding build-time :term:`PROVIDES` and :term:`DEPENDS`).
+
+
+Tune files moved to architecture-specific directories
+-----------------------------------------------------
+
+The tune files found in ``conf/machine/include`` have now been moved
+into their respective architecture name directories under that same
+location; e.g. x86 tune files have moved into an ``x86`` subdirectory,
+MIPS tune files have moved into a ``mips`` subdirectory, etc.
+The ARM tunes have an extra level (``armv8a``, ``armv8m``, etc.) and
+some have been renamed to make them uniform with the rest of the tunes.
+See `this commit <http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=1d381f21f5f13aa0c4e1a45683ed656ebeedd37d>`__
+for reference.
+
+If you have any references to tune files (e.g. in custom machine
+configuration files) they will need to be updated.
+
+
+Extensible SDK host extension
+-----------------------------
+
+For a normal SDK, some layers append to :term:`TOOLCHAIN_HOST_TASK`
+unconditionally which is fine, until the eSDK tries to override the
+variable to its own values. Instead of installing packages specified
+in this variable it uses native recipes instead - a very different
+approach. This has led to confusing errors when binaries are added
+to the SDK but not relocated.
+
+To avoid these issues, a new :term:`TOOLCHAIN_HOST_TASK_ESDK` variable has
+been created. If you wish to extend what is installed in the host
+portion of the eSDK then you will now need to set this variable.
+
+
+Package/recipe splitting
+------------------------
+
+- ``perl-cross`` has been split out from the main ``perl`` recipe to
+ its own ``perlcross`` recipe for maintenance reasons. If you have
+ bbappends for the perl recipe then these may need extending.
+
+- The ``wayland`` recipe now packages its binaries in a
+ ``wayland-tools`` package rather than putting them into
+ ``wayland-dev``.
+
+- Xwayland has been split out of the xserver-xorg tree and thus is now
+ in its own ``xwayland`` recipe. If you need Xwayland in your image
+ then you may now need to add it explicitly.
+
+- The ``rpm`` package no longer has ``rpm-build`` in its :term:`RRECOMMENDS`;
+ if by chance you still need rpm package building functionality in
+ your image and you have not already done so then you should add
+ ``rpm-build`` to your image explicitly.
+
+- The Python ``statistics`` standard module is now packaged in its own
+ ``python3-statistics`` package instead of ``python3-misc`` as
+ previously.
+
+
+Image / SDK generation changes
+------------------------------
+
+- Recursive dependencies on the ``do_build`` task are now disabled when
+ building SDKs. These are generally not needed; in the unlikely event
+ that you do encounter problems then it will probably be as a result of
+ missing explicit dependencies that need to be added.
+
+- Errors during "complementary" package installation (e.g. for ``*-dbg``
+ and ``*-dev`` packages) during image construction are no longer
+ ignored. Historically some of these packages had installation problems,
+ that is no longer the case. In the unlikely event that you see errors
+ as a result, you will need to fix the installation/packaging issues.
+
+- When building an image, only packages that will be used in building
+ the image (i.e. the first entry in :term:`PACKAGE_CLASSES`) will be
+ produced if multiple package types are enabled (which is not a typical
+ configuration). If in your CI system you need to have the original
+ behaviour, use ``bitbake --runall build <target>``.
+
+- The ``-lic`` package is no longer automatically added to
+ :term:`RRECOMMENDS` for every other package when
+ :term:`LICENSE_CREATE_PACKAGE` is set to "1". If you wish all license
+ packages to be installed corresponding to packages in your image, then
+ you should instead add the new ``lic-pkgs`` feature to
+ :term:`IMAGE_FEATURES`.
+
+
+Miscellaneous
+-------------
+
+- Certificates are now properly checked when bitbake fetches sources
+ over HTTPS. If you receive errors as a result for your custom recipes,
+ you will need to use a mirror or address the issue with the operators
+ of the server in question.
+
+- ``avahi`` has had its GTK+ support disabled by default. If you wish to
+ re-enable it, set ``AVAHI_GTK = "gtk3"`` in a bbappend for the
+ ``avahi`` recipe or in your custom distro configuration file.
+
+- Setting the :term:`BUILD_REPRODUCIBLE_BINARIES` variable to "0" no longer
+ uses a strangely old fallback date of April 2011, it instead disables
+ building reproducible binaries as you would logically expect.
+
+- Setting noexec/nostamp/fakeroot varflags to any value besides "1" will
+ now trigger a warning. These should be either set to "1" to enable, or
+ not set at all to disable.
+
+- The previously deprecated ``COMPRESS_CMD`` and
+ ``CVE_CHECK_CVE_WHITELIST`` variables have been removed. Use
+ ``CONVERSION_CMD`` and :term:`CVE_CHECK_WHITELIST` respectively
+ instead.
+
+- The obsolete ``oe_machinstall`` function previously provided in the
+ :ref:`utils <ref-classes-utils>` class has been removed. For
+ machine-specific installation it is recommended that you use the
+ built-in override support in the fetcher or overrides in general
+ instead.
diff --git a/documentation/migration-guides/migration-general.rst b/documentation/migration-guides/migration-general.rst
index 182482ec43..9eecf69af8 100644
--- a/documentation/migration-guides/migration-general.rst
+++ b/documentation/migration-guides/migration-general.rst
@@ -1,5 +1,17 @@
+Introduction
+============
+
+This guide provides a list of the backwards-incompatible changes you
+might need to adapt to in your existing Yocto Project configuration
+when upgrading to a new release.
+
+If you are upgrading over multiple releases, you will need to follow
+the sections from the version following the one you were previously
+using up to the new version you are upgrading to.
+
+
General Migration Considerations
-================================
+--------------------------------
Some considerations are not tied to a specific Yocto Project release.
This section presents information you should consider when migrating to
@@ -26,16 +38,17 @@ any new Yocto Project release.
The better solution (where practical) is to use append files
(``*.bbappend``) to capture any customizations you want to make to a
- recipe. Doing so, isolates your changes from the main recipe making
+ recipe. Doing so isolates your changes from the main recipe, making
them much more manageable. However, sometimes it is not practical to
use an append file. A good example of this is when introducing a
newer or older version of a recipe in another layer.
+
- *Updating Append Files*:
- Since append files generally only contain
+ Since append (``.bbappend``) files generally only contain
your customizations, they often do not need to be adjusted for new
- releases. However, if the ``.bbappend`` file is specific to a
+ releases. However, if the append file is specific to a
particular version of the recipe (i.e. its name does not use the %
wildcard) and the version of the recipe to which it is appending has
changed, then you will at a minimum need to rename the append file to
@@ -50,5 +63,10 @@ any new Yocto Project release.
this is the case and assuming the patch is still needed, you must
modify the patch file so that it does apply.
+ .. tip::
+
+ You can list all append files used in your configuration by running:
+
+ bitbake-layers show-appends
diff --git a/documentation/overview-manual/yp-intro.rst b/documentation/overview-manual/yp-intro.rst
index 7aee9db04f..3ca81428cf 100644
--- a/documentation/overview-manual/yp-intro.rst
+++ b/documentation/overview-manual/yp-intro.rst
@@ -217,8 +217,8 @@ your Metadata, the easier it is to cope with future changes.
- Use Board Support Package (BSP) layers from silicon vendors when
possible.
- - Familiarize yourself with the `Yocto Project curated layer
- index <https://www.yoctoproject.org/software-overview/layers/>`__
+ - Familiarize yourself with the
+ :yocto_home:`Yocto Project curated layer index</software-overview/layers/>`
or the :oe_layerindex:`OpenEmbedded layer index <>`.
The latter contains more layers but they are less universally
validated.
diff --git a/documentation/poky.yaml b/documentation/poky.yaml
index feb792fb49..fc7ec9ec3c 100644
--- a/documentation/poky.yaml
+++ b/documentation/poky.yaml
@@ -1,12 +1,14 @@
-DISTRO : "3.3.3"
-DISTRO_NAME_NO_CAP : "hardknott"
-DISTRO_NAME : "Hardknott"
-DISTRO_NAME_NO_CAP_MINUS_ONE : "gatesgarth"
+DISTRO : "3.4.4"
+DISTRO_NAME_NO_CAP : "honister"
+DISTRO_NAME : "Honister"
+DISTRO_NAME_NO_CAP_MINUS_ONE : "hardknott"
DISTRO_NAME_NO_CAP_LTS : "dunfell"
-YOCTO_DOC_VERSION : "3.3.3"
-YOCTO_DOC_VERSION_MINUS_ONE : "3.2.4"
-DISTRO_REL_TAG : "yocto-3.3.3"
-POKYVERSION : "25.0.3"
+YOCTO_DOC_VERSION : "3.4.4"
+YOCTO_DOC_VERSION_MINUS_ONE : "3.3.6"
+DISTRO_REL_TAG : "yocto-3.4.4"
+DOCCONF_VERSION : "3.4.4"
+BITBAKE_SERIES : "1.52"
+POKYVERSION : "26.0.4"
YOCTO_POKY : "poky-&DISTRO_NAME_NO_CAP;-&POKYVERSION;"
YOCTO_DL_URL : "https://downloads.yoctoproject.org"
YOCTO_AB_URL : "https://autobuilder.yoctoproject.org"
@@ -14,23 +16,24 @@ YOCTO_RELEASE_DL_URL : "&YOCTO_DL_URL;/releases/yocto/yocto-&DISTRO;"
UBUNTU_HOST_PACKAGES_ESSENTIAL : "gawk wget git diffstat unzip texinfo gcc \
build-essential chrpath socat cpio python3 python3-pip python3-pexpect \
xz-utils debianutils iputils-ping python3-git python3-jinja2 libegl1-mesa libsdl1.2-dev \
- pylint3 xterm python3-subunit mesa-common-dev"
+ pylint3 xterm python3-subunit mesa-common-dev zstd liblz4-tool"
FEDORA_HOST_PACKAGES_ESSENTIAL : "gawk make wget tar bzip2 gzip python3 unzip perl patch \
diffutils diffstat git cpp gcc gcc-c++ glibc-devel texinfo chrpath \
ccache perl-Data-Dumper perl-Text-ParseWords perl-Thread-Queue perl-bignum socat \
python3-pexpect findutils which file cpio python python3-pip xz python3-GitPython \
python3-jinja2 SDL-devel xterm rpcgen mesa-libGL-devel perl-FindBin perl-File-Compare \
- perl-File-Copy perl-locale"
+ perl-File-Copy perl-locale zstd lz4"
OPENSUSE_HOST_PACKAGES_ESSENTIAL : "python gcc gcc-c++ git chrpath make wget python-xml \
diffstat makeinfo python-curses patch socat python3 python3-curses tar python3-pip \
- python3-pexpect xz which python3-Jinja2 Mesa-libEGL1 libSDL-devel xterm rpcgen Mesa-dri-devel
+ python3-pexpect xz which python3-Jinja2 Mesa-libEGL1 libSDL-devel xterm rpcgen Mesa-dri-devel \
+ zstd lz4
\n\ $ sudo pip3 install GitPython"
CENTOS7_HOST_PACKAGES_ESSENTIAL : "-y epel-release
\n\ $ sudo yum makecache
\n\ $ sudo yum install gawk make wget tar bzip2 gzip python3 unzip perl patch \
diffutils diffstat git cpp gcc gcc-c++ glibc-devel texinfo chrpath socat \
perl-Data-Dumper perl-Text-ParseWords perl-Thread-Queue python36-pip xz \
- which SDL-devel xterm mesa-libGL-devel
+ which SDL-devel xterm mesa-libGL-devel zstd lz4
\n\ $ sudo pip3 install GitPython jinja2"
CENTOS8_HOST_PACKAGES_ESSENTIAL : "-y epel-release
\n\ $ sudo dnf config-manager --set-enabled PowerTools
@@ -39,7 +42,7 @@ CENTOS8_HOST_PACKAGES_ESSENTIAL : "-y epel-release
diffutils diffstat git cpp gcc gcc-c++ glibc-devel texinfo chrpath ccache \
socat perl-Data-Dumper perl-Text-ParseWords perl-Thread-Queue python3-pip \
python3-GitPython python3-jinja2 python3-pexpect xz which SDL-devel xterm \
- rpcgen mesa-libGL-devel"
+ rpcgen mesa-libGL-devel zstd lz4"
PIP3_HOST_PACKAGES_DOC : "$ sudo pip3 install sphinx sphinx_rtd_theme pyyaml"
MIN_PYTHON_VERSION : "3.6.0"
MIN_TAR_VERSION : "1.28"
diff --git a/documentation/ref-manual/classes.rst b/documentation/ref-manual/classes.rst
index ffaad9bfc9..694e20ebc3 100644
--- a/documentation/ref-manual/classes.rst
+++ b/documentation/ref-manual/classes.rst
@@ -590,19 +590,25 @@ Here is an example that uses this class in an image recipe::
"
Here is an example that adds two users named "tester-jim" and "tester-sue" and assigns
-passwords::
+passwords. First on host, create the password hash::
+
+ mkpasswd -m sha256crypt tester01
+
+The resulting hash is set to a variable and used in ``useradd`` command parameters.
+Remember to escape the character ``$``::
inherit extrausers
+ PASSWD = "\$X\$ABC123\$A-Long-Hash"
EXTRA_USERS_PARAMS = "\
- useradd -P tester01 tester-jim; \
- useradd -P tester01 tester-sue; \
+ useradd -p '${PASSWD}' tester-jim; \
+ useradd -p '${PASSWD}' tester-sue; \
"
-Finally, here is an example that sets the root password to "1876*18"::
+Finally, here is an example that sets the root password::
inherit extrausers
EXTRA_USERS_PARAMS = "\
- usermod -P 1876*18 root; \
+ usermod -p '${PASSWD}' root; \
"
.. _ref-classes-features_check:
@@ -1494,15 +1500,6 @@ messages for various BitBake severity levels (i.e. ``bbplain``,
This class is enabled by default since it is inherited by the ``base``
class.
-.. _ref-classes-meta:
-
-``meta.bbclass``
-================
-
-The ``meta`` class is inherited by recipes that do not build any output
-packages themselves, but act as a "meta" target for building other
-recipes.
-
.. _ref-classes-metadata_scm:
``metadata_scm.bbclass``
@@ -2218,6 +2215,18 @@ commit, and log. From the information, report files using a JSON format
are created and stored in
``${``\ :term:`LOG_DIR`\ ``}/error-report``.
+.. _ref-classes-reproducible-build:
+
+``reproducible_build.bbclass``
+==============================
+
+The ``reproducible_build.bbclass`` class enables
+:ref:`test-manual/reproducible-builds:reproducible builds` by computing
+a :term:`SOURCE_DATE_EPOCH` value in each component's build environment, so
+that the build is independent from the time when the component was built.
+
+Poky inherits this class by default since version 3.1.
+
.. _ref-classes-rm-work:
``rm_work.bbclass``
diff --git a/documentation/ref-manual/system-requirements.rst b/documentation/ref-manual/system-requirements.rst
index d12e8dfbe3..6df59a1745 100644
--- a/documentation/ref-manual/system-requirements.rst
+++ b/documentation/ref-manual/system-requirements.rst
@@ -37,17 +37,13 @@ Supported Linux Distributions
Currently, the Yocto Project is supported on the following
distributions:
-- Ubuntu 16.04 (LTS)
-
- Ubuntu 18.04 (LTS)
- Ubuntu 20.04 (LTS)
-- Fedora 30
-
-- Fedora 31
+- Fedora 33
-- Fedora 32
+- Fedora 34
- CentOS 7.x
@@ -61,6 +57,7 @@ distributions:
- openSUSE Leap 15.1
+- openSUSE Leap 15.2
.. note::
@@ -323,7 +320,7 @@ If you would prefer not to use the ``install-buildtools`` script, you can instea
download and run a pre-built buildtools installer yourself with the following
steps:
-1. Locate and download the ``*.sh`` at &YOCTO_RELEASE_DL_URL;/buildtools/
+1. Locate and download the ``*.sh`` at :yocto_dl:`/releases/yocto/yocto-&DISTRO;/buildtools/`
2. Execute the installation script. Here is an example for the
traditional installer::
diff --git a/documentation/ref-manual/tasks.rst b/documentation/ref-manual/tasks.rst
index 4edae33392..2438c023b4 100644
--- a/documentation/ref-manual/tasks.rst
+++ b/documentation/ref-manual/tasks.rst
@@ -326,21 +326,19 @@ file as a patch file::
file://file;apply=yes \
"
-Conversely, if you have a directory full of patch files and you want to
-exclude some so that the ``do_patch`` task does not apply them during
-the patch phase, you can use the "apply=no" parameter with the
+Conversely, if you have a file whose file type is ``.patch`` or ``.diff``
+and you want to exclude it so that the ``do_patch`` task does not apply
+it during the patch phase, you can use the "apply=no" parameter with the
:term:`SRC_URI` statement::
SRC_URI = " \
git://path_to_repo/some_package \
- file://path_to_lots_of_patch_files \
- file://path_to_lots_of_patch_files/patch_file5;apply=no \
+ file://file1.patch \
+ file://file2.patch;apply=no \
"
-In the
-previous example, assuming all the files in the directory holding the
-patch files end with either ``.patch`` or ``.diff``, every file would be
-applied as a patch by default except for the ``patch_file5`` patch.
+In the previous example ``file1.patch`` would be applied as a patch by default
+while ``file2.patch`` would not be applied.
You can find out more about the patching process in the
":ref:`overview-manual/concepts:patching`" section in
diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst
index 85f65cae35..7aef27337e 100644
--- a/documentation/ref-manual/variables.rst
+++ b/documentation/ref-manual/variables.rst
@@ -906,6 +906,19 @@ system and gives an overview of their function and contents.
:term:`TARGET_PREFIX` when building for
``native`` recipes.
+ :term:`BUILD_REPRODUCIBLE_BINARIES`
+ This variable allows the image building classes and recipes to produce
+ :ref:`reproducible binaries <test-manual/reproducible-builds:reproducible builds>`
+
+ If you inherit the
+ :ref:`reproducible-build <ref-classes-reproducible-build>` class,
+ which is the case of the Poky reference distribution, this sets this
+ variable to "1".
+
+ If your build inherits this classs but you wish to disable reproducible
+ binary generation for specific packages or images, you can set this
+ variable to "0" in the corresponding recipes.
+
:term:`BUILD_STRIP`
Specifies the command to be used to strip debugging symbols from
binaries produced for the build host. By default, :term:`BUILD_STRIP`
@@ -3966,10 +3979,10 @@ system and gives an overview of their function and contents.
statements add specific configurations to targeted machine types::
KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc features/taskstats/taskstats.scc"
- KERNEL_FEATURES:append = "${KERNEL_EXTRA_FEATURES}"
- KERNEL_FEATURES:append:qemuall = "cfg/virtio.scc"
+ KERNEL_FEATURES:append = " ${KERNEL_EXTRA_FEATURES}"
+ KERNEL_FEATURES:append:qemuall = " cfg/virtio.scc"
KERNEL_FEATURES:append:qemux86 = " cfg/sound.scc cfg/paravirt_kvm.scc"
- KERNEL_FEATURES:append:qemux86-64 = "cfg/sound.scc"
+ KERNEL_FEATURES:append:qemux86-64 = " cfg/sound.scc"
:term:`KERNEL_FIT_LINK_NAME`
The link name of the kernel flattened image tree (FIT) image. This
@@ -4157,7 +4170,7 @@ system and gives an overview of their function and contents.
SRCREV_machine:core2-32-intel-common = "43b9eced9ba8a57add36af07736344dcc383f711"
KMACHINE:core2-32-intel-common = "intel-core2-32"
KBRANCH:core2-32-intel-common = "standard/base"
- KERNEL_FEATURES:append:core2-32-intel-common = "${KERNEL_FEATURES_INTEL_COMMON}"
+ KERNEL_FEATURES:append:core2-32-intel-common = " ${KERNEL_FEATURES_INTEL_COMMON}"
The :term:`KMACHINE` statement says
that the kernel understands the machine name as "intel-core2-32".
@@ -6925,6 +6938,23 @@ system and gives an overview of their function and contents.
You will see this variable referenced in the default values of
``FILES:${PN}-dev``.
+ :term:`SOURCE_DATE_EPOCH`
+ This defines a date expressed in number of seconds since
+ the UNIX EPOCH (01 Jan 1970 00:00:00 UTC), which is used by
+ multiple build systems to force a timestamp in built binaries.
+ Many upstream projects already support this variable.
+
+ You will find more details in the `official specifications
+ <https://reproducible-builds.org/specs/source-date-epoch/>`__.
+
+ A value for each recipe is computed from the sources by
+ the :ref:`reproducible-build <ref-classes-reproducible-build>` class.
+
+ If a recipe wishes to override the default behavior, it should set its
+ own :term:`SOURCE_DATE_EPOCH` value::
+
+ SOURCE_DATE_EPOCH = "1613559011"
+
:term:`SOURCE_MIRROR_FETCH`
When you are fetching files to create a mirror of sources (i.e.
creating a source mirror), setting :term:`SOURCE_MIRROR_FETCH` to "1" in
@@ -8158,6 +8188,15 @@ system and gives an overview of their function and contents.
information on setting up a cross-development environment, see the
:doc:`/sdk-manual/index` manual.
+ Note that this variable applies to building an SDK, not an eSDK,
+ in which case the term:`TOOLCHAIN_HOST_TASK_ESDK` setting should be
+ used instead.
+
+ :term:`TOOLCHAIN_HOST_TASK_ESDK`
+ This variable allows to extend what is installed in the host
+ portion of an eSDK. This is similar to :term:`TOOLCHAIN_HOST_TASK`
+ applying to SDKs.
+
:term:`TOOLCHAIN_OUTPUTNAME`
This variable defines the name used for the toolchain output. The
:ref:`populate_sdk_base <ref-classes-populate-sdk-*>` class sets
diff --git a/documentation/releases.rst b/documentation/releases.rst
index bb881a2e24..7a71ac4087 100644
--- a/documentation/releases.rst
+++ b/documentation/releases.rst
@@ -4,6 +4,15 @@
Supported Release Manuals
===========================
+*****************************
+Release Series 3.4 (honister)
+*****************************
+
+- :yocto_docs:`3.4 Documentation </3.4>`
+- :yocto_docs:`3.4.1 Documentation </3.4.1>`
+- :yocto_docs:`3.4.2 Documentation </3.4.2>`
+- :yocto_docs:`3.4.3 Documentation </3.4.3>`
+
******************************
Release Series 3.3 (hardknott)
******************************
@@ -11,17 +20,9 @@ Release Series 3.3 (hardknott)
- :yocto_docs:`3.3 Documentation </3.3>`
- :yocto_docs:`3.3.1 Documentation </3.3.1>`
- :yocto_docs:`3.3.2 Documentation </3.3.2>`
-- :yocto_docs:`3.3.2 Documentation </3.3.3>`
-
-*******************************
-Release Series 3.2 (gatesgarth)
-*******************************
-
-- :yocto_docs:`3.2 Documentation </3.2>`
-- :yocto_docs:`3.2.1 Documentation </3.2.1>`
-- :yocto_docs:`3.2.2 Documentation </3.2.2>`
-- :yocto_docs:`3.2.3 Documentation </3.2.3>`
-- :yocto_docs:`3.2.4 Documentation </3.2.4>`
+- :yocto_docs:`3.3.3 Documentation </3.3.3>`
+- :yocto_docs:`3.3.4 Documentation </3.3.4>`
+- :yocto_docs:`3.3.5 Documentation </3.3.5>`
****************************
Release Series 3.1 (dunfell)
@@ -39,11 +40,24 @@ Release Series 3.1 (dunfell)
- :yocto_docs:`3.1.9 Documentation </3.1.9>`
- :yocto_docs:`3.1.10 Documentation </3.1.10>`
- :yocto_docs:`3.1.11 Documentation </3.1.11>`
+- :yocto_docs:`3.1.12 Documentation </3.1.12>`
+- :yocto_docs:`3.1.13 Documentation </3.1.13>`
+- :yocto_docs:`3.1.14 Documentation </3.1.14>`
==========================
Outdated Release Manuals
==========================
+*******************************
+Release Series 3.2 (gatesgarth)
+*******************************
+
+- :yocto_docs:`3.2 Documentation </3.2>`
+- :yocto_docs:`3.2.1 Documentation </3.2.1>`
+- :yocto_docs:`3.2.2 Documentation </3.2.2>`
+- :yocto_docs:`3.2.3 Documentation </3.2.3>`
+- :yocto_docs:`3.2.4 Documentation </3.2.4>`
+
*************************
Release Series 3.0 (zeus)
*************************
diff --git a/documentation/sphinx-static/switchers.js b/documentation/sphinx-static/switchers.js
index 1e37b625a6..feea5f2abf 100644
--- a/documentation/sphinx-static/switchers.js
+++ b/documentation/sphinx-static/switchers.js
@@ -2,10 +2,11 @@
'use strict';
var all_versions = {
- 'dev': 'dev (3.4)',
- '3.3.3': '3.3.3',
+ 'dev': 'dev (3.5)',
+ '3.4.2': '3.4.2',
+ '3.3.5': '3.3.5',
'3.2.4': '3.2.4',
- '3.1.11': '3.1.11',
+ '3.1.14': '3.1.14',
'3.0.4': '3.0.4',
'2.7.4': '2.7.4',
};
diff --git a/documentation/test-manual/reproducible-builds.rst b/documentation/test-manual/reproducible-builds.rst
index 349cd1953e..01980d083e 100644
--- a/documentation/test-manual/reproducible-builds.rst
+++ b/documentation/test-manual/reproducible-builds.rst
@@ -44,6 +44,18 @@ same.
before finalizing your production images. It would be too late if you
only address this issue when the first updates are required.
+================
+How to enable it
+================
+
+You can enable build reproducibility by inheriting the
+:ref:`reproducible-build <ref-classes-reproducible-build>` class
+in the configuration for your distribution.
+
+This is what the Poky reference distribution does::
+
+ INHERIT += "reproducible_build"
+
===================
How we implement it
===================
diff --git a/meta-poky/conf/distro/include/gcsections.inc b/meta-poky/conf/distro/include/gcsections.inc
index 886a005b34..a1f8651ae9 100644
--- a/meta-poky/conf/distro/include/gcsections.inc
+++ b/meta-poky/conf/distro/include/gcsections.inc
@@ -16,6 +16,8 @@ LDFLAGS_SECTION_REMOVAL:pn-grub = ""
# SDK packages with build problems using sections
CFLAGS_SECTION_REMOVAL:pn-nativesdk-glibc = ""
LDFLAGS_SECTION_REMOVAL:pn-nativesdk-glibc = ""
+CFLAGS_SECTION_REMOVAL:pn-nativesdk-cairo = ""
+LDFLAGS_SECTION_REMOVAL:pn-nativesdk-cairo = ""
CFLAGS_SECTION_REMOVAL:pn-nativesdk-mingw-w64-runtime = ""
LDFLAGS_SECTION_REMOVAL:pn-nativesdk-mingw-w64-runtime = ""
CFLAGS_SECTION_REMOVAL:pn-nativesdk-perl = ""
diff --git a/meta-poky/conf/distro/poky.conf b/meta-poky/conf/distro/poky.conf
index da6cc86103..6a21404a87 100644
--- a/meta-poky/conf/distro/poky.conf
+++ b/meta-poky/conf/distro/poky.conf
@@ -1,6 +1,6 @@
DISTRO = "poky"
DISTRO_NAME = "Poky (Yocto Project Reference Distro)"
-DISTRO_VERSION = "3.4"
+DISTRO_VERSION = "3.4.4"
DISTRO_CODENAME = "honister"
SDK_VENDOR = "-pokysdk"
SDK_VERSION = "${@d.getVar('DISTRO_VERSION').replace('snapshot-${METADATA_REVISION}', 'snapshot')}"
diff --git a/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb b/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb
index 07b83276fb..8a27e3a791 100644
--- a/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb
+++ b/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb
@@ -11,7 +11,7 @@ SRCREV = "1a3e1343761b30750bed70e0fd688f6d3c7b3717"
PV = "0.1+git${SRCPV}"
PR = "r2"
-SRC_URI = "git://git.yoctoproject.org/dbus-wait"
+SRC_URI = "git://git.yoctoproject.org/dbus-wait;branch=master"
UPSTREAM_CHECK_COMMITS = "1"
RECIPE_NO_UPDATE_REASON = "This recipe is used to test devtool upgrade feature"
diff --git a/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb.upgraded b/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb.upgraded
index 32ec4b14fa..fbe90d6c6b 100644
--- a/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb.upgraded
+++ b/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb.upgraded
@@ -10,7 +10,7 @@ DEPENDS = "dbus"
SRCREV = "6cc6077a36fe2648a5f993fe7c16c9632f946517"
PV = "0.1+git${SRCPV}"
-SRC_URI = "git://git.yoctoproject.org/dbus-wait"
+SRC_URI = "git://git.yoctoproject.org/dbus-wait;branch=master"
UPSTREAM_CHECK_COMMITS = "1"
RECIPE_NO_UPDATE_REASON = "This recipe is used to test devtool upgrade feature"
diff --git a/meta-selftest/recipes-test/git-submodule-test/git-submodule-test.bb b/meta-selftest/recipes-test/git-submodule-test/git-submodule-test.bb
index 9429564df4..fa3041b7d8 100644
--- a/meta-selftest/recipes-test/git-submodule-test/git-submodule-test.bb
+++ b/meta-selftest/recipes-test/git-submodule-test/git-submodule-test.bb
@@ -5,5 +5,20 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda
INHIBIT_DEFAULT_DEPS = "1"
-SRC_URI = "gitsm://git.yoctoproject.org/git-submodule-test"
+SRC_URI = "gitsm://git.yoctoproject.org/git-submodule-test;branch=master"
SRCREV = "a2885dd7d25380d23627e7544b7bbb55014b16ee"
+
+S = "${WORKDIR}/git"
+
+do_test_git_as_user() {
+ cd ${S}
+ git status
+}
+addtask test_git_as_user after do_unpack
+
+fakeroot do_test_git_as_root() {
+ cd ${S}
+ git status
+}
+do_test_git_as_root[depends] += "virtual/fakeroot-native:do_populate_sysroot"
+addtask test_git_as_root after do_unpack
diff --git a/meta-selftest/recipes-test/gitrepotest/gitrepotest.bb b/meta-selftest/recipes-test/gitrepotest/gitrepotest.bb
new file mode 100644
index 0000000000..f1b6c55833
--- /dev/null
+++ b/meta-selftest/recipes-test/gitrepotest/gitrepotest.bb
@@ -0,0 +1,16 @@
+SUMMARY = "Test recipe for git repo initialization"
+HOMEPAGE = "https://git.yoctoproject.org/git/matchbox-panel-2"
+LICENSE = "GPL-2.0-or-later"
+LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
+
+INHIBIT_DEFAULT_DEPS = "1"
+
+PATCHTOOL="git"
+
+SRC_URI = "git://git.yoctoproject.org/git/matchbox-panel-2;branch=master;protocol=https \
+ file://0001-testpatch.patch \
+ "
+
+SRCREV = "f82ca3f42510fb3ef10f598b393eb373a2c34ca7"
+
+S = "${WORKDIR}/git"
diff --git a/meta-selftest/recipes-test/gitrepotest/gitrepotest/0001-testpatch.patch b/meta-selftest/recipes-test/gitrepotest/gitrepotest/0001-testpatch.patch
new file mode 100644
index 0000000000..bccda17ee9
--- /dev/null
+++ b/meta-selftest/recipes-test/gitrepotest/gitrepotest/0001-testpatch.patch
@@ -0,0 +1,9 @@
+diff --git a/Makefile.am b/Makefile.am
+index 432a9b4..bbf7c74 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -1,3 +1,4 @@
++## This is useless comment to test if patch works
+ ACLOCAL_AMFLAGS = -I m4
+
+ SUBDIRS = matchbox-panel applets data po
diff --git a/meta-selftest/recipes-test/recipeutils/recipeutils-test_1.2.bb b/meta-selftest/recipes-test/recipeutils/recipeutils-test_1.2.bb
index 062d6a7a05..ad9f475d15 100644
--- a/meta-selftest/recipes-test/recipeutils/recipeutils-test_1.2.bb
+++ b/meta-selftest/recipes-test/recipeutils/recipeutils-test_1.2.bb
@@ -2,7 +2,7 @@ SUMMARY = "Test recipe for recipeutils.patch_recipe()"
require recipeutils-test.inc
-LICENSE = "Proprietary"
+LICENSE = "HPND"
LIC_FILES_CHKSUM = "file://${WORKDIR}/somefile;md5=d41d8cd98f00b204e9800998ecf8427e"
DEPENDS += "zlib"
diff --git a/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.10.bbappend b/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.10.bbappend
index a7ef143dc9..94192afffe 100644
--- a/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.10.bbappend
+++ b/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.10.bbappend
@@ -7,17 +7,17 @@ KMACHINE:genericx86 ?= "common-pc"
KMACHINE:genericx86-64 ?= "common-pc-64"
KMACHINE:beaglebone-yocto ?= "beaglebone"
-SRCREV_machine:genericx86 ?= "164ed895bc1e94722e80fe6496b176f6bb815cd4"
-SRCREV_machine:genericx86-64 ?= "164ed895bc1e94722e80fe6496b176f6bb815cd4"
-SRCREV_machine:edgerouter ?= "4ab94e777d8b41ee1ee4c279259e9733bc8049b1"
-SRCREV_machine:beaglebone-yocto ?= "941cc9c3849f96f7eaf109b1e35e05ba366aca56"
+SRCREV_machine:genericx86 ?= "a8b4c628f382412e5e7df5750f2be711df95fa06"
+SRCREV_machine:genericx86-64 ?= "a8b4c628f382412e5e7df5750f2be711df95fa06"
+SRCREV_machine:edgerouter ?= "43577894d2295a92fce760dc403b97527fb55835"
+SRCREV_machine:beaglebone-yocto ?= "8038166b729c192d06f1eb37ab6868a5769f8bc5"
COMPATIBLE_MACHINE:genericx86 = "genericx86"
COMPATIBLE_MACHINE:genericx86-64 = "genericx86-64"
COMPATIBLE_MACHINE:edgerouter = "edgerouter"
COMPATIBLE_MACHINE:beaglebone-yocto = "beaglebone-yocto"
-LINUX_VERSION:genericx86 = "5.10.63"
-LINUX_VERSION:genericx86-64 = "5.10.63"
-LINUX_VERSION:edgerouter = "5.10.63"
-LINUX_VERSION:beaglebone-yocto = "5.10.63"
+LINUX_VERSION:genericx86 = "5.10.113"
+LINUX_VERSION:genericx86-64 = "5.10.113"
+LINUX_VERSION:edgerouter = "5.10.113"
+LINUX_VERSION:beaglebone-yocto = "5.10.113"
diff --git a/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.14.bbappend b/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.14.bbappend
index 52371ff66a..af4a7392f0 100644
--- a/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.14.bbappend
+++ b/meta-yocto-bsp/recipes-kernel/linux/linux-yocto_5.14.bbappend
@@ -7,8 +7,8 @@ KMACHINE:genericx86 ?= "common-pc"
KMACHINE:genericx86-64 ?= "common-pc-64"
KMACHINE:beaglebone-yocto ?= "beaglebone"
-SRCREV_machine:genericx86 ?= "7ae156be3bdbf033839f7f3ec2e9a0ffffb18818"
-SRCREV_machine:genericx86-64 ?= "7ae156be3bdbf033839f7f3ec2e9a0ffffb18818"
+SRCREV_machine:genericx86 ?= "9d5572038eacda2e2a86e3f743f35ec415319fb4"
+SRCREV_machine:genericx86-64 ?= "9d5572038eacda2e2a86e3f743f35ec415319fb4"
SRCREV_machine:edgerouter ?= "7ae156be3bdbf033839f7f3ec2e9a0ffffb18818"
SRCREV_machine:beaglebone-yocto ?= "7ae156be3bdbf033839f7f3ec2e9a0ffffb18818"
@@ -17,7 +17,7 @@ COMPATIBLE_MACHINE:genericx86-64 = "genericx86-64"
COMPATIBLE_MACHINE:edgerouter = "edgerouter"
COMPATIBLE_MACHINE:beaglebone-yocto = "beaglebone-yocto"
-LINUX_VERSION:genericx86 = "5.14.6"
-LINUX_VERSION:genericx86-64 = "5.14.6"
+LINUX_VERSION:genericx86 = "5.14.21"
+LINUX_VERSION:genericx86-64 = "5.14.21"
LINUX_VERSION:edgerouter = "5.14.6"
LINUX_VERSION:beaglebone-yocto = "5.14.6"
diff --git a/meta/classes/base.bbclass b/meta/classes/base.bbclass
index 340ebe7d78..070341d1aa 100644
--- a/meta/classes/base.bbclass
+++ b/meta/classes/base.bbclass
@@ -122,6 +122,10 @@ def setup_hosttools_dir(dest, toolsvar, d, fatal=True):
tools = d.getVar(toolsvar).split()
origbbenv = d.getVar("BB_ORIGENV", False)
path = origbbenv.getVar("PATH")
+ # Need to ignore our own scripts directories to avoid circular links
+ for p in path.split(":"):
+ if p.endswith("/scripts"):
+ path = path.replace(p, "/ignoreme")
bb.utils.mkdirhier(dest)
notfound = []
for tool in tools:
diff --git a/meta/classes/buildhistory.bbclass b/meta/classes/buildhistory.bbclass
index a613306270..810c4fae73 100644
--- a/meta/classes/buildhistory.bbclass
+++ b/meta/classes/buildhistory.bbclass
@@ -442,11 +442,16 @@ def buildhistory_list_installed(d, rootfs_type="image"):
else:
pkgs = sdk_list_installed_packages(d, rootfs_type == "sdk_target")
+ if rootfs_type == "sdk_host":
+ pkgdata_dir = d.getVar('PKGDATA_DIR_SDK')
+ else:
+ pkgdata_dir = d.getVar('PKGDATA_DIR')
+
for output_type, output_file in process_list:
output_file_full = os.path.join(d.getVar('WORKDIR'), output_file)
with open(output_file_full, 'w') as output:
- output.write(format_pkg_list(pkgs, output_type, d.getVar('PKGDATA_DIR')))
+ output.write(format_pkg_list(pkgs, output_type, pkgdata_dir))
python buildhistory_list_installed_image() {
buildhistory_list_installed(d)
@@ -496,13 +501,19 @@ buildhistory_get_installed() {
echo "}" >> $1/depends.dot
rm $1/depends.tmp
+ # Set correct pkgdatadir
+ pkgdatadir=${PKGDATA_DIR}
+ if [ "$2" == "sdk" ] && [ "$3" == "host" ]; then
+ pkgdatadir="${PKGDATA_DIR_SDK}"
+ fi
+
# Produce installed package sizes list
- oe-pkgdata-util -p ${PKGDATA_DIR} read-value "PKGSIZE" -n -f $pkgcache > $1/installed-package-sizes.tmp
+ oe-pkgdata-util -p $pkgdatadir read-value "PKGSIZE" -n -f $pkgcache > $1/installed-package-sizes.tmp
cat $1/installed-package-sizes.tmp | awk '{print $2 "\tKiB\t" $1}' | sort -n -r > $1/installed-package-sizes.txt
rm $1/installed-package-sizes.tmp
# Produce package info: runtime_name, buildtime_name, recipe, version, size
- oe-pkgdata-util -p ${PKGDATA_DIR} read-value "PACKAGE,PN,PV,PKGSIZE" -n -f $pkgcache > $1/installed-package-info.tmp
+ oe-pkgdata-util -p $pkgdatadir read-value "PACKAGE,PN,PV,PKGSIZE" -n -f $pkgcache > $1/installed-package-info.tmp
cat $1/installed-package-info.tmp | sort -n -r -k 5 > $1/installed-package-info.txt
rm $1/installed-package-info.tmp
@@ -542,7 +553,7 @@ buildhistory_get_sdk_installed() {
return
fi
- buildhistory_get_installed ${BUILDHISTORY_DIR_SDK}/$1 sdk
+ buildhistory_get_installed ${BUILDHISTORY_DIR_SDK}/$1 sdk $1
}
buildhistory_get_sdk_installed_host() {
@@ -773,7 +784,7 @@ def buildhistory_get_imagevars(d):
def buildhistory_get_sdkvars(d):
if d.getVar('BB_WORKERCONTEXT') != '1':
return ""
- sdkvars = "DISTRO DISTRO_VERSION SDK_NAME SDK_VERSION SDKMACHINE SDKIMAGE_FEATURES BAD_RECOMMENDATIONS NO_RECOMMENDATIONS PACKAGE_EXCLUDE"
+ sdkvars = "DISTRO DISTRO_VERSION SDK_NAME SDK_VERSION SDKMACHINE SDKIMAGE_FEATURES TOOLCHAIN_HOST_TASK TOOLCHAIN_TARGET_TASK BAD_RECOMMENDATIONS NO_RECOMMENDATIONS PACKAGE_EXCLUDE"
if d.getVar('BB_CURRENTTASK') == 'populate_sdk_ext':
# Extensible SDK uses some additional variables
sdkvars += " SDK_LOCAL_CONF_WHITELIST SDK_LOCAL_CONF_BLACKLIST SDK_INHERIT_BLACKLIST SDK_UPDATE_URL SDK_EXT_TYPE SDK_RECRDEP_TASKS SDK_INCLUDE_PKGDATA SDK_INCLUDE_TOOLCHAIN"
@@ -968,23 +979,19 @@ def write_latest_srcrev(d, pkghistdir):
value = value.replace('"', '').strip()
old_tag_srcrevs[key] = value
with open(srcrevfile, 'w') as f:
- orig_srcrev = d.getVar('SRCREV', False) or 'INVALID'
- if orig_srcrev != 'INVALID':
- f.write('# SRCREV = "%s"\n' % orig_srcrev)
- if len(srcrevs) > 1:
- for name, srcrev in sorted(srcrevs.items()):
- orig_srcrev = d.getVar('SRCREV_%s' % name, False)
- if orig_srcrev:
- f.write('# SRCREV_%s = "%s"\n' % (name, orig_srcrev))
- f.write('SRCREV_%s = "%s"\n' % (name, srcrev))
- else:
- f.write('SRCREV = "%s"\n' % next(iter(srcrevs.values())))
- if len(tag_srcrevs) > 0:
- for name, srcrev in sorted(tag_srcrevs.items()):
- f.write('# tag_%s = "%s"\n' % (name, srcrev))
- if name in old_tag_srcrevs and old_tag_srcrevs[name] != srcrev:
- pkg = d.getVar('PN')
- bb.warn("Revision for tag %s in package %s was changed since last build (from %s to %s)" % (name, pkg, old_tag_srcrevs[name], srcrev))
+ for name, srcrev in sorted(srcrevs.items()):
+ suffix = "_" + name
+ if name == "default":
+ suffix = ""
+ orig_srcrev = d.getVar('SRCREV%s' % suffix, False)
+ if orig_srcrev:
+ f.write('# SRCREV%s = "%s"\n' % (suffix, orig_srcrev))
+ f.write('SRCREV%s = "%s"\n' % (suffix, srcrev))
+ for name, srcrev in sorted(tag_srcrevs.items()):
+ f.write('# tag_%s = "%s"\n' % (name, srcrev))
+ if name in old_tag_srcrevs and old_tag_srcrevs[name] != srcrev:
+ pkg = d.getVar('PN')
+ bb.warn("Revision for tag %s in package %s was changed since last build (from %s to %s)" % (name, pkg, old_tag_srcrevs[name], srcrev))
else:
if os.path.exists(srcrevfile):
diff --git a/meta/classes/crate-fetch.bbclass b/meta/classes/crate-fetch.bbclass
index c0ed434a96..04d76c0de8 100644
--- a/meta/classes/crate-fetch.bbclass
+++ b/meta/classes/crate-fetch.bbclass
@@ -7,7 +7,25 @@
# crate://<packagename>/<version>
#
-python () {
- import crate
- bb.fetch2.methods.append( crate.Crate() )
+def import_crate(d):
+ import crate
+ if not getattr(crate, 'imported', False):
+ bb.fetch2.methods.append(crate.Crate())
+ crate.imported = True
+
+python crate_import_handler() {
+ import_crate(d)
}
+
+addhandler crate_import_handler
+crate_import_handler[eventmask] = "bb.event.RecipePreFinalise"
+
+def crate_get_srcrev(d):
+ import_crate(d)
+ srcuri = d.getVar("SRC_URI")
+ if "crate://" not in srcuri and "git://" not in srcuri:
+ return "Invalid"
+ return bb.fetch2.get_srcrev(d)
+
+# Override SRCPV to make sure it imports the fetcher first
+SRCPV = "${@crate_get_srcrev(d)}"
diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass
index 739b46e9b3..0a4db80aba 100644
--- a/meta/classes/create-spdx.bbclass
+++ b/meta/classes/create-spdx.bbclass
@@ -28,6 +28,8 @@ SPDX_NAMESPACE_PREFIX ??= "http://spdx.org/spdxdoc"
SPDX_LICENSES ??= "${COREBASE}/meta/files/spdx-licenses.json"
+SPDX_ORG ??= "OpenEmbedded ()"
+
do_image_complete[depends] = "virtual/kernel:do_create_spdx"
def get_doc_namespace(d, doc):
@@ -35,15 +37,24 @@ def get_doc_namespace(d, doc):
namespace_uuid = uuid.uuid5(uuid.NAMESPACE_DNS, d.getVar("SPDX_UUID_NAMESPACE"))
return "%s/%s-%s" % (d.getVar("SPDX_NAMESPACE_PREFIX"), doc.name, str(uuid.uuid5(namespace_uuid, doc.name)))
+def create_annotation(d, comment):
+ from datetime import datetime, timezone
+
+ creation_time = datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
+ annotation = oe.spdx.SPDXAnnotation()
+ annotation.annotationDate = creation_time
+ annotation.annotationType = "OTHER"
+ annotation.annotator = "Tool: %s - %s" % (d.getVar("SPDX_TOOL_NAME"), d.getVar("SPDX_TOOL_VERSION"))
+ annotation.comment = comment
+ return annotation
+
def recipe_spdx_is_native(d, recipe):
return any(a.annotationType == "OTHER" and
a.annotator == "Tool: %s - %s" % (d.getVar("SPDX_TOOL_NAME"), d.getVar("SPDX_TOOL_VERSION")) and
a.comment == "isNative" for a in recipe.annotations)
-def is_work_shared(d):
- pn = d.getVar('PN')
- return bb.data.inherits_class('kernel', d) or pn.startswith('gcc-source')
-
+def is_work_shared_spdx(d):
+ return bb.data.inherits_class('kernel', d) or ('work-shared' in d.getVar('WORKDIR'))
python() {
import json
@@ -81,7 +92,7 @@ def convert_license_to_spdx(lic, document, d, existing={}):
extracted_info.extractedText = "Software released to the public domain"
elif name in available_licenses:
# This license can be found in COMMON_LICENSE_DIR or LICENSE_PATH
- for directory in [d.getVar('COMMON_LICENSE_DIR')] + d.getVar('LICENSE_PATH').split():
+ for directory in [d.getVar('COMMON_LICENSE_DIR')] + (d.getVar('LICENSE_PATH') or '').split():
try:
with (Path(directory) / name).open(errors="replace") as f:
extracted_info.extractedText = f.read()
@@ -134,7 +145,6 @@ def convert_license_to_spdx(lic, document, d, existing={}):
return ' '.join(convert(l) for l in lic_split)
-
def process_sources(d):
pn = d.getVar('PN')
assume_provided = (d.getVar("ASSUME_PROVIDED") or "").split()
@@ -404,20 +414,15 @@ python do_create_spdx() {
doc.creationInfo.comment = "This document was created by analyzing recipe files during the build."
doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
- doc.creationInfo.creators.append("Organization: OpenEmbedded ()")
+ doc.creationInfo.creators.append("Organization: %s" % d.getVar("SPDX_ORG"))
doc.creationInfo.creators.append("Person: N/A ()")
recipe = oe.spdx.SPDXPackage()
recipe.name = d.getVar("PN")
recipe.versionInfo = d.getVar("PV")
recipe.SPDXID = oe.sbom.get_recipe_spdxid(d)
- if bb.data.inherits_class("native", d):
- annotation = oe.spdx.SPDXAnnotation()
- annotation.annotationDate = creation_time
- annotation.annotationType = "OTHER"
- annotation.annotator = "Tool: %s - %s" % (d.getVar("SPDX_TOOL_NAME"), d.getVar("SPDX_TOOL_VERSION"))
- annotation.comment = "isNative"
- recipe.annotations.append(annotation)
+ if bb.data.inherits_class("native", d) or bb.data.inherits_class("cross", d):
+ recipe.annotations.append(create_annotation(d, "isNative"))
for s in d.getVar('SRC_URI').split():
if not s.startswith("file://"):
@@ -513,7 +518,7 @@ python do_create_spdx() {
package_doc.creationInfo.comment = "This document was created by analyzing packages created during the build."
package_doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
package_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
- package_doc.creationInfo.creators.append("Organization: OpenEmbedded ()")
+ package_doc.creationInfo.creators.append("Organization: %s" % d.getVar("SPDX_ORG"))
package_doc.creationInfo.creators.append("Person: N/A ()")
package_doc.externalDocumentRefs.append(recipe_ref)
@@ -608,7 +613,7 @@ python do_create_runtime_spdx() {
deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX"))
spdx_deploy = Path(d.getVar("SPDXRUNTIMEDEPLOY"))
- is_native = bb.data.inherits_class("native", d)
+ is_native = bb.data.inherits_class("native", d) or bb.data.inherits_class("cross", d)
creation_time = datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
@@ -647,7 +652,7 @@ python do_create_runtime_spdx() {
runtime_doc.creationInfo.comment = "This document was created by analyzing package runtime dependencies."
runtime_doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
runtime_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
- runtime_doc.creationInfo.creators.append("Organization: OpenEmbedded ()")
+ runtime_doc.creationInfo.creators.append("Organization: %s" % d.getVar("SPDX_ORG"))
runtime_doc.creationInfo.creators.append("Person: N/A ()")
package_ref = oe.spdx.SPDXExternalDocumentRef()
@@ -670,6 +675,9 @@ python do_create_runtime_spdx() {
if dep in seen_deps:
continue
+ if dep not in providers:
+ continue
+
dep = providers[dep]
if not oe.packagedata.packaged(dep, localdata):
@@ -739,7 +747,7 @@ def spdx_get_src(d):
try:
# The kernel class functions require it to be on work-shared, so we dont change WORKDIR
- if not is_work_shared(d):
+ if not is_work_shared_spdx(d):
# Change the WORKDIR to make do_unpack do_patch run in another dir.
d.setVar('WORKDIR', spdx_workdir)
# Restore the original path to recipe's native sysroot (it's relative to WORKDIR).
@@ -752,7 +760,7 @@ def spdx_get_src(d):
bb.build.exec_func('do_unpack', d)
# Copy source of kernel to spdx_workdir
- if is_work_shared(d):
+ if is_work_shared_spdx(d):
d.setVar('WORKDIR', spdx_workdir)
d.setVar('STAGING_DIR_NATIVE', spdx_sysroot_native)
src_dir = spdx_workdir + "/" + d.getVar('PN')+ "-" + d.getVar('PV') + "-" + d.getVar('PR')
@@ -768,7 +776,7 @@ def spdx_get_src(d):
shutils.rmtree(git_path)
# Make sure gcc and kernel sources are patched only once
- if not (d.getVar('SRC_URI') == "" or is_work_shared(d)):
+ if not (d.getVar('SRC_URI') == "" or is_work_shared_spdx(d)):
bb.build.exec_func('do_patch', d)
# Some userland has no source.
@@ -807,7 +815,7 @@ python image_combine_spdx() {
doc.creationInfo.comment = "This document was created by analyzing the source of the Yocto recipe during the build."
doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
- doc.creationInfo.creators.append("Organization: OpenEmbedded ()")
+ doc.creationInfo.creators.append("Organization: %s" % d.getVar("SPDX_ORG"))
doc.creationInfo.creators.append("Person: N/A ()")
image = oe.spdx.SPDXPackage()
diff --git a/meta/classes/cross-canadian.bbclass b/meta/classes/cross-canadian.bbclass
index ffbc2167e3..ac82e86356 100644
--- a/meta/classes/cross-canadian.bbclass
+++ b/meta/classes/cross-canadian.bbclass
@@ -169,7 +169,7 @@ USE_NLS = "${SDKUSE_NLS}"
# and not any particular tune that is enabled.
TARGET_ARCH[vardepsexclude] = "TUNE_ARCH"
-PKGDATA_DIR = "${TMPDIR}/pkgdata/${SDK_SYS}"
+PKGDATA_DIR = "${PKGDATA_DIR_SDK}"
# If MLPREFIX is set by multilib code, shlibs
# points to the wrong place so force it
SHLIBSDIRS = "${PKGDATA_DIR}/nativesdk-shlibs2"
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 70d1988a70..60e2618bb7 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -143,6 +143,7 @@ python cve_check_write_rootfs_manifest () {
manifest_name = d.getVar("CVE_CHECK_MANIFEST")
cve_tmp_file = d.getVar("CVE_CHECK_TMP_FILE")
+ bb.utils.mkdirhier(os.path.dirname(manifest_name))
shutil.copyfile(cve_tmp_file, manifest_name)
if manifest_name and os.path.exists(manifest_name):
@@ -263,7 +264,8 @@ def get_cve_info(d, cves):
import sqlite3
cve_data = {}
- conn = sqlite3.connect(d.getVar("CVE_CHECK_DB_FILE"))
+ db_file = d.expand("file:${CVE_CHECK_DB_FILE}?mode=ro")
+ conn = sqlite3.connect(db_file, uri=True)
for cve in cves:
for row in conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,)):
diff --git a/meta/classes/devshell.bbclass b/meta/classes/devshell.bbclass
index 76dd0b42ee..b6212ebd89 100644
--- a/meta/classes/devshell.bbclass
+++ b/meta/classes/devshell.bbclass
@@ -2,6 +2,8 @@ inherit terminal
DEVSHELL = "${SHELL}"
+PATH:prepend:task-devshell = "${COREBASE}/scripts/git-intercept:"
+
python do_devshell () {
if d.getVarFlag("do_devshell", "manualfakeroot"):
d.prependVar("DEVSHELL", "pseudo ")
diff --git a/meta/classes/devupstream.bbclass b/meta/classes/devupstream.bbclass
index dc9a9472b1..ba6dc4136c 100644
--- a/meta/classes/devupstream.bbclass
+++ b/meta/classes/devupstream.bbclass
@@ -4,7 +4,7 @@
#
# Usage:
# BBCLASSEXTEND = "devupstream:target"
-# SRC_URI:class-devupstream = "git://git.example.com/example"
+# SRC_URI:class-devupstream = "git://git.example.com/example;branch=master"
# SRCREV:class-devupstream = "abcdef"
#
# If the first entry in SRC_URI is a git: URL then S is rewritten to
@@ -30,10 +30,11 @@ python devupstream_virtclass_handler () {
# Develpment releases are never preferred by default
d.setVar("DEFAULT_PREFERENCE", "-1")
- uri = bb.fetch2.URI(d.getVar("SRC_URI").split()[0])
+ src_uri = d.getVar("SRC_URI:class-devupstream") or d.getVar("SRC_URI")
+ uri = bb.fetch2.URI(src_uri.split()[0])
if uri.scheme == "git" and not d.getVar("S:class-devupstream"):
- d.setVar("S:class-devupstream", "${WORKDIR}/git")
+ d.setVar("S", "${WORKDIR}/git")
# Modify the PV if the recipe hasn't already overridden it
pv = d.getVar("PV")
diff --git a/meta/classes/externalsrc.bbclass b/meta/classes/externalsrc.bbclass
index ad93b2d2ab..435635f42b 100644
--- a/meta/classes/externalsrc.bbclass
+++ b/meta/classes/externalsrc.bbclass
@@ -90,15 +90,16 @@ python () {
# Since configure will likely touch ${S}, ensure only we lock so one task has access at a time
d.appendVarFlag(task, "lockfiles", " ${S}/singletask.lock")
- # We do not want our source to be wiped out, ever (kernel.bbclass does this for do_clean)
- cleandirs = oe.recipeutils.split_var_value(d.getVarFlag(task, 'cleandirs', False) or '')
- setvalue = False
- for cleandir in cleandirs[:]:
- if oe.path.is_path_parent(externalsrc, d.expand(cleandir)):
- cleandirs.remove(cleandir)
- setvalue = True
- if setvalue:
- d.setVarFlag(task, 'cleandirs', ' '.join(cleandirs))
+ for funcname in [task, "base_" + task, "kernel_" + task]:
+ # We do not want our source to be wiped out, ever (kernel.bbclass does this for do_clean)
+ cleandirs = oe.recipeutils.split_var_value(d.getVarFlag(funcname, 'cleandirs', False) or '')
+ setvalue = False
+ for cleandir in cleandirs[:]:
+ if oe.path.is_path_parent(externalsrc, d.expand(cleandir)):
+ cleandirs.remove(cleandir)
+ setvalue = True
+ if setvalue:
+ d.setVarFlag(funcname, 'cleandirs', ' '.join(cleandirs))
fetch_tasks = ['do_fetch', 'do_unpack']
# If we deltask do_patch, there's no dependency to ensure do_unpack gets run, so add one
diff --git a/meta/classes/go.bbclass b/meta/classes/go.bbclass
index 0dd0c5f1d2..aa54b4a08c 100644
--- a/meta/classes/go.bbclass
+++ b/meta/classes/go.bbclass
@@ -41,7 +41,8 @@ GO_EXTLDFLAGS ?= "${HOST_CC_ARCH}${TOOLCHAIN_OPTIONS} ${GO_RPATH_LINK} ${LDFLAGS
GO_LINKMODE ?= ""
GO_LINKMODE:class-nativesdk = "--linkmode=external"
GO_LINKMODE:class-native = "--linkmode=external"
-GO_LDFLAGS ?= '-ldflags="${GO_RPATH} ${GO_LINKMODE} -extldflags '${GO_EXTLDFLAGS}'"'
+GO_EXTRA_LDFLAGS ?= ""
+GO_LDFLAGS ?= '-ldflags="${GO_RPATH} ${GO_LINKMODE} ${GO_EXTRA_LDFLAGS} -extldflags '${GO_EXTLDFLAGS}'"'
export GOBUILDFLAGS ?= "-v ${GO_LDFLAGS} -trimpath"
export GOPATH_OMIT_IN_ACTIONID ?= "1"
export GOPTESTBUILDFLAGS ?= "${GOBUILDFLAGS} -c"
diff --git a/meta/classes/insane.bbclass b/meta/classes/insane.bbclass
index f2d2ca3689..2c8f5338e5 100644
--- a/meta/classes/insane.bbclass
+++ b/meta/classes/insane.bbclass
@@ -50,6 +50,20 @@ ALL_QA = "${WARN_QA} ${ERROR_QA}"
UNKNOWN_CONFIGURE_WHITELIST ?= "--enable-nls --disable-nls --disable-silent-rules --disable-dependency-tracking --with-libtool-sysroot --disable-static"
+# This is a list of directories that are expected to be empty.
+QA_EMPTY_DIRS ?= " \
+ /dev/pts \
+ /media \
+ /proc \
+ /run \
+ /tmp \
+ ${localstatedir}/run \
+"
+# It is possible to specify why a directory is expected to be empty by defining
+# QA_EMPTY_DIRS_RECOMMENDATION:<path>, which will then be included in the error
+# message if the directory is not empty. If it is not specified for a directory,
+# then "but it is expected to be empty" will be used.
+
def package_qa_clean_path(path, d, pkg=None):
"""
Remove redundant paths from the path for display. If pkg isn't set then
@@ -917,6 +931,22 @@ def package_qa_check_unlisted_pkg_lics(package, d, messages):
"listed in LICENSE" % (package, ' '.join(unlisted)))
return False
+QAPKGTEST[empty-dirs] = "package_qa_check_empty_dirs"
+def package_qa_check_empty_dirs(pkg, d, messages):
+ """
+ Check for the existence of files in directories that are expected to be
+ empty.
+ """
+
+ pkgd = oe.path.join(d.getVar('PKGDEST'), pkg)
+ for dir in (d.getVar('QA_EMPTY_DIRS') or "").split():
+ empty_dir = oe.path.join(pkgd, dir)
+ if os.path.exists(empty_dir) and os.listdir(empty_dir):
+ recommendation = (d.getVar('QA_EMPTY_DIRS_RECOMMENDATION:' + dir) or
+ "but it is expected to be empty")
+ msg = "%s installs files in %s, %s" % (pkg, dir, recommendation)
+ package_qa_add_message(messages, "empty-dirs", msg)
+
def package_qa_check_encoding(keys, encode, d):
def check_encoding(key, enc):
sane = True
diff --git a/meta/classes/license.bbclass b/meta/classes/license.bbclass
index 45d912741d..7a34e185c7 100644
--- a/meta/classes/license.bbclass
+++ b/meta/classes/license.bbclass
@@ -145,6 +145,10 @@ def find_license_files(d):
find_license(node.s.replace("+", "").replace("*", ""))
self.generic_visit(node)
+ def visit_Constant(self, node):
+ find_license(node.value.replace("+", "").replace("*", ""))
+ self.generic_visit(node)
+
def find_license(license_type):
try:
bb.utils.mkdirhier(gen_lic_dest)
diff --git a/meta/classes/license_image.bbclass b/meta/classes/license_image.bbclass
index 5490d121f1..150e8174f1 100644
--- a/meta/classes/license_image.bbclass
+++ b/meta/classes/license_image.bbclass
@@ -19,8 +19,8 @@ python write_package_manifest() {
pkgs = image_list_installed_packages(d)
output = format_pkg_list(pkgs)
- open(os.path.join(license_image_dir, 'package.manifest'),
- 'w+').write(output)
+ with open(os.path.join(license_image_dir, 'package.manifest'), "w+") as package_manifest:
+ package_manifest.write(output)
}
python license_create_manifest() {
diff --git a/meta/classes/meson.bbclass b/meta/classes/meson.bbclass
index e124d18144..a7981e481f 100644
--- a/meta/classes/meson.bbclass
+++ b/meta/classes/meson.bbclass
@@ -36,8 +36,15 @@ MESON_CROSS_FILE = ""
MESON_CROSS_FILE:class-target = "--cross-file ${WORKDIR}/meson.cross"
MESON_CROSS_FILE:class-nativesdk = "--cross-file ${WORKDIR}/meson.cross"
+def rust_tool(d, target_var):
+ rustc = d.getVar('RUSTC')
+ if not rustc:
+ return ""
+ cmd = [rustc, "--target", d.getVar(target_var)] + d.getVar("RUSTFLAGS").split()
+ return "rust = %s" % repr(cmd)
+
addtask write_config before do_configure
-do_write_config[vardeps] += "CC CXX LD AR NM STRIP READELF CFLAGS CXXFLAGS LDFLAGS"
+do_write_config[vardeps] += "CC CXX LD AR NM STRIP READELF CFLAGS CXXFLAGS LDFLAGS RUSTC RUSTFLAGS"
do_write_config() {
# This needs to be Py to split the args into single-element lists
cat >${WORKDIR}/meson.cross <<EOF
@@ -48,11 +55,13 @@ ar = ${@meson_array('AR', d)}
nm = ${@meson_array('NM', d)}
strip = ${@meson_array('STRIP', d)}
readelf = ${@meson_array('READELF', d)}
+objcopy = ${@meson_array('OBJCOPY', d)}
pkgconfig = 'pkg-config'
llvm-config = 'llvm-config${LLVMVERSION}'
cups-config = 'cups-config'
g-ir-scanner = '${STAGING_BINDIR}/g-ir-scanner-wrapper'
g-ir-compiler = '${STAGING_BINDIR}/g-ir-compiler-wrapper'
+${@rust_tool(d, "HOST_SYS")}
[built-in options]
c_args = ${@meson_array('CFLAGS', d)}
@@ -85,7 +94,9 @@ ar = ${@meson_array('BUILD_AR', d)}
nm = ${@meson_array('BUILD_NM', d)}
strip = ${@meson_array('BUILD_STRIP', d)}
readelf = ${@meson_array('BUILD_READELF', d)}
+objcopy = ${@meson_array('BUILD_OBJCOPY', d)}
pkgconfig = 'pkg-config-native'
+${@rust_tool(d, "BUILD_SYS")}
[built-in options]
c_args = ${@meson_array('BUILD_CFLAGS', d)}
@@ -103,6 +114,16 @@ meson_do_configure() {
# https://github.com/mesonbuild/meson/commit/ef9aeb188ea2bc7353e59916c18901cde90fa2b3
unset LD
+ # sstate.bbclass no longer removes empty directories to avoid a race (see
+ # commit 4f94d929 "sstate/staging: Handle directory creation race issue").
+ # Unfortunately Python apparently treats an empty egg-info directory as if
+ # the version it previously contained still exists and fails if a newer
+ # version is required, which Meson does. To avoid this, make sure there are
+ # no empty egg-info directories from previous versions left behind. Ignore
+ # all errors from rmdir since the egg-info may be a file rather than a
+ # directory.
+ rmdir ${STAGING_LIBDIR_NATIVE}/${PYTHON_DIR}/site-packages/*.egg-info 2>/dev/null || :
+
# Work around "Meson fails if /tmp is mounted with noexec #2972"
mkdir -p "${B}/meson-private/tmp"
export TMPDIR="${B}/meson-private/tmp"
diff --git a/meta/classes/mirrors.bbclass b/meta/classes/mirrors.bbclass
index ba325a658b..49685d2f69 100644
--- a/meta/classes/mirrors.bbclass
+++ b/meta/classes/mirrors.bbclass
@@ -62,6 +62,8 @@ ftp://.*/.* http://sources.openembedded.org/ \n \
npm://.*/?.* http://sources.openembedded.org/ \n \
${CPAN_MIRROR} http://cpan.metacpan.org/ \n \
${CPAN_MIRROR} http://search.cpan.org/CPAN/ \n \
+https?$://downloads.yoctoproject.org/releases/uninative/ https://mirrors.kernel.org/yocto/uninative/ \n \
+https?://downloads.yoctoproject.org/mirror/sources/ https://mirrors.kernel.org/yocto-sources/ \
"
# Use MIRRORS to provide git repo fallbacks using the https protocol, for cases
diff --git a/meta/classes/nativesdk.bbclass b/meta/classes/nativesdk.bbclass
index c66de8c787..14e210562f 100644
--- a/meta/classes/nativesdk.bbclass
+++ b/meta/classes/nativesdk.bbclass
@@ -31,7 +31,7 @@ PACKAGE_ARCHS = "${SDK_PACKAGE_ARCHS}"
DEPENDS:append = " chrpath-replacement-native"
EXTRANATIVEPATH += "chrpath-native"
-PKGDATA_DIR = "${TMPDIR}/pkgdata/${SDK_SYS}"
+PKGDATA_DIR = "${PKGDATA_DIR_SDK}"
HOST_ARCH = "${SDK_ARCH}"
HOST_VENDOR = "${SDK_VENDOR}"
diff --git a/meta/classes/patch.bbclass b/meta/classes/patch.bbclass
index 388773a237..87bcaf91a8 100644
--- a/meta/classes/patch.bbclass
+++ b/meta/classes/patch.bbclass
@@ -131,6 +131,9 @@ python patch_do_patch() {
patchdir = parm["patchdir"]
if not os.path.isabs(patchdir):
patchdir = os.path.join(s, patchdir)
+ if not os.path.isdir(patchdir):
+ bb.fatal("Target directory '%s' not found, patchdir '%s' is incorrect in patch file '%s'" %
+ (patchdir, parm["patchdir"], parm['patchname']))
else:
patchdir = s
@@ -147,12 +150,12 @@ python patch_do_patch() {
patchset.Import({"file":local, "strippath": parm['striplevel']}, True)
except Exception as exc:
bb.utils.remove(process_tmpdir, True)
- bb.fatal(str(exc))
+ bb.fatal("Importing patch '%s' with striplevel '%s'\n%s" % (parm['patchname'], parm['striplevel'], str(exc)))
try:
resolver.Resolve()
except bb.BBHandledException as e:
bb.utils.remove(process_tmpdir, True)
- bb.fatal(str(e))
+ bb.fatal("Applying patch '%s' on target directory '%s'\n%s" % (parm['patchname'], patchdir, str(e)))
bb.utils.remove(process_tmpdir, True)
del os.environ['TMPDIR']
diff --git a/meta/classes/populate_sdk_base.bbclass b/meta/classes/populate_sdk_base.bbclass
index 49e166e697..fafdd96749 100644
--- a/meta/classes/populate_sdk_base.bbclass
+++ b/meta/classes/populate_sdk_base.bbclass
@@ -179,6 +179,10 @@ do_populate_sdk[cleandirs] = "${SDKDEPLOYDIR}"
do_populate_sdk[sstate-inputdirs] = "${SDKDEPLOYDIR}"
do_populate_sdk[sstate-outputdirs] = "${SDK_DEPLOY}"
do_populate_sdk[stamp-extra-info] = "${MACHINE_ARCH}${SDKMACHINE}"
+python do_populate_sdk_setscene () {
+ sstate_setscene(d)
+}
+addtask do_populate_sdk_setscene
PSEUDO_IGNORE_PATHS .= ",${SDKDEPLOYDIR},${WORKDIR}/oe-sdk-repo,${WORKDIR}/sstate-build-populate_sdk"
diff --git a/meta/classes/qemuboot.bbclass b/meta/classes/qemuboot.bbclass
index bf529e9aa4..2bde12748d 100644
--- a/meta/classes/qemuboot.bbclass
+++ b/meta/classes/qemuboot.bbclass
@@ -29,7 +29,7 @@
#
# QB_AUDIO_DRV: qemu audio driver, e.g., "alsa", set it when support audio
#
-# QB_AUDIO_OPT: qemu audio option, e.g., "-soundhw ac97,es1370", used
+# QB_AUDIO_OPT: qemu audio option, e.g., "-device AC97", used
# when QB_AUDIO_DRV is set.
#
# QB_RNG: Pass-through for host random number generator, it can speedup boot
@@ -131,6 +131,8 @@ python do_write_qemuboot_conf() {
'qemu-helper-native/1.0-r1/recipe-sysroot-native/usr/bin/')
else:
val = d.getVar(k)
+ if val is None:
+ continue
# we only want to write out relative paths so that we can relocate images
# and still run them
if val.startswith(topdir):
diff --git a/meta/classes/rootfs-postcommands.bbclass b/meta/classes/rootfs-postcommands.bbclass
index 7fe9e3d8c8..2310e86cdf 100644
--- a/meta/classes/rootfs-postcommands.bbclass
+++ b/meta/classes/rootfs-postcommands.bbclass
@@ -21,7 +21,7 @@ ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains("IMAGE_FEATURES", "read-only
# otherwise kernel or initramfs end up mounting the rootfs read/write
# (the default) if supported by the underlying storage.
#
-# We do this with _append because the default value might get set later with ?=
+# We do this with :append because the default value might get set later with ?=
# and we don't want to disable such a default that by setting a value here.
APPEND:append = '${@bb.utils.contains("IMAGE_FEATURES", "read-only-rootfs", " ro", "", d)}'
@@ -52,7 +52,7 @@ inherit image-artifact-names
# the numeric IDs of dynamically created entries remain stable.
#
# We want this to run as late as possible, in particular after
-# systemd_sysusers_create and set_user_group. Using _append is not
+# systemd_sysusers_create and set_user_group. Using :append is not
# enough for that, set_user_group is added that way and would end
# up running after us.
SORT_PASSWD_POSTPROCESS_COMMAND ??= " sort_passwd; "
@@ -62,7 +62,7 @@ python () {
}
systemd_create_users () {
- for conffile in ${IMAGE_ROOTFS}/usr/lib/sysusers.d/systemd.conf ${IMAGE_ROOTFS}/usr/lib/sysusers.d/systemd-remote.conf; do
+ for conffile in ${IMAGE_ROOTFS}/usr/lib/sysusers.d/*.conf; do
[ -e $conffile ] || continue
grep -v "^#" $conffile | sed -e '/^$/d' | while read type name id comment; do
if [ "$type" = "u" ]; then
@@ -78,12 +78,8 @@ systemd_create_users () {
eval groupadd --root ${IMAGE_ROOTFS} $groupadd_params || true
elif [ "$type" = "m" ]; then
group=$id
- if [ ! `grep -q "^${group}:" ${IMAGE_ROOTFS}${sysconfdir}/group` ]; then
- eval groupadd --root ${IMAGE_ROOTFS} --system $group
- fi
- if [ ! `grep -q "^${name}:" ${IMAGE_ROOTFS}${sysconfdir}/passwd` ]; then
- eval useradd --root ${IMAGE_ROOTFS} --shell /sbin/nologin --system $name
- fi
+ eval groupadd --root ${IMAGE_ROOTFS} --system $group || true
+ eval useradd --root ${IMAGE_ROOTFS} --shell /sbin/nologin --system $name --no-user-group || true
eval usermod --root ${IMAGE_ROOTFS} -a -G $group $name
fi
done
@@ -271,9 +267,10 @@ python write_image_manifest () {
if os.path.exists(manifest_name) and link_name:
manifest_link = deploy_dir + "/" + link_name + ".manifest"
- if os.path.lexists(manifest_link):
- os.remove(manifest_link)
- os.symlink(os.path.basename(manifest_name), manifest_link)
+ if manifest_link != manifest_name:
+ if os.path.lexists(manifest_link):
+ os.remove(manifest_link)
+ os.symlink(os.path.basename(manifest_name), manifest_link)
}
# Can be used to create /etc/timestamp during image construction to give a reasonably
@@ -343,9 +340,10 @@ python write_image_test_data() {
if os.path.exists(testdata_name) and link_name:
testdata_link = os.path.join(deploy_dir, "%s.testdata.json" % link_name)
- if os.path.lexists(testdata_link):
- os.remove(testdata_link)
- os.symlink(os.path.basename(testdata_name), testdata_link)
+ if testdata_link != testdata_name:
+ if os.path.lexists(testdata_link):
+ os.remove(testdata_link)
+ os.symlink(os.path.basename(testdata_name), testdata_link)
}
write_image_test_data[vardepsexclude] += "TOPDIR"
diff --git a/meta/classes/sanity.bbclass b/meta/classes/sanity.bbclass
index ddba1e6e1e..a175a1104f 100644
--- a/meta/classes/sanity.bbclass
+++ b/meta/classes/sanity.bbclass
@@ -395,7 +395,7 @@ def check_connectivity(d):
msg += " Please ensure your host's network is configured correctly.\n"
msg += " If your ISP or network is blocking the above URL,\n"
msg += " try with another domain name, for example by setting:\n"
- msg += " CONNECTIVITY_CHECK_URIS = \"https://www.yoctoproject.org/\""
+ msg += " CONNECTIVITY_CHECK_URIS = \"https://www.example.com/\""
msg += " You could also set BB_NO_NETWORK = \"1\" to disable network\n"
msg += " access if all required sources are on local disk.\n"
retval = msg
@@ -941,6 +941,11 @@ def check_sanity_everybuild(status, d):
mirror_base = urllib.parse.urlparse(mirror[:-1*len('/PATH')]).path
check_symlink(mirror_base, d)
+ # Check sstate mirrors aren't being used with a local hash server and no remote
+ hashserv = d.getVar("BB_HASHSERVE")
+ if d.getVar("SSTATE_MIRRORS") and hashserv and hashserv.startswith("unix://") and not d.getVar("BB_HASHSERVE_UPSTREAM"):
+ bb.warn("You are using a local hash equivalence server but have configured an sstate mirror. This will likely mean no sstate will match from the mirror. You may wish to disable the hash equivalence use (BB_HASHSERVE), or use a hash equivalence server alongside the sstate mirror.")
+
# Check that TMPDIR hasn't changed location since the last time we were run
tmpdir = d.getVar('TMPDIR')
checkfile = os.path.join(tmpdir, "saved_tmpdir")
diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass
index 701a19bc61..d3816ec7b0 100644
--- a/meta/classes/sstate.bbclass
+++ b/meta/classes/sstate.bbclass
@@ -20,7 +20,7 @@ def generate_sstatefn(spec, hash, taskname, siginfo, d):
components = spec.split(":")
# Fields 0,5,6 are mandatory, 1 is most useful, 2,3,4 are just for information
# 7 is for the separators
- avail = (254 - len(hash + "_" + taskname + extension) - len(components[0]) - len(components[1]) - len(components[5]) - len(components[6]) - 7) // 3
+ avail = (limit - len(hash + "_" + taskname + extension) - len(components[0]) - len(components[1]) - len(components[5]) - len(components[6]) - 7) // 3
components[2] = components[2][:avail]
components[3] = components[3][:avail]
components[4] = components[4][:avail]
@@ -788,7 +788,9 @@ def sstate_setscene(d):
shared_state = sstate_state_fromvars(d)
accelerate = sstate_installpkg(shared_state, d)
if not accelerate:
- bb.fatal("No suitable staging package found")
+ msg = "No sstate archive obtainable, will run full task instead."
+ bb.warn(msg)
+ raise bb.BBHandledException(msg)
python sstate_task_prefunc () {
shared_state = sstate_state_fromvars(d)
@@ -825,7 +827,7 @@ sstate_task_postfunc[dirs] = "${WORKDIR}"
sstate_create_package () {
# Exit early if it already exists
if [ -e ${SSTATE_PKG} ]; then
- [ ! -w ${SSTATE_PKG} ] || touch ${SSTATE_PKG}
+ touch ${SSTATE_PKG} 2>/dev/null || true
return
fi
@@ -852,14 +854,18 @@ sstate_create_package () {
fi
chmod 0664 $TFILE
# Skip if it was already created by some other process
- if [ ! -e ${SSTATE_PKG} ]; then
+ if [ -h ${SSTATE_PKG} ] && [ ! -e ${SSTATE_PKG} ]; then
+ # There is a symbolic link, but it links to nothing.
+ # Forcefully replace it with the new file.
+ ln -f $TFILE ${SSTATE_PKG} || true
+ elif [ ! -e ${SSTATE_PKG} ]; then
# Move into place using ln to attempt an atomic op.
# Abort if it already exists
- ln $TFILE ${SSTATE_PKG} && rm $TFILE
+ ln $TFILE ${SSTATE_PKG} || true
else
- rm $TFILE
+ touch ${SSTATE_PKG} 2>/dev/null || true
fi
- [ ! -w ${SSTATE_PKG} ] || touch ${SSTATE_PKG}
+ rm $TFILE
}
python sstate_sign_package () {
@@ -888,12 +894,12 @@ python sstate_report_unihash() {
#
sstate_unpack_package () {
tar -xvzf ${SSTATE_PKG}
- # update .siginfo atime on local/NFS mirror
- [ -O ${SSTATE_PKG}.siginfo ] && [ -w ${SSTATE_PKG}.siginfo ] && [ -h ${SSTATE_PKG}.siginfo ] && touch -a ${SSTATE_PKG}.siginfo
- # Use "! -w ||" to return true for read only files
- [ ! -w ${SSTATE_PKG} ] || touch --no-dereference ${SSTATE_PKG}
- [ ! -w ${SSTATE_PKG}.sig ] || [ ! -e ${SSTATE_PKG}.sig ] || touch --no-dereference ${SSTATE_PKG}.sig
- [ ! -w ${SSTATE_PKG}.siginfo ] || [ ! -e ${SSTATE_PKG}.siginfo ] || touch --no-dereference ${SSTATE_PKG}.siginfo
+ # update .siginfo atime on local/NFS mirror if it is a symbolic link
+ [ ! -h ${SSTATE_PKG}.siginfo ] || [ ! -e ${SSTATE_PKG}.siginfo ] || touch -a ${SSTATE_PKG}.siginfo 2>/dev/null || true
+ # update each symbolic link instead of any referenced file
+ touch --no-dereference ${SSTATE_PKG} 2>/dev/null || true
+ [ ! -e ${SSTATE_PKG}.sig ] || touch --no-dereference ${SSTATE_PKG}.sig 2>/dev/null || true
+ [ ! -e ${SSTATE_PKG}.siginfo ] || touch --no-dereference ${SSTATE_PKG}.siginfo 2>/dev/null || true
}
BB_HASHCHECK_FUNCTION = "sstate_checkhashes"
@@ -971,7 +977,7 @@ def sstate_checkhashes(sq_data, d, siginfo=False, currentcount=0, summary=True,
localdata2 = bb.data.createCopy(localdata)
srcuri = "file://" + sstatefile
- localdata.setVar('SRC_URI', srcuri)
+ localdata2.setVar('SRC_URI', srcuri)
bb.debug(2, "SState: Attempting to fetch %s" % srcuri)
try:
diff --git a/meta/classes/staging.bbclass b/meta/classes/staging.bbclass
index 65a6cd5120..25f77c7735 100644
--- a/meta/classes/staging.bbclass
+++ b/meta/classes/staging.bbclass
@@ -620,7 +620,7 @@ python staging_taskhandler() {
for task in bbtasks:
deps = d.getVarFlag(task, "depends")
if task == "do_configure" or (deps and "populate_sysroot" in deps):
- d.appendVarFlag(task, "prefuncs", " extend_recipe_sysroot")
+ d.prependVarFlag(task, "prefuncs", "extend_recipe_sysroot ")
}
staging_taskhandler[eventmask] = "bb.event.RecipeTaskPreProcess"
addhandler staging_taskhandler
diff --git a/meta/classes/testimage.bbclass b/meta/classes/testimage.bbclass
index a76e773853..4db05a4af4 100644
--- a/meta/classes/testimage.bbclass
+++ b/meta/classes/testimage.bbclass
@@ -235,9 +235,10 @@ def testimage_main(d):
tdname = "%s.testdata.json" % image_name
try:
- td = json.load(open(tdname, "r"))
- except (FileNotFoundError) as err:
- bb.fatal('File %s Not Found. Have you built the image with INHERIT+="testimage" in the conf/local.conf?' % tdname)
+ with open(tdname, "r") as f:
+ td = json.load(f)
+ except FileNotFoundError as err:
+ bb.fatal('File %s not found (%s).\nHave you built the image with INHERIT += "testimage" in the conf/local.conf?' % (tdname, err))
# Some variables need to be updates (mostly paths) with the
# ones of the current environment because some tests require them.
diff --git a/meta/classes/toaster.bbclass b/meta/classes/toaster.bbclass
index dd5c7f224b..f365c09142 100644
--- a/meta/classes/toaster.bbclass
+++ b/meta/classes/toaster.bbclass
@@ -101,11 +101,11 @@ def _toaster_load_pkgdatafile(dirpath, filepath):
for line in fin:
try:
kn, kv = line.strip().split(": ", 1)
- m = re.match(r"^PKG_([^A-Z:]*)", kn)
+ m = re.match(r"^PKG:([^A-Z:]*)", kn)
if m:
pkgdata['OPKGN'] = m.group(1)
- kn = "_".join([x for x in kn.split("_") if x.isupper()])
- pkgdata[kn] = kv.strip()
+ kn = kn.split(":")[0]
+ pkgdata[kn] = kv
if kn.startswith('FILES_INFO'):
pkgdata[kn] = json.loads(kv)
diff --git a/meta/classes/uboot-sign.bbclass b/meta/classes/uboot-sign.bbclass
index fdf153248c..c39b30f43b 100644
--- a/meta/classes/uboot-sign.bbclass
+++ b/meta/classes/uboot-sign.bbclass
@@ -131,6 +131,20 @@ concat_dtb_helper() {
elif [ -e "${DEPLOYDIR}/${UBOOT_NODTB_IMAGE}" -a -e "$deployed_uboot_dtb_binary" ]; then
cd ${DEPLOYDIR}
cat ${UBOOT_NODTB_IMAGE} $deployed_uboot_dtb_binary | tee ${B}/${CONFIG_B_PATH}/${UBOOT_BINARY} > ${UBOOT_IMAGE}
+
+ if [ -n "${UBOOT_CONFIG}" ]
+ then
+ for config in ${UBOOT_MACHINE}; do
+ i=$(expr $i + 1);
+ for type in ${UBOOT_CONFIG}; do
+ j=$(expr $j + 1);
+ if [ $j -eq $i ]
+ then
+ cp ${UBOOT_IMAGE} ${B}/${CONFIG_B_PATH}/u-boot-$type.${UBOOT_SUFFIX}
+ fi
+ done
+ done
+ fi
else
bbwarn "Failure while adding public key to u-boot binary. Verified boot won't be available."
fi
@@ -205,7 +219,7 @@ install_helper() {
fi
}
-# Install SPL dtb and u-boot nodtb to datadir,
+# Install SPL dtb and u-boot nodtb to datadir,
install_spl_helper() {
if [ -f "${SPL_DIR}/${SPL_DTB_BINARY}" ]; then
install -Dm 0644 ${SPL_DIR}/${SPL_DTB_BINARY} ${D}${datadir}/${SPL_DTB_IMAGE}
diff --git a/meta/classes/uninative.bbclass b/meta/classes/uninative.bbclass
index 3c7ccd66f4..4412d7c567 100644
--- a/meta/classes/uninative.bbclass
+++ b/meta/classes/uninative.bbclass
@@ -2,7 +2,7 @@ UNINATIVE_LOADER ?= "${UNINATIVE_STAGING_DIR}-uninative/${BUILD_ARCH}-linux/lib/
UNINATIVE_STAGING_DIR ?= "${STAGING_DIR}"
UNINATIVE_URL ?= "unset"
-UNINATIVE_TARBALL ?= "${BUILD_ARCH}-nativesdk-libc.tar.xz"
+UNINATIVE_TARBALL ?= "${BUILD_ARCH}-nativesdk-libc-${UNINATIVE_VERSION}.tar.xz"
# Example checksums
#UNINATIVE_CHECKSUM[aarch64] = "dead"
#UNINATIVE_CHECKSUM[i686] = "dead"
diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf
index f3ff5b776b..51253003fd 100644
--- a/meta/conf/bitbake.conf
+++ b/meta/conf/bitbake.conf
@@ -415,6 +415,7 @@ DEPLOY_DIR_IMAGE ?= "${DEPLOY_DIR}/images/${MACHINE}"
DEPLOY_DIR_TOOLS = "${DEPLOY_DIR}/tools"
PKGDATA_DIR = "${TMPDIR}/pkgdata/${MACHINE}"
+PKGDATA_DIR_SDK = "${TMPDIR}/pkgdata/${SDK_SYS}"
##################################################################
# SDK variables.
@@ -729,10 +730,18 @@ export PKG_CONFIG_DISABLE_UNINSTALLED = "yes"
export PKG_CONFIG_SYSTEM_LIBRARY_PATH = "${base_libdir}:${libdir}"
export PKG_CONFIG_SYSTEM_INCLUDE_PATH = "${includedir}"
+# Git configuration
+
# Don't allow git to chdir up past WORKDIR so that it doesn't detect the OE
# repository when building a recipe
export GIT_CEILING_DIRECTORIES = "${WORKDIR}"
+# Treat all directories are safe, as during fakeroot tasks git will run as
+# root so recent git releases (eg 2.30.3) will refuse to work on repositories. See
+# https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9 for
+# further details.
+export GIT_CONFIG_PARAMETERS="'safe.directory=*'"
+
###
### Config file processing
###
@@ -849,8 +858,8 @@ DISTRO_FEATURES_NATIVESDK ?= "x11"
# Normally target distro features will not be applied to native builds:
# Native distro features on this list will use the target feature value
-DISTRO_FEATURES_FILTER_NATIVE ?= "api-documentation debuginfod opengl"
-DISTRO_FEATURES_FILTER_NATIVESDK ?= "api-documentation debuginfod opengl"
+DISTRO_FEATURES_FILTER_NATIVE ?= "api-documentation debuginfod opengl wayland"
+DISTRO_FEATURES_FILTER_NATIVESDK ?= "api-documentation debuginfod opengl wayland"
DISTRO_FEATURES_BACKFILL = "pulseaudio sysvinit gobject-introspection-data ldconfig"
MACHINE_FEATURES_BACKFILL = "rtc qemu-usermode"
diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc b/meta/conf/distro/include/cve-extra-exclusions.inc
index a6f52b5de7..e02a4d1fde 100644
--- a/meta/conf/distro/include/cve-extra-exclusions.inc
+++ b/meta/conf/distro/include/cve-extra-exclusions.inc
@@ -44,7 +44,14 @@ CVE_CHECK_WHITELIST += "CVE-2010-4756"
# exposing this interface in an exploitable way
CVE_CHECK_WHITELIST += "CVE-2020-29509 CVE-2020-29511"
-
+# db
+# Since Oracle relicensed bdb, the open source community is slowly but surely replacing bdb with
+# supported and open source friendly alternatives. As a result these CVEs are unlikely to ever be fixed.
+CVE_CHECK_WHITELIST += "CVE-2015-2583 CVE-2015-2624 CVE-2015-2626 CVE-2015-2640 CVE-2015-2654 \
+CVE-2015-2656 CVE-2015-4754 CVE-2015-4764 CVE-2015-4774 CVE-2015-4775 CVE-2015-4776 CVE-2015-4777 \
+CVE-2015-4778 CVE-2015-4779 CVE-2015-4780 CVE-2015-4781 CVE-2015-4782 CVE-2015-4783 CVE-2015-4784 \
+CVE-2015-4785 CVE-2015-4786 CVE-2015-4787 CVE-2015-4788 CVE-2015-4789 CVE-2015-4790 CVE-2016-0682 \
+CVE-2016-0689 CVE-2016-0692 CVE-2016-0694 CVE-2016-3418 CVE-2020-2981"
#### CPE update pending ####
diff --git a/meta/conf/distro/include/default-distrovars.inc b/meta/conf/distro/include/default-distrovars.inc
index f91df632d5..3bba651a77 100644
--- a/meta/conf/distro/include/default-distrovars.inc
+++ b/meta/conf/distro/include/default-distrovars.inc
@@ -53,5 +53,5 @@ KERNEL_IMAGETYPES ??= "${KERNEL_IMAGETYPE}"
# The CONNECTIVITY_CHECK_URIS are used to test whether we can succesfully
# fetch from the network (and warn you if not). To disable the test set
# the variable to be empty.
-# Git example url: git://git.yoctoproject.org/yocto-firewall-test;protocol=git;rev=master
-CONNECTIVITY_CHECK_URIS ?= "https://www.example.com/"
+# Git example url: git://git.yoctoproject.org/yocto-firewall-test;protocol=git;rev=master;branch=master
+CONNECTIVITY_CHECK_URIS ?= "https://yoctoproject.org/connectivity.html"
diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc
index 8592de5a66..2b54d2d12f 100644
--- a/meta/conf/distro/include/maintainers.inc
+++ b/meta/conf/distro/include/maintainers.inc
@@ -592,6 +592,7 @@ RECIPE_MAINTAINER:pn-python3-cython = "Oleksandr Kravchuk <open.source@oleksandr
RECIPE_MAINTAINER:pn-python3-dbus = "Zang Ruochen <zangrc.fnst@fujitsu.com>"
RECIPE_MAINTAINER:pn-python3-dbusmock = "Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>"
RECIPE_MAINTAINER:pn-python3-docutils = "Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>"
+RECIPE_MAINTAINER:pn-python3-dtschema-wrapper = "Bruce Ashfield <bruce.ashfield@gmail.com>"
RECIPE_MAINTAINER:pn-python3-pycryptodome = "Joshua Watt <JPEWhacker@gmail.com>"
RECIPE_MAINTAINER:pn-python3-pycryptodomex = "Joshua Watt <JPEWhacker@gmail.com>"
RECIPE_MAINTAINER:pn-python3-extras = "Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>"
@@ -659,7 +660,7 @@ RECIPE_MAINTAINER:pn-ruby = "Ross Burton <ross.burton@arm.com>"
RECIPE_MAINTAINER:pn-run-postinsts = "Ross Burton <ross.burton@arm.com>"
RECIPE_MAINTAINER:pn-rust = "Randy MacLeod <Randy.MacLeod@windriver.com>"
RECIPE_MAINTAINER:pn-rustfmt = "Randy MacLeod <Randy.MacLeod@windriver.com>"
-RECIPE_MAINTAINER:pn-rust-cross-${TARGET_ARCH} = "Randy MacLeod <Randy.MacLeod@windriver.com>"
+RECIPE_MAINTAINER:pn-rust-cross-${TUNE_PKGARCH}-${TCLIBC} = "Randy MacLeod <Randy.MacLeod@windriver.com>"
RECIPE_MAINTAINER:pn-rust-cross-canadian-${TRANSLATED_TARGET_ARCH} = "Randy MacLeod <Randy.MacLeod@windriver.com>"
RECIPE_MAINTAINER:pn-rust-hello-world = "Randy MacLeod <Randy.MacLeod@windriver.com>"
RECIPE_MAINTAINER:pn-rust-llvm = "Randy MacLeod <Randy.MacLeod@windriver.com>"
diff --git a/meta/conf/distro/include/yocto-uninative.inc b/meta/conf/distro/include/yocto-uninative.inc
index 3165fc93b8..411fe45a24 100644
--- a/meta/conf/distro/include/yocto-uninative.inc
+++ b/meta/conf/distro/include/yocto-uninative.inc
@@ -6,9 +6,10 @@
# to the distro running on the build machine.
#
-UNINATIVE_MAXGLIBCVERSION = "2.34"
+UNINATIVE_MAXGLIBCVERSION = "2.35"
+UNINATIVE_VERSION = "3.6"
-UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/3.4/"
-UNINATIVE_CHECKSUM[aarch64] ?= "3013cdda8f0dc6639ce1c80f33eabce66f06b890bd5b58739a6d7a92a0bb7100"
-UNINATIVE_CHECKSUM[i686] ?= "abed500de584aad63ec237546db20cdd0c69d8870a6f8e94ac31721ace64b376"
-UNINATIVE_CHECKSUM[x86_64] ?= "126f4f7f6f21084ee140dac3eb4c536b963837826b7c38599db0b512c3377ba2"
+UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/${UNINATIVE_VERSION}/"
+UNINATIVE_CHECKSUM[aarch64] ?= "d64831cf2792c8e470c2e42230660e1a8e5de56a579cdd59978791f663c2f3ed"
+UNINATIVE_CHECKSUM[i686] ?= "2f0ee9b66b1bb2c85e2b592fb3c9c7f5d77399fa638d74961330cdb8de34ca3b"
+UNINATIVE_CHECKSUM[x86_64] ?= "9bfc4c970495b3716b2f9e52c4df9f968c02463a9a95000f6657fbc3fde1f098"
diff --git a/meta/conf/documentation.conf b/meta/conf/documentation.conf
index c5a38b0764..d38a88fb49 100644
--- a/meta/conf/documentation.conf
+++ b/meta/conf/documentation.conf
@@ -345,6 +345,8 @@ PYPI_SRC_URI[doc] = "The URI to use to fetch from pypi, default uses pythonhoste
#Q
+QA_EMPTY_DIRS[doc] = "A list of directories that are expected to be empty."
+QA_EMPTY_DIRS_RECOMMENDATION[doc] = "This specifies a recommendation for a directory why it must be empty, which will be included in the error message if the directory is not empty."
QMAKE_PROFILES[doc] = "Specifies your own subset of .pro files to be built for use with qmake."
#R
diff --git a/meta/conf/machine/include/x86/qemuboot-x86.inc b/meta/conf/machine/include/x86/qemuboot-x86.inc
index d3b91070a8..b7b6428e44 100644
--- a/meta/conf/machine/include/x86/qemuboot-x86.inc
+++ b/meta/conf/machine/include/x86/qemuboot-x86.inc
@@ -8,7 +8,7 @@ QB_CPU:x86-64 = "-cpu IvyBridge -machine q35"
QB_CPU_KVM:x86-64 = "-cpu IvyBridge -machine q35"
QB_AUDIO_DRV = "alsa"
-QB_AUDIO_OPT = "-soundhw ac97,es1370"
+QB_AUDIO_OPT = "-device AC97"
QB_KERNEL_CMDLINE_APPEND = "oprofile.timer=1 tsc=reliable no_timer_check rcupdate.rcu_expedited=1"
QB_OPT_APPEND = "-usb -device usb-tablet"
diff --git a/meta/files/toolchain-shar-relocate.sh b/meta/files/toolchain-shar-relocate.sh
index 3ece04db0a..cee9adbf39 100644
--- a/meta/files/toolchain-shar-relocate.sh
+++ b/meta/files/toolchain-shar-relocate.sh
@@ -5,7 +5,7 @@ fi
# fix dynamic loader paths in all ELF SDK binaries
native_sysroot=$($SUDO_EXEC cat $env_setup_script |grep 'OECORE_NATIVE_SYSROOT='|cut -d'=' -f2|tr -d '"')
-dl_path=$($SUDO_EXEC find $native_sysroot/lib -name "ld-linux*")
+dl_path=$($SUDO_EXEC find $native_sysroot/lib -maxdepth 1 -name "ld-linux*")
if [ "$dl_path" = "" ] ; then
echo "SDK could not be set up. Relocate script unable to find ld-linux.so. Abort!"
exit 1
diff --git a/meta/lib/oe/license.py b/meta/lib/oe/license.py
index 665d32ecbb..b5d378a549 100644
--- a/meta/lib/oe/license.py
+++ b/meta/lib/oe/license.py
@@ -74,6 +74,9 @@ class FlattenVisitor(LicenseVisitor):
def visit_Str(self, node):
self.licenses.append(node.s)
+ def visit_Constant(self, node):
+ self.licenses.append(node.value)
+
def visit_BinOp(self, node):
if isinstance(node.op, ast.BitOr):
left = FlattenVisitor(self.choose_licenses)
@@ -227,6 +230,9 @@ class ListVisitor(LicenseVisitor):
def visit_Str(self, node):
self.licenses.add(node.s)
+ def visit_Constant(self, node):
+ self.licenses.add(node.value)
+
def list_licenses(licensestr):
"""Simply get a list of all licenses mentioned in a license string.
Binary operators are not applied or taken into account in any way"""
diff --git a/meta/lib/oe/package_manager/__init__.py b/meta/lib/oe/package_manager/__init__.py
index 8f7b60e077..80bc1a6bc6 100644
--- a/meta/lib/oe/package_manager/__init__.py
+++ b/meta/lib/oe/package_manager/__init__.py
@@ -321,7 +321,7 @@ class PackageManager(object, metaclass=ABCMeta):
# TODO don't have sdk here but have a property on the superclass
# (and respect in install_complementary)
if sdk:
- pkgdatadir = self.d.expand("${TMPDIR}/pkgdata/${SDK_SYS}")
+ pkgdatadir = self.d.getVar("PKGDATA_DIR_SDK")
else:
pkgdatadir = self.d.getVar("PKGDATA_DIR")
diff --git a/meta/lib/oe/packagedata.py b/meta/lib/oe/packagedata.py
index 02c81e5a52..212f048bc6 100644
--- a/meta/lib/oe/packagedata.py
+++ b/meta/lib/oe/packagedata.py
@@ -19,7 +19,7 @@ def read_pkgdatafile(fn):
import re
with open(fn, 'r') as f:
lines = f.readlines()
- r = re.compile("(^.+?):\s+(.*)")
+ r = re.compile(r"(^.+?):\s+(.*)")
for l in lines:
m = r.match(l)
if m:
diff --git a/meta/lib/oe/patch.py b/meta/lib/oe/patch.py
index fccbedb519..9034fcae03 100644
--- a/meta/lib/oe/patch.py
+++ b/meta/lib/oe/patch.py
@@ -4,6 +4,7 @@
import oe.path
import oe.types
+import subprocess
class NotFoundError(bb.BBHandledException):
def __init__(self, path):
@@ -25,7 +26,6 @@ class CmdError(bb.BBHandledException):
def runcmd(args, dir = None):
import pipes
- import subprocess
if dir:
olddir = os.path.abspath(os.curdir)
@@ -56,6 +56,7 @@ def runcmd(args, dir = None):
if dir:
os.chdir(olddir)
+
class PatchError(Exception):
def __init__(self, msg):
self.msg = msg
@@ -298,6 +299,24 @@ class GitApplyTree(PatchTree):
PatchTree.__init__(self, dir, d)
self.commituser = d.getVar('PATCH_GIT_USER_NAME')
self.commitemail = d.getVar('PATCH_GIT_USER_EMAIL')
+ if not self._isInitialized():
+ self._initRepo()
+
+ def _isInitialized(self):
+ cmd = "git rev-parse --show-toplevel"
+ try:
+ output = runcmd(cmd.split(), self.dir).strip()
+ except CmdError as err:
+ ## runcmd returned non-zero which most likely means 128
+ ## Not a git directory
+ return False
+ ## Make sure repo is in builddir to not break top-level git repos
+ return os.path.samefile(output, self.dir)
+
+ def _initRepo(self):
+ runcmd("git init".split(), self.dir)
+ runcmd("git add .".split(), self.dir)
+ runcmd("git commit -a --allow-empty -m bitbake_patching_started".split(), self.dir)
@staticmethod
def extractPatchHeader(patchfile):
diff --git a/meta/lib/oe/reproducible.py b/meta/lib/oe/reproducible.py
index 204b9bd734..0938e4cb39 100644
--- a/meta/lib/oe/reproducible.py
+++ b/meta/lib/oe/reproducible.py
@@ -41,7 +41,7 @@ def find_git_folder(d, sourcedir):
for root, dirs, files in os.walk(workdir, topdown=True):
dirs[:] = [d for d in dirs if d not in exclude]
if '.git' in dirs:
- return root
+ return os.path.join(root, ".git")
bb.warn("Failed to find a git repository in WORKDIR: %s" % workdir)
return None
diff --git a/meta/lib/oe/sdk.py b/meta/lib/oe/sdk.py
index 37b59afd1a..27347667e8 100644
--- a/meta/lib/oe/sdk.py
+++ b/meta/lib/oe/sdk.py
@@ -115,6 +115,10 @@ def sdk_list_installed_packages(d, target, rootfs_dir=None):
rootfs_dir = [sdk_output, os.path.join(sdk_output, target_path)][target is True]
+ if target is False:
+ ipkgconf_sdk_target = d.getVar("IPKGCONF_SDK")
+ d.setVar("IPKGCONF_TARGET", ipkgconf_sdk_target)
+
img_type = d.getVar('IMAGE_PKGTYPE')
import importlib
cls = importlib.import_module('oe.package_manager.' + img_type)
diff --git a/meta/lib/oe/spdx.py b/meta/lib/oe/spdx.py
index 4416194e06..9e7ced5a15 100644
--- a/meta/lib/oe/spdx.py
+++ b/meta/lib/oe/spdx.py
@@ -196,6 +196,7 @@ class SPDXRelationship(SPDXObject):
relatedSpdxElement = _String()
relationshipType = _String()
comment = _String()
+ annotations = _ObjectList(SPDXAnnotation)
class SPDXExternalReference(SPDXObject):
@@ -300,7 +301,7 @@ class SPDXDocument(SPDXObject):
def from_json(cls, f):
return cls(**json.load(f))
- def add_relationship(self, _from, relationship, _to, *, comment=None):
+ def add_relationship(self, _from, relationship, _to, *, comment=None, annotation=None):
if isinstance(_from, SPDXObject):
from_spdxid = _from.SPDXID
else:
@@ -320,6 +321,9 @@ class SPDXDocument(SPDXObject):
if comment is not None:
r.comment = comment
+ if annotation is not None:
+ r.annotations.append(annotation)
+
self.relationships.append(r)
def find_by_spdxid(self, spdxid):
diff --git a/meta/lib/oeqa/runtime/cases/parselogs.py b/meta/lib/oeqa/runtime/cases/parselogs.py
index 2b8893d842..b81acdd18a 100644
--- a/meta/lib/oeqa/runtime/cases/parselogs.py
+++ b/meta/lib/oeqa/runtime/cases/parselogs.py
@@ -32,7 +32,7 @@ common_errors = [
"Failed to load module \"fbdev\"",
"Failed to load module fbdev",
"Failed to load module glx",
- "[drm] Cannot find any crtc or sizes - going 1024x768",
+ "[drm] Cannot find any crtc or sizes",
"_OSC failed (AE_NOT_FOUND); disabling ASPM",
"Open ACPI failed (/var/run/acpid.socket) (No such file or directory)",
"NX (Execute Disable) protection cannot be enabled: non-PAE kernel!",
@@ -303,7 +303,7 @@ class ParseLogsTest(OERuntimeTestCase):
grepcmd = 'grep '
grepcmd += '-Ei "'
for error in errors:
- grepcmd += '\<' + error + '\>' + '|'
+ grepcmd += r'\<' + error + r'\>' + '|'
grepcmd = grepcmd[:-1]
grepcmd += '" ' + str(log) + " | grep -Eiv \'"
@@ -314,13 +314,13 @@ class ParseLogsTest(OERuntimeTestCase):
errorlist = ignore_errors['default']
for ignore_error in errorlist:
- ignore_error = ignore_error.replace('(', '\(')
- ignore_error = ignore_error.replace(')', '\)')
+ ignore_error = ignore_error.replace('(', r'\(')
+ ignore_error = ignore_error.replace(')', r'\)')
ignore_error = ignore_error.replace("'", '.')
- ignore_error = ignore_error.replace('?', '\?')
- ignore_error = ignore_error.replace('[', '\[')
- ignore_error = ignore_error.replace(']', '\]')
- ignore_error = ignore_error.replace('*', '\*')
+ ignore_error = ignore_error.replace('?', r'\?')
+ ignore_error = ignore_error.replace('[', r'\[')
+ ignore_error = ignore_error.replace(']', r'\]')
+ ignore_error = ignore_error.replace('*', r'\*')
ignore_error = ignore_error.replace('0-9', '[0-9]')
grepcmd += ignore_error + '|'
grepcmd = grepcmd[:-1]
diff --git a/meta/lib/oeqa/sdk/buildtools-cases/build.py b/meta/lib/oeqa/sdk/buildtools-cases/build.py
index 9c9a84bf8a..aee2e5a8c0 100644
--- a/meta/lib/oeqa/sdk/buildtools-cases/build.py
+++ b/meta/lib/oeqa/sdk/buildtools-cases/build.py
@@ -25,6 +25,6 @@ class BuildTests(OESDKTestCase):
self._run('. %s/oe-init-build-env %s && bitbake virtual/libc' % (corebase, testdir))
finally:
delay = 10
- while delay and os.path.exists(testdir + "/bitbake.lock"):
+ while delay and (os.path.exists(testdir + "/bitbake.lock") or os.path.exists(testdir + "/cache/hashserv.db-wal")):
time.sleep(1)
delay = delay - 1
diff --git a/meta/lib/oeqa/sdk/buildtools-cases/https.py b/meta/lib/oeqa/sdk/buildtools-cases/https.py
index 134879aab3..35e549eb40 100644
--- a/meta/lib/oeqa/sdk/buildtools-cases/https.py
+++ b/meta/lib/oeqa/sdk/buildtools-cases/https.py
@@ -13,8 +13,8 @@ class HTTPTests(OESDKTestCase):
"""
def test_wget(self):
- self._run('env -i wget --debug --output-document /dev/null https://www.example.com')
+ self._run('env -i wget --debug --output-document /dev/null https://yoctoproject.org/connectivity.html')
def test_python(self):
# urlopen() returns a file-like object on success and throws an exception otherwise
- self._run('python3 -c \'import urllib.request; urllib.request.urlopen("https://www.example.com/")\'')
+ self._run('python3 -c \'import urllib.request; urllib.request.urlopen("https://yoctoproject.org/connectivity.html")\'')
diff --git a/meta/lib/oeqa/sdk/cases/buildepoxy.py b/meta/lib/oeqa/sdk/cases/buildepoxy.py
index 385f8ccca8..f69f720cd6 100644
--- a/meta/lib/oeqa/sdk/cases/buildepoxy.py
+++ b/meta/lib/oeqa/sdk/cases/buildepoxy.py
@@ -17,7 +17,7 @@ class EpoxyTest(OESDKTestCase):
"""
def setUp(self):
if not (self.tc.hasHostPackage("nativesdk-meson")):
- raise unittest.SkipTest("GalculatorTest class: SDK doesn't contain Meson")
+ raise unittest.SkipTest("EpoxyTest class: SDK doesn't contain Meson")
def test_epoxy(self):
with tempfile.TemporaryDirectory(prefix="epoxy", dir=self.tc.sdk_dir) as testdir:
diff --git a/meta/lib/oeqa/selftest/cases/bbtests.py b/meta/lib/oeqa/selftest/cases/bbtests.py
index 6562364074..a08001a173 100644
--- a/meta/lib/oeqa/selftest/cases/bbtests.py
+++ b/meta/lib/oeqa/selftest/cases/bbtests.py
@@ -163,7 +163,7 @@ SSTATE_DIR = \"${TOPDIR}/download-selftest\"
""")
self.track_for_cleanup(os.path.join(self.builddir, "download-selftest"))
- data = 'SRC_URI = "${GNU_MIRROR}/aspell/aspell-${PV}.tar.gz;downloadfilename=test-aspell.tar.gz"'
+ data = 'SRC_URI = "https://downloads.yoctoproject.org/mirror/sources/aspell-${PV}.tar.gz;downloadfilename=test-aspell.tar.gz"'
self.write_recipeinc('aspell', data)
result = bitbake('-f -c fetch aspell', ignore_status=True)
self.delete_recipeinc('aspell')
@@ -300,3 +300,32 @@ INHERIT:remove = \"report-error\"
test_recipe_summary_after = get_bb_var('SUMMARY', test_recipe)
self.assertEqual(expected_recipe_summary, test_recipe_summary_after)
+
+ def test_git_patchtool(self):
+ """ PATCHTOOL=git should work with non-git sources like tarballs
+ test recipe for the test must NOT containt git:// repository in SRC_URI
+ """
+ test_recipe = "man-db"
+ self.write_recipeinc(test_recipe, 'PATCHTOOL=\"git\"')
+ src = get_bb_var("SRC_URI",test_recipe)
+ gitscm = re.search("git://", src)
+ self.assertFalse(gitscm, "test_git_patchtool pre-condition failed: {} test recipe contains git repo!".format(test_recipe))
+ result = bitbake('{} -c patch'.format(test_recipe), ignore_status=False)
+ fatal = re.search("fatal: not a git repository (or any of the parent directories)", result.output)
+ self.assertFalse(fatal, "Failed to patch using PATCHTOOL=\"git\"")
+ self.delete_recipeinc(test_recipe)
+ bitbake('-cclean {}'.format(test_recipe))
+
+ def test_git_patchtool2(self):
+ """ Test if PATCHTOOL=git works with git repo and doesn't reinitialize it
+ """
+ test_recipe = "gitrepotest"
+ src = get_bb_var("SRC_URI",test_recipe)
+ gitscm = re.search("git://", src)
+ self.assertTrue(gitscm, "test_git_patchtool pre-condition failed: {} test recipe doesn't contains git repo!".format(test_recipe))
+ result = bitbake('{} -c patch'.format(test_recipe), ignore_status=False)
+ srcdir = get_bb_var('S', test_recipe)
+ result = runCmd("git log", cwd = srcdir)
+ self.assertFalse("bitbake_patching_started" in result.output, msg = "Repository has been reinitialized. {}".format(srcdir))
+ self.delete_recipeinc(test_recipe)
+ bitbake('-cclean {}'.format(test_recipe))
diff --git a/meta/lib/oeqa/selftest/cases/devtool.py b/meta/lib/oeqa/selftest/cases/devtool.py
index f495e84c79..1fe0628a44 100644
--- a/meta/lib/oeqa/selftest/cases/devtool.py
+++ b/meta/lib/oeqa/selftest/cases/devtool.py
@@ -340,7 +340,7 @@ class DevtoolAddTests(DevtoolBase):
checkvars['LIC_FILES_CHKSUM'] = 'file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263'
checkvars['S'] = '${WORKDIR}/git'
checkvars['PV'] = '0.1+git${SRCPV}'
- checkvars['SRC_URI'] = 'git://git.yoctoproject.org/git/dbus-wait;protocol=https'
+ checkvars['SRC_URI'] = 'git://git.yoctoproject.org/git/dbus-wait;protocol=https;branch=master'
checkvars['SRCREV'] = srcrev
checkvars['DEPENDS'] = set(['dbus'])
self._test_recipe_contents(recipefile, checkvars, [])
@@ -442,6 +442,7 @@ class DevtoolAddTests(DevtoolBase):
tempdir = tempfile.mkdtemp(prefix='devtoolqa')
self.track_for_cleanup(tempdir)
url = 'gitsm://git.yoctoproject.org/mraa'
+ url_branch = '%s;branch=master' % url
checkrev = 'ae127b19a50aa54255e4330ccfdd9a5d058e581d'
testrecipe = 'mraa'
srcdir = os.path.join(tempdir, testrecipe)
@@ -462,7 +463,7 @@ class DevtoolAddTests(DevtoolBase):
checkvars = {}
checkvars['S'] = '${WORKDIR}/git'
checkvars['PV'] = '1.0+git${SRCPV}'
- checkvars['SRC_URI'] = url
+ checkvars['SRC_URI'] = url_branch
checkvars['SRCREV'] = '${AUTOREV}'
self._test_recipe_contents(recipefile, checkvars, [])
# Try with revision and version specified
@@ -481,7 +482,7 @@ class DevtoolAddTests(DevtoolBase):
checkvars = {}
checkvars['S'] = '${WORKDIR}/git'
checkvars['PV'] = '1.5+git${SRCPV}'
- checkvars['SRC_URI'] = url
+ checkvars['SRC_URI'] = url_branch
checkvars['SRCREV'] = checkrev
self._test_recipe_contents(recipefile, checkvars, [])
@@ -904,7 +905,7 @@ class DevtoolUpdateTests(DevtoolBase):
self._check_repo_status(os.path.dirname(recipefile), expected_status)
result = runCmd('git diff %s' % os.path.basename(recipefile), cwd=os.path.dirname(recipefile))
- addlines = ['SRCREV = ".*"', 'SRC_URI = "git://git.infradead.org/mtd-utils.git"']
+ addlines = ['SRCREV = ".*"', 'SRC_URI = "git://git.infradead.org/mtd-utils.git;branch=master"']
srcurilines = src_uri.split()
srcurilines[0] = 'SRC_URI = "' + srcurilines[0]
srcurilines.append('"')
@@ -1463,6 +1464,14 @@ class DevtoolExtractTests(DevtoolBase):
class DevtoolUpgradeTests(DevtoolBase):
+ def setUp(self):
+ super().setUp()
+ try:
+ runCmd("git config --global user.name")
+ runCmd("git config --global user.email")
+ except:
+ self.skip("Git user.name and user.email must be set")
+
def test_devtool_upgrade(self):
# Check preconditions
self.assertTrue(not os.path.exists(self.workspacedir), 'This test cannot be run with a workspace directory under the build directory')
diff --git a/meta/lib/oeqa/selftest/cases/eSDK.py b/meta/lib/oeqa/selftest/cases/eSDK.py
index 862849af35..d0c402ba8a 100644
--- a/meta/lib/oeqa/selftest/cases/eSDK.py
+++ b/meta/lib/oeqa/selftest/cases/eSDK.py
@@ -100,7 +100,7 @@ SSTATE_MIRRORS = "file://.* file://%s/PATH"
@classmethod
def tearDownClass(cls):
for i in range(0, 10):
- if os.path.exists(os.path.join(cls.tmpdir_eSDKQA, 'bitbake.lock')):
+ if os.path.exists(os.path.join(cls.tmpdir_eSDKQA, 'bitbake.lock')) or os.path.exists(os.path.join(cls.tmpdir_eSDKQA, 'cache/hashserv.db-wal')):
time.sleep(1)
else:
break
diff --git a/meta/lib/oeqa/selftest/cases/fetch.py b/meta/lib/oeqa/selftest/cases/fetch.py
index 9aa91e59c1..be14272e63 100644
--- a/meta/lib/oeqa/selftest/cases/fetch.py
+++ b/meta/lib/oeqa/selftest/cases/fetch.py
@@ -99,7 +99,7 @@ class Dependencies(OESelftestTestCase):
r = """
LICENSE="CLOSED"
- SRC_URI="git://example.com/repo"
+ SRC_URI="git://example.com/repo;branch=master"
"""
f = self.write_recipe(textwrap.dedent(r), tempdir)
d = tinfoil.parse_recipe_file(f)
diff --git a/meta/lib/oeqa/selftest/cases/git.py b/meta/lib/oeqa/selftest/cases/git.py
new file mode 100644
index 0000000000..f12874dc7d
--- /dev/null
+++ b/meta/lib/oeqa/selftest/cases/git.py
@@ -0,0 +1,15 @@
+from oeqa.selftest.case import OESelftestTestCase
+from oeqa.utils.commands import bitbake
+
+class GitCheck(OESelftestTestCase):
+ def test_git_intercept(self):
+ """
+ Git binaries with CVE-2022-24765 fixed will refuse to operate on a
+ repository which is owned by a different user. This breaks our
+ do_install task as that runs inside pseudo, so the git repository is
+ owned by the build user but git is running as (fake)root.
+
+ We have an intercept which disables pseudo, so verify that it works.
+ """
+ bitbake("git-submodule-test -c test_git_as_user")
+ bitbake("git-submodule-test -c test_git_as_root")
diff --git a/meta/lib/oeqa/selftest/cases/recipetool.py b/meta/lib/oeqa/selftest/cases/recipetool.py
index c2a53815d0..814a03191b 100644
--- a/meta/lib/oeqa/selftest/cases/recipetool.py
+++ b/meta/lib/oeqa/selftest/cases/recipetool.py
@@ -357,7 +357,7 @@ class RecipetoolTests(RecipetoolBase):
tempsrc = os.path.join(self.tempdir, 'srctree')
os.makedirs(tempsrc)
recipefile = os.path.join(self.tempdir, 'libmatchbox.bb')
- srcuri = 'git://git.yoctoproject.org/libmatchbox'
+ srcuri = 'git://git.yoctoproject.org/libmatchbox;branch=master'
result = runCmd(['recipetool', 'create', '-o', recipefile, srcuri + ";rev=9f7cf8895ae2d39c465c04cc78e918c157420269", '-x', tempsrc])
self.assertTrue(os.path.isfile(recipefile), 'recipetool did not create recipe file; output:\n%s' % result.output)
checkvars = {}
@@ -375,7 +375,7 @@ class RecipetoolTests(RecipetoolBase):
temprecipe = os.path.join(self.tempdir, 'recipe')
os.makedirs(temprecipe)
pv = '1.7.4.1'
- srcuri = 'http://www.dest-unreach.org/socat/download/socat-%s.tar.bz2' % pv
+ srcuri = 'http://www.dest-unreach.org/socat/download/Archive/socat-%s.tar.bz2' % pv
result = runCmd('recipetool create %s -o %s' % (srcuri, temprecipe))
dirlist = os.listdir(temprecipe)
if len(dirlist) > 1:
@@ -447,7 +447,7 @@ class RecipetoolTests(RecipetoolBase):
self.assertTrue(os.path.isfile(recipefile))
checkvars = {}
checkvars['LICENSE'] = set(['Apache-2.0'])
- checkvars['SRC_URI'] = 'git://github.com/mesonbuild/meson;protocol=https'
+ checkvars['SRC_URI'] = 'git://github.com/mesonbuild/meson;protocol=https;branch=master'
inherits = ['setuptools3']
self._test_recipe_contents(recipefile, checkvars, inherits)
@@ -514,7 +514,7 @@ class RecipetoolTests(RecipetoolBase):
self.assertTrue(os.path.isfile(recipefile))
checkvars = {}
checkvars['LICENSE'] = set(['GPLv2'])
- checkvars['SRC_URI'] = 'git://git.yoctoproject.org/git/matchbox-terminal;protocol=http'
+ checkvars['SRC_URI'] = 'git://git.yoctoproject.org/git/matchbox-terminal;protocol=http;branch=master'
inherits = ['pkgconfig', 'autotools']
self._test_recipe_contents(recipefile, checkvars, inherits)
diff --git a/meta/lib/oeqa/selftest/cases/sstatetests.py b/meta/lib/oeqa/selftest/cases/sstatetests.py
index 17a1545506..4b8669e9d3 100644
--- a/meta/lib/oeqa/selftest/cases/sstatetests.py
+++ b/meta/lib/oeqa/selftest/cases/sstatetests.py
@@ -39,7 +39,7 @@ class SStateTests(SStateBase):
recipefile = os.path.join(tempdir, "recipes-test", "dbus-wait-test", 'dbus-wait-test_git.bb')
os.makedirs(os.path.dirname(recipefile))
- srcuri = 'git://' + srcdir + ';protocol=file'
+ srcuri = 'git://' + srcdir + ';protocol=file;branch=master'
result = runCmd(['recipetool', 'create', '-o', recipefile, srcuri])
self.assertTrue(os.path.isfile(recipefile), 'recipetool did not create recipe file; output:\n%s' % result.output)
@@ -137,7 +137,7 @@ class SStateTests(SStateBase):
filtered_results.append(r)
self.assertTrue(filtered_results == [], msg="Found distro non-specific sstate for: %s (%s)" % (', '.join(map(str, targets)), str(filtered_results)))
file_tracker_1 = self.search_sstate('|'.join(map(str, [s + r'.*?\.tgz$' for s in targets])), distro_specific=True, distro_nonspecific=False)
- self.assertTrue(len(file_tracker_1) >= len(targets), msg = "Not all sstate files ware created for: %s" % ', '.join(map(str, targets)))
+ self.assertTrue(len(file_tracker_1) >= len(targets), msg = "Not all sstate files were created for: %s" % ', '.join(map(str, targets)))
self.track_for_cleanup(self.distro_specific_sstate + "_old")
shutil.copytree(self.distro_specific_sstate, self.distro_specific_sstate + "_old")
@@ -146,13 +146,13 @@ class SStateTests(SStateBase):
bitbake(['-cclean'] + targets)
bitbake(targets)
file_tracker_2 = self.search_sstate('|'.join(map(str, [s + r'.*?\.tgz$' for s in targets])), distro_specific=True, distro_nonspecific=False)
- self.assertTrue(len(file_tracker_2) >= len(targets), msg = "Not all sstate files ware created for: %s" % ', '.join(map(str, targets)))
+ self.assertTrue(len(file_tracker_2) >= len(targets), msg = "Not all sstate files were created for: %s" % ', '.join(map(str, targets)))
not_recreated = [x for x in file_tracker_1 if x not in file_tracker_2]
- self.assertTrue(not_recreated == [], msg="The following sstate files ware not recreated: %s" % ', '.join(map(str, not_recreated)))
+ self.assertTrue(not_recreated == [], msg="The following sstate files were not recreated: %s" % ', '.join(map(str, not_recreated)))
created_once = [x for x in file_tracker_2 if x not in file_tracker_1]
- self.assertTrue(created_once == [], msg="The following sstate files ware created only in the second run: %s" % ', '.join(map(str, created_once)))
+ self.assertTrue(created_once == [], msg="The following sstate files were created only in the second run: %s" % ', '.join(map(str, created_once)))
def test_rebuild_distro_specific_sstate_cross_native_targets(self):
self.run_test_rebuild_distro_specific_sstate(['binutils-cross-' + self.tune_arch, 'binutils-native'], temp_sstate_location=True)
@@ -202,9 +202,9 @@ class SStateTests(SStateBase):
actual_remaining_sstate = [x for x in self.search_sstate(target + r'.*?\.tgz$') if not any(pattern in x for pattern in ignore_patterns)]
actual_not_expected = [x for x in actual_remaining_sstate if x not in expected_remaining_sstate]
- self.assertFalse(actual_not_expected, msg="Files should have been removed but ware not: %s" % ', '.join(map(str, actual_not_expected)))
+ self.assertFalse(actual_not_expected, msg="Files should have been removed but were not: %s" % ', '.join(map(str, actual_not_expected)))
expected_not_actual = [x for x in expected_remaining_sstate if x not in actual_remaining_sstate]
- self.assertFalse(expected_not_actual, msg="Extra files ware removed: %s" ', '.join(map(str, expected_not_actual)))
+ self.assertFalse(expected_not_actual, msg="Extra files were removed: %s" ', '.join(map(str, expected_not_actual)))
def test_sstate_cache_management_script_using_pr_1(self):
global_config = []
@@ -347,7 +347,7 @@ TCLIBCAPPEND = \"\"
MACHINE = \"qemuarm\"
BB_SIGNATURE_HANDLER = "OEBasicHash"
"""
- self.sstate_allarch_samesigs(configA, configB)
+ self.sstate_common_samesigs(configA, configB, allarch=True)
def test_sstate_nativesdk_samesigs_multilib(self):
"""
@@ -371,9 +371,9 @@ require conf/multilib.conf
MULTILIBS = \"\"
BB_SIGNATURE_HANDLER = "OEBasicHash"
"""
- self.sstate_allarch_samesigs(configA, configB)
+ self.sstate_common_samesigs(configA, configB)
- def sstate_allarch_samesigs(self, configA, configB):
+ def sstate_common_samesigs(self, configA, configB, allarch=False):
self.write_config(configA)
self.track_for_cleanup(self.topdir + "/tmp-sstatesamehash")
@@ -401,6 +401,13 @@ BB_SIGNATURE_HANDLER = "OEBasicHash"
self.maxDiff = None
self.assertEqual(files1, files2)
+ if allarch:
+ allarchdir = os.path.basename(glob.glob(self.topdir + "/tmp-sstatesamehash/stamps/all-*-linux")[0])
+
+ files1 = get_files(self.topdir + "/tmp-sstatesamehash/stamps/" + allarchdir)
+ files2 = get_files(self.topdir + "/tmp-sstatesamehash2/stamps/" + allarchdir)
+ self.assertEqual(files1, files2)
+
def test_sstate_sametune_samesigs(self):
"""
The sstate checksums of two identical machines (using the same tune) should be the
diff --git a/meta/lib/oeqa/selftest/context.py b/meta/lib/oeqa/selftest/context.py
index 1659926975..78c7a467e2 100644
--- a/meta/lib/oeqa/selftest/context.py
+++ b/meta/lib/oeqa/selftest/context.py
@@ -39,7 +39,7 @@ class NonConcurrentTestSuite(unittest.TestSuite):
def removebuilddir(d):
delay = 5
- while delay and os.path.exists(d + "/bitbake.lock"):
+ while delay and (os.path.exists(d + "/bitbake.lock") or os.path.exists(d + "/cache/hashserv.db-wal")):
time.sleep(1)
delay = delay - 1
# Deleting these directories takes a lot of time, use autobuilder
diff --git a/meta/lib/oeqa/utils/dump.py b/meta/lib/oeqa/utils/dump.py
index bb067f4846..dc8757807e 100644
--- a/meta/lib/oeqa/utils/dump.py
+++ b/meta/lib/oeqa/utils/dump.py
@@ -134,4 +134,4 @@ class MonitorDumper(BaseDumper):
output = self.runner.run_monitor(cmd_name)
self._write_dump(cmd_name, output)
except Exception as e:
- print("Failed to dump QMP CMD: %s with\nExecption: %s" % (cmd_name, e))
+ print("Failed to dump QMP CMD: %s with\nException: %s" % (cmd_name, e))
diff --git a/meta/recipes-bsp/efibootmgr/efibootmgr_17.bb b/meta/recipes-bsp/efibootmgr/efibootmgr_17.bb
index 5d6f200a73..e9dfa0770e 100644
--- a/meta/recipes-bsp/efibootmgr/efibootmgr_17.bb
+++ b/meta/recipes-bsp/efibootmgr/efibootmgr_17.bb
@@ -10,7 +10,7 @@ DEPENDS = "efivar popt"
COMPATIBLE_HOST = "(i.86|x86_64|arm|aarch64).*-linux"
-SRC_URI = "git://github.com/rhinstaller/efibootmgr.git;protocol=https \
+SRC_URI = "git://github.com/rhinstaller/efibootmgr.git;protocol=https;branch=master \
file://0001-remove-extra-decl.patch \
file://97668ae0bce776a36ea2001dea63d376be8274ac.patch \
"
diff --git a/meta/recipes-bsp/efivar/efivar_37.bb b/meta/recipes-bsp/efivar/efivar_37.bb
index b11f1539a2..fc36913f30 100644
--- a/meta/recipes-bsp/efivar/efivar_37.bb
+++ b/meta/recipes-bsp/efivar/efivar_37.bb
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=6626bb1e20189cfa95f2c508ba286393"
COMPATIBLE_HOST = "(i.86|x86_64|arm|aarch64).*-linux"
-SRC_URI = "git://github.com/rhinstaller/efivar.git \
+SRC_URI = "git://github.com/rhinstaller/efivar.git;branch=master;protocol=https \
file://determinism.patch \
file://no-werror.patch"
SRCREV = "c1d6b10e1ed4ba2be07f385eae5bceb694478a10"
diff --git a/meta/recipes-bsp/grub/files/CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch b/meta/recipes-bsp/grub/files/CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch
new file mode 100644
index 0000000000..dae26fd8bb
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch
@@ -0,0 +1,49 @@
+From 0adec29674561034771c13e446069b41ef41e4d4 Mon Sep 17 00:00:00 2001
+From: Michael Chang <mchang@suse.com>
+Date: Fri, 3 Dec 2021 16:13:28 +0800
+Subject: [PATCH] grub-mkconfig: Restore umask for the grub.cfg
+
+The commit ab2e53c8a (grub-mkconfig: Honor a symlink when generating
+configuration by grub-mkconfig) has inadvertently discarded umask for
+creating grub.cfg in the process of running grub-mkconfig. The resulting
+wrong permission (0644) would allow unprivileged users to read GRUB
+configuration file content. This presents a low confidentiality risk
+as grub.cfg may contain non-secured plain-text passwords.
+
+This patch restores the missing umask and sets the creation file mode
+to 0600 preventing unprivileged access.
+
+Fixes: CVE-2021-3981
+
+Signed-off-by: Michael Chang <mchang@suse.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport
+CVE: CVE-2021-3981
+
+Reference to upstream patch:
+https://git.savannah.gnu.org/cgit/grub.git/commit/?id=0adec29674561034771c13e446069b41ef41e4d4
+
+Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
+---
+ util/grub-mkconfig.in | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
+index c3ea7612e..62335d027 100644
+--- a/util/grub-mkconfig.in
++++ b/util/grub-mkconfig.in
+@@ -301,7 +301,10 @@ and /etc/grub.d/* files or please file a bug report with
+ exit 1
+ else
+ # none of the children aborted with error, install the new grub.cfg
++ oldumask=$(umask)
++ umask 077
+ cat ${grub_cfg}.new > ${grub_cfg}
++ umask $oldumask
+ rm -f ${grub_cfg}.new
+ fi
+ fi
+--
+2.31.1
+
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index bb791347dc..bdb3e2d999 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -20,12 +20,15 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch \
file://determinism.patch \
file://0001-RISC-V-Restore-the-typcast-to-long.patch \
+ file://CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch \
"
SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f"
# Applies only to RHEL
CVE_CHECK_WHITELIST += "CVE-2019-14865"
+# Applies only to SUSE
+CVE_CHECK_WHITELIST += "CVE-2021-46705"
DEPENDS = "flex-native bison-native gettext-native"
diff --git a/meta/recipes-bsp/opensbi/opensbi_0.9.bb b/meta/recipes-bsp/opensbi/opensbi_0.9.bb
index cb9f346dc0..1956fbf9ff 100644
--- a/meta/recipes-bsp/opensbi/opensbi_0.9.bb
+++ b/meta/recipes-bsp/opensbi/opensbi_0.9.bb
@@ -9,7 +9,7 @@ require opensbi-payloads.inc
inherit autotools-brokensep deploy
SRCREV = "234ed8e427f4d92903123199f6590d144e0d9351"
-SRC_URI = "git://github.com/riscv/opensbi.git;branch=master \
+SRC_URI = "git://github.com/riscv/opensbi.git;branch=master;protocol=https \
file://0001-Makefile-Don-t-specify-mabi-or-march.patch \
"
diff --git a/meta/recipes-bsp/u-boot/libubootenv_0.3.2.bb b/meta/recipes-bsp/u-boot/libubootenv_0.3.2.bb
index ce14bc48aa..6906e5362d 100644
--- a/meta/recipes-bsp/u-boot/libubootenv_0.3.2.bb
+++ b/meta/recipes-bsp/u-boot/libubootenv_0.3.2.bb
@@ -10,7 +10,7 @@ LICENSE = "LGPL-2.1"
LIC_FILES_CHKSUM = "file://Licenses/lgpl-2.1.txt;md5=4fbd65380cdd255951079008b364516c"
SECTION = "libs"
-SRC_URI = "git://github.com/sbabic/libubootenv;protocol=https"
+SRC_URI = "git://github.com/sbabic/libubootenv;protocol=https;branch=master"
SRCREV = "ba7564f5006d09bec51058cf4f5ac90d4dc18b3c"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-bsp/u-boot/u-boot-common.inc b/meta/recipes-bsp/u-boot/u-boot-common.inc
index 6b9253806f..9af65e6b27 100644
--- a/meta/recipes-bsp/u-boot/u-boot-common.inc
+++ b/meta/recipes-bsp/u-boot/u-boot-common.inc
@@ -14,9 +14,12 @@ PE = "1"
# repo during parse
SRCREV = "840658b093976390e9537724f802281c9c8439f5"
-SRC_URI = "git://git.denx.de/u-boot.git \
+SRC_URI = "git://git.denx.de/u-boot.git;branch=master \
"
S = "${WORKDIR}/git"
B = "${WORKDIR}/build"
+
+inherit pkgconfig
+
do_configure[cleandirs] = "${B}"
diff --git a/meta/recipes-connectivity/avahi/files/local-ping.patch b/meta/recipes-connectivity/avahi/files/local-ping.patch
index 94116ad1f3..29c192d296 100644
--- a/meta/recipes-connectivity/avahi/files/local-ping.patch
+++ b/meta/recipes-connectivity/avahi/files/local-ping.patch
@@ -1,4 +1,5 @@
CVE: CVE-2021-36217
+CVE: CVE-2021-3502
Upstream-Status: Backport
Signed-off-by: Ross Burton <ross.burton@arm.com>
diff --git a/meta/recipes-connectivity/bind/bind-9.16.20/CVE-2021-25219-1.patch b/meta/recipes-connectivity/bind/bind-9.16.20/CVE-2021-25219-1.patch
new file mode 100644
index 0000000000..f63c333264
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind-9.16.20/CVE-2021-25219-1.patch
@@ -0,0 +1,76 @@
+From 011e9418ce9bb25675de6ac8d47536efedeeb312 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org>
+Date: Fri, 24 Sep 2021 09:35:11 +0200
+Subject: [PATCH] Disable lame-ttl cache
+
+The lame-ttl cache is implemented in ADB as per-server locked
+linked-list "indexed" with <qname,qtype>. This list has to be walked
+every time there's a new query or new record added into the lame cache.
+Determined attacker can use this to degrade performance of the resolver.
+
+Resolver testing has shown that disabling the lame cache has little
+impact on the resolver performance and it's a minimal viable defense
+against this kind of attack.
+
+CVE: CVE-2021-25219
+
+Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/-/commit/8fe18c0566c41228a568157287f5a44f96d37662]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ bin/named/config.c | 2 +-
+ bin/named/server.c | 7 +++++--
+ doc/arm/reference.rst | 6 +++---
+ 3 files changed, 9 insertions(+), 6 deletions(-)
+
+diff --git a/bin/named/config.c b/bin/named/config.c
+index fa8473db7c..b6453b814e 100644
+--- a/bin/named/config.c
++++ b/bin/named/config.c
+@@ -151,7 +151,7 @@ options {\n\
+ fetches-per-server 0;\n\
+ fetches-per-zone 0;\n\
+ glue-cache yes;\n\
+- lame-ttl 600;\n"
++ lame-ttl 0;\n"
+ #ifdef HAVE_LMDB
+ " lmdb-mapsize 32M;\n"
+ #endif /* ifdef HAVE_LMDB */
+diff --git a/bin/named/server.c b/bin/named/server.c
+index 638703e8c2..35ad6a0b7f 100644
+--- a/bin/named/server.c
++++ b/bin/named/server.c
+@@ -4806,8 +4806,11 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config,
+ result = named_config_get(maps, "lame-ttl", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ lame_ttl = cfg_obj_asduration(obj);
+- if (lame_ttl > 1800) {
+- lame_ttl = 1800;
++ if (lame_ttl > 0) {
++ cfg_obj_log(obj, named_g_lctx, ISC_LOG_WARNING,
++ "disabling lame cache despite lame-ttl > 0 as it "
++ "may cause performance issues");
++ lame_ttl = 0;
+ }
+ dns_resolver_setlamettl(view->resolver, lame_ttl);
+
+diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst
+index 3bc4439745..fea854f3d1 100644
+--- a/doc/arm/reference.rst
++++ b/doc/arm/reference.rst
+@@ -3358,9 +3358,9 @@ Tuning
+ ^^^^^^
+
+ ``lame-ttl``
+- This sets the number of seconds to cache a lame server indication. 0
+- disables caching. (This is **NOT** recommended.) The default is
+- ``600`` (10 minutes) and the maximum value is ``1800`` (30 minutes).
++ This is always set to 0. More information is available in the
++ `security advisory for CVE-2021-25219
++ <https://kb.isc.org/docs/cve-2021-25219>`_.
+
+ ``servfail-ttl``
+ This sets the number of seconds to cache a SERVFAIL response due to DNSSEC
+--
+2.17.1
+
diff --git a/meta/recipes-connectivity/bind/bind-9.16.20/CVE-2021-25219-2.patch b/meta/recipes-connectivity/bind/bind-9.16.20/CVE-2021-25219-2.patch
new file mode 100644
index 0000000000..1217f7f186
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind-9.16.20/CVE-2021-25219-2.patch
@@ -0,0 +1,65 @@
+From 117cf776a7add27ac6d236b4062258da0d068486 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org>
+Date: Mon, 15 Nov 2021 16:26:52 +0800
+Subject: [PATCH] Enable lame response detection even with disabled lame cache
+
+Previously, when lame cache would be disabled by setting lame-ttl to 0,
+it would also disable lame answer detection. In this commit, we enable
+the lame response detection even when the lame cache is disabled. This
+enables stopping answer processing early rather than going through the
+whole answer processing flow.
+
+CVE: CVE-2021-25219
+
+Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/-/commit/e4931584a34bdd0a0d18e4d918fb853bf5296787]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ lib/dns/resolver.c | 23 ++++++++++++-----------
+ 1 file changed, 12 insertions(+), 11 deletions(-)
+
+diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
+index 50fadc0..9291bd4 100644
+--- a/lib/dns/resolver.c
++++ b/lib/dns/resolver.c
+@@ -10217,25 +10217,26 @@ rctx_badserver(respctx_t *rctx, isc_result_t result) {
+ */
+ static isc_result_t
+ rctx_lameserver(respctx_t *rctx) {
+- isc_result_t result;
++ isc_result_t result = ISC_R_SUCCESS;
+ fetchctx_t *fctx = rctx->fctx;
+ resquery_t *query = rctx->query;
+
+- if (fctx->res->lame_ttl == 0 || ISFORWARDER(query->addrinfo) ||
+- !is_lame(fctx, query->rmessage))
+- {
++ if (ISFORWARDER(query->addrinfo) || !is_lame(fctx, query->rmessage)) {
+ return (ISC_R_SUCCESS);
+ }
+
+ inc_stats(fctx->res, dns_resstatscounter_lame);
+ log_lame(fctx, query->addrinfo);
+- result = dns_adb_marklame(fctx->adb, query->addrinfo, &fctx->name,
+- fctx->type, rctx->now + fctx->res->lame_ttl);
+- if (result != ISC_R_SUCCESS) {
+- isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
+- DNS_LOGMODULE_RESOLVER, ISC_LOG_ERROR,
+- "could not mark server as lame: %s",
+- isc_result_totext(result));
++ if (fctx->res->lame_ttl != 0) {
++ result = dns_adb_marklame(fctx->adb, query->addrinfo,
++ &fctx->name, fctx->type,
++ rctx->now + fctx->res->lame_ttl);
++ if (result != ISC_R_SUCCESS) {
++ isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
++ DNS_LOGMODULE_RESOLVER, ISC_LOG_ERROR,
++ "could not mark server as lame: %s",
++ isc_result_totext(result));
++ }
+ }
+ rctx->broken_server = DNS_R_LAME;
+ rctx->next_server = true;
+--
+2.17.1
+
diff --git a/meta/recipes-connectivity/bind/bind_9.16.20.bb b/meta/recipes-connectivity/bind/bind_9.16.20.bb
index ddf323fb9c..0ba0a46b15 100644
--- a/meta/recipes-connectivity/bind/bind_9.16.20.bb
+++ b/meta/recipes-connectivity/bind/bind_9.16.20.bb
@@ -18,6 +18,8 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
file://bind-ensure-searching-for-json-headers-searches-sysr.patch \
file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \
file://0001-avoid-start-failure-with-bind-user.patch \
+ file://CVE-2021-25219-1.patch \
+ file://CVE-2021-25219-2.patch \
"
SRC_URI[sha256sum] = "4d0d93c0d0b63080609e84625f24ff8777f8d164e78a75b1c19c334ce42d5b58"
diff --git a/meta/recipes-connectivity/connman/connman-gnome_0.7.bb b/meta/recipes-connectivity/connman/connman-gnome_0.7.bb
index 55c687968f..7e1619aab2 100644
--- a/meta/recipes-connectivity/connman/connman-gnome_0.7.bb
+++ b/meta/recipes-connectivity/connman/connman-gnome_0.7.bb
@@ -10,7 +10,7 @@ DEPENDS = "gtk+3 dbus-glib dbus-glib-native intltool-native gettext-native"
# 0.7 tag
SRCREV = "cf3c325b23dae843c5499a113591cfbc98acb143"
-SRC_URI = "git://github.com/connectivity/connman-gnome.git \
+SRC_URI = "git://github.com/connectivity/connman-gnome.git;branch=master;protocol=https \
file://0001-Removed-icon-from-connman-gnome-about-applet.patch \
file://null_check_for_ipv4_config.patch \
file://images/ \
diff --git a/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.15.1.bb b/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.15.1.bb
index e455a60bd5..f5c87f7291 100644
--- a/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.15.1.bb
+++ b/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.15.1.bb
@@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1"
DEPENDS = "avahi"
-SRC_URI = "git://github.com/lathiat/nss-mdns \
+SRC_URI = "git://github.com/lathiat/nss-mdns;branch=master;protocol=https \
"
SRCREV = "4b3cfe818bf72d99a02b8ca8b8813cb2d6b40633"
diff --git a/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb b/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb
index 9a8c46e0ef..dbe2fd8157 100644
--- a/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb
+++ b/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb
@@ -19,10 +19,11 @@ BINCONFIG = "${bindir}/pcap-config"
# Explicitly disable dag support. We don't have recipe for it and if enabled here,
# configure script poisons the include dirs with /usr/local/include even when the
-# support hasn't been detected.
+# support hasn't been detected. Do the same thing for DPDK.
EXTRA_OECONF = " \
--with-pcap=linux \
--without-dag \
+ --without-dpdk \
"
EXTRA_AUTORECONF += "--exclude=aclocal"
diff --git a/meta/recipes-connectivity/libuv/libuv_1.42.0.bb b/meta/recipes-connectivity/libuv/libuv_1.42.0.bb
index 169bd6206b..2dfbb8b895 100644
--- a/meta/recipes-connectivity/libuv/libuv_1.42.0.bb
+++ b/meta/recipes-connectivity/libuv/libuv_1.42.0.bb
@@ -6,7 +6,7 @@ LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE;md5=a68902a430e32200263d182d44924d47"
SRCREV = "6ce14710da7079eb248868171f6343bc409ea3a4"
-SRC_URI = "git://github.com/libuv/libuv;branch=v1.x"
+SRC_URI = "git://github.com/libuv/libuv;branch=v1.x;protocol=https"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
index 837490f15f..4246f4dcbd 100644
--- a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
+++ b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
@@ -8,7 +8,7 @@ SRCREV = "11f2247eccd3c161b8fd9b41143862e9fb81193c"
PV = "20210805"
PE = "1"
-SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https"
+SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=master"
S = "${WORKDIR}/git"
inherit autotools
diff --git a/meta/recipes-connectivity/neard/neard_0.16.bb b/meta/recipes-connectivity/neard/neard_0.16.bb
index b6cc1d6ced..936b3c5754 100644
--- a/meta/recipes-connectivity/neard/neard_0.16.bb
+++ b/meta/recipes-connectivity/neard/neard_0.16.bb
@@ -2,21 +2,22 @@ SUMMARY = "Linux NFC daemon"
DESCRIPTION = "A daemon for the Linux Near Field Communication stack"
HOMEPAGE = "http://01.org/linux-nfc"
LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
+ file://src/near.h;beginline=1;endline=20;md5=358e4deefef251a4761e1ffacc965d13 \
+ "
DEPENDS = "dbus glib-2.0 libnl"
-SRC_URI = "${KERNELORG_MIRROR}/linux/network/nfc/${BP}.tar.xz \
+SRC_URI = "git://git.kernel.org/pub/scm/network/nfc/neard.git;protocol=git;branch=master \
file://neard.in \
file://Makefile.am-fix-parallel-issue.patch \
file://Makefile.am-do-not-ship-version.h.patch \
file://0001-Add-header-dependency-to-nciattach.o.patch \
"
-SRC_URI[md5sum] = "5c691fb7872856dc0d909c298bc8cb41"
-SRC_URI[sha256sum] = "eae3b11c541a988ec11ca94b7deab01080cd5b58cfef3ced6ceac9b6e6e65b36"
-LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
- file://src/near.h;beginline=1;endline=20;md5=358e4deefef251a4761e1ffacc965d13 \
- "
+SRCREV = "949795024f7625420e93e288c56e194cb9a3e74a"
+
+S = "${WORKDIR}/git"
inherit autotools pkgconfig systemd update-rc.d
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2021-41617.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2021-41617.patch
new file mode 100644
index 0000000000..bebde7f26d
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2021-41617.patch
@@ -0,0 +1,48 @@
+From 1f0707e8e78ef290fd0f229df3fcd2236f29db89 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Thu, 28 Oct 2021 11:11:05 +0800
+Subject: [PATCH] upstream: need initgroups() before setresgid(); reported by
+ anton@,
+
+ok deraadt@
+
+OpenBSD-Commit-ID: 6aa003ee658b316960d94078f2a16edbc25087ce
+
+CVE: CVE-2021-41617
+Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/f3cbe43e28fe71427d41cfe3a17125b972710455
+https://github.com/openssh/openssh-portable/commit/bf944e3794eff5413f2df1ef37cddf96918c6bde]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ misc.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/misc.c b/misc.c
+index d988ce3..33eca1c 100644
+--- a/misc.c
++++ b/misc.c
+@@ -56,6 +56,7 @@
+ #ifdef HAVE_PATHS_H
+ # include <paths.h>
+ #include <pwd.h>
++#include <grp.h>
+ #endif
+ #ifdef SSH_TUN_OPENBSD
+ #include <net/if.h>
+@@ -2629,6 +2630,13 @@ subprocess(const char *tag, const char *command,
+ }
+ closefrom(STDERR_FILENO + 1);
+
++ if (geteuid() == 0 &&
++ initgroups(pw->pw_name, pw->pw_gid) == -1) {
++ error("%s: initgroups(%s, %u): %s", tag,
++ pw->pw_name, (u_int)pw->pw_gid, strerror(errno));
++ _exit(1);
++ }
++
+ if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) {
+ error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid,
+ strerror(errno));
+--
+2.17.1
+
diff --git a/meta/recipes-connectivity/openssh/openssh_8.7p1.bb b/meta/recipes-connectivity/openssh/openssh_8.7p1.bb
index 07cd6b74cd..d19833e56f 100644
--- a/meta/recipes-connectivity/openssh/openssh_8.7p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_8.7p1.bb
@@ -24,6 +24,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
file://sshd_check_keys \
file://add-test-support-for-busybox.patch \
+ file://CVE-2021-41617.patch \
"
SRC_URI[sha256sum] = "7ca34b8bb24ae9e50f33792b7091b3841d7e1b440ff57bc9fabddf01e2ed1e24"
diff --git a/meta/recipes-connectivity/openssl/openssl/reproducibility.patch b/meta/recipes-connectivity/openssl/openssl/reproducibility.patch
new file mode 100644
index 0000000000..8accbc9df2
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/reproducibility.patch
@@ -0,0 +1,22 @@
+Using localtime() means the output can depend on the timezone of the build machine.
+Using gmtime() is safer. For complete reproducibility use SOURCE_DATE_EPOCH if set.
+
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+Upstream-Status: Pending [should be suitable]
+
+Index: openssl-3.0.1/apps/progs.pl
+===================================================================
+--- openssl-3.0.1.orig/apps/progs.pl
++++ openssl-3.0.1/apps/progs.pl
+@@ -21,7 +21,10 @@ die "Unrecognised option, must be -C or
+ my %commands = ();
+ my $cmdre = qr/^\s*int\s+([a-z_][a-z0-9_]*)_main\(\s*int\s+argc\s*,/;
+ my $apps_openssl = shift @ARGV;
+-my $YEAR = [localtime()]->[5] + 1900;
++my $YEAR = [gmtime()]->[5] + 1900;
++if (defined($ENV{SOURCE_DATE_EPOCH}) && $ENV{SOURCE_DATE_EPOCH} !~ /\D/) {
++ $YEAR = [gmtime($ENV{SOURCE_DATE_EPOCH})]->[5] + 1900;
++}
+
+ # because the program apps/openssl has object files as sources, and
+ # they then have the corresponding C files as source, we need to chain
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1o.bb
index b241ba78bc..d6386c33a9 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1o.bb
@@ -17,6 +17,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
file://afalg.patch \
file://reproducible.patch \
+ file://reproducibility.patch \
"
SRC_URI:append:class-nativesdk = " \
@@ -28,7 +29,7 @@ SRC_URI:append:riscv32 = " \
file://0004-Fixup-support-for-io_pgetevents_time64-syscall.patch \
"
-SRC_URI[sha256sum] = "0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1"
+SRC_URI[sha256sum] = "9384a2b0570dd80358841464677115df785edb941c71211f75076d72fe6b438f"
inherit lib_package multilib_header multilib_script ptest
MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
@@ -203,6 +204,7 @@ do_install_ptest () {
install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps
install -d ${D}${PTEST_PATH}/engines
+ install -m755 ${B}/engines/dasync.so ${D}${PTEST_PATH}/engines
install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines
# seems to be needed with perl 5.32.1
diff --git a/meta/recipes-connectivity/socat/socat_1.7.4.1.bb b/meta/recipes-connectivity/socat/socat_1.7.4.1.bb
index 1ad5f15b93..41c8552f25 100644
--- a/meta/recipes-connectivity/socat/socat_1.7.4.1.bb
+++ b/meta/recipes-connectivity/socat/socat_1.7.4.1.bb
@@ -9,7 +9,7 @@ LICENSE = "GPL-2.0-with-OpenSSL-exception"
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
file://README;beginline=257;endline=287;md5=82520b052f322ac2b5b3dfdc7c7eea86"
-SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \
+SRC_URI = "http://www.dest-unreach.org/socat/download/Archive/socat-${PV}.tar.bz2 \
"
SRC_URI[md5sum] = "36cad050ecf4981ab044c3fbd75c643f"
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
index 33b1495bb2..25cd8ef82c 100644
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
@@ -108,7 +108,7 @@ do_install () {
install -m 0644 ${WORKDIR}/99_wpa_supplicant ${D}/etc/default/volatiles
}
-pkg_postinst:wpa-supplicant () {
+pkg_postinst:${PN} () {
# If we're offline, we don't need to do this.
if [ "x$D" = "x" ]; then
killall -q -HUP dbus-daemon || true
diff --git a/meta/recipes-core/busybox/busybox-inittab_1.34.0.bb b/meta/recipes-core/busybox/busybox-inittab_1.34.1.bb
index be8c06323c..be8c06323c 100644
--- a/meta/recipes-core/busybox/busybox-inittab_1.34.0.bb
+++ b/meta/recipes-core/busybox/busybox-inittab_1.34.1.bb
diff --git a/meta/recipes-core/busybox/busybox.inc b/meta/recipes-core/busybox/busybox.inc
index 808c3dc700..187ca15957 100644
--- a/meta/recipes-core/busybox/busybox.inc
+++ b/meta/recipes-core/busybox/busybox.inc
@@ -349,7 +349,7 @@ do_install_ptest () {
# These access the internet which is not guaranteed to work on machines running the tests
rm -rf ${D}${PTEST_PATH}/testsuite/wget
sort ${B}/.config > ${D}${PTEST_PATH}/.config
- ln -s /bin/busybox ${D}${PTEST_PATH}/busybox
+ ln -s ${base_bindir}/busybox ${D}${PTEST_PATH}/busybox
}
inherit update-alternatives
diff --git a/meta/recipes-core/busybox/busybox_1.34.0.bb b/meta/recipes-core/busybox/busybox_1.34.1.bb
index 51df1df05f..6aed0f0476 100644
--- a/meta/recipes-core/busybox/busybox_1.34.0.bb
+++ b/meta/recipes-core/busybox/busybox_1.34.1.bb
@@ -51,4 +51,4 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
"
SRC_URI:append:libc-musl = " file://musl.cfg "
-SRC_URI[tarball.sha256sum] = "ec8d1615edb045b83b81966604759c4d4ac921434ab4011da604f629c06074ce"
+SRC_URI[tarball.sha256sum] = "415fbd89e5344c96acf449d94a6f956dbed62e18e835fc83e064db33a34bd549"
diff --git a/meta/recipes-core/coreutils/coreutils_8.32.bb b/meta/recipes-core/coreutils/coreutils_8.32.bb
index 01acf9a874..d819bbaae6 100644
--- a/meta/recipes-core/coreutils/coreutils_8.32.bb
+++ b/meta/recipes-core/coreutils/coreutils_8.32.bb
@@ -208,6 +208,3 @@ do_install_ptest () {
}
FILES:${PN}-ptest += "${bindir}/getlimits"
-
-# These are specific to Opensuse
-CVE_WHITELIST += "CVE-2013-0221 CVE-2013-0222 CVE-2013-0223"
diff --git a/meta/recipes-core/dbus-wait/dbus-wait_git.bb b/meta/recipes-core/dbus-wait/dbus-wait_git.bb
index 677768d35a..b39f7523c0 100644
--- a/meta/recipes-core/dbus-wait/dbus-wait_git.bb
+++ b/meta/recipes-core/dbus-wait/dbus-wait_git.bb
@@ -11,7 +11,7 @@ SRCREV = "6cc6077a36fe2648a5f993fe7c16c9632f946517"
PV = "0.1+git${SRCPV}"
PR = "r2"
-SRC_URI = "git://git.yoctoproject.org/${BPN}"
+SRC_URI = "git://git.yoctoproject.org/${BPN};branch=master"
UPSTREAM_CHECK_COMMITS = "1"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-core/expat/expat_2.4.1.bb b/meta/recipes-core/expat/expat_2.4.7.bb
index 14e5aca9e6..0530ece64d 100644
--- a/meta/recipes-core/expat/expat_2.4.1.bb
+++ b/meta/recipes-core/expat/expat_2.4.7.bb
@@ -15,7 +15,7 @@ SRC_URI = "https://github.com/libexpat/libexpat/releases/download/R_${VERSION_TA
UPSTREAM_CHECK_URI = "https://github.com/libexpat/libexpat/releases/"
-SRC_URI[sha256sum] = "2f9b6a580b94577b150a7d5617ad4643a4301a6616ff459307df3e225bcfbf40"
+SRC_URI[sha256sum] = "e149bdd8b90254c62b3d195da53a09bd531a4d63a963b0d8a5268d48dd2f6a65"
EXTRA_OECMAKE:class-native += "-DEXPAT_BUILD_DOCS=OFF"
diff --git a/meta/recipes-core/fts/fts_1.2.7.bb b/meta/recipes-core/fts/fts_1.2.7.bb
index ea820cb0c3..d3b0f31eda 100644
--- a/meta/recipes-core/fts/fts_1.2.7.bb
+++ b/meta/recipes-core/fts/fts_1.2.7.bb
@@ -10,7 +10,7 @@ SECTION = "libs"
SRCREV = "0bde52df588e8969879a2cae51c3a4774ec62472"
-SRC_URI = "git://github.com/pullmoll/musl-fts.git"
+SRC_URI = "git://github.com/pullmoll/musl-fts.git;branch=master;protocol=https"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-core/glibc/cross-localedef-native_2.34.bb b/meta/recipes-core/glibc/cross-localedef-native_2.34.bb
index 6100f3d4c4..482e53cf5d 100644
--- a/meta/recipes-core/glibc/cross-localedef-native_2.34.bb
+++ b/meta/recipes-core/glibc/cross-localedef-native_2.34.bb
@@ -20,7 +20,7 @@ inherit native
FILESEXTRAPATHS =. "${FILE_DIRNAME}/${PN}:${FILE_DIRNAME}/glibc:"
SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
- git://github.com/kraj/localedef;branch=master;name=localedef;destsuffix=git/localedef \
+ git://github.com/kraj/localedef;branch=master;name=localedef;destsuffix=git/localedef;protocol=https \
\
file://0001-localedef-Add-hardlink-resolver-from-util-linux.patch \
file://0002-localedef-fix-ups-hardlink-to-make-it-compile.patch \
diff --git a/meta/recipes-core/glibc/glibc/0001-CVE-2021-3998.patch b/meta/recipes-core/glibc/glibc/0001-CVE-2021-3998.patch
new file mode 100644
index 0000000000..c6bd5916e3
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0001-CVE-2021-3998.patch
@@ -0,0 +1,282 @@
+From fb7bff12e81c677a6622f724edd4d4987dd9d971 Mon Sep 17 00:00:00 2001
+From: Siddhesh Poyarekar <siddhesh@sourceware.org>
+Date: Tue, 18 Jan 2022 13:29:36 +0530
+Subject: [PATCH] support: Add helpers to create paths longer than PATH_MAX
+
+Add new helpers support_create_and_chdir_toolong_temp_directory and
+support_chdir_toolong_temp_directory to create and descend into
+directory trees longer than PATH_MAX.
+
+Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
+Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=062ff490c1467059f6cd64bb9c3d85f6cc6cf97a]
+CVE: CVE-2021-3998
+
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+---
+ support/temp_file.c | 159 +++++++++++++++++++++++++++++++++++++++++---
+ support/temp_file.h | 9 +++
+ 2 files changed, 159 insertions(+), 9 deletions(-)
+
+diff --git a/support/temp_file.c b/support/temp_file.c
+index e7bb8aadb9..e41128c2d4 100644
+--- a/support/temp_file.c
++++ b/support/temp_file.c
+@@ -1,5 +1,6 @@
+ /* Temporary file handling for tests.
+ Copyright (C) 1998-2021 Free Software Foundation, Inc.
++ Copyright The GNU Tools Authors.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+@@ -20,15 +21,17 @@
+ some 32-bit platforms. */
+ #define _FILE_OFFSET_BITS 64
+
++#include <support/check.h>
+ #include <support/temp_file.h>
+ #include <support/temp_file-internal.h>
+ #include <support/support.h>
+
++#include <errno.h>
+ #include <paths.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
+-#include <unistd.h>
++#include <xunistd.h>
+
+ /* List of temporary files. */
+ static struct temp_name_list
+@@ -36,14 +39,20 @@ static struct temp_name_list
+ struct temp_name_list *next;
+ char *name;
+ pid_t owner;
++ bool toolong;
+ } *temp_name_list;
+
+ /* Location of the temporary files. Set by the test skeleton via
+ support_set_test_dir. The string is not be freed. */
+ static const char *test_dir = _PATH_TMP;
+
+-void
+-add_temp_file (const char *name)
++/* Name of subdirectories in a too long temporary directory tree. */
++static char toolong_subdir[NAME_MAX + 1];
++static bool toolong_initialized;
++static size_t toolong_path_max;
++
++static void
++add_temp_file_internal (const char *name, bool toolong)
+ {
+ struct temp_name_list *newp
+ = (struct temp_name_list *) xcalloc (sizeof (*newp), 1);
+@@ -53,12 +62,19 @@ add_temp_file (const char *name)
+ newp->name = newname;
+ newp->next = temp_name_list;
+ newp->owner = getpid ();
++ newp->toolong = toolong;
+ temp_name_list = newp;
+ }
+ else
+ free (newp);
+ }
+
++void
++add_temp_file (const char *name)
++{
++ add_temp_file_internal (name, false);
++}
++
+ int
+ create_temp_file_in_dir (const char *base, const char *dir, char **filename)
+ {
+@@ -90,8 +106,8 @@ create_temp_file (const char *base, char
+ return create_temp_file_in_dir (base, test_dir, filename);
+ }
+
+-char *
+-support_create_temp_directory (const char *base)
++static char *
++create_temp_directory_internal (const char *base, bool toolong)
+ {
+ char *path = xasprintf ("%s/%sXXXXXX", test_dir, base);
+ if (mkdtemp (path) == NULL)
+@@ -99,16 +115,132 @@ support_create_temp_directory (const cha
+ printf ("error: mkdtemp (\"%s\"): %m", path);
+ exit (1);
+ }
+- add_temp_file (path);
++ add_temp_file_internal (path, toolong);
+ return path;
+ }
+
+-/* Helper functions called by the test skeleton follow. */
++char *
++support_create_temp_directory (const char *base)
++{
++ return create_temp_directory_internal (base, false);
++}
++
++static void
++ensure_toolong_initialized (void)
++{
++ if (!toolong_initialized)
++ FAIL_EXIT1 ("uninitialized toolong directory tree\n");
++}
++
++static void
++initialize_toolong (const char *base)
++{
++ long name_max = pathconf (base, _PC_NAME_MAX);
++ name_max = (name_max < 0 ? 64
++ : (name_max < sizeof (toolong_subdir) ? name_max
++ : sizeof (toolong_subdir) - 1));
++
++ long path_max = pathconf (base, _PC_PATH_MAX);
++ path_max = (path_max < 0 ? 1024
++ : path_max <= PTRDIFF_MAX ? path_max : PTRDIFF_MAX);
++
++ /* Sanity check to ensure that the test does not create temporary directories
++ in different filesystems because this API doesn't support it. */
++ if (toolong_initialized)
++ {
++ if (name_max != strlen (toolong_subdir))
++ FAIL_UNSUPPORTED ("name_max: Temporary directories in different"
++ " filesystems not supported yet\n");
++ if (path_max != toolong_path_max)
++ FAIL_UNSUPPORTED ("path_max: Temporary directories in different"
++ " filesystems not supported yet\n");
++ return;
++ }
++
++ toolong_path_max = path_max;
++
++ size_t len = name_max;
++ memset (toolong_subdir, 'X', len);
++ toolong_initialized = true;
++}
++
++char *
++support_create_and_chdir_toolong_temp_directory (const char *basename)
++{
++ char *base = create_temp_directory_internal (basename, true);
++ xchdir (base);
++
++ initialize_toolong (base);
++
++ size_t sz = strlen (toolong_subdir);
++
++ /* Create directories and descend into them so that the final path is larger
++ than PATH_MAX. */
++ for (size_t i = 0; i <= toolong_path_max / sz; i++)
++ {
++ int ret = mkdir (toolong_subdir, S_IRWXU);
++ if (ret != 0 && errno == ENAMETOOLONG)
++ FAIL_UNSUPPORTED ("Filesystem does not support creating too long "
++ "directory trees\n");
++ else if (ret != 0)
++ FAIL_EXIT1 ("Failed to create directory tree: %m\n");
++ xchdir (toolong_subdir);
++ }
++ return base;
++}
+
+ void
+-support_set_test_dir (const char *path)
++support_chdir_toolong_temp_directory (const char *base)
+ {
+- test_dir = path;
++ ensure_toolong_initialized ();
++
++ xchdir (base);
++
++ size_t sz = strlen (toolong_subdir);
++ for (size_t i = 0; i <= toolong_path_max / sz; i++)
++ xchdir (toolong_subdir);
++}
++
++/* Helper functions called by the test skeleton follow. */
++
++static void
++remove_toolong_subdirs (const char *base)
++{
++ ensure_toolong_initialized ();
++
++ if (chdir (base) != 0)
++ {
++ printf ("warning: toolong cleanup base failed: chdir (\"%s\"): %m\n",
++ base);
++ return;
++ }
++
++ /* Descend. */
++ int levels = 0;
++ size_t sz = strlen (toolong_subdir);
++ for (levels = 0; levels <= toolong_path_max / sz; levels++)
++ if (chdir (toolong_subdir) != 0)
++ {
++ printf ("warning: toolong cleanup failed: chdir (\"%s\"): %m\n",
++ toolong_subdir);
++ break;
++ }
++
++ /* Ascend and remove. */
++ while (--levels >= 0)
++ {
++ if (chdir ("..") != 0)
++ {
++ printf ("warning: toolong cleanup failed: chdir (\"..\"): %m\n");
++ return;
++ }
++ if (remove (toolong_subdir) != 0)
++ {
++ printf ("warning: could not remove subdirectory: %s: %m\n",
++ toolong_subdir);
++ return;
++ }
++ }
+ }
+
+ void
+@@ -123,6 +255,9 @@ support_delete_temp_files (void)
+ around, to prevent PID reuse.) */
+ if (temp_name_list->owner == pid)
+ {
++ if (temp_name_list->toolong)
++ remove_toolong_subdirs (temp_name_list->name);
++
+ if (remove (temp_name_list->name) != 0)
+ printf ("warning: could not remove temporary file: %s: %m\n",
+ temp_name_list->name);
+@@ -147,3 +282,9 @@ support_print_temp_files (FILE *f)
+ fprintf (f, ")\n");
+ }
+ }
++
++void
++support_set_test_dir (const char *path)
++{
++ test_dir = path;
++}
+diff --git a/support/temp_file.h b/support/temp_file.h
+index 50a443abe4..8459ddda72 100644
+--- a/support/temp_file.h
++++ b/support/temp_file.h
+@@ -44,6 +44,15 @@ int create_temp_file_in_dir (const char
+ returns. The caller should free this string. */
+ char *support_create_temp_directory (const char *base);
+
++/* Create a temporary directory tree that is longer than PATH_MAX and schedule
++ it for deletion. BASENAME is used as a prefix for the unique directory
++ name, which the function returns. The caller should free this string. */
++char *support_create_and_chdir_toolong_temp_directory (const char *basename);
++
++/* Change into the innermost directory of the directory tree BASE, which was
++ created using support_create_and_chdir_toolong_temp_directory. */
++void support_chdir_toolong_temp_directory (const char *base);
++
+ __END_DECLS
+
+ #endif /* SUPPORT_TEMP_FILE_H */
diff --git a/meta/recipes-core/glibc/glibc/0001-CVE-2021-3999.patch b/meta/recipes-core/glibc/glibc/0001-CVE-2021-3999.patch
new file mode 100644
index 0000000000..64749390b5
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0001-CVE-2021-3999.patch
@@ -0,0 +1,36 @@
+From 8c8a71c85f2ed5cc90d08d82ce645513fc907cb6 Mon Sep 17 00:00:00 2001
+From: Siddhesh Poyarekar <siddhesh@sourceware.org>
+Date: Mon, 24 Jan 2022 10:57:09 +0530
+Subject: [PATCH] tst-realpath-toolong: Fix hurd build
+
+Define PATH_MAX to a constant if it isn't already defined, like in hurd.
+
+Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
+(cherry picked from commit 976db046bc3a3738f69255ae00b0a09b8e77fd9c)
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=8c8a71c85f2ed5cc90d08d82ce645513fc907cb6]
+CVE: CVE-2021-3999
+
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+---
+ stdlib/tst-realpath-toolong.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/stdlib/tst-realpath-toolong.c b/stdlib/tst-realpath-toolong.c
+index 8bed772460..4388890294 100644
+--- a/stdlib/tst-realpath-toolong.c
++++ b/stdlib/tst-realpath-toolong.c
+@@ -29,6 +29,10 @@
+
+ #define BASENAME "tst-realpath-toolong."
+
++#ifndef PATH_MAX
++# define PATH_MAX 1024
++#endif
++
+ int
+ do_test (void)
+ {
+--
+2.27.0
+
diff --git a/meta/recipes-core/glibc/glibc/0001-CVE-2022-23218.patch b/meta/recipes-core/glibc/glibc/0001-CVE-2022-23218.patch
new file mode 100644
index 0000000000..4eb1fb7fbe
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0001-CVE-2022-23218.patch
@@ -0,0 +1,178 @@
+From e368b12f6c16b6888dda99ba641e999b9c9643c8 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 17 Jan 2022 10:21:34 +0100
+Subject: [PATCH] socket: Add the __sockaddr_un_set function
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=e368b12f6c16b6888dda99ba641e999b9c9643c8]
+CVE: CVE-2022-23219
+
+Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+---
+ include/sys/un.h | 12 +++++++
+ socket/Makefile | 6 +++-
+ socket/sockaddr_un_set.c | 41 ++++++++++++++++++++++++
+ socket/tst-sockaddr_un_set.c | 62 ++++++++++++++++++++++++++++++++++++
+ 4 files changed, 120 insertions(+), 1 deletion(-)
+ create mode 100644 socket/sockaddr_un_set.c
+ create mode 100644 socket/tst-sockaddr_un_set.c
+
+diff --git a/include/sys/un.h b/include/sys/un.h
+index bdbee99980..152afd9fc7 100644
+--- a/include/sys/un.h
++++ b/include/sys/un.h
+@@ -1 +1,13 @@
+ #include <socket/sys/un.h>
++
++#ifndef _ISOMAC
++
++/* Set ADDR->sun_family to AF_UNIX and ADDR->sun_path to PATHNAME.
++ Return 0 on success or -1 on failure (due to overlong PATHNAME).
++ The caller should always use sizeof (struct sockaddr_un) as the
++ socket address length, disregaring the length of PATHNAME.
++ Only concrete (non-abstract) pathnames are supported. */
++int __sockaddr_un_set (struct sockaddr_un *addr, const char *pathname)
++ attribute_hidden;
++
++#endif /* _ISOMAC */
+diff --git a/socket/Makefile b/socket/Makefile
+index 39333e10ca..156eec6c85 100644
+--- a/socket/Makefile
++++ b/socket/Makefile
+@@ -29,13 +29,17 @@ headers := sys/socket.h sys/un.h bits/sockaddr.h bits/socket.h \
+ routines := accept bind connect getpeername getsockname getsockopt \
+ listen recv recvfrom recvmsg send sendmsg sendto \
+ setsockopt shutdown socket socketpair isfdtype opensock \
+- sockatmark accept4 recvmmsg sendmmsg
++ sockatmark accept4 recvmmsg sendmmsg sockaddr_un_set
+
+ tests := \
+ tst-accept4 \
+ tst-sockopt \
+ # tests
+
++tests-internal := \
++ tst-sockaddr_un_set \
++ # tests-internal
++
+ tests-time64 := \
+ tst-sockopt-time64 \
+ # tests
+diff --git a/socket/sockaddr_un_set.c b/socket/sockaddr_un_set.c
+new file mode 100644
+index 0000000000..0bd40dc34e
+--- /dev/null
++++ b/socket/sockaddr_un_set.c
+@@ -0,0 +1,41 @@
++/* Set the sun_path member of struct sockaddr_un.
++ Copyright (C) 2022 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <https://www.gnu.org/licenses/>. */
++
++#include <errno.h>
++#include <string.h>
++#include <sys/socket.h>
++#include <sys/un.h>
++
++int
++__sockaddr_un_set (struct sockaddr_un *addr, const char *pathname)
++{
++ size_t name_length = strlen (pathname);
++
++ /* The kernel supports names of exactly sizeof (addr->sun_path)
++ bytes, without a null terminator, but userspace does not; see the
++ SUN_LEN macro. */
++ if (name_length >= sizeof (addr->sun_path))
++ {
++ __set_errno (EINVAL); /* Error code used by the kernel. */
++ return -1;
++ }
++
++ addr->sun_family = AF_UNIX;
++ memcpy (addr->sun_path, pathname, name_length + 1);
++ return 0;
++}
+diff --git a/socket/tst-sockaddr_un_set.c b/socket/tst-sockaddr_un_set.c
+new file mode 100644
+index 0000000000..29c2a81afd
+--- /dev/null
++++ b/socket/tst-sockaddr_un_set.c
+@@ -0,0 +1,62 @@
++/* Test the __sockaddr_un_set function.
++ Copyright (C) 2022 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <https://www.gnu.org/licenses/>. */
++
++/* Re-compile the function because the version in libc is not
++ exported. */
++#include "sockaddr_un_set.c"
++
++#include <support/check.h>
++
++static int
++do_test (void)
++{
++ struct sockaddr_un sun;
++
++ memset (&sun, 0xcc, sizeof (sun));
++ __sockaddr_un_set (&sun, "");
++ TEST_COMPARE (sun.sun_family, AF_UNIX);
++ TEST_COMPARE (__sockaddr_un_set (&sun, ""), 0);
++
++ memset (&sun, 0xcc, sizeof (sun));
++ TEST_COMPARE (__sockaddr_un_set (&sun, "/example"), 0);
++ TEST_COMPARE_STRING (sun.sun_path, "/example");
++
++ {
++ char pathname[108]; /* Length of sun_path (ABI constant). */
++ memset (pathname, 'x', sizeof (pathname));
++ pathname[sizeof (pathname) - 1] = '\0';
++ memset (&sun, 0xcc, sizeof (sun));
++ TEST_COMPARE (__sockaddr_un_set (&sun, pathname), 0);
++ TEST_COMPARE (sun.sun_family, AF_UNIX);
++ TEST_COMPARE_STRING (sun.sun_path, pathname);
++ }
++
++ {
++ char pathname[109];
++ memset (pathname, 'x', sizeof (pathname));
++ pathname[sizeof (pathname) - 1] = '\0';
++ memset (&sun, 0xcc, sizeof (sun));
++ errno = 0;
++ TEST_COMPARE (__sockaddr_un_set (&sun, pathname), -1);
++ TEST_COMPARE (errno, EINVAL);
++ }
++
++ return 0;
++}
++
++#include <support/test-driver.c>
+--
+2.27.0
+
diff --git a/meta/recipes-core/glibc/glibc/0001-CVE-2022-23219.patch b/meta/recipes-core/glibc/glibc/0001-CVE-2022-23219.patch
new file mode 100644
index 0000000000..261c2909db
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0001-CVE-2022-23219.patch
@@ -0,0 +1,55 @@
+From 226b46770c82899b555986583294b049c6ec9b40 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 17 Jan 2022 10:21:34 +0100
+Subject: [PATCH] CVE-2022-23219: Buffer overflow in sunrpc clnt_create for
+ "unix" (bug 22542)
+
+Processing an overlong pathname in the sunrpc clnt_create function
+results in a stack-based buffer overflow.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=226b46770c82899b555986583294b049c6ec9b40]
+CVE: CVE-2022-23219
+
+Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+---
+ NEWS | 4 +++-
+ sunrpc/clnt_gen.c | 10 +++++++---
+ 2 files changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/NEWS b/NEWS
+index ddd95a8329..38a9ddb2cf 100644
+--- a/NEWS
++++ b/NEWS
+@@ -206,6 +206,10 @@ Security related changes:
+ CVE-2022-23218: Passing an overlong file name to the svcunix_create
+ legacy function could result in a stack-based buffer overflow.
+
++ CVE-2022-23219: Passing an overlong file name to the clnt_create
++ legacy function could result in a stack-based buffer overflow when
++ using the "unix" protocol. Reported by Martin Sebor.
++
+ The following bugs are resolved with this release:
+
+ [4737] libc: fork is not async-signal-safe
+diff --git a/sunrpc/clnt_gen.c b/sunrpc/clnt_gen.c
+index 13ced8994e..b44357cd88 100644
+--- a/sunrpc/clnt_gen.c
++++ b/sunrpc/clnt_gen.c
+@@ -57,9 +57,13 @@ clnt_create (const char *hostname, u_lon
+
+ if (strcmp (proto, "unix") == 0)
+ {
+- memset ((char *)&sun, 0, sizeof (sun));
+- sun.sun_family = AF_UNIX;
+- strcpy (sun.sun_path, hostname);
++ if (__sockaddr_un_set (&sun, hostname) < 0)
++ {
++ struct rpc_createerr *ce = &get_rpc_createerr ();
++ ce->cf_stat = RPC_SYSTEMERROR;
++ ce->cf_error.re_errno = errno;
++ return NULL;
++ }
+ sock = RPC_ANYSOCK;
+ client = clntunix_create (&sun, prog, vers, &sock, 0, 0);
+ if (client == NULL)
diff --git a/meta/recipes-core/glibc/glibc/0002-CVE-2021-3998.patch b/meta/recipes-core/glibc/glibc/0002-CVE-2021-3998.patch
new file mode 100644
index 0000000000..0a4c34452d
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0002-CVE-2021-3998.patch
@@ -0,0 +1,138 @@
+From f7a79879c0b2bef0dadd6caaaeeb0d26423e04e5 Mon Sep 17 00:00:00 2001
+From: Siddhesh Poyarekar <siddhesh@sourceware.org>
+Date: Thu, 13 Jan 2022 11:28:36 +0530
+Subject: [PATCH] realpath: Set errno to ENAMETOOLONG for result larger than
+ PATH_MAX [BZ #28770]
+
+realpath returns an allocated string when the result exceeds PATH_MAX,
+which is unexpected when its second argument is not NULL. This results
+in the second argument (resolved) being uninitialized and also results
+in a memory leak since the caller expects resolved to be the same as the
+returned value.
+
+Return NULL and set errno to ENAMETOOLONG if the result exceeds
+PATH_MAX. This fixes [BZ #28770], which is CVE-2021-3998.
+
+Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
+Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
+(cherry picked from commit ee8d5e33adb284601c00c94687bc907e10aec9bb)
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=f7a79879c0b2bef0dadd6caaaeeb0d26423e04e5]
+CVE: CVE-2021-3998
+
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+---
+ NEWS | 4 +++
+ stdlib/Makefile | 1 +
+ stdlib/canonicalize.c | 12 +++++++--
+ stdlib/tst-realpath-toolong.c | 49 +++++++++++++++++++++++++++++++++++
+ 4 files changed, 64 insertions(+), 2 deletions(-)
+ create mode 100644 stdlib/tst-realpath-toolong.c
+
+diff --git a/NEWS b/NEWS
+index 7e773bd005..b4f81c2668 100644
+--- a/NEWS
++++ b/NEWS
+@@ -210,6 +210,10 @@ Security related changes:
+ legacy function could result in a stack-based buffer overflow when
+ using the "unix" protocol. Reported by Martin Sebor.
+
++ CVE-2021-3998: Passing a path longer than PATH_MAX to the realpath
++ function could result in a memory leak and potential access of
++ uninitialized memory. Reported by Qualys.
++
+ The following bugs are resolved with this release:
+
+ [4737] libc: fork is not async-signal-safe
+diff --git a/stdlib/canonicalize.c b/stdlib/canonicalize.c
+index 698f9ede25..7a23a51b3a 100644
+--- a/stdlib/canonicalize.c
++++ b/stdlib/canonicalize.c
+@@ -400,8 +400,16 @@ realpath_stk (const char *name, char *re
+
+ error:
+ *dest++ = '\0';
+- if (resolved != NULL && dest - rname <= get_path_max ())
+- rname = strcpy (resolved, rname);
++ if (resolved != NULL)
++ {
++ if (dest - rname <= get_path_max ())
++ rname = strcpy (resolved, rname);
++ else
++ {
++ failed = true;
++ __set_errno (ENAMETOOLONG);
++ }
++ }
+
+ error_nomem:
+ scratch_buffer_free (&extra_buffer);
+diff --git a/stdlib/Makefile b/stdlib/Makefile
+index 9bb5c221e8..a4ac30d1f6 100644
+--- a/stdlib/Makefile
++++ b/stdlib/Makefile
+@@ -88,7 +88,8 @@ tests := tst-strtol tst-strtod testmb t
+ tst-swapcontext1 tst-setcontext4 tst-setcontext5 \
+ tst-setcontext6 tst-setcontext7 tst-setcontext8 \
+ tst-setcontext9 tst-bz20544 tst-canon-bz26341 \
+- tst-realpath
++ tst-realpath \
++ tst-realpath-toolong
+
+ tests-internal := tst-strtod1i tst-strtod3 tst-strtod4 tst-strtod5i \
+ tst-tls-atexit tst-tls-atexit-nodelete
+diff --git a/stdlib/tst-realpath-toolong.c b/stdlib/tst-realpath-toolong.c
+new file mode 100644
+index 0000000000..8bed772460
+--- /dev/null
++++ b/stdlib/tst-realpath-toolong.c
+@@ -0,0 +1,49 @@
++/* Verify that realpath returns NULL with ENAMETOOLONG if the result exceeds
++ NAME_MAX.
++ Copyright The GNU Toolchain Authors.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <https://www.gnu.org/licenses/>. */
++
++#include <errno.h>
++#include <limits.h>
++#include <stdlib.h>
++#include <string.h>
++#include <unistd.h>
++#include <support/check.h>
++#include <support/temp_file.h>
++#include <sys/types.h>
++#include <sys/stat.h>
++
++#define BASENAME "tst-realpath-toolong."
++
++int
++do_test (void)
++{
++ char *base = support_create_and_chdir_toolong_temp_directory (BASENAME);
++
++ char buf[PATH_MAX + 1];
++ const char *res = realpath (".", buf);
++
++ /* canonicalize.c states that if the real path is >= PATH_MAX, then
++ realpath returns NULL and sets ENAMETOOLONG. */
++ TEST_VERIFY (res == NULL);
++ TEST_VERIFY (errno == ENAMETOOLONG);
++
++ free (base);
++ return 0;
++}
++
++#include <support/test-driver.c>
diff --git a/meta/recipes-core/glibc/glibc/0002-CVE-2021-3999.patch b/meta/recipes-core/glibc/glibc/0002-CVE-2021-3999.patch
new file mode 100644
index 0000000000..ef3a504fdf
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0002-CVE-2021-3999.patch
@@ -0,0 +1,357 @@
+From 472e799a5f2102bc0c3206dbd5a801765fceb39c Mon Sep 17 00:00:00 2001
+From: Siddhesh Poyarekar <siddhesh@sourceware.org>
+Date: Fri, 21 Jan 2022 23:32:56 +0530
+Subject: [PATCH] getcwd: Set errno to ERANGE for size == 1 (CVE-2021-3999)
+
+No valid path returned by getcwd would fit into 1 byte, so reject the
+size early and return NULL with errno set to ERANGE. This change is
+prompted by CVE-2021-3999, which describes a single byte buffer
+underflow and overflow when all of the following conditions are met:
+
+- The buffer size (i.e. the second argument of getcwd) is 1 byte
+- The current working directory is too long
+- '/' is also mounted on the current working directory
+
+Sequence of events:
+
+- In sysdeps/unix/sysv/linux/getcwd.c, the syscall returns ENAMETOOLONG
+ because the linux kernel checks for name length before it checks
+ buffer size
+
+- The code falls back to the generic getcwd in sysdeps/posix
+
+- In the generic func, the buf[0] is set to '\0' on line 250
+
+- this while loop on line 262 is bypassed:
+
+ while (!(thisdev == rootdev && thisino == rootino))
+
+ since the rootfs (/) is bind mounted onto the directory and the flow
+ goes on to line 449, where it puts a '/' in the byte before the
+ buffer.
+
+- Finally on line 458, it moves 2 bytes (the underflowed byte and the
+ '\0') to the buf[0] and buf[1], resulting in a 1 byte buffer overflow.
+
+- buf is returned on line 469 and errno is not set.
+
+This resolves BZ #28769.
+
+Reviewed-by: Andreas Schwab <schwab@linux-m68k.org>
+Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
+Signed-off-by: Qualys Security Advisory <qsa@qualys.com>
+Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
+(cherry picked from commit 23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e)
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=472e799a5f2102bc0c3206dbd5a801765fceb39c]
+CVE: CVE-2021-3999
+
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+---
+ NEWS | 6 +
+ sysdeps/posix/getcwd.c | 7 +
+ sysdeps/unix/sysv/linux/Makefile | 7 +-
+ .../unix/sysv/linux/tst-getcwd-smallbuff.c | 241 ++++++++++++++++++
+ 4 files changed, 260 insertions(+), 1 deletion(-)
+ create mode 100644 sysdeps/unix/sysv/linux/tst-getcwd-smallbuff.c
+
+diff --git a/NEWS b/NEWS
+index b4f81c2668..8d7467d2c1 100644
+--- a/NEWS
++++ b/NEWS
+@@ -214,6 +214,12 @@ Security related changes:
+ function could result in a memory leak and potential access of
+ uninitialized memory. Reported by Qualys.
+
++ CVE-2021-3999: Passing a buffer of size exactly 1 byte to the getcwd
++ function may result in an off-by-one buffer underflow and overflow
++ when the current working directory is longer than PATH_MAX and also
++ corresponds to the / directory through an unprivileged mount
++ namespace. Reported by Qualys.
++
+ The following bugs are resolved with this release:
+
+ [4737] libc: fork is not async-signal-safe
+diff --git a/sysdeps/posix/getcwd.c b/sysdeps/posix/getcwd.c
+index 13680026ff..b6984a382c 100644
+--- a/sysdeps/posix/getcwd.c
++++ b/sysdeps/posix/getcwd.c
+@@ -187,6 +187,13 @@ __getcwd_generic (char *buf, size_t size
+ size_t allocated = size;
+ size_t used;
+
++ /* A size of 1 byte is never useful. */
++ if (allocated == 1)
++ {
++ __set_errno (ERANGE);
++ return NULL;
++ }
++
+ #if HAVE_MINIMALLY_WORKING_GETCWD
+ /* If AT_FDCWD is not defined, the algorithm below is O(N**2) and
+ this is much slower than the system getcwd (at least on
+diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile
+index 76ad06361c..9380d3848d 100644
+--- a/sysdeps/unix/sysv/linux/Makefile
++++ b/sysdeps/unix/sysv/linux/Makefile
+@@ -331,7 +331,12 @@ sysdep_routines += xstatconv internal_st
+
+ sysdep_headers += bits/fcntl-linux.h
+
+-tests += tst-fallocate tst-fallocate64 tst-o_path-locks
++tests += \
++ tst-fallocate \
++ tst-fallocate64 \
++ tst-getcwd-smallbuff \
++ tst-o_path-locks \
++# tests
+ endif
+
+ ifeq ($(subdir),elf)
+diff --git a/sysdeps/unix/sysv/linux/tst-getcwd-smallbuff.c b/sysdeps/unix/sysv/linux/tst-getcwd-smallbuff.c
+new file mode 100644
+index 0000000000..d460d6e766
+--- /dev/null
++++ b/sysdeps/unix/sysv/linux/tst-getcwd-smallbuff.c
+@@ -0,0 +1,241 @@
++/* Verify that getcwd returns ERANGE for size 1 byte and does not underflow
++ buffer when the CWD is too long and is also a mount target of /. See bug
++ #28769 or CVE-2021-3999 for more context.
++ Copyright The GNU Toolchain Authors.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <https://www.gnu.org/licenses/>. */
++
++#include <errno.h>
++#include <fcntl.h>
++#include <intprops.h>
++#include <limits.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <sys/mount.h>
++#include <sys/stat.h>
++#include <sys/types.h>
++#include <sys/wait.h>
++
++#include <sys/socket.h>
++#include <sys/un.h>
++#include <support/check.h>
++#include <support/temp_file.h>
++#include <support/xsched.h>
++#include <support/xunistd.h>
++
++static char *base;
++#define BASENAME "tst-getcwd-smallbuff"
++#define MOUNT_NAME "mpoint"
++static int sockfd[2];
++
++static void
++do_cleanup (void)
++{
++ support_chdir_toolong_temp_directory (base);
++ TEST_VERIFY_EXIT (rmdir (MOUNT_NAME) == 0);
++ free (base);
++}
++
++static void
++send_fd (const int sock, const int fd)
++{
++ struct msghdr msg = {0};
++ union
++ {
++ struct cmsghdr hdr;
++ char buf[CMSG_SPACE (sizeof (int))];
++ } cmsgbuf = {0};
++ struct cmsghdr *cmsg;
++ struct iovec vec;
++ char ch = 'A';
++ ssize_t n;
++
++ msg.msg_control = &cmsgbuf.buf;
++ msg.msg_controllen = sizeof (cmsgbuf.buf);
++
++ cmsg = CMSG_FIRSTHDR (&msg);
++ cmsg->cmsg_len = CMSG_LEN (sizeof (int));
++ cmsg->cmsg_level = SOL_SOCKET;
++ cmsg->cmsg_type = SCM_RIGHTS;
++ memcpy (CMSG_DATA (cmsg), &fd, sizeof (fd));
++
++ vec.iov_base = &ch;
++ vec.iov_len = 1;
++ msg.msg_iov = &vec;
++ msg.msg_iovlen = 1;
++
++ while ((n = sendmsg (sock, &msg, 0)) == -1 && errno == EINTR);
++
++ TEST_VERIFY_EXIT (n == 1);
++}
++
++static int
++recv_fd (const int sock)
++{
++ struct msghdr msg = {0};
++ union
++ {
++ struct cmsghdr hdr;
++ char buf[CMSG_SPACE(sizeof(int))];
++ } cmsgbuf = {0};
++ struct cmsghdr *cmsg;
++ struct iovec vec;
++ ssize_t n;
++ char ch = '\0';
++ int fd = -1;
++
++ vec.iov_base = &ch;
++ vec.iov_len = 1;
++ msg.msg_iov = &vec;
++ msg.msg_iovlen = 1;
++
++ msg.msg_control = &cmsgbuf.buf;
++ msg.msg_controllen = sizeof (cmsgbuf.buf);
++
++ while ((n = recvmsg (sock, &msg, 0)) == -1 && errno == EINTR);
++ if (n != 1 || ch != 'A')
++ return -1;
++
++ cmsg = CMSG_FIRSTHDR (&msg);
++ if (cmsg == NULL)
++ return -1;
++ if (cmsg->cmsg_type != SCM_RIGHTS)
++ return -1;
++ memcpy (&fd, CMSG_DATA (cmsg), sizeof (fd));
++ if (fd < 0)
++ return -1;
++ return fd;
++}
++
++static int
++child_func (void * const arg)
++{
++ xclose (sockfd[0]);
++ const int sock = sockfd[1];
++ char ch;
++
++ TEST_VERIFY_EXIT (read (sock, &ch, 1) == 1);
++ TEST_VERIFY_EXIT (ch == '1');
++
++ if (mount ("/", MOUNT_NAME, NULL, MS_BIND | MS_REC, NULL))
++ FAIL_EXIT1 ("mount failed: %m\n");
++ const int fd = xopen ("mpoint",
++ O_RDONLY | O_PATH | O_DIRECTORY | O_NOFOLLOW, 0);
++
++ send_fd (sock, fd);
++ xclose (fd);
++
++ TEST_VERIFY_EXIT (read (sock, &ch, 1) == 1);
++ TEST_VERIFY_EXIT (ch == 'a');
++
++ xclose (sock);
++ return 0;
++}
++
++static void
++update_map (char * const mapping, const char * const map_file)
++{
++ const size_t map_len = strlen (mapping);
++
++ const int fd = xopen (map_file, O_WRONLY, 0);
++ xwrite (fd, mapping, map_len);
++ xclose (fd);
++}
++
++static void
++proc_setgroups_write (const long child_pid, const char * const str)
++{
++ const size_t str_len = strlen(str);
++
++ char setgroups_path[sizeof ("/proc//setgroups") + INT_STRLEN_BOUND (long)];
++
++ snprintf (setgroups_path, sizeof (setgroups_path),
++ "/proc/%ld/setgroups", child_pid);
++
++ const int fd = open (setgroups_path, O_WRONLY);
++
++ if (fd < 0)
++ {
++ TEST_VERIFY_EXIT (errno == ENOENT);
++ FAIL_UNSUPPORTED ("/proc/%ld/setgroups not found\n", child_pid);
++ }
++
++ xwrite (fd, str, str_len);
++ xclose(fd);
++}
++
++static char child_stack[1024 * 1024];
++
++int
++do_test (void)
++{
++ base = support_create_and_chdir_toolong_temp_directory (BASENAME);
++
++ xmkdir (MOUNT_NAME, S_IRWXU);
++ atexit (do_cleanup);
++
++ TEST_VERIFY_EXIT (socketpair (AF_UNIX, SOCK_STREAM, 0, sockfd) == 0);
++ pid_t child_pid = xclone (child_func, NULL, child_stack,
++ sizeof (child_stack),
++ CLONE_NEWUSER | CLONE_NEWNS | SIGCHLD);
++
++ xclose (sockfd[1]);
++ const int sock = sockfd[0];
++
++ char map_path[sizeof ("/proc//uid_map") + INT_STRLEN_BOUND (long)];
++ char map_buf[sizeof ("0 1") + INT_STRLEN_BOUND (long)];
++
++ snprintf (map_path, sizeof (map_path), "/proc/%ld/uid_map",
++ (long) child_pid);
++ snprintf (map_buf, sizeof (map_buf), "0 %ld 1", (long) getuid());
++ update_map (map_buf, map_path);
++
++ proc_setgroups_write ((long) child_pid, "deny");
++ snprintf (map_path, sizeof (map_path), "/proc/%ld/gid_map",
++ (long) child_pid);
++ snprintf (map_buf, sizeof (map_buf), "0 %ld 1", (long) getgid());
++ update_map (map_buf, map_path);
++
++ TEST_VERIFY_EXIT (send (sock, "1", 1, MSG_NOSIGNAL) == 1);
++ const int fd = recv_fd (sock);
++ TEST_VERIFY_EXIT (fd >= 0);
++ TEST_VERIFY_EXIT (fchdir (fd) == 0);
++
++ static char buf[2 * 10 + 1];
++ memset (buf, 'A', sizeof (buf));
++
++ /* Finally, call getcwd and check if it resulted in a buffer underflow. */
++ char * cwd = getcwd (buf + sizeof (buf) / 2, 1);
++ TEST_VERIFY (cwd == NULL);
++ TEST_VERIFY (errno == ERANGE);
++
++ for (int i = 0; i < sizeof (buf); i++)
++ if (buf[i] != 'A')
++ {
++ printf ("buf[%d] = %02x\n", i, (unsigned int) buf[i]);
++ support_record_failure ();
++ }
++
++ TEST_VERIFY_EXIT (send (sock, "a", 1, MSG_NOSIGNAL) == 1);
++ xclose (sock);
++ TEST_VERIFY_EXIT (xwaitpid (child_pid, NULL, 0) == child_pid);
++
++ return 0;
++}
++
++#define CLEANUP_HANDLER do_cleanup
++#include <support/test-driver.c>
diff --git a/meta/recipes-core/glibc/glibc/0002-CVE-2022-23218.patch b/meta/recipes-core/glibc/glibc/0002-CVE-2022-23218.patch
new file mode 100644
index 0000000000..00fb3266c6
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0002-CVE-2022-23218.patch
@@ -0,0 +1,126 @@
+From f545ad4928fa1f27a3075265182b38a4f939a5f7 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 17 Jan 2022 10:21:34 +0100
+Subject: [PATCH] CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bug
+ 28768)
+
+The sunrpc function svcunix_create suffers from a stack-based buffer
+overflow with overlong pathname arguments.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=f545ad4928fa1f27a3075265182b38a4f939a5f7]
+CVE: CVE-2022-23218
+
+Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+---
+ NEWS | 3 +++
+ sunrpc/Makefile | 2 +-
+ sunrpc/svc_unix.c | 11 ++++-------
+ sunrpc/tst-bug28768.c | 42 ++++++++++++++++++++++++++++++++++++++++++
+ 4 files changed, 50 insertions(+), 8 deletions(-)
+ create mode 100644 sunrpc/tst-bug28768.c
+
+diff --git a/NEWS b/NEWS
+index 38a9ddb2cf..38802f0673 100644
+--- a/NEWS
++++ b/NEWS
+@@ -203,6 +203,9 @@ Security related changes:
+ parameter number when processing the expansion resulting in a crash.
+ Reported by Philippe Antoine.
+
++ CVE-2022-23218: Passing an overlong file name to the svcunix_create
++ legacy function could result in a stack-based buffer overflow.
++
+ The following bugs are resolved with this release:
+
+ [4737] libc: fork is not async-signal-safe
+diff --git a/sunrpc/Makefile b/sunrpc/Makefile
+index 183ef3dc55..a79a7195fc 100644
+--- a/sunrpc/Makefile
++++ b/sunrpc/Makefile
+@@ -65,7 +65,7 @@ shared-only-routines = $(routines)
+ endif
+
+ tests = tst-xdrmem tst-xdrmem2 test-rpcent tst-udp-error tst-udp-timeout \
+- tst-udp-nonblocking
++ tst-udp-nonblocking tst-bug28768
+ xtests := tst-getmyaddr
+
+ ifeq ($(have-thread-library),yes)
+diff --git a/sunrpc/svc_unix.c b/sunrpc/svc_unix.c
+index f2280b4c49..67177a2e78 100644
+--- a/sunrpc/svc_unix.c
++++ b/sunrpc/svc_unix.c
+@@ -154,7 +154,10 @@ svcunix_create (int sock, u_int sendsize
+ SVCXPRT *xprt;
+ struct unix_rendezvous *r;
+ struct sockaddr_un addr;
+- socklen_t len = sizeof (struct sockaddr_in);
++ socklen_t len = sizeof (addr);
++
++ if (__sockaddr_un_set (&addr, path) < 0)
++ return NULL;
+
+ if (sock == RPC_ANYSOCK)
+ {
+@@ -165,12 +168,6 @@ svcunix_create (int sock, u_int sendsize
+ }
+ madesock = TRUE;
+ }
+- memset (&addr, '\0', sizeof (addr));
+- addr.sun_family = AF_UNIX;
+- len = strlen (path) + 1;
+- memcpy (addr.sun_path, path, len);
+- len += sizeof (addr.sun_family);
+-
+ __bind (sock, (struct sockaddr *) &addr, len);
+
+ if (__getsockname (sock, (struct sockaddr *) &addr, &len) != 0
+diff --git a/sunrpc/tst-bug28768.c b/sunrpc/tst-bug28768.c
+new file mode 100644
+index 0000000000..35a4b7b0b3
+--- /dev/null
++++ b/sunrpc/tst-bug28768.c
+@@ -0,0 +1,42 @@
++/* Test to verify that long path is rejected by svcunix_create (bug 28768).
++ Copyright (C) 2022 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include <errno.h>
++#include <rpc/svc.h>
++#include <shlib-compat.h>
++#include <string.h>
++#include <support/check.h>
++
++/* svcunix_create does not have a default version in linkobj/libc.so. */
++compat_symbol_reference (libc, svcunix_create, svcunix_create, GLIBC_2_1);
++
++static int
++do_test (void)
++{
++ char pathname[109];
++ memset (pathname, 'x', sizeof (pathname));
++ pathname[sizeof (pathname) - 1] = '\0';
++
++ errno = 0;
++ TEST_VERIFY (svcunix_create (RPC_ANYSOCK, 4096, 4096, pathname) == NULL);
++ TEST_COMPARE (errno, EINVAL);
++
++ return 0;
++}
++
++#include <support/test-driver.c>
diff --git a/meta/recipes-core/glibc/glibc/0002-CVE-2022-23219.patch b/meta/recipes-core/glibc/glibc/0002-CVE-2022-23219.patch
new file mode 100644
index 0000000000..6779e9afdf
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0002-CVE-2022-23219.patch
@@ -0,0 +1,89 @@
+From ef972a4c50014a16132b5c75571cfb6b30bef136 Mon Sep 17 00:00:00 2001
+From: Martin Sebor <msebor@redhat.com>
+Date: Mon, 17 Jan 2022 10:21:34 +0100
+Subject: [PATCH] sunrpc: Test case for clnt_create "unix" buffer overflow (bug
+ 22542)
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=ef972a4c50014a16132b5c75571cfb6b30bef136]
+CVE: CVE-2022-23219
+
+Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+---
+ sunrpc/Makefile | 5 ++++-
+ sunrpc/tst-bug22542.c | 44 +++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 48 insertions(+), 1 deletion(-)
+ create mode 100644 sunrpc/tst-bug22542.c
+
+diff --git a/sunrpc/Makefile b/sunrpc/Makefile
+index 9a31fe48b9..183ef3dc55 100644
+--- a/sunrpc/Makefile
++++ b/sunrpc/Makefile
+@@ -65,7 +65,7 @@ shared-only-routines = $(routines)
+ endif
+
+ tests = tst-xdrmem tst-xdrmem2 test-rpcent tst-udp-error tst-udp-timeout \
+- tst-udp-nonblocking tst-bug28768
++ tst-udp-nonblocking tst-bug22542 tst-bug28768
+ xtests := tst-getmyaddr
+
+ ifeq ($(have-thread-library),yes)
+@@ -110,6 +110,8 @@ $(objpfx)tst-udp-nonblocking: $(common-o
+ $(objpfx)tst-udp-garbage: \
+ $(common-objpfx)linkobj/libc.so $(shared-thread-library)
+
++$(objpfx)tst-bug22542: $(common-objpfx)linkobj/libc.so
++
+ else # !have-GLIBC_2.31
+
+ routines = $(routines-for-nss)
+diff --git a/sunrpc/tst-bug22542.c b/sunrpc/tst-bug22542.c
+new file mode 100644
+index 0000000000..d6cd79787b
+--- /dev/null
++++ b/sunrpc/tst-bug22542.c
+@@ -0,0 +1,44 @@
++/* Test to verify that overlong hostname is rejected by clnt_create
++ and doesn't cause a buffer overflow (bug 22542).
++
++ Copyright (C) 2022 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include <errno.h>
++#include <rpc/clnt.h>
++#include <string.h>
++#include <support/check.h>
++#include <sys/socket.h>
++#include <sys/un.h>
++
++static int
++do_test (void)
++{
++ /* Create an arbitrary hostname that's longer than fits in sun_path. */
++ char name [sizeof ((struct sockaddr_un*)0)->sun_path * 2];
++ memset (name, 'x', sizeof name - 1);
++ name [sizeof name - 1] = '\0';
++
++ errno = 0;
++ CLIENT *clnt = clnt_create (name, 0, 0, "unix");
++
++ TEST_VERIFY (clnt == NULL);
++ TEST_COMPARE (errno, EINVAL);
++ return 0;
++}
++
++#include <support/test-driver.c>
diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-43396.patch b/meta/recipes-core/glibc/glibc/CVE-2021-43396.patch
new file mode 100644
index 0000000000..ebea5efd34
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2021-43396.patch
@@ -0,0 +1,184 @@
+From ff012870b2c02a62598c04daa1e54632e020fd7d Mon Sep 17 00:00:00 2001
+From: Nikita Popov <npv1310@gmail.com>
+Date: Tue, 2 Nov 2021 13:21:42 +0500
+Subject: [PATCH] gconv: Do not emit spurious NUL character in ISO-2022-JP-3
+ (bug 28524)
+
+Bugfix 27256 has introduced another issue:
+In conversion from ISO-2022-JP-3 encoding, it is possible
+to force iconv to emit extra NUL character on internal state reset.
+To do this, it is sufficient to feed iconv with escape sequence
+which switches active character set.
+The simplified check 'data->__statep->__count != ASCII_set'
+introduced by the aforementioned bugfix picks that case and
+behaves as if '\0' character has been queued thus emitting it.
+
+To eliminate this issue, these steps are taken:
+* Restore original condition
+'(data->__statep->__count & ~7) != ASCII_set'.
+It is necessary since bits 0-2 may contain
+number of buffered input characters.
+* Check that queued character is not NUL.
+Similar step is taken for main conversion loop.
+
+Bundled test case follows following logic:
+* Try to convert ISO-2022-JP-3 escape sequence
+switching active character set
+* Reset internal state by providing NULL as input buffer
+* Ensure that nothing has been converted.
+
+Signed-off-by: Nikita Popov <npv1310@gmail.com>
+
+CVE: CVE-2021-43396
+Upstream-Status: Backport [ff012870b2c02a62598c04daa1e54632e020fd7d]
+---
+ iconvdata/Makefile | 5 +++-
+ iconvdata/bug-iconv15.c | 60 +++++++++++++++++++++++++++++++++++++++
+ iconvdata/iso-2022-jp-3.c | 28 ++++++++++++------
+ 3 files changed, 84 insertions(+), 9 deletions(-)
+ create mode 100644 iconvdata/bug-iconv15.c
+
+Index: git/iconvdata/Makefile
+===================================================================
+--- git.orig/iconvdata/Makefile
++++ git/iconvdata/Makefile
+@@ -1,4 +1,5 @@
+ # Copyright (C) 1997-2021 Free Software Foundation, Inc.
++# Copyright (C) The GNU Toolchain Authors.
+ # This file is part of the GNU C Library.
+
+ # The GNU C Library is free software; you can redistribute it and/or
+@@ -74,7 +75,7 @@ ifeq (yes,$(build-shared))
+ tests = bug-iconv1 bug-iconv2 tst-loading tst-e2big tst-iconv4 bug-iconv4 \
+ tst-iconv6 bug-iconv5 bug-iconv6 tst-iconv7 bug-iconv8 bug-iconv9 \
+ bug-iconv10 bug-iconv11 bug-iconv12 tst-iconv-big5-hkscs-to-2ucs4 \
+- bug-iconv13 bug-iconv14
++ bug-iconv13 bug-iconv14 bug-iconv15
+ ifeq ($(have-thread-library),yes)
+ tests += bug-iconv3
+ endif
+@@ -327,6 +328,8 @@ $(objpfx)bug-iconv12.out: $(addprefix $(
+ $(addprefix $(objpfx),$(modules.so))
+ $(objpfx)bug-iconv14.out: $(addprefix $(objpfx), $(gconv-modules)) \
+ $(addprefix $(objpfx),$(modules.so))
++$(objpfx)bug-iconv15.out: $(addprefix $(objpfx), $(gconv-modules)) \
++ $(addprefix $(objpfx),$(modules.so))
+
+ $(objpfx)iconv-test.out: run-iconv-test.sh \
+ $(addprefix $(objpfx), $(gconv-modules)) \
+Index: git/iconvdata/bug-iconv15.c
+===================================================================
+--- /dev/null
++++ git/iconvdata/bug-iconv15.c
+@@ -0,0 +1,60 @@
++/* Bug 28524: Conversion from ISO-2022-JP-3 with iconv
++ may emit spurious NUL character on state reset.
++ Copyright (C) The GNU Toolchain Authors.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <https://www.gnu.org/licenses/>. */
++
++#include <stddef.h>
++#include <iconv.h>
++#include <support/check.h>
++
++static int
++do_test (void)
++{
++ char in[] = "\x1b(I";
++ char *inbuf = in;
++ size_t inleft = sizeof (in) - 1;
++ char out[1];
++ char *outbuf = out;
++ size_t outleft = sizeof (out);
++ iconv_t cd;
++
++ cd = iconv_open ("UTF8", "ISO-2022-JP-3");
++ TEST_VERIFY_EXIT (cd != (iconv_t) -1);
++
++ /* First call to iconv should alter internal state.
++ Now, JISX0201_Kana_set is selected and
++ state value != ASCII_set. */
++ TEST_VERIFY (iconv (cd, &inbuf, &inleft, &outbuf, &outleft) != (size_t) -1);
++
++ /* No bytes should have been added to
++ the output buffer at this point. */
++ TEST_VERIFY (outbuf == out);
++ TEST_VERIFY (outleft == sizeof (out));
++
++ /* Second call shall emit spurious NUL character in unpatched glibc. */
++ TEST_VERIFY (iconv (cd, NULL, NULL, &outbuf, &outleft) != (size_t) -1);
++
++ /* No characters are expected to be produced. */
++ TEST_VERIFY (outbuf == out);
++ TEST_VERIFY (outleft == sizeof (out));
++
++ TEST_VERIFY_EXIT (iconv_close (cd) != -1);
++
++ return 0;
++}
++
++#include <support/test-driver.c>
+Index: git/iconvdata/iso-2022-jp-3.c
+===================================================================
+--- git.orig/iconvdata/iso-2022-jp-3.c
++++ git/iconvdata/iso-2022-jp-3.c
+@@ -1,5 +1,6 @@
+ /* Conversion module for ISO-2022-JP-3.
+ Copyright (C) 1998-2021 Free Software Foundation, Inc.
++ Copyright (C) The GNU Toolchain Authors.
+ This file is part of the GNU C Library.
+ Contributed by Ulrich Drepper <drepper@cygnus.com>, 1998,
+ and Bruno Haible <bruno@clisp.org>, 2002.
+@@ -81,20 +82,31 @@ enum
+ the output state to the initial state. This has to be done during the
+ flushing. */
+ #define EMIT_SHIFT_TO_INIT \
+- if (data->__statep->__count != ASCII_set) \
++ if ((data->__statep->__count & ~7) != ASCII_set) \
+ { \
+ if (FROM_DIRECTION) \
+ { \
+- if (__glibc_likely (outbuf + 4 <= outend)) \
++ uint32_t ch = data->__statep->__count >> 6; \
++ \
++ if (__glibc_unlikely (ch != 0)) \
+ { \
+- /* Write out the last character. */ \
+- *((uint32_t *) outbuf) = data->__statep->__count >> 6; \
+- outbuf += sizeof (uint32_t); \
+- data->__statep->__count = ASCII_set; \
++ if (__glibc_likely (outbuf + 4 <= outend)) \
++ { \
++ /* Write out the last character. */ \
++ put32u (outbuf, ch); \
++ outbuf += 4; \
++ data->__statep->__count &= 7; \
++ data->__statep->__count |= ASCII_set; \
++ } \
++ else \
++ /* We don't have enough room in the output buffer. */ \
++ status = __GCONV_FULL_OUTPUT; \
+ } \
+ else \
+- /* We don't have enough room in the output buffer. */ \
+- status = __GCONV_FULL_OUTPUT; \
++ { \
++ data->__statep->__count &= 7; \
++ data->__statep->__count |= ASCII_set; \
++ } \
+ } \
+ else \
+ { \
diff --git a/meta/recipes-core/glibc/glibc_2.34.bb b/meta/recipes-core/glibc/glibc_2.34.bb
index 6dc315c349..6ceb677731 100644
--- a/meta/recipes-core/glibc/glibc_2.34.bb
+++ b/meta/recipes-core/glibc/glibc_2.34.bb
@@ -58,6 +58,15 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0001-CVE-2021-38604.patch \
file://0002-CVE-2021-38604.patch \
file://0001-fix-create-thread-failed-in-unprivileged-process-BZ-.patch \
+ file://CVE-2021-43396.patch \
+ file://0001-CVE-2022-23218.patch \
+ file://0002-CVE-2022-23218.patch \
+ file://0001-CVE-2022-23219.patch \
+ file://0002-CVE-2022-23219.patch \
+ file://0001-CVE-2021-3998.patch \
+ file://0002-CVE-2021-3998.patch \
+ file://0001-CVE-2021-3999.patch \
+ file://0002-CVE-2021-3999.patch \
"
S = "${WORKDIR}/git"
B = "${WORKDIR}/build-${TARGET_SYS}"
@@ -89,7 +98,7 @@ EXTRA_OECONF = "--enable-kernel=${OLDEST_KERNEL} \
EXTRA_OECONF += "${@get_libc_fpu_setting(bb, d)}"
-EXTRA_OECONF:append:x86 = " --enable-cet"
+EXTRA_OECONF:append:x86 = " ${@bb.utils.contains_any('TUNE_FEATURES', 'i586 c3', '--disable-cet', '--enable-cet', d)}"
EXTRA_OECONF:append:x86-64 = " --enable-cet"
PACKAGECONFIG ??= "nscd memory-tagging"
diff --git a/meta/recipes-core/ifupdown/ifupdown_0.8.36.bb b/meta/recipes-core/ifupdown/ifupdown_0.8.36.bb
index 1d01701b8f..48a7b8fb13 100644
--- a/meta/recipes-core/ifupdown/ifupdown_0.8.36.bb
+++ b/meta/recipes-core/ifupdown/ifupdown_0.8.36.bb
@@ -7,7 +7,7 @@ the file /etc/network/interfaces."
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
-SRC_URI = "git://salsa.debian.org/debian/ifupdown.git;protocol=https \
+SRC_URI = "git://salsa.debian.org/debian/ifupdown.git;protocol=https;branch=master \
file://defn2-c-man-don-t-rely-on-dpkg-architecture-to-set-a.patch \
file://99_network \
file://0001-Define-FNM_EXTMATCH-for-musl.patch \
diff --git a/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/meta/recipes-core/images/build-appliance-image_15.0.0.bb
index 9001d3e9ec..e8151ac982 100644
--- a/meta/recipes-core/images/build-appliance-image_15.0.0.bb
+++ b/meta/recipes-core/images/build-appliance-image_15.0.0.bb
@@ -24,7 +24,7 @@ IMAGE_FSTYPES = "wic.vmdk wic.vhd wic.vhdx"
inherit core-image setuptools3
-SRCREV ?= "fafe050714f68fd09706198d2d3c46d0a26d4e32"
+SRCREV ?= "3f17ee4ebef3103e290750d8cdd7d001fc306673"
SRC_URI = "git://git.yoctoproject.org/poky;branch=honister \
file://Yocto_Build_Appliance.vmx \
file://Yocto_Build_Appliance.vmxf \
diff --git a/meta/recipes-core/initrdscripts/initramfs-framework/finish b/meta/recipes-core/initrdscripts/initramfs-framework/finish
index 717383ebac..f08a920867 100755
--- a/meta/recipes-core/initrdscripts/initramfs-framework/finish
+++ b/meta/recipes-core/initrdscripts/initramfs-framework/finish
@@ -12,6 +12,18 @@ finish_run() {
fatal "ERROR: There's no '/dev' on rootfs."
fi
+ # Unmount anything that was automounted by busybox via mdev-mount.sh.
+ # We're about to switch_root, and leaving anything mounted will prevent
+ # the next rootfs from modifying the block device. Ignore ROOT_DISK,
+ # if it was set by setup-live, because it'll be mounted over loopback
+ # to ROOTFS_DIR.
+ local dev
+ for dev in /run/media/*; do
+ if mountpoint -q "${dev}" && [ "${dev##*/}" != "${ROOT_DISK}" ]; then
+ umount -f "${dev}" || debug "Failed to unmount ${dev}"
+ fi
+ done
+
info "Switching root to '$ROOTFS_DIR'..."
debug "Moving /dev, /proc and /sys onto rootfs..."
diff --git a/meta/recipes-core/initscripts/init-system-helpers_1.60.bb b/meta/recipes-core/initscripts/init-system-helpers_1.60.bb
index 165f37c070..46952e4685 100644
--- a/meta/recipes-core/initscripts/init-system-helpers_1.60.bb
+++ b/meta/recipes-core/initscripts/init-system-helpers_1.60.bb
@@ -17,7 +17,7 @@ LICENSE = "BSD-3-Clause & GPLv2"
LIC_FILES_CHKSUM = "file://debian/copyright;md5=ee2b1830fcfead84d07bc060ec43e072"
SRCREV = "dbd9197569c0935029acd5c9b02b84c68fd937ee"
-SRC_URI = "git://salsa.debian.org/debian/init-system-helpers.git;protocol=https"
+SRC_URI = "git://salsa.debian.org/debian/init-system-helpers.git;protocol=https;branch=master"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-core/libxcrypt/libxcrypt.inc b/meta/recipes-core/libxcrypt/libxcrypt.inc
index 29b941d380..0411de3637 100644
--- a/meta/recipes-core/libxcrypt/libxcrypt.inc
+++ b/meta/recipes-core/libxcrypt/libxcrypt.inc
@@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://LICENSING;md5=afed27a72ae2a8075978299eebaa1f5d \
inherit autotools pkgconfig
-SRC_URI = "git://github.com/besser82/libxcrypt.git;branch=${SRCBRANCH}"
+SRC_URI = "git://github.com/besser82/libxcrypt.git;branch=${SRCBRANCH};protocol=https"
SRCREV = "b9116ef2245abb128a22a975d187b1272312a80c"
SRCBRANCH ?= "develop"
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch b/meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch
new file mode 100644
index 0000000000..e188914613
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch
@@ -0,0 +1,99 @@
+From 646fe48d1c8a74310c409ddf81fe7df6700052af Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Tue, 22 Feb 2022 11:51:08 +0100
+Subject: [PATCH] Fix --without-valid build
+
+Regressed in commit 652dd12a.
+---
+ valid.c | 58 ++++++++++++++++++++++++++++-----------------------------
+ 1 file changed, 29 insertions(+), 29 deletions(-)
+---
+
+From https://github.com/GNOME/libxml2.git
+ commit 646fe48d1c8a74310c409ddf81fe7df6700052af
+
+CVE: CVE-2022-23308
+Upstream-Status: Backport
+
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+
+
+diff --git a/valid.c b/valid.c
+index 8e596f1d..9684683a 100644
+--- a/valid.c
++++ b/valid.c
+@@ -479,35 +479,6 @@ nodeVPop(xmlValidCtxtPtr ctxt)
+ return (ret);
+ }
+
+-/**
+- * xmlValidNormalizeString:
+- * @str: a string
+- *
+- * Normalize a string in-place.
+- */
+-static void
+-xmlValidNormalizeString(xmlChar *str) {
+- xmlChar *dst;
+- const xmlChar *src;
+-
+- if (str == NULL)
+- return;
+- src = str;
+- dst = str;
+-
+- while (*src == 0x20) src++;
+- while (*src != 0) {
+- if (*src == 0x20) {
+- while (*src == 0x20) src++;
+- if (*src != 0)
+- *dst++ = 0x20;
+- } else {
+- *dst++ = *src++;
+- }
+- }
+- *dst = 0;
+-}
+-
+ #ifdef DEBUG_VALID_ALGO
+ static void
+ xmlValidPrintNode(xmlNodePtr cur) {
+@@ -2636,6 +2607,35 @@ xmlDumpNotationTable(xmlBufferPtr buf, xmlNotationTablePtr table) {
+ (xmlDictOwns(dict, (const xmlChar *)(str)) == 0))) \
+ xmlFree((char *)(str));
+
++/**
++ * xmlValidNormalizeString:
++ * @str: a string
++ *
++ * Normalize a string in-place.
++ */
++static void
++xmlValidNormalizeString(xmlChar *str) {
++ xmlChar *dst;
++ const xmlChar *src;
++
++ if (str == NULL)
++ return;
++ src = str;
++ dst = str;
++
++ while (*src == 0x20) src++;
++ while (*src != 0) {
++ if (*src == 0x20) {
++ while (*src == 0x20) src++;
++ if (*src != 0)
++ *dst++ = 0x20;
++ } else {
++ *dst++ = *src++;
++ }
++ }
++ *dst = 0;
++}
++
+ static int
+ xmlIsStreaming(xmlValidCtxtPtr ctxt) {
+ xmlParserCtxtPtr pctxt;
+--
+2.35.1
+
diff --git a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
index 90fa193775..6f44275299 100644
--- a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
+++ b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
@@ -18,11 +18,11 @@ Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
libxml.m4 | 190 ++----------------------------------------------------
1 file changed, 5 insertions(+), 185 deletions(-)
-diff --git a/libxml.m4 b/libxml.m4
-index 09de9fe2..1c535853 100644
---- a/libxml.m4
-+++ b/libxml.m4
-@@ -1,192 +1,12 @@
+Index: libxml2-2.9.13/libxml.m4
+===================================================================
+--- libxml2-2.9.13.orig/libxml.m4
++++ libxml2-2.9.13/libxml.m4
+@@ -1,191 +1,12 @@
-# Configure paths for LIBXML2
-# Simon Josefsson 2020-02-12
-# Fix autoconf 2.70+ warnings
@@ -147,9 +147,8 @@ index 09de9fe2..1c535853 100644
- {
- printf("\n*** An old version of libxml (%d.%d.%d) was found.\n",
- xml_major_version, xml_minor_version, xml_micro_version);
-- printf("*** You need a version of libxml newer than %d.%d.%d. The latest version of\n",
+- printf("*** You need a version of libxml newer than %d.%d.%d.\n",
- major, minor, micro);
-- printf("*** libxml is always available from ftp://ftp.xmlsoft.org.\n");
- printf("***\n");
- printf("*** If you have already installed a sufficiently new version, this error\n");
- printf("*** probably means that the wrong copy of the xml2-config shell script is\n");
@@ -220,6 +219,3 @@ index 09de9fe2..1c535853 100644
- AC_SUBST(XML_LIBS)
- rm -f conf.xmltest
])
---
-2.7.4
-
diff --git a/meta/recipes-core/libxml/libxml2_2.9.12.bb b/meta/recipes-core/libxml/libxml2_2.9.13.bb
index 3105889c16..e361b53bfd 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.12.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.13.bb
@@ -1,6 +1,6 @@
SUMMARY = "XML C Parser Library and Toolkit"
DESCRIPTION = "The XML Parser Library allows for manipulation of XML files. Libxml2 exports Push and Pull type parser interfaces for both XML and HTML. It can do DTD validation at parse time, on a parsed document instance or with an arbitrary DTD. Libxml2 includes complete XPath, XPointer and Xinclude implementations. It also has a SAX like interface, which is designed to be compatible with Expat."
-HOMEPAGE = "http://www.xmlsoft.org/"
+HOMEPAGE = "https://gitlab.gnome.org/GNOME/libxml2"
BUGTRACKER = "http://bugzilla.gnome.org/buglist.cgi?product=libxml2"
SECTION = "libs"
LICENSE = "MIT"
@@ -11,19 +11,23 @@ LIC_FILES_CHKSUM = "file://Copyright;md5=2044417e2e5006b65a8b9067b683fcf1 \
DEPENDS = "zlib virtual/libiconv"
-SRC_URI = "http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \
- http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=testtar \
+inherit gnomebase
+
+SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=testtar \
file://libxml-64bit.patch \
file://runtest.patch \
file://run-ptest \
file://python-sitepackages-dir.patch \
- file://libxml-m4-use-pkgconfig.patch \
file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \
file://fix-execution-of-ptests.patch \
file://remove-fuzz-from-ptests.patch \
+ file://libxml-m4-use-pkgconfig.patch \
"
+# will be in v2.9.14
+#
+SRC_URI += "file://CVE-2022-23308-fix-regression.patch"
-SRC_URI[libtar.sha256sum] = "c8d6681e38c56f172892c85ddc0852e1fd4b53b4209e7f4ebf17f7e2eae71d92"
+SRC_URI[archive.sha256sum] = "276130602d12fe484ecc03447ee5e759d0465558fbc9d6bd144e3745306ebf0e"
SRC_URI[testtar.sha256sum] = "96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7"
BINCONFIG = "${bindir}/xml2-config"
@@ -36,7 +40,7 @@ PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
inherit autotools pkgconfig binconfig-disabled ptest
-inherit ${@bb.utils.contains('PACKAGECONFIG', 'python', 'python3native', '', d)}
+inherit ${@bb.utils.contains('PACKAGECONFIG', 'python', 'python3targetconfig', '', d)}
RDEPENDS:${PN}-ptest += "bash make ${@bb.utils.contains('PACKAGECONFIG', 'python', 'libgcc python3-core python3-logging python3-shell python3-stringold python3-threading python3-unittest ${PN}-python', '', d)}"
diff --git a/meta/recipes-core/musl/libucontext_git.bb b/meta/recipes-core/musl/libucontext_git.bb
index d8ae8242c5..9061cf0b1b 100644
--- a/meta/recipes-core/musl/libucontext_git.bb
+++ b/meta/recipes-core/musl/libucontext_git.bb
@@ -10,7 +10,7 @@ DEPENDS = ""
PV = "1.1+${SRCPV}"
SRCREV = "335ee864ef6f4a5d4b525453fd9dbfb3507cfecc"
-SRC_URI = "git://github.com/kaniini/libucontext \
+SRC_URI = "git://github.com/kaniini/libucontext;branch=master;protocol=https \
file://0001-meson-Add-option-to-pass-cpu.patch \
"
diff --git a/meta/recipes-core/musl/musl-obstack.bb b/meta/recipes-core/musl/musl-obstack.bb
index 3003935fe5..74de48c2cd 100644
--- a/meta/recipes-core/musl/musl-obstack.bb
+++ b/meta/recipes-core/musl/musl-obstack.bb
@@ -10,7 +10,7 @@ SECTION = "libs"
PV = "1.1"
SRCREV = "d2ad66b0df44a4b784956f7f7f2717131ddc05f4"
-SRC_URI = "git://github.com/pullmoll/musl-obstack"
+SRC_URI = "git://github.com/pullmoll/musl-obstack;branch=master;protocol=https"
UPSTREAM_CHECK_COMMITS = "1"
diff --git a/meta/recipes-core/musl/musl-utils.bb b/meta/recipes-core/musl/musl-utils.bb
index 4f99d4324f..00d088d089 100644
--- a/meta/recipes-core/musl/musl-utils.bb
+++ b/meta/recipes-core/musl/musl-utils.bb
@@ -11,7 +11,7 @@ SECTION = "utils"
PV = "20170421"
SRCREV = "fb5630138ccabbbc14a19d372096a04e42573c7d"
-SRC_URI = "git://github.com/boltlinux/musl-utils"
+SRC_URI = "git://github.com/boltlinux/musl-utils;branch=master;protocol=https"
UPSTREAM_CHECK_COMMITS = "1"
diff --git a/meta/recipes-core/musl/musl_git.bb b/meta/recipes-core/musl/musl_git.bb
index 06b0e060d0..a2f96f1dbe 100644
--- a/meta/recipes-core/musl/musl_git.bb
+++ b/meta/recipes-core/musl/musl_git.bb
@@ -12,7 +12,7 @@ PV = "${BASEVER}+git${SRCPV}"
# mirror is at git://github.com/kraj/musl.git
-SRC_URI = "git://git.musl-libc.org/musl \
+SRC_URI = "git://git.musl-libc.org/musl;branch=master \
file://0001-Make-dynamic-linker-a-relative-symlink-to-libc.patch \
file://0002-ldso-Use-syslibdir-and-libdir-as-default-pathes-to-l.patch \
"
diff --git a/meta/recipes-core/ncurses/files/CVE-2021-39537.patch b/meta/recipes-core/ncurses/files/CVE-2021-39537.patch
new file mode 100644
index 0000000000..d63bf57e8d
--- /dev/null
+++ b/meta/recipes-core/ncurses/files/CVE-2021-39537.patch
@@ -0,0 +1,65 @@
+From e83ecbd26252bac163fc4377ef30edbd4acb0bad Mon Sep 17 00:00:00 2001
+From: Sven Joachim <svenjoac@gmx.de>
+Date: Mon, 1 Jun 2020 08:03:52 +0200
+Subject: [PATCH] Import upstream patch 20200531
+
+20200531
+ + correct configure version-check/warnng for g++ to allow for 10.x
+ + re-enable "bel" in konsole-base (report by Nia Huang)
+ + add linux-s entry (patch by Alexandre Montaron).
+ + drop long-obsolete convert_configure.pl
+ + add test/test_parm.c, for checking tparm changes.
+ + improve parameter-checking for tparm, adding function _nc_tiparm() to
+ handle the most-used case, which accepts only numeric parameters
+ (report/testcase by "puppet-meteor").
+ + use a more conservative estimate of the buffer-size in lib_tparm.c's
+ save_text() and save_number(), in case the sprintf() function
+ passes-through unexpected characters from a format specifier
+ (report/testcase by "puppet-meteor").
+ + add a check for end-of-string in cvtchar to handle a malformed
+ string in infotocap (report/testcase by "puppet-meteor").
+
+CVE: CVE-2021-39537
+
+Upstream-Status: Backport [https://github.com/mirror/ncurses/commit/790a85dbd4a81d5f5d8dd02a44d84f01512ef443]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ ncurses/tinfo/captoinfo.c | 11 +-
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/ncurses/tinfo/captoinfo.c b/ncurses/tinfo/captoinfo.c
+index 8b3b83d1..9362105a 100644
+--- a/ncurses/tinfo/captoinfo.c
++++ b/ncurses/tinfo/captoinfo.c
+@@ -98,7 +98,7 @@
+ #include <ctype.h>
+ #include <tic.h>
+
+-MODULE_ID("$Id: captoinfo.c,v 1.98 2020/02/02 23:34:34 tom Exp $")
++MODULE_ID("$Id: captoinfo.c,v 1.99 2020/05/25 21:28:29 tom Exp $")
+
+ #if 0
+ #define DEBUG_THIS(p) DEBUG(9, p)
+@@ -216,12 +216,15 @@ cvtchar(register const char *sp)
+ }
+ break;
+ case '^':
++ len = 2;
+ c = UChar(*++sp);
+- if (c == '?')
++ if (c == '?') {
+ c = 127;
+- else
++ } else if (c == '\0') {
++ len = 1;
++ } else {
+ c &= 0x1f;
+- len = 2;
++ }
+ break;
+ default:
+ c = UChar(*sp);
+--
+2.17.1
+
diff --git a/meta/recipes-core/ncurses/ncurses.inc b/meta/recipes-core/ncurses/ncurses.inc
index cbb12ca275..64cce329aa 100644
--- a/meta/recipes-core/ncurses/ncurses.inc
+++ b/meta/recipes-core/ncurses/ncurses.inc
@@ -13,7 +13,7 @@ BINCONFIG = "${bindir}/ncurses5-config ${bindir}/ncursesw5-config \
inherit autotools binconfig-disabled multilib_header pkgconfig
# Upstream has useful patches at times at ftp://invisible-island.net/ncurses/
-SRC_URI = "git://salsa.debian.org/debian/ncurses.git;protocol=https"
+SRC_URI = "git://salsa.debian.org/debian/ncurses.git;protocol=https;branch=master"
EXTRA_AUTORECONF = "-I m4"
diff --git a/meta/recipes-core/ncurses/ncurses_6.2.bb b/meta/recipes-core/ncurses/ncurses_6.2.bb
index e7d7396a20..598c51b00b 100644
--- a/meta/recipes-core/ncurses/ncurses_6.2.bb
+++ b/meta/recipes-core/ncurses/ncurses_6.2.bb
@@ -3,6 +3,7 @@ require ncurses.inc
SRC_URI += "file://0001-tic-hang.patch \
file://0002-configure-reproducible.patch \
file://0003-gen-pkgconfig.in-Do-not-include-LDFLAGS-in-generated.patch \
+ file://CVE-2021-39537.patch \
"
# commit id corresponds to the revision in package version
SRCREV = "a669013cd5e9d6434e5301348ea51baf306c93c4"
diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb
index 5d54bad473..ce3b650ddf 100644
--- a/meta/recipes-core/ovmf/ovmf_git.bb
+++ b/meta/recipes-core/ovmf/ovmf_git.bb
@@ -25,8 +25,8 @@ SRC_URI = "gitsm://github.com/tianocore/edk2.git;branch=master;protocol=https \
file://0001-Fix-VLA-parameter-warning.patch \
"
-PV = "edk2-stable202105"
-SRCREV = "e1999b264f1f9d7230edf2448f757c73da567832"
+PV = "edk2-stable202108"
+SRCREV = "7b4a99be8a39c12d3a7fc4b8db9f0eab4ac688d5"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>edk2-stable.*)"
inherit deploy
diff --git a/meta/recipes-core/packagegroups/nativesdk-packagegroup-sdk-host.bb b/meta/recipes-core/packagegroups/nativesdk-packagegroup-sdk-host.bb
index 39e5002bb7..9166a0851f 100644
--- a/meta/recipes-core/packagegroups/nativesdk-packagegroup-sdk-host.bb
+++ b/meta/recipes-core/packagegroups/nativesdk-packagegroup-sdk-host.bb
@@ -25,7 +25,7 @@ RDEPENDS:${PN} = "\
nativesdk-makedevs \
nativesdk-cmake \
nativesdk-meson \
- ${@bb.utils.contains('DISTRO_FEATURES', 'wayland', 'nativesdk-wayland', '', d)} \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'wayland', 'nativesdk-wayland-tools nativesdk-wayland-dev', '', d)} \
nativesdk-sdk-provides-dummy \
nativesdk-bison \
nativesdk-flex \
diff --git a/meta/recipes-core/psplash/psplash_git.bb b/meta/recipes-core/psplash/psplash_git.bb
index 1be7ece79d..6525378f4f 100644
--- a/meta/recipes-core/psplash/psplash_git.bb
+++ b/meta/recipes-core/psplash/psplash_git.bb
@@ -10,7 +10,7 @@ SRCREV = "0a902f7cd875ccf018456451be369f05fa55f962"
PV = "0.1+git${SRCPV}"
PR = "r15"
-SRC_URI = "git://git.yoctoproject.org/${BPN} \
+SRC_URI = "git://git.yoctoproject.org/${BPN};branch=master \
file://psplash-init \
file://psplash-start.service \
file://psplash-systemd.service \
diff --git a/meta/recipes-core/systemd/systemd-boot_249.3.bb b/meta/recipes-core/systemd/systemd-boot_249.7.bb
index b3d4e31e08..b3d4e31e08 100644
--- a/meta/recipes-core/systemd/systemd-boot_249.3.bb
+++ b/meta/recipes-core/systemd/systemd-boot_249.7.bb
diff --git a/meta/recipes-core/systemd/systemd.inc b/meta/recipes-core/systemd/systemd.inc
index 05341724f4..b77f847abd 100644
--- a/meta/recipes-core/systemd/systemd.inc
+++ b/meta/recipes-core/systemd/systemd.inc
@@ -14,9 +14,9 @@ LICENSE = "GPLv2 & LGPLv2.1"
LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \
file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c"
-SRCREV = "090378dcb1de5ca66900503210e85d63075fa70a"
+SRCREV = "d4406e94a32d423d8a73deb7757fb09890afe2c4"
SRCBRANCH = "v249-stable"
-SRC_URI = "git://github.com/systemd/systemd-stable.git;protocol=git;branch=${SRCBRANCH} \
+SRC_URI = "git://github.com/systemd/systemd-stable.git;protocol=https;branch=${SRCBRANCH} \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-core/systemd/systemd/0002-don-t-use-glibc-specific-qsort_r.patch b/meta/recipes-core/systemd/systemd/0002-don-t-use-glibc-specific-qsort_r.patch
index 15fa0c4546..d03a1d9e76 100644
--- a/meta/recipes-core/systemd/systemd/0002-don-t-use-glibc-specific-qsort_r.patch
+++ b/meta/recipes-core/systemd/systemd/0002-don-t-use-glibc-specific-qsort_r.patch
@@ -1,4 +1,4 @@
-From 40acdb90031cfeb7140cee5205bce24f8c91d857 Mon Sep 17 00:00:00 2001
+From 5d730902f47498a2866b46875352f6810a01d67c Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Mon, 25 Feb 2019 13:41:41 +0800
Subject: [PATCH] don't use glibc-specific qsort_r
diff --git a/meta/recipes-core/systemd/systemd/0003-missing_type.h-add-__compare_fn_t-and-comparison_fn_.patch b/meta/recipes-core/systemd/systemd/0003-missing_type.h-add-__compare_fn_t-and-comparison_fn_.patch
index d0110a2388..eca52d0bda 100644
--- a/meta/recipes-core/systemd/systemd/0003-missing_type.h-add-__compare_fn_t-and-comparison_fn_.patch
+++ b/meta/recipes-core/systemd/systemd/0003-missing_type.h-add-__compare_fn_t-and-comparison_fn_.patch
@@ -1,4 +1,4 @@
-From 2a2f95b6dc16d2ea7a8e9349c6b19cc50c34777b Mon Sep 17 00:00:00 2001
+From 3b42a888685aee1776a12cff84a5fe0063378483 Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Mon, 25 Feb 2019 13:55:12 +0800
Subject: [PATCH] missing_type.h: add __compare_fn_t and comparison_fn_t
diff --git a/meta/recipes-core/systemd/systemd/0004-add-fallback-parse_printf_format-implementation.patch b/meta/recipes-core/systemd/systemd/0004-add-fallback-parse_printf_format-implementation.patch
index 1d61367da4..40ee43b155 100644
--- a/meta/recipes-core/systemd/systemd/0004-add-fallback-parse_printf_format-implementation.patch
+++ b/meta/recipes-core/systemd/systemd/0004-add-fallback-parse_printf_format-implementation.patch
@@ -1,4 +1,4 @@
-From b19f800e178516d4f4d344457647e4a018bd6855 Mon Sep 17 00:00:00 2001
+From 3e0df2c22bfd37bc62bf09a01ec498e40d3599de Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Sat, 22 May 2021 20:26:24 +0200
Subject: [PATCH] add fallback parse_printf_format implementation
@@ -23,7 +23,7 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com>
create mode 100644 src/basic/parse-printf-format.h
diff --git a/meson.build b/meson.build
-index 738879eb21..1aa20b8246 100644
+index 5bdfd9753d..3421da3a4d 100644
--- a/meson.build
+++ b/meson.build
@@ -656,6 +656,7 @@ endif
@@ -35,10 +35,10 @@ index 738879eb21..1aa20b8246 100644
'valgrind/memcheck.h',
'valgrind/valgrind.h',
diff --git a/src/basic/meson.build b/src/basic/meson.build
-index 9b016ce5e8..a9ce21b02e 100644
+index 452b965db3..4e64d883dc 100644
--- a/src/basic/meson.build
+++ b/src/basic/meson.build
-@@ -322,6 +322,11 @@ endforeach
+@@ -321,6 +321,11 @@ endforeach
basic_sources += generated_gperf_headers
diff --git a/meta/recipes-core/systemd/systemd/0005-src-basic-missing.h-check-for-missing-strndupa.patch b/meta/recipes-core/systemd/systemd/0005-src-basic-missing.h-check-for-missing-strndupa.patch
index 0462d52d5e..efdd43708b 100644
--- a/meta/recipes-core/systemd/systemd/0005-src-basic-missing.h-check-for-missing-strndupa.patch
+++ b/meta/recipes-core/systemd/systemd/0005-src-basic-missing.h-check-for-missing-strndupa.patch
@@ -1,4 +1,4 @@
-From db6551741a3654d8e75aff93ea00fbff579f7b02 Mon Sep 17 00:00:00 2001
+From cef23a651ea200e30e1e6ed2a2564505e3a42d46 Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Mon, 25 Feb 2019 14:18:21 +0800
Subject: [PATCH] src/basic/missing.h: check for missing strndupa
@@ -73,7 +73,7 @@ Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
51 files changed, 62 insertions(+)
diff --git a/meson.build b/meson.build
-index 1aa20b8246..aafee71eb4 100644
+index 3421da3a4d..ddef6fba91 100644
--- a/meson.build
+++ b/meson.build
@@ -480,6 +480,7 @@ foreach ident : ['secure_getenv', '__secure_getenv']
@@ -109,7 +109,7 @@ index 1ff6160dc8..c9efd862a2 100644
static int cg_enumerate_items(const char *controller, const char *path, FILE **_f, const char *item) {
_cleanup_free_ char *fs = NULL;
diff --git a/src/basic/env-util.c b/src/basic/env-util.c
-index 81b1e3f10e..8fedcfd1cd 100644
+index 1ca445dab4..1f5a212d4e 100644
--- a/src/basic/env-util.c
+++ b/src/basic/env-util.c
@@ -18,6 +18,7 @@
@@ -165,7 +165,7 @@ index f91f8f7a08..fb31596216 100644
int mkdir_safe_internal(
const char *path,
diff --git a/src/basic/mountpoint-util.c b/src/basic/mountpoint-util.c
-index 8c836a1b74..2eb7e5a634 100644
+index 7e57d9a226..c0e64f2aca 100644
--- a/src/basic/mountpoint-util.c
+++ b/src/basic/mountpoint-util.c
@@ -11,6 +11,7 @@
@@ -273,7 +273,7 @@ index 84c3caf3a5..0fa84eaa38 100644
BUS_DEFINE_PROPERTY_GET(bus_property_get_tasks_max, "t", TasksMax, tasks_max_resolve);
diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
-index 50daef6702..1cc6d91e64 100644
+index 902e074bd2..ac15b944e6 100644
--- a/src/core/dbus-execute.c
+++ b/src/core/dbus-execute.c
@@ -42,6 +42,7 @@
@@ -297,7 +297,7 @@ index ca9b399d8c..b864480a8c 100644
int bus_property_get_triggered_unit(
sd_bus *bus,
diff --git a/src/core/execute.c b/src/core/execute.c
-index 2a337b55a2..2a64675c5f 100644
+index 2f2de4d9cf..515b2fe748 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -98,6 +98,7 @@
@@ -321,7 +321,7 @@ index a56f12f47f..6b8729ef67 100644
#if HAVE_KMOD
#include "module-util.h"
diff --git a/src/core/service.c b/src/core/service.c
-index cb0a528f0d..740d305710 100644
+index 7b90822f68..4af076eeba 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -41,6 +41,7 @@
@@ -357,7 +357,7 @@ index ae1d43756a..24de98c9f3 100644
#define PRIV_KEY_FILE CERTIFICATE_ROOT "/private/journal-remote.pem"
#define CERT_FILE CERTIFICATE_ROOT "/certs/journal-remote.pem"
diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
-index c8fb726d42..858a425d12 100644
+index 3eac97510d..db6913bc7a 100644
--- a/src/journal/journalctl.c
+++ b/src/journal/journalctl.c
@@ -72,6 +72,7 @@
@@ -393,7 +393,7 @@ index bfd42aea7d..daefc56e3e 100644
static int node_vtable_get_userdata(
sd_bus *bus,
diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c
-index 378774fe8b..2694c177d5 100644
+index 09eb49c37f..82f1b3d1be 100644
--- a/src/libsystemd/sd-bus/bus-socket.c
+++ b/src/libsystemd/sd-bus/bus-socket.c
@@ -27,6 +27,7 @@
@@ -405,7 +405,7 @@ index 378774fe8b..2694c177d5 100644
#define SNDBUF_SIZE (8*1024*1024)
diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c
-index a32e2f5e20..97fd3aec82 100644
+index ab8d4e4a60..7e35fbe9e6 100644
--- a/src/libsystemd/sd-bus/sd-bus.c
+++ b/src/libsystemd/sd-bus/sd-bus.c
@@ -42,6 +42,7 @@
@@ -429,7 +429,7 @@ index 13c08fe295..9aae83486e 100644
#define MAX_SIZE (2*1024*1024)
diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c
-index 5728c537bc..94885b0bf6 100644
+index b3240177cb..7e3ae2d24f 100644
--- a/src/libsystemd/sd-journal/sd-journal.c
+++ b/src/libsystemd/sd-journal/sd-journal.c
@@ -40,6 +40,7 @@
@@ -669,7 +669,7 @@ index 65c40de4c8..4ef9a0c6c8 100644
_printf_(2,3)
static void path_prepend(char **path, const char *fmt, ...) {
diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c
-index b28089be71..a7e2232299 100644
+index 9854270b27..71b5fab1e7 100644
--- a/src/udev/udev-event.c
+++ b/src/udev/udev-event.c
@@ -34,6 +34,7 @@
diff --git a/meta/recipes-core/systemd/systemd/0006-Include-netinet-if_ether.h.patch b/meta/recipes-core/systemd/systemd/0006-Include-netinet-if_ether.h.patch
index 855607e6a8..3875753ff4 100644
--- a/meta/recipes-core/systemd/systemd/0006-Include-netinet-if_ether.h.patch
+++ b/meta/recipes-core/systemd/systemd/0006-Include-netinet-if_ether.h.patch
@@ -1,4 +1,4 @@
-From d7ae3aadc70555932e03349907f8be04d03a50ee Mon Sep 17 00:00:00 2001
+From a3be3b7160856ffb8259ede9e2e0168d74bf126e Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Thu, 26 Oct 2017 22:10:42 -0700
Subject: [PATCH] Include netinet/if_ether.h
@@ -103,7 +103,7 @@ index 5ad396a57e..1dc007fe13 100644
-#endif /* _UAPI_LINUX_IN6_H */
+#endif /* _LINUX_IN6_H */
diff --git a/src/libsystemd-network/sd-dhcp6-client.c b/src/libsystemd-network/sd-dhcp6-client.c
-index e8c47f429a..359922c1b3 100644
+index efbf7d7df3..86906332b6 100644
--- a/src/libsystemd-network/sd-dhcp6-client.c
+++ b/src/libsystemd-network/sd-dhcp6-client.c
@@ -5,7 +5,6 @@
@@ -274,12 +274,13 @@ index 2b72b618fc..d0d4cfb384 100644
#include "sd-dhcp6-client.h"
diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
-index 9421ce1aa6..3e37cbcc39 100644
+index 20675f2306..2884511ff3 100644
--- a/src/network/networkd-link.c
+++ b/src/network/networkd-link.c
-@@ -1,8 +1,8 @@
+@@ -1,9 +1,9 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
+ #include <net/if.h>
+#include <netinet/if_ether.h>
#include <netinet/in.h>
#include <linux/if.h>
@@ -299,7 +300,7 @@ index 850b4f449e..6f85d41328 100644
#include <netinet/in.h>
#include <linux/netdevice.h>
diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c
-index 77a93beca9..3bf9ae8837 100644
+index eeba31c45d..0a2b0ed42b 100644
--- a/src/network/networkd-route.c
+++ b/src/network/networkd-route.c
@@ -1,5 +1,6 @@
@@ -310,7 +311,7 @@ index 77a93beca9..3bf9ae8837 100644
#include <linux/ipv6_route.h>
#include <linux/nexthop.h>
diff --git a/src/network/networkd-setlink.c b/src/network/networkd-setlink.c
-index 10c312c480..e44fbb5c35 100644
+index 13c4cedd10..6558d551ab 100644
--- a/src/network/networkd-setlink.c
+++ b/src/network/networkd-setlink.c
@@ -1,8 +1,8 @@
@@ -369,7 +370,7 @@ index 8dfe23691b..e269856337 100644
#include <netinet/ether.h>
#include <unistd.h>
diff --git a/src/udev/udev-builtin-net_setup_link.c b/src/udev/udev-builtin-net_setup_link.c
-index d40251331c..89566c05f5 100644
+index 5964e30bf1..52a18d7a7f 100644
--- a/src/udev/udev-builtin-net_setup_link.c
+++ b/src/udev/udev-builtin-net_setup_link.c
@@ -1,5 +1,6 @@
diff --git a/meta/recipes-core/systemd/systemd/0007-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch b/meta/recipes-core/systemd/systemd/0007-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch
index 28846935e0..1d8c481467 100644
--- a/meta/recipes-core/systemd/systemd/0007-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch
+++ b/meta/recipes-core/systemd/systemd/0007-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch
@@ -1,4 +1,4 @@
-From e2d70a1735fc6b9d3c079814831ab0b1b2a9d1e0 Mon Sep 17 00:00:00 2001
+From fb068403b25002156435350165ea418a6338a313 Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Mon, 25 Feb 2019 14:56:21 +0800
Subject: [PATCH] don't fail if GLOB_BRACE and GLOB_ALTDIRFUNC is not defined
diff --git a/meta/recipes-core/systemd/systemd/0008-add-missing-FTW_-macros-for-musl.patch b/meta/recipes-core/systemd/systemd/0008-add-missing-FTW_-macros-for-musl.patch
index 1de7ccf150..c613581ef9 100644
--- a/meta/recipes-core/systemd/systemd/0008-add-missing-FTW_-macros-for-musl.patch
+++ b/meta/recipes-core/systemd/systemd/0008-add-missing-FTW_-macros-for-musl.patch
@@ -1,4 +1,4 @@
-From 3410d82c9d07aee3e951fc6ae0b41fc1a594e00d Mon Sep 17 00:00:00 2001
+From 7ca9887f84adba065dc2e59b3de55ace2fc72ec0 Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Mon, 25 Feb 2019 15:00:06 +0800
Subject: [PATCH] add missing FTW_ macros for musl
@@ -13,7 +13,8 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
src/basic/missing_type.h | 20 ++++++++++++++++++++
- 1 file changed, 20 insertions(+)
+ src/shared/mount-setup.c | 1 +
+ 2 files changed, 21 insertions(+)
diff --git a/src/basic/missing_type.h b/src/basic/missing_type.h
index aeaf6ad5ec..3df1084ef2 100644
@@ -43,3 +44,15 @@ index aeaf6ad5ec..3df1084ef2 100644
+#ifndef FTW_SKIP_SIBLINGS
+#define FTW_SKIP_SIBLINGS 3
+#endif
+diff --git a/src/shared/mount-setup.c b/src/shared/mount-setup.c
+index ef3527e9a7..c1cab40eb8 100644
+--- a/src/shared/mount-setup.c
++++ b/src/shared/mount-setup.c
+@@ -32,6 +32,7 @@
+ #include "strv.h"
+ #include "user-util.h"
+ #include "virt.h"
++#include "missing_type.h"
+
+ typedef enum MountMode {
+ MNT_NONE = 0,
diff --git a/meta/recipes-core/systemd/systemd/0009-fix-missing-of-__register_atfork-for-non-glibc-build.patch b/meta/recipes-core/systemd/systemd/0009-fix-missing-of-__register_atfork-for-non-glibc-build.patch
index 4670c232a5..0fc320420e 100644
--- a/meta/recipes-core/systemd/systemd/0009-fix-missing-of-__register_atfork-for-non-glibc-build.patch
+++ b/meta/recipes-core/systemd/systemd/0009-fix-missing-of-__register_atfork-for-non-glibc-build.patch
@@ -1,4 +1,4 @@
-From 1e3bc870ded807cff0d3771dd89a850d020df032 Mon Sep 17 00:00:00 2001
+From c7453b716ae308b89cf4b2b231a36ddd38a49752 Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Mon, 25 Feb 2019 15:03:47 +0800
Subject: [PATCH] fix missing of __register_atfork for non-glibc builds
@@ -12,7 +12,7 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
1 file changed, 7 insertions(+)
diff --git a/src/basic/process-util.c b/src/basic/process-util.c
-index 14259ea8df..18681838ef 100644
+index 461bbfe9a5..2d06f9f60a 100644
--- a/src/basic/process-util.c
+++ b/src/basic/process-util.c
@@ -18,6 +18,9 @@
diff --git a/meta/recipes-core/systemd/systemd/0010-Use-uintmax_t-for-handling-rlim_t.patch b/meta/recipes-core/systemd/systemd/0010-Use-uintmax_t-for-handling-rlim_t.patch
index e6bb37a65e..ff981b8c74 100644
--- a/meta/recipes-core/systemd/systemd/0010-Use-uintmax_t-for-handling-rlim_t.patch
+++ b/meta/recipes-core/systemd/systemd/0010-Use-uintmax_t-for-handling-rlim_t.patch
@@ -1,4 +1,4 @@
-From eeacb75025d8f537d54c35256c5730c9aab15cde Mon Sep 17 00:00:00 2001
+From 856010e268a6aca8e5f02502457afe289bd877f1 Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Mon, 25 Feb 2019 15:12:41 +0800
Subject: [PATCH] Use uintmax_t for handling rlim_t
@@ -87,10 +87,10 @@ index 23d108d5df..3e6fb438d7 100644
return 1;
}
diff --git a/src/core/execute.c b/src/core/execute.c
-index 2a64675c5f..dca1e0e3b6 100644
+index 515b2fe748..7693f2d9a0 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
-@@ -5391,9 +5391,9 @@ void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix) {
+@@ -5395,9 +5395,9 @@ void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix) {
for (unsigned i = 0; i < RLIM_NLIMITS; i++)
if (c->rlimit[i]) {
fprintf(f, "%sLimit%s: " RLIM_FMT "\n",
diff --git a/meta/recipes-core/systemd/systemd/0011-test-sizeof.c-Disable-tests-for-missing-typedefs-in-.patch b/meta/recipes-core/systemd/systemd/0011-test-sizeof.c-Disable-tests-for-missing-typedefs-in-.patch
index 897e332f33..0ee871c92d 100644
--- a/meta/recipes-core/systemd/systemd/0011-test-sizeof.c-Disable-tests-for-missing-typedefs-in-.patch
+++ b/meta/recipes-core/systemd/systemd/0011-test-sizeof.c-Disable-tests-for-missing-typedefs-in-.patch
@@ -1,4 +1,4 @@
-From fa29a572faaeb6fb9ed0bc6802d17139773e1908 Mon Sep 17 00:00:00 2001
+From ad395dda5db9b1ae156be121cfc8a38960de6c55 Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Wed, 28 Feb 2018 21:25:22 -0800
Subject: [PATCH] test-sizeof.c: Disable tests for missing typedefs in musl
@@ -13,7 +13,7 @@ Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
1 file changed, 4 insertions(+)
diff --git a/src/test/test-sizeof.c b/src/test/test-sizeof.c
-index 3c9dc180fa..e1a59d408c 100644
+index e36bee4e8f..4403c0aa52 100644
--- a/src/test/test-sizeof.c
+++ b/src/test/test-sizeof.c
@@ -55,8 +55,10 @@ int main(void) {
diff --git a/meta/recipes-core/systemd/systemd/0012-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch b/meta/recipes-core/systemd/systemd/0012-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch
index 3bf706fc55..12a92b8739 100644
--- a/meta/recipes-core/systemd/systemd/0012-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch
+++ b/meta/recipes-core/systemd/systemd/0012-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch
@@ -1,4 +1,4 @@
-From 88c8922f9e4d221402d9cb2e04b9c82e89125827 Mon Sep 17 00:00:00 2001
+From 5d4c6b2f4b88b69b31f967371d2a6136c65dc3fd Mon Sep 17 00:00:00 2001
From: Andre McCurdy <armccurdy@gmail.com>
Date: Tue, 10 Oct 2017 14:33:30 -0700
Subject: [PATCH] don't pass AT_SYMLINK_NOFOLLOW flag to faccessat()
diff --git a/meta/recipes-core/systemd/systemd/0013-Define-glibc-compatible-basename-for-non-glibc-syste.patch b/meta/recipes-core/systemd/systemd/0013-Define-glibc-compatible-basename-for-non-glibc-syste.patch
index 74008714c1..bd7a0c4e8e 100644
--- a/meta/recipes-core/systemd/systemd/0013-Define-glibc-compatible-basename-for-non-glibc-syste.patch
+++ b/meta/recipes-core/systemd/systemd/0013-Define-glibc-compatible-basename-for-non-glibc-syste.patch
@@ -1,4 +1,4 @@
-From e07e9b998ad61b09555bc809aa15de9d2516787a Mon Sep 17 00:00:00 2001
+From 1803ea271b93370fdcf7ec497277344f1e775429 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Sun, 27 May 2018 08:36:44 -0700
Subject: [PATCH] Define glibc compatible basename() for non-glibc systems
diff --git a/meta/recipes-core/systemd/systemd/0014-Do-not-disable-buffering-when-writing-to-oom_score_a.patch b/meta/recipes-core/systemd/systemd/0014-Do-not-disable-buffering-when-writing-to-oom_score_a.patch
index c5e20cbb80..7933b9e76e 100644
--- a/meta/recipes-core/systemd/systemd/0014-Do-not-disable-buffering-when-writing-to-oom_score_a.patch
+++ b/meta/recipes-core/systemd/systemd/0014-Do-not-disable-buffering-when-writing-to-oom_score_a.patch
@@ -1,4 +1,4 @@
-From 2f048d13e100158320bda248635b3c533ac9717b Mon Sep 17 00:00:00 2001
+From 30b08f76ea7f5c324afedf97f0867b76dac9f128 Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Wed, 4 Jul 2018 15:00:44 +0800
Subject: [PATCH] Do not disable buffering when writing to oom_score_adj
@@ -25,7 +25,7 @@ Signed-off-by: Scott Murray <scott.murray@konsulko.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/basic/process-util.c b/src/basic/process-util.c
-index 18681838ef..0fa71ccce0 100644
+index 2d06f9f60a..f86bd0b7dc 100644
--- a/src/basic/process-util.c
+++ b/src/basic/process-util.c
@@ -1606,7 +1606,7 @@ int set_oom_score_adjust(int value) {
diff --git a/meta/recipes-core/systemd/systemd/0015-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch b/meta/recipes-core/systemd/systemd/0015-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch
index 39804bd364..0b0d2a6431 100644
--- a/meta/recipes-core/systemd/systemd/0015-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch
+++ b/meta/recipes-core/systemd/systemd/0015-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch
@@ -1,4 +1,4 @@
-From 45148529792c0cda32fdd61610c8d5a700d541fa Mon Sep 17 00:00:00 2001
+From 873202f63f9f117c6e5a98e444cc709057042979 Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Tue, 10 Jul 2018 15:40:17 +0800
Subject: [PATCH] distinguish XSI-compliant strerror_r from GNU-specifi
diff --git a/meta/recipes-core/systemd/systemd/0016-Hide-__start_BUS_ERROR_MAP-and-__stop_BUS_ERROR_MAP.patch b/meta/recipes-core/systemd/systemd/0016-Hide-__start_BUS_ERROR_MAP-and-__stop_BUS_ERROR_MAP.patch
index 365e2a36f1..e6507c5f89 100644
--- a/meta/recipes-core/systemd/systemd/0016-Hide-__start_BUS_ERROR_MAP-and-__stop_BUS_ERROR_MAP.patch
+++ b/meta/recipes-core/systemd/systemd/0016-Hide-__start_BUS_ERROR_MAP-and-__stop_BUS_ERROR_MAP.patch
@@ -1,4 +1,4 @@
-From 02a2772889d6cb08c9ca0561b52e7a9a80e50497 Mon Sep 17 00:00:00 2001
+From e7441559266074e7a33e3c11ff5cdaf5ba9c0e24 Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Mon, 25 Feb 2019 15:18:00 +0800
Subject: [PATCH] Hide __start_BUS_ERROR_MAP and __stop_BUS_ERROR_MAP
diff --git a/meta/recipes-core/systemd/systemd/0017-missing_type.h-add-__compar_d_fn_t-definition.patch b/meta/recipes-core/systemd/systemd/0017-missing_type.h-add-__compar_d_fn_t-definition.patch
index 8a6c03f312..eeff693bc4 100644
--- a/meta/recipes-core/systemd/systemd/0017-missing_type.h-add-__compar_d_fn_t-definition.patch
+++ b/meta/recipes-core/systemd/systemd/0017-missing_type.h-add-__compar_d_fn_t-definition.patch
@@ -1,4 +1,4 @@
-From 47c4ac80689077b1eb86cf05b4326b1ac345aedf Mon Sep 17 00:00:00 2001
+From 64f4d2eb976b9f23ce85b3655a876f7299eafd58 Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Mon, 25 Feb 2019 15:27:54 +0800
Subject: [PATCH] missing_type.h: add __compar_d_fn_t definition
diff --git a/meta/recipes-core/systemd/systemd/0018-avoid-redefinition-of-prctl_mm_map-structure.patch b/meta/recipes-core/systemd/systemd/0018-avoid-redefinition-of-prctl_mm_map-structure.patch
index e75935a280..5ca5386289 100644
--- a/meta/recipes-core/systemd/systemd/0018-avoid-redefinition-of-prctl_mm_map-structure.patch
+++ b/meta/recipes-core/systemd/systemd/0018-avoid-redefinition-of-prctl_mm_map-structure.patch
@@ -1,4 +1,4 @@
-From 2cb33d8896a4ad2d3b489fed51f17d5e45dfb4fc Mon Sep 17 00:00:00 2001
+From d95330f328c23c1cd6c51aeca43f081746cf2899 Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Mon, 25 Feb 2019 15:44:54 +0800
Subject: [PATCH] avoid redefinition of prctl_mm_map structure
diff --git a/meta/recipes-core/systemd/systemd/0019-Handle-missing-LOCK_EX.patch b/meta/recipes-core/systemd/systemd/0019-Handle-missing-LOCK_EX.patch
index 629c103627..d51ac4265a 100644
--- a/meta/recipes-core/systemd/systemd/0019-Handle-missing-LOCK_EX.patch
+++ b/meta/recipes-core/systemd/systemd/0019-Handle-missing-LOCK_EX.patch
@@ -1,4 +1,4 @@
-From 200a2a2e4f04a7b7078dd455fafbd6774240e30b Mon Sep 17 00:00:00 2001
+From 2284f2f44b1b30f10b9196e0f5c6d0a2e0c1871f Mon Sep 17 00:00:00 2001
From: Alex Kiernan <alex.kiernan@gmail.com>
Date: Fri, 7 Aug 2020 15:19:27 +0000
Subject: [PATCH] Handle missing LOCK_EX
diff --git a/meta/recipes-core/systemd/systemd/0020-Fix-incompatible-pointer-type-struct-sockaddr_un.patch b/meta/recipes-core/systemd/systemd/0020-Fix-incompatible-pointer-type-struct-sockaddr_un.patch
index ea6e82f466..2d272ed3e8 100644
--- a/meta/recipes-core/systemd/systemd/0020-Fix-incompatible-pointer-type-struct-sockaddr_un.patch
+++ b/meta/recipes-core/systemd/systemd/0020-Fix-incompatible-pointer-type-struct-sockaddr_un.patch
@@ -1,4 +1,4 @@
-From 6445b7737a89256f35adc56701a5c47b48618ced Mon Sep 17 00:00:00 2001
+From a6a25e1ecae91f48a4f87bf0cc17eaaf0a919ffe Mon Sep 17 00:00:00 2001
From: Alex Kiernan <alex.kiernan@gmail.com>
Date: Fri, 7 Aug 2020 15:20:17 +0000
Subject: [PATCH] Fix incompatible pointer type struct sockaddr_un *
@@ -24,15 +24,15 @@ Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
-index 04685fecba..90b12bb5bd 100644
+index 575b9da447..ff08ed23cc 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -5354,7 +5354,7 @@ static int cant_be_in_netns(void) {
if (fd < 0)
return log_error_errno(errno, "Failed to allocate udev control socket: %m");
-- if (connect(fd, &sa.un, SOCKADDR_UN_LEN(sa.un)) < 0) {
-+ if (connect(fd, (struct sockaddr *)&sa.un, SOCKADDR_UN_LEN(sa.un)) < 0) {
+- if (connect(fd, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0) {
++ if (connect(fd, (struct sockaddr *)&sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0) {
if (errno == ENOENT || ERRNO_IS_DISCONNECT(errno))
return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
diff --git a/meta/recipes-core/systemd/systemd/0021-test-json.c-define-M_PIl.patch b/meta/recipes-core/systemd/systemd/0021-test-json.c-define-M_PIl.patch
index 60c12b0740..3fe5aeab13 100644
--- a/meta/recipes-core/systemd/systemd/0021-test-json.c-define-M_PIl.patch
+++ b/meta/recipes-core/systemd/systemd/0021-test-json.c-define-M_PIl.patch
@@ -1,4 +1,4 @@
-From ae71bf2b97dc9d4760defd83463c1d305f332f22 Mon Sep 17 00:00:00 2001
+From 47472da6e8900773c26da8fd26699367447d97a6 Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Mon, 25 Feb 2019 16:53:06 +0800
Subject: [PATCH] test-json.c: define M_PIl
diff --git a/meta/recipes-core/systemd/systemd/0022-do-not-disable-buffer-in-writing-files.patch b/meta/recipes-core/systemd/systemd/0022-do-not-disable-buffer-in-writing-files.patch
index 6998bf0dd0..4df35d81d1 100644
--- a/meta/recipes-core/systemd/systemd/0022-do-not-disable-buffer-in-writing-files.patch
+++ b/meta/recipes-core/systemd/systemd/0022-do-not-disable-buffer-in-writing-files.patch
@@ -1,4 +1,4 @@
-From 3198690c2dbb4b457a04ef21914dc4d531540273 Mon Sep 17 00:00:00 2001
+From 0f9422780a569c79a4b28e44c79c70b4a354bd92 Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Fri, 1 Mar 2019 15:22:15 +0800
Subject: [PATCH] do not disable buffer in writing files
@@ -134,7 +134,7 @@ index 955b18bd2a..6d89c90176 100644
log_debug_errno(r, "Failed to turn off coredumps, ignoring: %m");
}
diff --git a/src/binfmt/binfmt.c b/src/binfmt/binfmt.c
-index 29530bb691..3ecf6a45a2 100644
+index 981218f52f..436aaaddb4 100644
--- a/src/binfmt/binfmt.c
+++ b/src/binfmt/binfmt.c
@@ -48,7 +48,7 @@ static int delete_rule(const char *rule) {
@@ -165,7 +165,7 @@ index 29530bb691..3ecf6a45a2 100644
STRV_FOREACH(f, files) {
k = apply_file(*f, true);
diff --git a/src/core/main.c b/src/core/main.c
-index b32a19a1d8..4e1238853e 100644
+index c64c73883e..1ac185e946 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1402,7 +1402,7 @@ static int bump_unix_max_dgram_qlen(void) {
@@ -252,7 +252,7 @@ index cb01b25bc6..e92051268b 100644
log_error_errno(r, "Failed to move process: %m");
goto finish;
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
-index 90b12bb5bd..6a1dafa094 100644
+index ff08ed23cc..e7c4a874a9 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -2751,7 +2751,7 @@ static int reset_audit_loginuid(void) {
diff --git a/meta/recipes-core/systemd/systemd/0025-Handle-__cpu_mask-usage.patch b/meta/recipes-core/systemd/systemd/0025-Handle-__cpu_mask-usage.patch
index 06702765ee..e001ed59e8 100644
--- a/meta/recipes-core/systemd/systemd/0025-Handle-__cpu_mask-usage.patch
+++ b/meta/recipes-core/systemd/systemd/0025-Handle-__cpu_mask-usage.patch
@@ -1,4 +1,4 @@
-From b04518c464b526f8b9adc9ce3c08b1881db47989 Mon Sep 17 00:00:00 2001
+From e4f9ef547fa342102db15188544daa18e71e9c66 Mon Sep 17 00:00:00 2001
From: Scott Murray <scott.murray@konsulko.com>
Date: Fri, 13 Sep 2019 19:26:27 -0400
Subject: [PATCH] Handle __cpu_mask usage
@@ -38,7 +38,7 @@ index 3c63a58826..4c2d4347fc 100644
typedef struct CPUSet {
cpu_set_t *set;
diff --git a/src/test/test-sizeof.c b/src/test/test-sizeof.c
-index e1a59d408c..c269ea6e8c 100644
+index 4403c0aa52..e7e4ae112d 100644
--- a/src/test/test-sizeof.c
+++ b/src/test/test-sizeof.c
@@ -1,6 +1,5 @@
diff --git a/meta/recipes-core/systemd/systemd/0026-Handle-missing-gshadow.patch b/meta/recipes-core/systemd/systemd/0026-Handle-missing-gshadow.patch
index dc63305825..e9b7c1c078 100644
--- a/meta/recipes-core/systemd/systemd/0026-Handle-missing-gshadow.patch
+++ b/meta/recipes-core/systemd/systemd/0026-Handle-missing-gshadow.patch
@@ -1,4 +1,4 @@
-From 0c8935128b39864b07dfee39cfa9d35d48f056aa Mon Sep 17 00:00:00 2001
+From 66a926cf906260c2fb5ea851e55efe03edd444dc Mon Sep 17 00:00:00 2001
From: Alex Kiernan <alex.kiernan@gmail.com>
Date: Tue, 10 Mar 2020 11:05:20 +0000
Subject: [PATCH] Handle missing gshadow
diff --git a/meta/recipes-core/systemd/systemd/0028-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch b/meta/recipes-core/systemd/systemd/0028-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch
index ff96a720c5..b7fd3cddbb 100644
--- a/meta/recipes-core/systemd/systemd/0028-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch
+++ b/meta/recipes-core/systemd/systemd/0028-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch
@@ -1,4 +1,4 @@
-From f5d7fee9620cbcf52be8f8ba477890d28cadfbc8 Mon Sep 17 00:00:00 2001
+From 6f0dd2ba75b68036d7b4ebfe47ac5eaf44d26f06 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Mon, 12 Apr 2021 23:44:53 -0700
Subject: [PATCH] missing_syscall.h: Define MIPS ABI defines for musl
diff --git a/meta/recipes-core/systemd/systemd_249.3.bb b/meta/recipes-core/systemd/systemd_249.7.bb
index f8c85dabf0..c94a18140e 100644
--- a/meta/recipes-core/systemd/systemd_249.3.bb
+++ b/meta/recipes-core/systemd/systemd_249.7.bb
@@ -385,7 +385,7 @@ SYSTEMD_PACKAGES = "${@bb.utils.contains('PACKAGECONFIG', 'binfmt', '${PN}-binfm
SYSTEMD_SERVICE:${PN}-binfmt = "systemd-binfmt.service"
USERADD_PACKAGES = "${PN} ${PN}-extra-utils \
- ${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', '${PN}-journal-gateway', '', d)} \
+ ${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', '${PN}-journal-gatewayd', '', d)} \
${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', '${PN}-journal-remote', '', d)} \
${@bb.utils.contains('PACKAGECONFIG', 'journal-upload', '${PN}-journal-upload', '', d)} \
"
@@ -397,7 +397,7 @@ USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'polkit', '--syste
USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'resolved', '--system -d / -M --shell /sbin/nologin systemd-resolve;', '', d)}"
USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'timesyncd', '--system -d / -M --shell /sbin/nologin systemd-timesync;', '', d)}"
USERADD_PARAM:${PN}-extra-utils = "--system -d / -M --shell /sbin/nologin systemd-bus-proxy"
-USERADD_PARAM:${PN}-journal-gateway = "--system -d / -M --shell /sbin/nologin systemd-journal-gateway"
+USERADD_PARAM:${PN}-journal-gatewayd = "--system -d / -M --shell /sbin/nologin systemd-journal-gateway"
USERADD_PARAM:${PN}-journal-remote = "--system -d / -M --shell /sbin/nologin systemd-journal-remote"
USERADD_PARAM:${PN}-journal-upload = "--system -d / -M --shell /sbin/nologin systemd-journal-upload"
diff --git a/meta/recipes-core/update-rc.d/update-rc.d_0.8.bb b/meta/recipes-core/update-rc.d/update-rc.d_0.8.bb
index da716674c3..daee5c224b 100644
--- a/meta/recipes-core/update-rc.d/update-rc.d_0.8.bb
+++ b/meta/recipes-core/update-rc.d/update-rc.d_0.8.bb
@@ -6,7 +6,7 @@ SECTION = "base"
LICENSE = "GPLv2+"
LIC_FILES_CHKSUM = "file://update-rc.d;beginline=5;endline=15;md5=d40a07c27f535425934bb5001f2037d9"
-SRC_URI = "git://git.yoctoproject.org/update-rc.d"
+SRC_URI = "git://git.yoctoproject.org/update-rc.d;branch=master"
SRCREV = "8636cf478d426b568c1be11dbd9346f67e03adac"
UPSTREAM_CHECK_COMMITS = "1"
diff --git a/meta/recipes-core/util-linux/util-linux-libuuid_2.37.2.bb b/meta/recipes-core/util-linux/util-linux-libuuid_2.37.4.bb
index 5d759aed94..5d759aed94 100644
--- a/meta/recipes-core/util-linux/util-linux-libuuid_2.37.2.bb
+++ b/meta/recipes-core/util-linux/util-linux-libuuid_2.37.4.bb
diff --git a/meta/recipes-core/util-linux/util-linux.inc b/meta/recipes-core/util-linux/util-linux.inc
index 1e3cd28801..c48f9572f5 100644
--- a/meta/recipes-core/util-linux/util-linux.inc
+++ b/meta/recipes-core/util-linux/util-linux.inc
@@ -37,4 +37,4 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/util-linux/v${MAJOR_VERSION}/util-lin
file://avoid_parallel_tests.patch \
"
-SRC_URI[sha256sum] = "6a0764c1aae7fb607ef8a6dd2c0f6c47d5e5fd27aa08820abaad9ec14e28e9d9"
+SRC_URI[sha256sum] = "634e6916ad913366c3536b6468e7844769549b99a7b2bf80314de78ab5655b83"
diff --git a/meta/recipes-core/util-linux/util-linux_2.37.2.bb b/meta/recipes-core/util-linux/util-linux_2.37.4.bb
index d609c30067..d609c30067 100644
--- a/meta/recipes-core/util-linux/util-linux_2.37.2.bb
+++ b/meta/recipes-core/util-linux/util-linux_2.37.4.bb
diff --git a/meta/recipes-core/volatile-binds/files/volatile-binds.service.in b/meta/recipes-core/volatile-binds/files/volatile-binds.service.in
index e2ad39f258..0c1c79d0c4 100644
--- a/meta/recipes-core/volatile-binds/files/volatile-binds.service.in
+++ b/meta/recipes-core/volatile-binds/files/volatile-binds.service.in
@@ -1,6 +1,6 @@
[Unit]
Description=Bind mount volatile @where@
-DefaultDependencies=false
+DefaultDependencies=no
Before=local-fs.target
RequiresMountsFor=@whatparent@ @whereparent@
ConditionPathIsReadWrite=@whatparent@
diff --git a/meta/recipes-core/zlib/zlib/CVE-2018-25032.patch b/meta/recipes-core/zlib/zlib/CVE-2018-25032.patch
new file mode 100644
index 0000000000..5cb6183641
--- /dev/null
+++ b/meta/recipes-core/zlib/zlib/CVE-2018-25032.patch
@@ -0,0 +1,347 @@
+CVE: CVE-2018-25032
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 5c44459c3b28a9bd3283aaceab7c615f8020c531 Mon Sep 17 00:00:00 2001
+From: Mark Adler <madler@alumni.caltech.edu>
+Date: Tue, 17 Apr 2018 22:09:22 -0700
+Subject: [PATCH] Fix a bug that can crash deflate on some input when using
+ Z_FIXED.
+
+This bug was reported by Danilo Ramos of Eideticom, Inc. It has
+lain in wait 13 years before being found! The bug was introduced
+in zlib 1.2.2.2, with the addition of the Z_FIXED option. That
+option forces the use of fixed Huffman codes. For rare inputs with
+a large number of distant matches, the pending buffer into which
+the compressed data is written can overwrite the distance symbol
+table which it overlays. That results in corrupted output due to
+invalid distances, and can result in out-of-bound accesses,
+crashing the application.
+
+The fix here combines the distance buffer and literal/length
+buffers into a single symbol buffer. Now three bytes of pending
+buffer space are opened up for each literal or length/distance
+pair consumed, instead of the previous two bytes. This assures
+that the pending buffer cannot overwrite the symbol table, since
+the maximum fixed code compressed length/distance is 31 bits, and
+since there are four bytes of pending space for every three bytes
+of symbol space.
+---
+ deflate.c | 74 ++++++++++++++++++++++++++++++++++++++++---------------
+ deflate.h | 25 +++++++++----------
+ trees.c | 50 +++++++++++--------------------------
+ 3 files changed, 79 insertions(+), 70 deletions(-)
+
+diff --git a/deflate.c b/deflate.c
+index 425babc00..19cba873a 100644
+--- a/deflate.c
++++ b/deflate.c
+@@ -255,11 +255,6 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy,
+ int wrap = 1;
+ static const char my_version[] = ZLIB_VERSION;
+
+- ushf *overlay;
+- /* We overlay pending_buf and d_buf+l_buf. This works since the average
+- * output size for (length,distance) codes is <= 24 bits.
+- */
+-
+ if (version == Z_NULL || version[0] != my_version[0] ||
+ stream_size != sizeof(z_stream)) {
+ return Z_VERSION_ERROR;
+@@ -329,9 +324,47 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy,
+
+ s->lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */
+
+- overlay = (ushf *) ZALLOC(strm, s->lit_bufsize, sizeof(ush)+2);
+- s->pending_buf = (uchf *) overlay;
+- s->pending_buf_size = (ulg)s->lit_bufsize * (sizeof(ush)+2L);
++ /* We overlay pending_buf and sym_buf. This works since the average size
++ * for length/distance pairs over any compressed block is assured to be 31
++ * bits or less.
++ *
++ * Analysis: The longest fixed codes are a length code of 8 bits plus 5
++ * extra bits, for lengths 131 to 257. The longest fixed distance codes are
++ * 5 bits plus 13 extra bits, for distances 16385 to 32768. The longest
++ * possible fixed-codes length/distance pair is then 31 bits total.
++ *
++ * sym_buf starts one-fourth of the way into pending_buf. So there are
++ * three bytes in sym_buf for every four bytes in pending_buf. Each symbol
++ * in sym_buf is three bytes -- two for the distance and one for the
++ * literal/length. As each symbol is consumed, the pointer to the next
++ * sym_buf value to read moves forward three bytes. From that symbol, up to
++ * 31 bits are written to pending_buf. The closest the written pending_buf
++ * bits gets to the next sym_buf symbol to read is just before the last
++ * code is written. At that time, 31*(n-2) bits have been written, just
++ * after 24*(n-2) bits have been consumed from sym_buf. sym_buf starts at
++ * 8*n bits into pending_buf. (Note that the symbol buffer fills when n-1
++ * symbols are written.) The closest the writing gets to what is unread is
++ * then n+14 bits. Here n is lit_bufsize, which is 16384 by default, and
++ * can range from 128 to 32768.
++ *
++ * Therefore, at a minimum, there are 142 bits of space between what is
++ * written and what is read in the overlain buffers, so the symbols cannot
++ * be overwritten by the compressed data. That space is actually 139 bits,
++ * due to the three-bit fixed-code block header.
++ *
++ * That covers the case where either Z_FIXED is specified, forcing fixed
++ * codes, or when the use of fixed codes is chosen, because that choice
++ * results in a smaller compressed block than dynamic codes. That latter
++ * condition then assures that the above analysis also covers all dynamic
++ * blocks. A dynamic-code block will only be chosen to be emitted if it has
++ * fewer bits than a fixed-code block would for the same set of symbols.
++ * Therefore its average symbol length is assured to be less than 31. So
++ * the compressed data for a dynamic block also cannot overwrite the
++ * symbols from which it is being constructed.
++ */
++
++ s->pending_buf = (uchf *) ZALLOC(strm, s->lit_bufsize, 4);
++ s->pending_buf_size = (ulg)s->lit_bufsize * 4;
+
+ if (s->window == Z_NULL || s->prev == Z_NULL || s->head == Z_NULL ||
+ s->pending_buf == Z_NULL) {
+@@ -340,8 +373,12 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy,
+ deflateEnd (strm);
+ return Z_MEM_ERROR;
+ }
+- s->d_buf = overlay + s->lit_bufsize/sizeof(ush);
+- s->l_buf = s->pending_buf + (1+sizeof(ush))*s->lit_bufsize;
++ s->sym_buf = s->pending_buf + s->lit_bufsize;
++ s->sym_end = (s->lit_bufsize - 1) * 3;
++ /* We avoid equality with lit_bufsize*3 because of wraparound at 64K
++ * on 16 bit machines and because stored blocks are restricted to
++ * 64K-1 bytes.
++ */
+
+ s->level = level;
+ s->strategy = strategy;
+@@ -552,7 +589,7 @@ int ZEXPORT deflatePrime (strm, bits, value)
+
+ if (deflateStateCheck(strm)) return Z_STREAM_ERROR;
+ s = strm->state;
+- if ((Bytef *)(s->d_buf) < s->pending_out + ((Buf_size + 7) >> 3))
++ if (s->sym_buf < s->pending_out + ((Buf_size + 7) >> 3))
+ return Z_BUF_ERROR;
+ do {
+ put = Buf_size - s->bi_valid;
+@@ -1113,7 +1150,6 @@ int ZEXPORT deflateCopy (dest, source)
+ #else
+ deflate_state *ds;
+ deflate_state *ss;
+- ushf *overlay;
+
+
+ if (deflateStateCheck(source) || dest == Z_NULL) {
+@@ -1133,8 +1169,7 @@ int ZEXPORT deflateCopy (dest, source)
+ ds->window = (Bytef *) ZALLOC(dest, ds->w_size, 2*sizeof(Byte));
+ ds->prev = (Posf *) ZALLOC(dest, ds->w_size, sizeof(Pos));
+ ds->head = (Posf *) ZALLOC(dest, ds->hash_size, sizeof(Pos));
+- overlay = (ushf *) ZALLOC(dest, ds->lit_bufsize, sizeof(ush)+2);
+- ds->pending_buf = (uchf *) overlay;
++ ds->pending_buf = (uchf *) ZALLOC(dest, ds->lit_bufsize, 4);
+
+ if (ds->window == Z_NULL || ds->prev == Z_NULL || ds->head == Z_NULL ||
+ ds->pending_buf == Z_NULL) {
+@@ -1148,8 +1183,7 @@ int ZEXPORT deflateCopy (dest, source)
+ zmemcpy(ds->pending_buf, ss->pending_buf, (uInt)ds->pending_buf_size);
+
+ ds->pending_out = ds->pending_buf + (ss->pending_out - ss->pending_buf);
+- ds->d_buf = overlay + ds->lit_bufsize/sizeof(ush);
+- ds->l_buf = ds->pending_buf + (1+sizeof(ush))*ds->lit_bufsize;
++ ds->sym_buf = ds->pending_buf + ds->lit_bufsize;
+
+ ds->l_desc.dyn_tree = ds->dyn_ltree;
+ ds->d_desc.dyn_tree = ds->dyn_dtree;
+@@ -1925,7 +1959,7 @@ local block_state deflate_fast(s, flush)
+ FLUSH_BLOCK(s, 1);
+ return finish_done;
+ }
+- if (s->last_lit)
++ if (s->sym_next)
+ FLUSH_BLOCK(s, 0);
+ return block_done;
+ }
+@@ -2056,7 +2090,7 @@ local block_state deflate_slow(s, flush)
+ FLUSH_BLOCK(s, 1);
+ return finish_done;
+ }
+- if (s->last_lit)
++ if (s->sym_next)
+ FLUSH_BLOCK(s, 0);
+ return block_done;
+ }
+@@ -2131,7 +2165,7 @@ local block_state deflate_rle(s, flush)
+ FLUSH_BLOCK(s, 1);
+ return finish_done;
+ }
+- if (s->last_lit)
++ if (s->sym_next)
+ FLUSH_BLOCK(s, 0);
+ return block_done;
+ }
+@@ -2170,7 +2204,7 @@ local block_state deflate_huff(s, flush)
+ FLUSH_BLOCK(s, 1);
+ return finish_done;
+ }
+- if (s->last_lit)
++ if (s->sym_next)
+ FLUSH_BLOCK(s, 0);
+ return block_done;
+ }
+diff --git a/deflate.h b/deflate.h
+index 23ecdd312..d4cf1a98b 100644
+--- a/deflate.h
++++ b/deflate.h
+@@ -217,7 +217,7 @@ typedef struct internal_state {
+ /* Depth of each subtree used as tie breaker for trees of equal frequency
+ */
+
+- uchf *l_buf; /* buffer for literals or lengths */
++ uchf *sym_buf; /* buffer for distances and literals/lengths */
+
+ uInt lit_bufsize;
+ /* Size of match buffer for literals/lengths. There are 4 reasons for
+@@ -239,13 +239,8 @@ typedef struct internal_state {
+ * - I can't count above 4
+ */
+
+- uInt last_lit; /* running index in l_buf */
+-
+- ushf *d_buf;
+- /* Buffer for distances. To simplify the code, d_buf and l_buf have
+- * the same number of elements. To use different lengths, an extra flag
+- * array would be necessary.
+- */
++ uInt sym_next; /* running index in sym_buf */
++ uInt sym_end; /* symbol table full when sym_next reaches this */
+
+ ulg opt_len; /* bit length of current block with optimal trees */
+ ulg static_len; /* bit length of current block with static trees */
+@@ -325,20 +320,22 @@ void ZLIB_INTERNAL _tr_stored_block OF((deflate_state *s, charf *buf,
+
+ # define _tr_tally_lit(s, c, flush) \
+ { uch cc = (c); \
+- s->d_buf[s->last_lit] = 0; \
+- s->l_buf[s->last_lit++] = cc; \
++ s->sym_buf[s->sym_next++] = 0; \
++ s->sym_buf[s->sym_next++] = 0; \
++ s->sym_buf[s->sym_next++] = cc; \
+ s->dyn_ltree[cc].Freq++; \
+- flush = (s->last_lit == s->lit_bufsize-1); \
++ flush = (s->sym_next == s->sym_end); \
+ }
+ # define _tr_tally_dist(s, distance, length, flush) \
+ { uch len = (uch)(length); \
+ ush dist = (ush)(distance); \
+- s->d_buf[s->last_lit] = dist; \
+- s->l_buf[s->last_lit++] = len; \
++ s->sym_buf[s->sym_next++] = dist; \
++ s->sym_buf[s->sym_next++] = dist >> 8; \
++ s->sym_buf[s->sym_next++] = len; \
+ dist--; \
+ s->dyn_ltree[_length_code[len]+LITERALS+1].Freq++; \
+ s->dyn_dtree[d_code(dist)].Freq++; \
+- flush = (s->last_lit == s->lit_bufsize-1); \
++ flush = (s->sym_next == s->sym_end); \
+ }
+ #else
+ # define _tr_tally_lit(s, c, flush) flush = _tr_tally(s, 0, c)
+diff --git a/trees.c b/trees.c
+index 4f4a65011..decaeb7c3 100644
+--- a/trees.c
++++ b/trees.c
+@@ -416,7 +416,7 @@ local void init_block(s)
+
+ s->dyn_ltree[END_BLOCK].Freq = 1;
+ s->opt_len = s->static_len = 0L;
+- s->last_lit = s->matches = 0;
++ s->sym_next = s->matches = 0;
+ }
+
+ #define SMALLEST 1
+@@ -948,7 +948,7 @@ void ZLIB_INTERNAL _tr_flush_block(s, buf, stored_len, last)
+
+ Tracev((stderr, "\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u ",
+ opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len,
+- s->last_lit));
++ s->sym_next / 3));
+
+ if (static_lenb <= opt_lenb) opt_lenb = static_lenb;
+
+@@ -1017,8 +1017,9 @@ int ZLIB_INTERNAL _tr_tally (s, dist, lc)
+ unsigned dist; /* distance of matched string */
+ unsigned lc; /* match length-MIN_MATCH or unmatched char (if dist==0) */
+ {
+- s->d_buf[s->last_lit] = (ush)dist;
+- s->l_buf[s->last_lit++] = (uch)lc;
++ s->sym_buf[s->sym_next++] = dist;
++ s->sym_buf[s->sym_next++] = dist >> 8;
++ s->sym_buf[s->sym_next++] = lc;
+ if (dist == 0) {
+ /* lc is the unmatched char */
+ s->dyn_ltree[lc].Freq++;
+@@ -1033,30 +1034,7 @@ int ZLIB_INTERNAL _tr_tally (s, dist, lc)
+ s->dyn_ltree[_length_code[lc]+LITERALS+1].Freq++;
+ s->dyn_dtree[d_code(dist)].Freq++;
+ }
+-
+-#ifdef TRUNCATE_BLOCK
+- /* Try to guess if it is profitable to stop the current block here */
+- if ((s->last_lit & 0x1fff) == 0 && s->level > 2) {
+- /* Compute an upper bound for the compressed length */
+- ulg out_length = (ulg)s->last_lit*8L;
+- ulg in_length = (ulg)((long)s->strstart - s->block_start);
+- int dcode;
+- for (dcode = 0; dcode < D_CODES; dcode++) {
+- out_length += (ulg)s->dyn_dtree[dcode].Freq *
+- (5L+extra_dbits[dcode]);
+- }
+- out_length >>= 3;
+- Tracev((stderr,"\nlast_lit %u, in %ld, out ~%ld(%ld%%) ",
+- s->last_lit, in_length, out_length,
+- 100L - out_length*100L/in_length));
+- if (s->matches < s->last_lit/2 && out_length < in_length/2) return 1;
+- }
+-#endif
+- return (s->last_lit == s->lit_bufsize-1);
+- /* We avoid equality with lit_bufsize because of wraparound at 64K
+- * on 16 bit machines and because stored blocks are restricted to
+- * 64K-1 bytes.
+- */
++ return (s->sym_next == s->sym_end);
+ }
+
+ /* ===========================================================================
+@@ -1069,13 +1047,14 @@ local void compress_block(s, ltree, dtree)
+ {
+ unsigned dist; /* distance of matched string */
+ int lc; /* match length or unmatched char (if dist == 0) */
+- unsigned lx = 0; /* running index in l_buf */
++ unsigned sx = 0; /* running index in sym_buf */
+ unsigned code; /* the code to send */
+ int extra; /* number of extra bits to send */
+
+- if (s->last_lit != 0) do {
+- dist = s->d_buf[lx];
+- lc = s->l_buf[lx++];
++ if (s->sym_next != 0) do {
++ dist = s->sym_buf[sx++] & 0xff;
++ dist += (unsigned)(s->sym_buf[sx++] & 0xff) << 8;
++ lc = s->sym_buf[sx++];
+ if (dist == 0) {
+ send_code(s, lc, ltree); /* send a literal byte */
+ Tracecv(isgraph(lc), (stderr," '%c' ", lc));
+@@ -1100,11 +1079,10 @@ local void compress_block(s, ltree, dtree)
+ }
+ } /* literal or match pair ? */
+
+- /* Check that the overlay between pending_buf and d_buf+l_buf is ok: */
+- Assert((uInt)(s->pending) < s->lit_bufsize + 2*lx,
+- "pendingBuf overflow");
++ /* Check that the overlay between pending_buf and sym_buf is ok: */
++ Assert(s->pending < s->lit_bufsize + sx, "pendingBuf overflow");
+
+- } while (lx < s->last_lit);
++ } while (sx < s->sym_next);
+
+ send_code(s, END_BLOCK, ltree);
+ }
diff --git a/meta/recipes-core/zlib/zlib_1.2.11.bb b/meta/recipes-core/zlib/zlib_1.2.11.bb
index 1c06aa0ab5..11a076e496 100644
--- a/meta/recipes-core/zlib/zlib_1.2.11.bb
+++ b/meta/recipes-core/zlib/zlib_1.2.11.bb
@@ -8,6 +8,7 @@ LIC_FILES_CHKSUM = "file://zlib.h;beginline=6;endline=23;md5=5377232268e952e9ef6
SRC_URI = "${SOURCEFORGE_MIRROR}/libpng/${BPN}/${PV}/${BPN}-${PV}.tar.xz \
file://ldflags-tests.patch \
+ file://CVE-2018-25032.patch \
file://run-ptest \
"
UPSTREAM_CHECK_URI = "http://zlib.net/"
diff --git a/meta/recipes-devtools/binutils/binutils-2.37.inc b/meta/recipes-devtools/binutils/binutils-2.37.inc
index 6093558e4b..f4427aef45 100644
--- a/meta/recipes-devtools/binutils/binutils-2.37.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.37.inc
@@ -36,5 +36,7 @@ SRC_URI = "\
file://0015-sync-with-OE-libtool-changes.patch \
file://0016-Check-for-clang-before-checking-gcc-version.patch \
file://0017-bfd-Close-the-file-descriptor-if-there-is-no-archive.patch \
+ file://0001-CVE-2021-42574.patch \
+ file://161e87d12167b1e36193385485c1f6ce92f74f02.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0001-CVE-2021-42574.patch b/meta/recipes-devtools/binutils/binutils/0001-CVE-2021-42574.patch
new file mode 100644
index 0000000000..0622ae389e
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0001-CVE-2021-42574.patch
@@ -0,0 +1,2001 @@
+From b3aa80b45c4f46029efeb204bb9f2d2c4278a0e5 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 9 Nov 2021 13:25:42 +0000
+Subject: [PATCH] Add --unicode option to control how unicode characters are
+ handled by display tools.
+
+ * nm.c: Add --unicode option to control how unicode characters are
+ handled.
+ * objdump.c: Likewise.
+ * readelf.c: Likewise.
+ * strings.c: Likewise.
+ * binutils.texi: Document the new feature.
+ * NEWS: Document the new feature.
+ * testsuite/binutils-all/unicode.exp: New file.
+ * testsuite/binutils-all/nm.hex.unicode
+ * testsuite/binutils-all/strings.escape.unicode
+ * testsuite/binutils-all/objdump.highlight.unicode
+ * testsuite/binutils-all/readelf.invalid.unicode
+
+CVE: CVE-2021-42574
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=b3aa80b45c4f46029efeb204bb9f2d2c4278a0e5]
+
+RP: Added tweak uint -> unsigned int partial backport of
+https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=795588aec4f894206863c938bd6d716895886009
+
+Signed-off-by: pgowda <pgowda.cve@gmail.com>
+---
+ binutils/ChangeLog | 15 +
+ binutils/NEWS | 9 +
+ binutils/doc/binutils.texi | 78 ++++
+ binutils/nm.c | 228 ++++++++++-
+ binutils/objdump.c | 235 ++++++++++--
+ binutils/readelf.c | 190 +++++++++-
+ binutils/strings.c | 757 ++++++++++++++++++++++++++++++++++---
+ 7 files changed, 1409 insertions(+), 103 deletions(-)
+
+diff --git a/binutils/ChangeLog b/binutils/ChangeLog
+--- a/binutils/ChangeLog 2021-12-19 19:00:27.038540406 -0800
++++ b/binutils/ChangeLog 2021-12-19 19:28:42.733565078 -0800
+@@ -1,3 +1,18 @@
++2021-11-09 Nick Clifton <nickc@redhat.com>
++
++ * nm.c: Add --unicode option to control how unicode characters are
++ handled.
++ * objdump.c: Likewise.
++ * readelf.c: Likewise.
++ * strings.c: Likewise.
++ * binutils.texi: Document the new feature.
++ * NEWS: Document the new feature.
++ * testsuite/binutils-all/unicode.exp: New file.
++ * testsuite/binutils-all/nm.hex.unicode
++ * testsuite/binutils-all/strings.escape.unicode
++ * testsuite/binutils-all/objdump.highlight.unicode
++ * testsuite/binutils-all/readelf.invalid.unicode
++
+ 2021-07-16 Nick Clifton <nickc@redhat.com>
+
+ * po/sv.po: Updated Swedish translation.
+diff --git a/binutils/doc/binutils.texi b/binutils/doc/binutils.texi
+--- a/binutils/doc/binutils.texi 2021-12-19 19:00:27.042540338 -0800
++++ b/binutils/doc/binutils.texi 2021-12-19 19:27:56.526354667 -0800
+@@ -812,6 +812,7 @@ nm [@option{-A}|@option{-o}|@option{--pr
+ [@option{-s}|@option{--print-armap}]
+ [@option{-t} @var{radix}|@option{--radix=}@var{radix}]
+ [@option{-u}|@option{--undefined-only}]
++ [@option{-U} @var{method}] [@option{--unicode=}@var{method}]
+ [@option{-V}|@option{--version}]
+ [@option{-X 32_64}]
+ [@option{--defined-only}]
+@@ -1132,6 +1133,21 @@ Use @var{radix} as the radix for printin
+ @cindex undefined symbols
+ Display only undefined symbols (those external to each object file).
+
++@item -U @var{[d|i|l|e|x|h]}
++@itemx --unicode=@var{[default|invalid|locale|escape|hex|highlight]}
++Controls the display of UTF-8 encoded mulibyte characters in strings.
++The default (@option{--unicode=default}) is to give them no special
++treatment. The @option{--unicode=locale} option displays the sequence
++in the current locale, which may or may not support them. The options
++@option{--unicode=hex} and @option{--unicode=invalid} display them as
++hex byte sequences enclosed by either angle brackets or curly braces.
++
++The @option{--unicode=escape} option displays them as escape sequences
++(@var{\uxxxx}) and the @option{--unicode=highlight} option displays
++them as escape sequences highlighted in red (if supported by the
++output device). The colouring is intended to draw attention to the
++presence of unicode sequences where they might not be expected.
++
+ @item -V
+ @itemx --version
+ Show the version number of @command{nm} and exit.
+@@ -2247,6 +2263,7 @@ objdump [@option{-a}|@option{--archive-h
+ [@option{--prefix-strip=}@var{level}]
+ [@option{--insn-width=}@var{width}]
+ [@option{--visualize-jumps[=color|=extended-color|=off]}
++ [@option{-U} @var{method}] [@option{--unicode=}@var{method}]
+ [@option{-V}|@option{--version}]
+ [@option{-H}|@option{--help}]
+ @var{objfile}@dots{}
+@@ -2921,6 +2938,21 @@ When displaying symbols include those wh
+ special in some way and which would not normally be of interest to the
+ user.
+
++@item -U @var{[d|i|l|e|x|h]}
++@itemx --unicode=@var{[default|invalid|locale|escape|hex|highlight]}
++Controls the display of UTF-8 encoded mulibyte characters in strings.
++The default (@option{--unicode=default}) is to give them no special
++treatment. The @option{--unicode=locale} option displays the sequence
++in the current locale, which may or may not support them. The options
++@option{--unicode=hex} and @option{--unicode=invalid} display them as
++hex byte sequences enclosed by either angle brackets or curly braces.
++
++The @option{--unicode=escape} option displays them as escape sequences
++(@var{\uxxxx}) and the @option{--unicode=highlight} option displays
++them as escape sequences highlighted in red (if supported by the
++output device). The colouring is intended to draw attention to the
++presence of unicode sequences where they might not be expected.
++
+ @item -V
+ @itemx --version
+ Print the version number of @command{objdump} and exit.
+@@ -3197,6 +3229,7 @@ strings [@option{-afovV}] [@option{-}@va
+ [@option{-n} @var{min-len}] [@option{--bytes=}@var{min-len}]
+ [@option{-t} @var{radix}] [@option{--radix=}@var{radix}]
+ [@option{-e} @var{encoding}] [@option{--encoding=}@var{encoding}]
++ [@option{-U} @var{method}] [@option{--unicode=}@var{method}]
+ [@option{-}] [@option{--all}] [@option{--print-file-name}]
+ [@option{-T} @var{bfdname}] [@option{--target=}@var{bfdname}]
+ [@option{-w}] [@option{--include-all-whitespace}]
+@@ -3288,6 +3321,28 @@ single-8-bit-byte characters, @samp{b} =
+ littleendian. Useful for finding wide character strings. (@samp{l}
+ and @samp{b} apply to, for example, Unicode UTF-16/UCS-2 encodings).
+
++@item -U @var{[d|i|l|e|x|h]}
++@itemx --unicode=@var{[default|invalid|locale|escape|hex|highlight]}
++Controls the display of UTF-8 encoded mulibyte characters in strings.
++The default (@option{--unicode=default}) is to give them no special
++treatment, and instead rely upon the setting of the
++@option{--encoding} option. The other values for this option
++automatically enable @option{--encoding=S}.
++
++The @option{--unicode=invalid} option treats them as non-graphic
++characters and hence not part of a valid string. All the remaining
++options treat them as valid string characters.
++
++The @option{--unicode=locale} option displays them in the current
++locale, which may or may not support UTF-8 encoding. The
++@option{--unicode=hex} option displays them as hex byte sequences
++enclosed between @var{<>} characters. The @option{--unicode=escape}
++option displays them as escape sequences (@var{\uxxxx}) and the
++@option{--unicode=highlight} option displays them as escape sequences
++highlighted in red (if supported by the output device). The colouring
++is intended to draw attention to the presence of unicode sequences
++where they might not be expected.
++
+ @item -T @var{bfdname}
+ @itemx --target=@var{bfdname}
+ @cindex object code format
+@@ -4796,6 +4851,7 @@ readelf [@option{-a}|@option{--all}]
+ [@option{--demangle@var{=style}}|@option{--no-demangle}]
+ [@option{--quiet}]
+ [@option{--recurse-limit}|@option{--no-recurse-limit}]
++ [@option{-U} @var{method}|@option{--unicode=}@var{method}]
+ [@option{-n}|@option{--notes}]
+ [@option{-r}|@option{--relocs}]
+ [@option{-u}|@option{--unwind}]
+@@ -4962,6 +5018,28 @@ necessary in order to demangle truly com
+ that if the recursion limit is disabled then stack exhaustion is
+ possible and any bug reports about such an event will be rejected.
+
++@item -U @var{[d|i|l|e|x|h]}
++@itemx --unicode=[default|invalid|locale|escape|hex|highlight]
++Controls the display of non-ASCII characters in identifier names.
++The default (@option{--unicode=locale} or @option{--unicode=default}) is
++to treat them as multibyte characters and display them in the current
++locale. All other versions of this option treat the bytes as UTF-8
++encoded values and attempt to interpret them. If they cannot be
++interpreted or if the @option{--unicode=invalid} option is used then
++they are displayed as a sequence of hex bytes, encloses in curly
++parethesis characters.
++
++Using the @option{--unicode=escape} option will display the characters
++as as unicode escape sequences (@var{\uxxxx}). Using the
++@option{--unicode=hex} will display the characters as hex byte
++sequences enclosed between angle brackets.
++
++Using the @option{--unicode=highlight} will display the characters as
++unicode escape sequences but it will also highlighted them in red,
++assuming that colouring is supported by the output device. The
++colouring is intended to draw attention to the presence of unicode
++sequences when they might not be expected.
++
+ @item -e
+ @itemx --headers
+ Display all the headers in the file. Equivalent to @option{-h -l -S}.
+diff --git a/binutils/NEWS b/binutils/NEWS
+--- a/binutils/NEWS 2021-12-19 19:00:27.038540406 -0800
++++ b/binutils/NEWS 2021-12-19 19:30:04.764162972 -0800
+@@ -1,5 +1,14 @@
+ -*- text -*-
+
++* Tools which display symbols or strings (readelf, strings, nm, objdump)
++ have a new command line option which controls how unicode characters are
++ handled. By default they are treated as normal for the tool. Using
++ --unicode=locale will display them according to the current locale.
++ Using --unicode=hex will display them as hex byte values, whilst
++ --unicode=escape will display them as escape sequences. In addition
++ using --unicode=highlight will display them as unicode escape sequences
++ highlighted in red (if supported by the output device).
++
+ Changes in 2.37:
+
+ * The readelf tool has a new command line option which can be used to specify
+diff --git a/binutils/nm.c b/binutils/nm.c
+--- a/binutils/nm.c 2021-12-19 19:00:27.046540270 -0800
++++ b/binutils/nm.c 2021-12-19 19:36:34.797491555 -0800
+@@ -38,6 +38,11 @@
+ #include "bucomm.h"
+ #include "plugin-api.h"
+ #include "plugin.h"
++#include "safe-ctype.h"
++
++#ifndef streq
++#define streq(a,b) (strcmp ((a),(b)) == 0)
++#endif
+
+ /* When sorting by size, we use this structure to hold the size and a
+ pointer to the minisymbol. */
+@@ -216,6 +221,18 @@ static const char *plugin_target = NULL;
+ static bfd *lineno_cache_bfd;
+ static bfd *lineno_cache_rel_bfd;
+
++typedef enum unicode_display_type
++{
++ unicode_default = 0,
++ unicode_locale,
++ unicode_escape,
++ unicode_hex,
++ unicode_highlight,
++ unicode_invalid
++} unicode_display_type;
++
++static unicode_display_type unicode_display = unicode_default;
++
+ enum long_option_values
+ {
+ OPTION_TARGET = 200,
+@@ -260,6 +277,7 @@ static struct option long_options[] =
+ {"target", required_argument, 0, OPTION_TARGET},
+ {"defined-only", no_argument, &defined_only, 1},
+ {"undefined-only", no_argument, &undefined_only, 1},
++ {"unicode", required_argument, NULL, 'U'},
+ {"version", no_argument, &show_version, 1},
+ {"with-symbol-versions", no_argument, &with_symbol_versions, 1},
+ {"without-symbol-versions", no_argument, &with_symbol_versions, 0},
+@@ -313,6 +331,8 @@ usage (FILE *stream, int status)
+ -t, --radix=RADIX Use RADIX for printing symbol values\n\
+ --target=BFDNAME Specify the target object format as BFDNAME\n\
+ -u, --undefined-only Display only undefined symbols\n\
++ -U {d|s|i|x|e|h} Specify how to treat UTF-8 encoded unicode characters\n\
++ --unicode={default|show|invalid|hex|escape|highlight}\n\
+ --with-symbol-versions Display version strings after symbol names\n\
+ -X 32_64 (ignored)\n\
+ @FILE Read options from FILE\n\
+@@ -432,6 +452,187 @@ get_coff_symbol_type (const struct inter
+ return bufp;
+ }
+
++/* Convert a potential UTF-8 encoded sequence in IN into characters in OUT.
++ The conversion format is controlled by the unicode_display variable.
++ Returns the number of characters added to OUT.
++ Returns the number of bytes consumed from IN in CONSUMED.
++ Always consumes at least one byte and displays at least one character. */
++
++static unsigned int
++display_utf8 (const unsigned char * in, char * out, unsigned int * consumed)
++{
++ char * orig_out = out;
++ unsigned int nchars = 0;
++ unsigned int j;
++
++ if (unicode_display == unicode_default)
++ goto invalid;
++
++ if (in[0] < 0xc0)
++ goto invalid;
++
++ if ((in[1] & 0xc0) != 0x80)
++ goto invalid;
++
++ if ((in[0] & 0x20) == 0)
++ {
++ nchars = 2;
++ goto valid;
++ }
++
++ if ((in[2] & 0xc0) != 0x80)
++ goto invalid;
++
++ if ((in[0] & 0x10) == 0)
++ {
++ nchars = 3;
++ goto valid;
++ }
++
++ if ((in[3] & 0xc0) != 0x80)
++ goto invalid;
++
++ nchars = 4;
++
++ valid:
++ switch (unicode_display)
++ {
++ case unicode_locale:
++ /* Copy the bytes into the output buffer as is. */
++ memcpy (out, in, nchars);
++ out += nchars;
++ break;
++
++ case unicode_invalid:
++ case unicode_hex:
++ out += sprintf (out, "%c", unicode_display == unicode_hex ? '<' : '{');
++ out += sprintf (out, "0x");
++ for (j = 0; j < nchars; j++)
++ out += sprintf (out, "%02x", in [j]);
++ out += sprintf (out, "%c", unicode_display == unicode_hex ? '>' : '}');
++ break;
++
++ case unicode_highlight:
++ if (isatty (1))
++ out += sprintf (out, "\x1B[31;47m"); /* Red. */
++ /* Fall through. */
++ case unicode_escape:
++ switch (nchars)
++ {
++ case 2:
++ out += sprintf (out, "\\u%02x%02x",
++ ((in[0] & 0x1c) >> 2),
++ ((in[0] & 0x03) << 6) | (in[1] & 0x3f));
++ break;
++
++ case 3:
++ out += sprintf (out, "\\u%02x%02x",
++ ((in[0] & 0x0f) << 4) | ((in[1] & 0x3c) >> 2),
++ ((in[1] & 0x03) << 6) | ((in[2] & 0x3f)));
++ break;
++
++ case 4:
++ out += sprintf (out, "\\u%02x%02x%02x",
++ ((in[0] & 0x07) << 6) | ((in[1] & 0x3c) >> 2),
++ ((in[1] & 0x03) << 6) | ((in[2] & 0x3c) >> 2),
++ ((in[2] & 0x03) << 6) | ((in[3] & 0x3f)));
++ break;
++ default:
++ /* URG. */
++ break;
++ }
++
++ if (unicode_display == unicode_highlight && isatty (1))
++ out += sprintf (out, "\033[0m"); /* Default colour. */
++ break;
++
++ default:
++ /* URG */
++ break;
++ }
++
++ * consumed = nchars;
++ return out - orig_out;
++
++ invalid:
++ /* Not a valid UTF-8 sequence. */
++ *out = *in;
++ * consumed = 1;
++ return 1;
++}
++
++/* Convert any UTF-8 encoded characters in NAME into the form specified by
++ unicode_display. Also converts control characters. Returns a static
++ buffer if conversion was necessary.
++ Code stolen from objdump.c:sanitize_string(). */
++
++static const char *
++convert_utf8 (const char * in)
++{
++ static char * buffer = NULL;
++ static size_t buffer_len = 0;
++ const char * original = in;
++ char * out;
++
++ /* Paranoia. */
++ if (in == NULL)
++ return "";
++
++ /* See if any conversion is necessary.
++ In the majority of cases it will not be needed. */
++ do
++ {
++ unsigned char c = *in++;
++
++ if (c == 0)
++ return original;
++
++ if (ISCNTRL (c))
++ break;
++
++ if (unicode_display != unicode_default && c >= 0xc0)
++ break;
++ }
++ while (1);
++
++ /* Copy the input, translating as needed. */
++ in = original;
++ if (buffer_len < (strlen (in) * 9))
++ {
++ free ((void *) buffer);
++ buffer_len = strlen (in) * 9;
++ buffer = xmalloc (buffer_len + 1);
++ }
++
++ out = buffer;
++ do
++ {
++ unsigned char c = *in++;
++
++ if (c == 0)
++ break;
++
++ if (ISCNTRL (c))
++ {
++ *out++ = '^';
++ *out++ = c + 0x40;
++ }
++ else if (unicode_display != unicode_default && c >= 0xc0)
++ {
++ unsigned int num_consumed;
++
++ out += display_utf8 ((const unsigned char *)(in - 1), out, & num_consumed);
++ in += num_consumed - 1;
++ }
++ else
++ *out++ = c;
++ }
++ while (1);
++
++ *out = 0;
++ return buffer;
++}
++
+ /* Print symbol name NAME, read from ABFD, with printf format FORM,
+ demangling it if requested. */
+
+@@ -444,6 +645,7 @@ print_symname (const char *form, struct
+
+ if (name == NULL)
+ name = info->sinfo->name;
++
+ if (!with_symbol_versions
+ && bfd_get_flavour (abfd) == bfd_target_elf_flavour)
+ {
+@@ -451,6 +653,7 @@ print_symname (const char *form, struct
+ if (atver)
+ *atver = 0;
+ }
++
+ if (do_demangle && *name)
+ {
+ alloc = bfd_demangle (abfd, name, demangle_flags);
+@@ -458,6 +661,11 @@ print_symname (const char *form, struct
+ name = alloc;
+ }
+
++ if (unicode_display != unicode_default)
++ {
++ name = convert_utf8 (name);
++ }
++
+ if (info != NULL && info->elfinfo && with_symbol_versions)
+ {
+ const char *version_string;
+@@ -1807,7 +2015,7 @@ main (int argc, char **argv)
+ fatal (_("fatal error: libbfd ABI mismatch"));
+ set_default_bfd_target ();
+
+- while ((c = getopt_long (argc, argv, "aABCDef:gHhjJlnopPrSst:uvVvX:",
++ while ((c = getopt_long (argc, argv, "aABCDef:gHhjJlnopPrSst:uU:vVvX:",
+ long_options, (int *) 0)) != EOF)
+ {
+ switch (c)
+@@ -1900,6 +2108,24 @@ main (int argc, char **argv)
+ case 'u':
+ undefined_only = 1;
+ break;
++
++ case 'U':
++ if (streq (optarg, "default") || streq (optarg, "d"))
++ unicode_display = unicode_default;
++ else if (streq (optarg, "locale") || streq (optarg, "l"))
++ unicode_display = unicode_locale;
++ else if (streq (optarg, "escape") || streq (optarg, "e"))
++ unicode_display = unicode_escape;
++ else if (streq (optarg, "invalid") || streq (optarg, "i"))
++ unicode_display = unicode_invalid;
++ else if (streq (optarg, "hex") || streq (optarg, "x"))
++ unicode_display = unicode_hex;
++ else if (streq (optarg, "highlight") || streq (optarg, "h"))
++ unicode_display = unicode_highlight;
++ else
++ fatal (_("invalid argument to -U/--unicode: %s"), optarg);
++ break;
++
+ case 'V':
+ show_version = 1;
+ break;
+diff --git a/binutils/objdump.c b/binutils/objdump.c
+--- a/binutils/objdump.c 2021-12-19 19:00:27.046540270 -0800
++++ b/binutils/objdump.c 2021-12-19 19:43:09.438736729 -0800
+@@ -204,6 +204,18 @@ static const struct objdump_private_desc
+
+ /* The list of detected jumps inside a function. */
+ static struct jump_info *detected_jumps = NULL;
++
++typedef enum unicode_display_type
++{
++ unicode_default = 0,
++ unicode_locale,
++ unicode_escape,
++ unicode_hex,
++ unicode_highlight,
++ unicode_invalid
++} unicode_display_type;
++
++static unicode_display_type unicode_display = unicode_default;
+
+ static void usage (FILE *, int) ATTRIBUTE_NORETURN;
+ static void
+@@ -330,6 +342,9 @@ usage (FILE *stream, int status)
+ fprintf (stream, _("\
+ -w, --wide Format output for more than 80 columns\n"));
+ fprintf (stream, _("\
++ -U[d|l|i|x|e|h] Controls the display of UTF-8 unicode characters\n\
++ --unicode=[default|locale|invalid|hex|escape|highlight]\n"));
++ fprintf (stream, _("\
+ -z, --disassemble-zeroes Do not skip blocks of zeroes when disassembling\n"));
+ fprintf (stream, _("\
+ --start-address=ADDR Only process data whose address is >= ADDR\n"));
+@@ -420,17 +435,23 @@ static struct option long_options[]=
+ {
+ {"adjust-vma", required_argument, NULL, OPTION_ADJUST_VMA},
+ {"all-headers", no_argument, NULL, 'x'},
+- {"private-headers", no_argument, NULL, 'p'},
+- {"private", required_argument, NULL, 'P'},
+ {"architecture", required_argument, NULL, 'm'},
+ {"archive-headers", no_argument, NULL, 'a'},
++#ifdef ENABLE_LIBCTF
++ {"ctf", required_argument, NULL, OPTION_CTF},
++ {"ctf-parent", required_argument, NULL, OPTION_CTF_PARENT},
++#endif
+ {"debugging", no_argument, NULL, 'g'},
+ {"debugging-tags", no_argument, NULL, 'e'},
+ {"demangle", optional_argument, NULL, 'C'},
+ {"disassemble", optional_argument, NULL, 'd'},
+ {"disassemble-all", no_argument, NULL, 'D'},
+- {"disassembler-options", required_argument, NULL, 'M'},
+ {"disassemble-zeroes", no_argument, NULL, 'z'},
++ {"disassembler-options", required_argument, NULL, 'M'},
++ {"dwarf", optional_argument, NULL, OPTION_DWARF},
++ {"dwarf-check", no_argument, 0, OPTION_DWARF_CHECK},
++ {"dwarf-depth", required_argument, 0, OPTION_DWARF_DEPTH},
++ {"dwarf-start", required_argument, 0, OPTION_DWARF_START},
+ {"dynamic-reloc", no_argument, NULL, 'R'},
+ {"dynamic-syms", no_argument, NULL, 'T'},
+ {"endian", required_argument, NULL, OPTION_ENDIAN},
+@@ -440,16 +461,23 @@ static struct option long_options[]=
+ {"full-contents", no_argument, NULL, 's'},
+ {"headers", no_argument, NULL, 'h'},
+ {"help", no_argument, NULL, 'H'},
++ {"include", required_argument, NULL, 'I'},
+ {"info", no_argument, NULL, 'i'},
++ {"inlines", no_argument, 0, OPTION_INLINES},
++ {"insn-width", required_argument, NULL, OPTION_INSN_WIDTH},
+ {"line-numbers", no_argument, NULL, 'l'},
+- {"no-show-raw-insn", no_argument, &show_raw_insn, -1},
+ {"no-addresses", no_argument, &no_addresses, 1},
+- {"process-links", no_argument, &process_links, true},
++ {"no-recurse-limit", no_argument, NULL, OPTION_NO_RECURSE_LIMIT},
++ {"no-recursion-limit", no_argument, NULL, OPTION_NO_RECURSE_LIMIT},
++ {"no-show-raw-insn", no_argument, &show_raw_insn, -1},
++ {"prefix", required_argument, NULL, OPTION_PREFIX},
+ {"prefix-addresses", no_argument, &prefix_addresses, 1},
++ {"prefix-strip", required_argument, NULL, OPTION_PREFIX_STRIP},
++ {"private", required_argument, NULL, 'P'},
++ {"private-headers", no_argument, NULL, 'p'},
++ {"process-links", no_argument, &process_links, true},
+ {"recurse-limit", no_argument, NULL, OPTION_RECURSE_LIMIT},
+ {"recursion-limit", no_argument, NULL, OPTION_RECURSE_LIMIT},
+- {"no-recurse-limit", no_argument, NULL, OPTION_NO_RECURSE_LIMIT},
+- {"no-recursion-limit", no_argument, NULL, OPTION_NO_RECURSE_LIMIT},
+ {"reloc", no_argument, NULL, 'r'},
+ {"section", required_argument, NULL, 'j'},
+ {"section-headers", no_argument, NULL, 'h'},
+@@ -457,28 +485,16 @@ static struct option long_options[]=
+ {"source", no_argument, NULL, 'S'},
+ {"source-comment", optional_argument, NULL, OPTION_SOURCE_COMMENT},
+ {"special-syms", no_argument, &dump_special_syms, 1},
+- {"include", required_argument, NULL, 'I'},
+- {"dwarf", optional_argument, NULL, OPTION_DWARF},
+-#ifdef ENABLE_LIBCTF
+- {"ctf", required_argument, NULL, OPTION_CTF},
+- {"ctf-parent", required_argument, NULL, OPTION_CTF_PARENT},
+-#endif
+ {"stabs", no_argument, NULL, 'G'},
+ {"start-address", required_argument, NULL, OPTION_START_ADDRESS},
+ {"stop-address", required_argument, NULL, OPTION_STOP_ADDRESS},
+ {"syms", no_argument, NULL, 't'},
+ {"target", required_argument, NULL, 'b'},
++ {"unicode", required_argument, NULL, 'U'},
+ {"version", no_argument, NULL, 'V'},
+- {"wide", no_argument, NULL, 'w'},
+- {"prefix", required_argument, NULL, OPTION_PREFIX},
+- {"prefix-strip", required_argument, NULL, OPTION_PREFIX_STRIP},
+- {"insn-width", required_argument, NULL, OPTION_INSN_WIDTH},
+- {"dwarf-depth", required_argument, 0, OPTION_DWARF_DEPTH},
+- {"dwarf-start", required_argument, 0, OPTION_DWARF_START},
+- {"dwarf-check", no_argument, 0, OPTION_DWARF_CHECK},
+- {"inlines", no_argument, 0, OPTION_INLINES},
+ {"visualize-jumps", optional_argument, 0, OPTION_VISUALIZE_JUMPS},
+- {0, no_argument, 0, 0}
++ {"wide", no_argument, NULL, 'w'},
++ {NULL, no_argument, NULL, 0}
+ };
+
+ static void
+@@ -488,9 +504,121 @@ nonfatal (const char *msg)
+ exit_status = 1;
+ }
+
++/* Convert a potential UTF-8 encoded sequence in IN into characters in OUT.
++ The conversion format is controlled by the unicode_display variable.
++ Returns the number of characters added to OUT.
++ Returns the number of bytes consumed from IN in CONSUMED.
++ Always consumes at least one byte and displays at least one character. */
++
++static unsigned int
++display_utf8 (const unsigned char * in, char * out, unsigned int * consumed)
++{
++ char * orig_out = out;
++ unsigned int nchars = 0;
++ unsigned int j;
++
++ if (unicode_display == unicode_default)
++ goto invalid;
++
++ if (in[0] < 0xc0)
++ goto invalid;
++
++ if ((in[1] & 0xc0) != 0x80)
++ goto invalid;
++
++ if ((in[0] & 0x20) == 0)
++ {
++ nchars = 2;
++ goto valid;
++ }
++
++ if ((in[2] & 0xc0) != 0x80)
++ goto invalid;
++
++ if ((in[0] & 0x10) == 0)
++ {
++ nchars = 3;
++ goto valid;
++ }
++
++ if ((in[3] & 0xc0) != 0x80)
++ goto invalid;
++
++ nchars = 4;
++
++ valid:
++ switch (unicode_display)
++ {
++ case unicode_locale:
++ /* Copy the bytes into the output buffer as is. */
++ memcpy (out, in, nchars);
++ out += nchars;
++ break;
++
++ case unicode_invalid:
++ case unicode_hex:
++ out += sprintf (out, "%c", unicode_display == unicode_hex ? '<' : '{');
++ out += sprintf (out, "0x");
++ for (j = 0; j < nchars; j++)
++ out += sprintf (out, "%02x", in [j]);
++ out += sprintf (out, "%c", unicode_display == unicode_hex ? '>' : '}');
++ break;
++
++ case unicode_highlight:
++ if (isatty (1))
++ out += sprintf (out, "\x1B[31;47m"); /* Red. */
++ /* Fall through. */
++ case unicode_escape:
++ switch (nchars)
++ {
++ case 2:
++ out += sprintf (out, "\\u%02x%02x",
++ ((in[0] & 0x1c) >> 2),
++ ((in[0] & 0x03) << 6) | (in[1] & 0x3f));
++ break;
++
++ case 3:
++ out += sprintf (out, "\\u%02x%02x",
++ ((in[0] & 0x0f) << 4) | ((in[1] & 0x3c) >> 2),
++ ((in[1] & 0x03) << 6) | ((in[2] & 0x3f)));
++ break;
++
++ case 4:
++ out += sprintf (out, "\\u%02x%02x%02x",
++ ((in[0] & 0x07) << 6) | ((in[1] & 0x3c) >> 2),
++ ((in[1] & 0x03) << 6) | ((in[2] & 0x3c) >> 2),
++ ((in[2] & 0x03) << 6) | ((in[3] & 0x3f)));
++ break;
++ default:
++ /* URG. */
++ break;
++ }
++
++ if (unicode_display == unicode_highlight && isatty (1))
++ out += sprintf (out, "\033[0m"); /* Default colour. */
++ break;
++
++ default:
++ /* URG */
++ break;
++ }
++
++ * consumed = nchars;
++ return out - orig_out;
++
++ invalid:
++ /* Not a valid UTF-8 sequence. */
++ *out = *in;
++ * consumed = 1;
++ return 1;
++}
++
+ /* Returns a version of IN with any control characters
+ replaced by escape sequences. Uses a static buffer
+- if necessary. */
++ if necessary.
++
++ If unicode display is enabled, then also handles the
++ conversion of unicode characters. */
+
+ static const char *
+ sanitize_string (const char * in)
+@@ -508,40 +636,50 @@ sanitize_string (const char * in)
+ of cases it will not be needed. */
+ do
+ {
+- char c = *in++;
++ unsigned char c = *in++;
+
+ if (c == 0)
+ return original;
+
+ if (ISCNTRL (c))
+ break;
++
++ if (unicode_display != unicode_default && c >= 0xc0)
++ break;
+ }
+ while (1);
+
+ /* Copy the input, translating as needed. */
+ in = original;
+- if (buffer_len < (strlen (in) * 2))
++ if (buffer_len < (strlen (in) * 9))
+ {
+ free ((void *) buffer);
+- buffer_len = strlen (in) * 2;
++ buffer_len = strlen (in) * 9;
+ buffer = xmalloc (buffer_len + 1);
+ }
+
+ out = buffer;
+ do
+ {
+- char c = *in++;
++ unsigned char c = *in++;
+
+ if (c == 0)
+ break;
+
+- if (!ISCNTRL (c))
+- *out++ = c;
+- else
++ if (ISCNTRL (c))
+ {
+ *out++ = '^';
+ *out++ = c + 0x40;
+ }
++ else if (unicode_display != unicode_default && c >= 0xc0)
++ {
++ unsigned int num_consumed;
++
++ out += display_utf8 ((const unsigned char *)(in - 1), out, & num_consumed);
++ in += num_consumed - 1;
++ }
++ else
++ *out++ = c;
+ }
+ while (1);
+
+@@ -4529,6 +4667,24 @@ dump_symbols (bfd *abfd ATTRIBUTE_UNUSED
+ free (alloc);
+ }
+ }
++ else if (unicode_display != unicode_default
++ && name != NULL && *name != '\0')
++ {
++ const char * sanitized_name;
++
++ /* If we want to sanitize the name, we do it here, and
++ temporarily clobber it while calling bfd_print_symbol.
++ FIXME: This is a gross hack. */
++ sanitized_name = sanitize_string (name);
++ if (sanitized_name != name)
++ (*current)->name = sanitized_name;
++ else
++ sanitized_name = NULL;
++ bfd_print_symbol (cur_bfd, stdout, *current,
++ bfd_print_symbol_all);
++ if (sanitized_name != NULL)
++ (*current)->name = name;
++ }
+ else
+ bfd_print_symbol (cur_bfd, stdout, *current,
+ bfd_print_symbol_all);
+@@ -5212,7 +5368,7 @@ main (int argc, char **argv)
+ set_default_bfd_target ();
+
+ while ((c = getopt_long (argc, argv,
+- "pP:ib:m:M:VvCdDlfFaHhrRtTxsSI:j:wE:zgeGW::",
++ "CDE:FGHI:LM:P:RSTU:VW::ab:defghij:lm:prstvwxz",
+ long_options, (int *) 0))
+ != EOF)
+ {
+@@ -5495,6 +5651,23 @@ main (int argc, char **argv)
+ seenflag = true;
+ break;
+
++ case 'U':
++ if (streq (optarg, "default") || streq (optarg, "d"))
++ unicode_display = unicode_default;
++ else if (streq (optarg, "locale") || streq (optarg, "l"))
++ unicode_display = unicode_locale;
++ else if (streq (optarg, "escape") || streq (optarg, "e"))
++ unicode_display = unicode_escape;
++ else if (streq (optarg, "invalid") || streq (optarg, "i"))
++ unicode_display = unicode_invalid;
++ else if (streq (optarg, "hex") || streq (optarg, "x"))
++ unicode_display = unicode_hex;
++ else if (streq (optarg, "highlight") || streq (optarg, "h"))
++ unicode_display = unicode_highlight;
++ else
++ fatal (_("invalid argument to -U/--unicode: %s"), optarg);
++ break;
++
+ case 'H':
+ usage (stdout, 0);
+ /* No need to set seenflag or to break - usage() does not return. */
+diff --git a/binutils/readelf.c b/binutils/readelf.c
+--- a/binutils/readelf.c 2021-12-19 19:00:27.058540065 -0800
++++ b/binutils/readelf.c 2021-12-19 19:27:56.538354462 -0800
+@@ -328,6 +328,19 @@ typedef enum print_mode
+ }
+ print_mode;
+
++typedef enum unicode_display_type
++{
++ unicode_default = 0,
++ unicode_locale,
++ unicode_escape,
++ unicode_hex,
++ unicode_highlight,
++ unicode_invalid
++} unicode_display_type;
++
++static unicode_display_type unicode_display = unicode_default;
++
++
+ /* Versioned symbol info. */
+ enum versioned_symbol_info
+ {
+@@ -632,11 +645,18 @@ print_symbol (signed int width, const ch
+ if (c == 0)
+ break;
+
+- /* Do not print control characters directly as they can affect terminal
+- settings. Such characters usually appear in the names generated
+- by the assembler for local labels. */
+- if (ISCNTRL (c))
++ if (ISPRINT (c))
++ {
++ putchar (c);
++ width_remaining --;
++ num_printed ++;
++ }
++ else if (ISCNTRL (c))
+ {
++ /* Do not print control characters directly as they can affect terminal
++ settings. Such characters usually appear in the names generated
++ by the assembler for local labels. */
++
+ if (width_remaining < 2)
+ break;
+
+@@ -644,11 +664,137 @@ print_symbol (signed int width, const ch
+ width_remaining -= 2;
+ num_printed += 2;
+ }
+- else if (ISPRINT (c))
++ else if (c == 0x7f)
+ {
+- putchar (c);
+- width_remaining --;
+- num_printed ++;
++ if (width_remaining < 5)
++ break;
++ printf ("<DEL>");
++ width_remaining -= 5;
++ num_printed += 5;
++ }
++ else if (unicode_display != unicode_locale
++ && unicode_display != unicode_default)
++ {
++ /* Display unicode characters as something else. */
++ unsigned char bytes[4];
++ bool is_utf8;
++ unsigned int nbytes;
++
++ bytes[0] = c;
++
++ if (bytes[0] < 0xc0)
++ {
++ nbytes = 1;
++ is_utf8 = false;
++ }
++ else
++ {
++ bytes[1] = *symbol++;
++
++ if ((bytes[1] & 0xc0) != 0x80)
++ {
++ is_utf8 = false;
++ /* Do not consume this character. It may only
++ be the first byte in the sequence that was
++ corrupt. */
++ --symbol;
++ nbytes = 1;
++ }
++ else if ((bytes[0] & 0x20) == 0)
++ {
++ is_utf8 = true;
++ nbytes = 2;
++ }
++ else
++ {
++ bytes[2] = *symbol++;
++
++ if ((bytes[2] & 0xc0) != 0x80)
++ {
++ is_utf8 = false;
++ symbol -= 2;
++ nbytes = 1;
++ }
++ else if ((bytes[0] & 0x10) == 0)
++ {
++ is_utf8 = true;
++ nbytes = 3;
++ }
++ else
++ {
++ bytes[3] = *symbol++;
++
++ nbytes = 4;
++
++ if ((bytes[3] & 0xc0) != 0x80)
++ {
++ is_utf8 = false;
++ symbol -= 3;
++ nbytes = 1;
++ }
++ else
++ is_utf8 = true;
++ }
++ }
++ }
++
++ if (unicode_display == unicode_invalid)
++ is_utf8 = false;
++
++ if (unicode_display == unicode_hex || ! is_utf8)
++ {
++ unsigned int i;
++
++ if (width_remaining < (nbytes * 2) + 2)
++ break;
++
++ putchar (is_utf8 ? '<' : '{');
++ printf ("0x");
++ for (i = 0; i < nbytes; i++)
++ printf ("%02x", bytes[i]);
++ putchar (is_utf8 ? '>' : '}');
++ }
++ else
++ {
++ if (unicode_display == unicode_highlight && isatty (1))
++ printf ("\x1B[31;47m"); /* Red. */
++
++ switch (nbytes)
++ {
++ case 2:
++ if (width_remaining < 6)
++ break;
++ printf ("\\u%02x%02x",
++ (bytes[0] & 0x1c) >> 2,
++ ((bytes[0] & 0x03) << 6) | (bytes[1] & 0x3f));
++ break;
++ case 3:
++ if (width_remaining < 6)
++ break;
++ printf ("\\u%02x%02x",
++ ((bytes[0] & 0x0f) << 4) | ((bytes[1] & 0x3c) >> 2),
++ ((bytes[1] & 0x03) << 6) | (bytes[2] & 0x3f));
++ break;
++ case 4:
++ if (width_remaining < 8)
++ break;
++ printf ("\\u%02x%02x%02x",
++ ((bytes[0] & 0x07) << 6) | ((bytes[1] & 0x3c) >> 2),
++ ((bytes[1] & 0x03) << 6) | ((bytes[2] & 0x3c) >> 2),
++ ((bytes[2] & 0x03) << 6) | (bytes[3] & 0x3f));
++
++ break;
++ default:
++ /* URG. */
++ break;
++ }
++
++ if (unicode_display == unicode_highlight && isatty (1))
++ printf ("\033[0m"); /* Default colour. */
++ }
++
++ if (bytes[nbytes - 1] == 0)
++ break;
+ }
+ else
+ {
+@@ -4668,6 +4814,7 @@ static struct option options[] =
+ {"syms", no_argument, 0, 's'},
+ {"silent-truncation",no_argument, 0, 'T'},
+ {"section-details", no_argument, 0, 't'},
++ {"unicode", required_argument, NULL, 'U'},
+ {"unwind", no_argument, 0, 'u'},
+ {"version-info", no_argument, 0, 'V'},
+ {"version", no_argument, 0, 'v'},
+@@ -4744,6 +4891,12 @@ usage (FILE * stream)
+ fprintf (stream, _("\
+ --no-recurse-limit Disable a demangling recursion limit\n"));
+ fprintf (stream, _("\
++ -U[dlexhi] --unicode=[default|locale|escape|hex|highlight|invalid]\n\
++ Display unicode characters as determined by the current locale\n\
++ (default), escape sequences, \"<hex sequences>\", highlighted\n\
++ escape sequences, or treat them as invalid and display as\n\
++ \"{hex sequences}\"\n"));
++ fprintf (stream, _("\
+ -n --notes Display the core notes (if present)\n"));
+ fprintf (stream, _("\
+ -r --relocs Display the relocations (if present)\n"));
+@@ -4928,7 +5081,7 @@ parse_args (struct dump_data *dumpdata,
+ usage (stderr);
+
+ while ((c = getopt_long
+- (argc, argv, "ACDHILNPR:STVWacdeghi:lnp:rstuvw::x:z", options, NULL)) != EOF)
++ (argc, argv, "ACDHILNPR:STU:VWacdeghi:lnp:rstuvw::x:z", options, NULL)) != EOF)
+ {
+ switch (c)
+ {
+@@ -5130,6 +5283,25 @@ parse_args (struct dump_data *dumpdata,
+ /* Ignored for backward compatibility. */
+ break;
+
++ case 'U':
++ if (optarg == NULL)
++ error (_("Missing arg to -U/--unicode")); /* Can this happen ? */
++ else if (streq (optarg, "default") || streq (optarg, "d"))
++ unicode_display = unicode_default;
++ else if (streq (optarg, "locale") || streq (optarg, "l"))
++ unicode_display = unicode_locale;
++ else if (streq (optarg, "escape") || streq (optarg, "e"))
++ unicode_display = unicode_escape;
++ else if (streq (optarg, "invalid") || streq (optarg, "i"))
++ unicode_display = unicode_invalid;
++ else if (streq (optarg, "hex") || streq (optarg, "x"))
++ unicode_display = unicode_hex;
++ else if (streq (optarg, "highlight") || streq (optarg, "h"))
++ unicode_display = unicode_highlight;
++ else
++ error (_("invalid argument to -U/--unicode: %s"), optarg);
++ break;
++
+ case OPTION_SYM_BASE:
+ sym_base = 0;
+ if (optarg != NULL)
+diff --git a/binutils/strings.c b/binutils/strings.c
+--- a/binutils/strings.c 2021-12-19 19:00:27.058540065 -0800
++++ b/binutils/strings.c 2021-12-19 19:48:26.205313218 -0800
+@@ -55,6 +55,19 @@
+ -T {bfdname}
+ Specify a non-default object file format.
+
++ --unicode={default|locale|invalid|hex|escape|highlight}
++ -u {d|l|i|x|e|h}
++ Determine how to handle UTF-8 unicode characters. The default
++ is no special treatment. All other versions of this option
++ only apply if the encoding is valid and enabling the option
++ implies --encoding=S.
++ The 'locale' option displays the characters according to the
++ current locale. The 'invalid' option treats them as
++ non-string characters. The 'hex' option displays them as hex
++ byte sequences. The 'escape' option displays them as escape
++ sequences and the 'highlight' option displays them as
++ coloured escape sequences.
++
+ --output-separator=sep_string
+ -s sep_string String used to separate parsed strings in output.
+ Default is newline.
+@@ -76,6 +89,22 @@
+ #include "safe-ctype.h"
+ #include "bucomm.h"
+
++#ifndef streq
++#define streq(a,b) (strcmp ((a),(b)) == 0)
++#endif
++
++typedef enum unicode_display_type
++{
++ unicode_default = 0,
++ unicode_locale,
++ unicode_escape,
++ unicode_hex,
++ unicode_highlight,
++ unicode_invalid
++} unicode_display_type;
++
++static unicode_display_type unicode_display = unicode_default;
++
+ #define STRING_ISGRAPHIC(c) \
+ ( (c) >= 0 \
+ && (c) <= 255 \
+@@ -94,7 +123,7 @@ extern int errno;
+ static int address_radix;
+
+ /* Minimum length of sequence of graphic chars to trigger output. */
+-static int string_min;
++static unsigned int string_min;
+
+ /* Whether or not we include all whitespace as a graphic char. */
+ static bool include_all_whitespace;
+@@ -121,21 +150,22 @@ static char *output_separator;
+ static struct option long_options[] =
+ {
+ {"all", no_argument, NULL, 'a'},
++ {"bytes", required_argument, NULL, 'n'},
+ {"data", no_argument, NULL, 'd'},
++ {"encoding", required_argument, NULL, 'e'},
++ {"help", no_argument, NULL, 'h'},
++ {"include-all-whitespace", no_argument, NULL, 'w'},
++ {"output-separator", required_argument, NULL, 's'},
+ {"print-file-name", no_argument, NULL, 'f'},
+- {"bytes", required_argument, NULL, 'n'},
+ {"radix", required_argument, NULL, 't'},
+- {"include-all-whitespace", no_argument, NULL, 'w'},
+- {"encoding", required_argument, NULL, 'e'},
+ {"target", required_argument, NULL, 'T'},
+- {"output-separator", required_argument, NULL, 's'},
+- {"help", no_argument, NULL, 'h'},
++ {"unicode", required_argument, NULL, 'U'},
+ {"version", no_argument, NULL, 'v'},
+ {NULL, 0, NULL, 0}
+ };
+
+ static bool strings_file (char *);
+-static void print_strings (const char *, FILE *, file_ptr, int, int, char *);
++static void print_strings (const char *, FILE *, file_ptr, int, char *);
+ static void usage (FILE *, int) ATTRIBUTE_NORETURN;
+
+ int main (int, char **);
+@@ -171,7 +201,7 @@ main (int argc, char **argv)
+ encoding = 's';
+ output_separator = NULL;
+
+- while ((optc = getopt_long (argc, argv, "adfhHn:wot:e:T:s:Vv0123456789",
++ while ((optc = getopt_long (argc, argv, "adfhHn:wot:e:T:s:U:Vv0123456789",
+ long_options, (int *) 0)) != EOF)
+ {
+ switch (optc)
+@@ -244,6 +274,23 @@ main (int argc, char **argv)
+ output_separator = optarg;
+ break;
+
++ case 'U':
++ if (streq (optarg, "default") || streq (optarg, "d"))
++ unicode_display = unicode_default;
++ else if (streq (optarg, "locale") || streq (optarg, "l"))
++ unicode_display = unicode_locale;
++ else if (streq (optarg, "escape") || streq (optarg, "e"))
++ unicode_display = unicode_escape;
++ else if (streq (optarg, "invalid") || streq (optarg, "i"))
++ unicode_display = unicode_invalid;
++ else if (streq (optarg, "hex") || streq (optarg, "x"))
++ unicode_display = unicode_hex;
++ else if (streq (optarg, "highlight") || streq (optarg, "h"))
++ unicode_display = unicode_highlight;
++ else
++ fatal (_("invalid argument to -U/--unicode: %s"), optarg);
++ break;
++
+ case 'V':
+ case 'v':
+ print_version ("strings");
+@@ -258,6 +305,9 @@ main (int argc, char **argv)
+ }
+ }
+
++ if (unicode_display != unicode_default)
++ encoding = 'S';
++
+ if (numeric_opt != 0)
+ {
+ string_min = (int) strtoul (argv[numeric_opt - 1] + 1, &s, 0);
+@@ -293,14 +343,14 @@ main (int argc, char **argv)
+ {
+ datasection_only = false;
+ SET_BINARY (fileno (stdin));
+- print_strings ("{standard input}", stdin, 0, 0, 0, (char *) NULL);
++ print_strings ("{standard input}", stdin, 0, 0, (char *) NULL);
+ files_given = true;
+ }
+ else
+ {
+ for (; optind < argc; ++optind)
+ {
+- if (strcmp (argv[optind], "-") == 0)
++ if (streq (argv[optind], "-"))
+ datasection_only = false;
+ else
+ {
+@@ -342,7 +392,7 @@ strings_a_section (bfd *abfd, asection *
+ }
+
+ *got_a_section = true;
+- print_strings (filename, NULL, sect->filepos, 0, sectsize, (char *) mem);
++ print_strings (filename, NULL, sect->filepos, sectsize, (char *) mem);
+ free (mem);
+ }
+
+@@ -427,7 +477,7 @@ strings_file (char *file)
+ return false;
+ }
+
+- print_strings (file, stream, (file_ptr) 0, 0, 0, (char *) 0);
++ print_strings (file, stream, (file_ptr) 0, 0, (char *) NULL);
+
+ if (fclose (stream) == EOF)
+ {
+@@ -551,6 +601,626 @@ unget_part_char (long c, file_ptr *addre
+ }
+ }
+ }
++
++static void
++print_filename_and_address (const char * filename, file_ptr address)
++{
++ if (print_filenames)
++ printf ("%s: ", filename);
++
++ if (! print_addresses)
++ return;
++
++ switch (address_radix)
++ {
++ case 8:
++ if (sizeof (address) > sizeof (long))
++ {
++#ifndef __MSVCRT__
++ printf ("%7llo ", (unsigned long long) address);
++#else
++ printf ("%7I64o ", (unsigned long long) address);
++#endif
++ }
++ else
++ printf ("%7lo ", (unsigned long) address);
++ break;
++
++ case 10:
++ if (sizeof (address) > sizeof (long))
++ {
++#ifndef __MSVCRT__
++ printf ("%7llu ", (unsigned long long) address);
++#else
++ printf ("%7I64d ", (unsigned long long) address);
++#endif
++ }
++ else
++ printf ("%7ld ", (long) address);
++ break;
++
++ case 16:
++ if (sizeof (address) > sizeof (long))
++ {
++#ifndef __MSVCRT__
++ printf ("%7llx ", (unsigned long long) address);
++#else
++ printf ("%7I64x ", (unsigned long long) address);
++#endif
++ }
++ else
++ printf ("%7lx ", (unsigned long) address);
++ break;
++ }
++}
++
++/* Return non-zero if the bytes starting at BUFFER form a valid UTF-8 encoding.
++ If the encoding is valid then returns the number of bytes it uses. */
++
++static unsigned int
++is_valid_utf8 (const unsigned char * buffer, unsigned long buflen)
++{
++ if (buffer[0] < 0xc0)
++ return 0;
++
++ if (buflen < 2)
++ return 0;
++
++ if ((buffer[1] & 0xc0) != 0x80)
++ return 0;
++
++ if ((buffer[0] & 0x20) == 0)
++ return 2;
++
++ if (buflen < 3)
++ return 0;
++
++ if ((buffer[2] & 0xc0) != 0x80)
++ return 0;
++
++ if ((buffer[0] & 0x10) == 0)
++ return 3;
++
++ if (buflen < 4)
++ return 0;
++
++ if ((buffer[3] & 0xc0) != 0x80)
++ return 0;
++
++ return 4;
++}
++
++/* Display a UTF-8 encoded character in BUFFER according to the setting
++ of unicode_display. The character is known to be valid.
++ Returns the number of bytes consumed. */
++
++static unsigned int
++display_utf8_char (const unsigned char * buffer)
++{
++ unsigned int j;
++ unsigned int utf8_len;
++
++ switch (buffer[0] & 0x30)
++ {
++ case 0x00:
++ case 0x10:
++ utf8_len = 2;
++ break;
++ case 0x20:
++ utf8_len = 3;
++ break;
++ default:
++ utf8_len = 4;
++ }
++
++ switch (unicode_display)
++ {
++ default:
++ fprintf (stderr, "ICE: unexpected unicode display type\n");
++ break;
++
++ case unicode_escape:
++ case unicode_highlight:
++ if (unicode_display == unicode_highlight && isatty (1))
++ printf ("\x1B[31;47m"); /* Red. */
++
++ switch (utf8_len)
++ {
++ case 2:
++ printf ("\\u%02x%02x",
++ ((buffer[0] & 0x1c) >> 2),
++ ((buffer[0] & 0x03) << 6) | (buffer[1] & 0x3f));
++ break;
++
++ case 3:
++ printf ("\\u%02x%02x",
++ ((buffer[0] & 0x0f) << 4) | ((buffer[1] & 0x3c) >> 2),
++ ((buffer[1] & 0x03) << 6) | ((buffer[2] & 0x3f)));
++ break;
++
++ case 4:
++ printf ("\\u%02x%02x%02x",
++ ((buffer[0] & 0x07) << 6) | ((buffer[1] & 0x3c) >> 2),
++ ((buffer[1] & 0x03) << 6) | ((buffer[2] & 0x3c) >> 2),
++ ((buffer[2] & 0x03) << 6) | ((buffer[3] & 0x3f)));
++ break;
++ default:
++ /* URG. */
++ break;
++ }
++
++ if (unicode_display == unicode_highlight && isatty (1))
++ printf ("\033[0m"); /* Default colour. */
++ break;
++
++ case unicode_hex:
++ putchar ('<');
++ printf ("0x");
++ for (j = 0; j < utf8_len; j++)
++ printf ("%02x", buffer [j]);
++ putchar ('>');
++ break;
++
++ case unicode_locale:
++ printf ("%.1s", buffer);
++ break;
++ }
++
++ return utf8_len;
++}
++
++/* Display strings in BUFFER. Treat any UTF-8 encoded characters encountered
++ according to the setting of the unicode_display variable. The buffer
++ contains BUFLEN bytes.
++
++ Display the characters as if they started at ADDRESS and are contained in
++ FILENAME. */
++
++static void
++print_unicode_buffer (const char * filename,
++ file_ptr address,
++ const unsigned char * buffer,
++ unsigned long buflen)
++{
++ /* Paranoia checks... */
++ if (filename == NULL
++ || buffer == NULL
++ || unicode_display == unicode_default
++ || encoding != 'S'
++ || encoding_bytes != 1)
++ {
++ fprintf (stderr, "ICE: bad arguments to print_unicode_buffer\n");
++ return;
++ }
++
++ if (buflen == 0)
++ return;
++
++ /* We must only display strings that are at least string_min *characters*
++ long. So we scan the buffer in two stages. First we locate the start
++ of a potential string. Then we walk along it until we have found
++ string_min characters. Then we go back to the start point and start
++ displaying characters according to the unicode_display setting. */
++
++ unsigned long start_point = 0;
++ unsigned long i = 0;
++ unsigned int char_len = 1;
++ unsigned int num_found = 0;
++
++ for (i = 0; i < buflen; i += char_len)
++ {
++ int c = buffer[i];
++
++ char_len = 1;
++
++ /* Find the first potential character of a string. */
++ if (! STRING_ISGRAPHIC (c))
++ {
++ num_found = 0;
++ continue;
++ }
++
++ if (c > 126)
++ {
++ if (c < 0xc0)
++ {
++ num_found = 0;
++ continue;
++ }
++
++ if ((char_len = is_valid_utf8 (buffer + i, buflen - i)) == 0)
++ {
++ char_len = 1;
++ num_found = 0;
++ continue;
++ }
++
++ if (unicode_display == unicode_invalid)
++ {
++ /* We have found a valid UTF-8 character, but we treat it as non-graphic. */
++ num_found = 0;
++ continue;
++ }
++ }
++
++ if (num_found == 0)
++ /* We have found a potential starting point for a string. */
++ start_point = i;
++
++ ++ num_found;
++
++ if (num_found >= string_min)
++ break;
++ }
++
++ if (num_found < string_min)
++ return;
++
++ print_filename_and_address (filename, address + start_point);
++
++ /* We have found string_min characters. Display them and any
++ more that follow. */
++ for (i = start_point; i < buflen; i += char_len)
++ {
++ int c = buffer[i];
++
++ char_len = 1;
++
++ if (! STRING_ISGRAPHIC (c))
++ break;
++ else if (c < 127)
++ putchar (c);
++ else if (! is_valid_utf8 (buffer + i, buflen - i))
++ break;
++ else if (unicode_display == unicode_invalid)
++ break;
++ else
++ char_len = display_utf8_char (buffer + i);
++ }
++
++ if (output_separator)
++ fputs (output_separator, stdout);
++ else
++ putchar ('\n');
++
++ /* FIXME: Using tail recursion here is lazy programming... */
++ print_unicode_buffer (filename, address + i, buffer + i, buflen - i);
++}
++
++static int
++get_unicode_byte (FILE * stream,
++ unsigned char * putback,
++ unsigned int * num_putback,
++ unsigned int * num_read)
++{
++ if (* num_putback > 0)
++ {
++ * num_putback = * num_putback - 1;
++ return putback [* num_putback];
++ }
++
++ * num_read = * num_read + 1;
++
++#if defined(HAVE_GETC_UNLOCKED) && HAVE_DECL_GETC_UNLOCKED
++ return getc_unlocked (stream);
++#else
++ return getc (stream);
++#endif
++}
++
++/* Helper function for print_unicode_stream. */
++
++static void
++print_unicode_stream_body (const char * filename,
++ file_ptr address,
++ FILE * stream,
++ unsigned char * putback_buf,
++ unsigned int num_putback,
++ unsigned char * print_buf)
++{
++ /* It would be nice if we could just read the stream into a buffer
++ and then process if with print_unicode_buffer. But the input
++ might be huge or it might time-locked (eg stdin). So instead
++ we go one byte at a time... */
++
++ file_ptr start_point = 0;
++ unsigned int num_read = 0;
++ unsigned int num_chars = 0;
++ unsigned int num_print = 0;
++ int c = 0;
++
++ /* Find a series of string_min characters. Put them into print_buf. */
++ do
++ {
++ if (num_chars >= string_min)
++ break;
++
++ c = get_unicode_byte (stream, putback_buf, & num_putback, & num_read);
++ if (c == EOF)
++ break;
++
++ if (! STRING_ISGRAPHIC (c))
++ {
++ num_chars = num_print = 0;
++ continue;
++ }
++
++ if (num_chars == 0)
++ start_point = num_read - 1;
++
++ if (c < 127)
++ {
++ print_buf[num_print] = c;
++ num_chars ++;
++ num_print ++;
++ continue;
++ }
++
++ if (c < 0xc0)
++ {
++ num_chars = num_print = 0;
++ continue;
++ }
++
++ /* We *might* have a UTF-8 sequence. Time to start peeking. */
++ char utf8[4];
++
++ utf8[0] = c;
++ c = get_unicode_byte (stream, putback_buf, & num_putback, & num_read);
++ if (c == EOF)
++ break;
++ utf8[1] = c;
++
++ if ((utf8[1] & 0xc0) != 0x80)
++ {
++ /* Invalid UTF-8. */
++ putback_buf[num_putback++] = utf8[1];
++ num_chars = num_print = 0;
++ continue;
++ }
++ else if ((utf8[0] & 0x20) == 0)
++ {
++ /* A valid 2-byte UTF-8 encoding. */
++ if (unicode_display == unicode_invalid)
++ {
++ putback_buf[num_putback++] = utf8[1];
++ num_chars = num_print = 0;
++ }
++ else
++ {
++ print_buf[num_print ++] = utf8[0];
++ print_buf[num_print ++] = utf8[1];
++ num_chars ++;
++ }
++ continue;
++ }
++
++ c = get_unicode_byte (stream, putback_buf, & num_putback, & num_read);
++ if (c == EOF)
++ break;
++ utf8[2] = c;
++
++ if ((utf8[2] & 0xc0) != 0x80)
++ {
++ /* Invalid UTF-8. */
++ putback_buf[num_putback++] = utf8[2];
++ putback_buf[num_putback++] = utf8[1];
++ num_chars = num_print = 0;
++ continue;
++ }
++ else if ((utf8[0] & 0x10) == 0)
++ {
++ /* A valid 3-byte UTF-8 encoding. */
++ if (unicode_display == unicode_invalid)
++ {
++ putback_buf[num_putback++] = utf8[2];
++ putback_buf[num_putback++] = utf8[1];
++ num_chars = num_print = 0;
++ }
++ else
++ {
++ print_buf[num_print ++] = utf8[0];
++ print_buf[num_print ++] = utf8[1];
++ print_buf[num_print ++] = utf8[2];
++ num_chars ++;
++ }
++ continue;
++ }
++
++ c = get_unicode_byte (stream, putback_buf, & num_putback, & num_read);
++ if (c == EOF)
++ break;
++ utf8[3] = c;
++
++ if ((utf8[3] & 0xc0) != 0x80)
++ {
++ /* Invalid UTF-8. */
++ putback_buf[num_putback++] = utf8[3];
++ putback_buf[num_putback++] = utf8[2];
++ putback_buf[num_putback++] = utf8[1];
++ num_chars = num_print = 0;
++ }
++ /* We have a valid 4-byte UTF-8 encoding. */
++ else if (unicode_display == unicode_invalid)
++ {
++ putback_buf[num_putback++] = utf8[3];
++ putback_buf[num_putback++] = utf8[1];
++ putback_buf[num_putback++] = utf8[2];
++ num_chars = num_print = 0;
++ }
++ else
++ {
++ print_buf[num_print ++] = utf8[0];
++ print_buf[num_print ++] = utf8[1];
++ print_buf[num_print ++] = utf8[2];
++ print_buf[num_print ++] = utf8[3];
++ num_chars ++;
++ }
++ }
++ while (1);
++
++ if (num_chars >= string_min)
++ {
++ /* We know that we have string_min valid characters in print_buf,
++ and there may be more to come in the stream. Start displaying
++ them. */
++
++ print_filename_and_address (filename, address + start_point);
++
++ unsigned int i;
++ for (i = 0; i < num_print;)
++ {
++ if (print_buf[i] < 127)
++ putchar (print_buf[i++]);
++ else
++ i += display_utf8_char (print_buf + i);
++ }
++
++ /* OK so now we have to start read unchecked bytes. */
++
++ /* Find a series of string_min characters. Put them into print_buf. */
++ do
++ {
++ c = get_unicode_byte (stream, putback_buf, & num_putback, & num_read);
++ if (c == EOF)
++ break;
++
++ if (! STRING_ISGRAPHIC (c))
++ break;
++
++ if (c < 127)
++ {
++ putchar (c);
++ continue;
++ }
++
++ if (c < 0xc0)
++ break;
++
++ /* We *might* have a UTF-8 sequence. Time to start peeking. */
++ unsigned char utf8[4];
++
++ utf8[0] = c;
++ c = get_unicode_byte (stream, putback_buf, & num_putback, & num_read);
++ if (c == EOF)
++ break;
++ utf8[1] = c;
++
++ if ((utf8[1] & 0xc0) != 0x80)
++ {
++ /* Invalid UTF-8. */
++ putback_buf[num_putback++] = utf8[1];
++ break;
++ }
++ else if ((utf8[0] & 0x20) == 0)
++ {
++ /* Valid 2-byte UTF-8. */
++ if (unicode_display == unicode_invalid)
++ {
++ putback_buf[num_putback++] = utf8[1];
++ break;
++ }
++ else
++ {
++ (void) display_utf8_char (utf8);
++ continue;
++ }
++ }
++
++ c = get_unicode_byte (stream, putback_buf, & num_putback, & num_read);
++ if (c == EOF)
++ break;
++ utf8[2] = c;
++
++ if ((utf8[2] & 0xc0) != 0x80)
++ {
++ /* Invalid UTF-8. */
++ putback_buf[num_putback++] = utf8[2];
++ putback_buf[num_putback++] = utf8[1];
++ break;
++ }
++ else if ((utf8[0] & 0x10) == 0)
++ {
++ /* Valid 3-byte UTF-8. */
++ if (unicode_display == unicode_invalid)
++ {
++ putback_buf[num_putback++] = utf8[2];
++ putback_buf[num_putback++] = utf8[1];
++ break;
++ }
++ else
++ {
++ (void) display_utf8_char (utf8);
++ continue;
++ }
++ }
++
++ c = get_unicode_byte (stream, putback_buf, & num_putback, & num_read);
++ if (c == EOF)
++ break;
++ utf8[3] = c;
++
++ if ((utf8[3] & 0xc0) != 0x80)
++ {
++ /* Invalid UTF-8. */
++ putback_buf[num_putback++] = utf8[3];
++ putback_buf[num_putback++] = utf8[2];
++ putback_buf[num_putback++] = utf8[1];
++ break;
++ }
++ else if (unicode_display == unicode_invalid)
++ {
++ putback_buf[num_putback++] = utf8[3];
++ putback_buf[num_putback++] = utf8[2];
++ putback_buf[num_putback++] = utf8[1];
++ break;
++ }
++ else
++ /* A valid 4-byte UTF-8 encoding. */
++ (void) display_utf8_char (utf8);
++ }
++ while (1);
++
++ if (output_separator)
++ fputs (output_separator, stdout);
++ else
++ putchar ('\n');
++ }
++
++ if (c != EOF)
++ /* FIXME: Using tail recursion here is lazy, but it works. */
++ print_unicode_stream_body (filename, address + num_read, stream, putback_buf, num_putback, print_buf);
++}
++
++/* Display strings read in from STREAM. Treat any UTF-8 encoded characters
++ encountered according to the setting of the unicode_display variable.
++ The stream is positioned at ADDRESS and is attached to FILENAME. */
++
++static void
++print_unicode_stream (const char * filename,
++ file_ptr address,
++ FILE * stream)
++{
++ /* Paranoia checks... */
++ if (filename == NULL
++ || stream == NULL
++ || unicode_display == unicode_default
++ || encoding != 'S'
++ || encoding_bytes != 1)
++ {
++ fprintf (stderr, "ICE: bad arguments to print_unicode_stream\n");
++ return;
++ }
++
++ /* Allocate space for string_min 4-byte utf-8 characters. */
++ unsigned char * print_buf = xmalloc ((4 * string_min) + 1);
++ /* We should never have to put back more than 4 bytes. */
++ unsigned char putback_buf[5];
++ unsigned int num_putback = 0;
++
++ print_unicode_stream_body (filename, address, stream, putback_buf, num_putback, print_buf);
++ free (print_buf);
++}
+
+ /* Find the strings in file FILENAME, read from STREAM.
+ Assume that STREAM is positioned so that the next byte read
+@@ -566,20 +1236,29 @@ unget_part_char (long c, file_ptr *addre
+
+ static void
+ print_strings (const char *filename, FILE *stream, file_ptr address,
+- int stop_point, int magiccount, char *magic)
++ int magiccount, char *magic)
+ {
++ if (unicode_display != unicode_default)
++ {
++ if (magic != NULL)
++ print_unicode_buffer (filename, address,
++ (const unsigned char *) magic, magiccount);
++
++ if (stream != NULL)
++ print_unicode_stream (filename, address, stream);
++ return;
++ }
++
+ char *buf = (char *) xmalloc (sizeof (char) * (string_min + 1));
+
+ while (1)
+ {
+ file_ptr start;
+- int i;
++ unsigned int i;
+ long c;
+
+ /* See if the next `string_min' chars are all graphic chars. */
+ tryline:
+- if (stop_point && address >= stop_point)
+- break;
+ start = address;
+ for (i = 0; i < string_min; i++)
+ {
+@@ -601,51 +1280,7 @@ print_strings (const char *filename, FIL
+
+ /* We found a run of `string_min' graphic characters. Print up
+ to the next non-graphic character. */
+-
+- if (print_filenames)
+- printf ("%s: ", filename);
+- if (print_addresses)
+- switch (address_radix)
+- {
+- case 8:
+- if (sizeof (start) > sizeof (long))
+- {
+-#ifndef __MSVCRT__
+- printf ("%7llo ", (unsigned long long) start);
+-#else
+- printf ("%7I64o ", (unsigned long long) start);
+-#endif
+- }
+- else
+- printf ("%7lo ", (unsigned long) start);
+- break;
+-
+- case 10:
+- if (sizeof (start) > sizeof (long))
+- {
+-#ifndef __MSVCRT__
+- printf ("%7llu ", (unsigned long long) start);
+-#else
+- printf ("%7I64d ", (unsigned long long) start);
+-#endif
+- }
+- else
+- printf ("%7ld ", (long) start);
+- break;
+-
+- case 16:
+- if (sizeof (start) > sizeof (long))
+- {
+-#ifndef __MSVCRT__
+- printf ("%7llx ", (unsigned long long) start);
+-#else
+- printf ("%7I64x ", (unsigned long long) start);
+-#endif
+- }
+- else
+- printf ("%7lx ", (unsigned long) start);
+- break;
+- }
++ print_filename_and_address (filename, start);
+
+ buf[i] = '\0';
+ fputs (buf, stdout);
+@@ -697,6 +1332,8 @@ usage (FILE *stream, int status)
+ -T --target=<BFDNAME> Specify the binary file format\n\
+ -e --encoding={s,S,b,l,B,L} Select character size and endianness:\n\
+ s = 7-bit, S = 8-bit, {b,l} = 16-bit, {B,L} = 32-bit\n\
++ --unicode={default|show|invalid|hex|escape|highlight}\n\
++ -u {d|s|i|x|e|h} Specify how to treat UTF-8 encoded unicode characters\n\
+ -s --output-separator=<string> String used to separate strings in output.\n\
+ @<file> Read options from <file>\n\
+ -h --help Display this information\n\
diff --git a/meta/recipes-devtools/binutils/binutils/161e87d12167b1e36193385485c1f6ce92f74f02.patch b/meta/recipes-devtools/binutils/binutils/161e87d12167b1e36193385485c1f6ce92f74f02.patch
new file mode 100644
index 0000000000..8a655af06c
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/161e87d12167b1e36193385485c1f6ce92f74f02.patch
@@ -0,0 +1,247 @@
+From: Alan Modra <amodra@gmail.com>
+Date: Wed, 15 Dec 2021 01:18:42 +0000 (+1030)
+Subject: PR28694, Out-of-bounds write in stab_xcoff_builtin_type
+CVE: CVE-2021-45078
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=161e87d12167b1e36193385485c1f6ce92f74f02]
+
+PR28694, Out-of-bounds write in stab_xcoff_builtin_type
+
+ PR 28694
+ * stabs.c (stab_xcoff_builtin_type): Make typenum unsigned.
+ Negate typenum earlier, simplifying bounds checking. Correct
+ off-by-one indexing. Adjust switch cases.
+---
+
+diff --git a/binutils/stabs.c b/binutils/stabs.c
+index 274bfb0e7fa..83ee3ea5fa4 100644
+--- a/binutils/stabs.c
++++ b/binutils/stabs.c
+@@ -202,7 +202,7 @@ static debug_type stab_find_type (void *, struct stab_handle *, const int *);
+ static bool stab_record_type
+ (void *, struct stab_handle *, const int *, debug_type);
+ static debug_type stab_xcoff_builtin_type
+- (void *, struct stab_handle *, int);
++ (void *, struct stab_handle *, unsigned int);
+ static debug_type stab_find_tagged_type
+ (void *, struct stab_handle *, const char *, int, enum debug_type_kind);
+ static debug_type *stab_demangle_argtypes
+@@ -3496,166 +3496,167 @@ stab_record_type (void *dhandle ATTRIBUTE_UNUSED, struct stab_handle *info,
+
+ static debug_type
+ stab_xcoff_builtin_type (void *dhandle, struct stab_handle *info,
+- int typenum)
++ unsigned int typenum)
+ {
+ debug_type rettype;
+ const char *name;
+
+- if (typenum >= 0 || typenum < -XCOFF_TYPE_COUNT)
++ typenum = -typenum - 1;
++ if (typenum >= XCOFF_TYPE_COUNT)
+ {
+- fprintf (stderr, _("Unrecognized XCOFF type %d\n"), typenum);
++ fprintf (stderr, _("Unrecognized XCOFF type %d\n"), -typenum - 1);
+ return DEBUG_TYPE_NULL;
+ }
+- if (info->xcoff_types[-typenum] != NULL)
+- return info->xcoff_types[-typenum];
++ if (info->xcoff_types[typenum] != NULL)
++ return info->xcoff_types[typenum];
+
+- switch (-typenum)
++ switch (typenum)
+ {
+- case 1:
++ case 0:
+ /* The size of this and all the other types are fixed, defined
+ by the debugging format. */
+ name = "int";
+ rettype = debug_make_int_type (dhandle, 4, false);
+ break;
+- case 2:
++ case 1:
+ name = "char";
+ rettype = debug_make_int_type (dhandle, 1, false);
+ break;
+- case 3:
++ case 2:
+ name = "short";
+ rettype = debug_make_int_type (dhandle, 2, false);
+ break;
+- case 4:
++ case 3:
+ name = "long";
+ rettype = debug_make_int_type (dhandle, 4, false);
+ break;
+- case 5:
++ case 4:
+ name = "unsigned char";
+ rettype = debug_make_int_type (dhandle, 1, true);
+ break;
+- case 6:
++ case 5:
+ name = "signed char";
+ rettype = debug_make_int_type (dhandle, 1, false);
+ break;
+- case 7:
++ case 6:
+ name = "unsigned short";
+ rettype = debug_make_int_type (dhandle, 2, true);
+ break;
+- case 8:
++ case 7:
+ name = "unsigned int";
+ rettype = debug_make_int_type (dhandle, 4, true);
+ break;
+- case 9:
++ case 8:
+ name = "unsigned";
+ rettype = debug_make_int_type (dhandle, 4, true);
+ break;
+- case 10:
++ case 9:
+ name = "unsigned long";
+ rettype = debug_make_int_type (dhandle, 4, true);
+ break;
+- case 11:
++ case 10:
+ name = "void";
+ rettype = debug_make_void_type (dhandle);
+ break;
+- case 12:
++ case 11:
+ /* IEEE single precision (32 bit). */
+ name = "float";
+ rettype = debug_make_float_type (dhandle, 4);
+ break;
+- case 13:
++ case 12:
+ /* IEEE double precision (64 bit). */
+ name = "double";
+ rettype = debug_make_float_type (dhandle, 8);
+ break;
+- case 14:
++ case 13:
+ /* This is an IEEE double on the RS/6000, and different machines
+ with different sizes for "long double" should use different
+ negative type numbers. See stabs.texinfo. */
+ name = "long double";
+ rettype = debug_make_float_type (dhandle, 8);
+ break;
+- case 15:
++ case 14:
+ name = "integer";
+ rettype = debug_make_int_type (dhandle, 4, false);
+ break;
+- case 16:
++ case 15:
+ name = "boolean";
+ rettype = debug_make_bool_type (dhandle, 4);
+ break;
+- case 17:
++ case 16:
+ name = "short real";
+ rettype = debug_make_float_type (dhandle, 4);
+ break;
+- case 18:
++ case 17:
+ name = "real";
+ rettype = debug_make_float_type (dhandle, 8);
+ break;
+- case 19:
++ case 18:
+ /* FIXME */
+ name = "stringptr";
+ rettype = NULL;
+ break;
+- case 20:
++ case 19:
+ /* FIXME */
+ name = "character";
+ rettype = debug_make_int_type (dhandle, 1, true);
+ break;
+- case 21:
++ case 20:
+ name = "logical*1";
+ rettype = debug_make_bool_type (dhandle, 1);
+ break;
+- case 22:
++ case 21:
+ name = "logical*2";
+ rettype = debug_make_bool_type (dhandle, 2);
+ break;
+- case 23:
++ case 22:
+ name = "logical*4";
+ rettype = debug_make_bool_type (dhandle, 4);
+ break;
+- case 24:
++ case 23:
+ name = "logical";
+ rettype = debug_make_bool_type (dhandle, 4);
+ break;
+- case 25:
++ case 24:
+ /* Complex type consisting of two IEEE single precision values. */
+ name = "complex";
+ rettype = debug_make_complex_type (dhandle, 8);
+ break;
+- case 26:
++ case 25:
+ /* Complex type consisting of two IEEE double precision values. */
+ name = "double complex";
+ rettype = debug_make_complex_type (dhandle, 16);
+ break;
+- case 27:
++ case 26:
+ name = "integer*1";
+ rettype = debug_make_int_type (dhandle, 1, false);
+ break;
+- case 28:
++ case 27:
+ name = "integer*2";
+ rettype = debug_make_int_type (dhandle, 2, false);
+ break;
+- case 29:
++ case 28:
+ name = "integer*4";
+ rettype = debug_make_int_type (dhandle, 4, false);
+ break;
+- case 30:
++ case 29:
+ /* FIXME */
+ name = "wchar";
+ rettype = debug_make_int_type (dhandle, 2, false);
+ break;
+- case 31:
++ case 30:
+ name = "long long";
+ rettype = debug_make_int_type (dhandle, 8, false);
+ break;
+- case 32:
++ case 31:
+ name = "unsigned long long";
+ rettype = debug_make_int_type (dhandle, 8, true);
+ break;
+- case 33:
++ case 32:
+ name = "logical*8";
+ rettype = debug_make_bool_type (dhandle, 8);
+ break;
+- case 34:
++ case 33:
+ name = "integer*8";
+ rettype = debug_make_int_type (dhandle, 8, false);
+ break;
+@@ -3664,9 +3665,7 @@ stab_xcoff_builtin_type (void *dhandle, struct stab_handle *info,
+ }
+
+ rettype = debug_name_type (dhandle, name, rettype);
+-
+- info->xcoff_types[-typenum] = rettype;
+-
++ info->xcoff_types[typenum] = rettype;
+ return rettype;
+ }
+
diff --git a/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb b/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb
index 974faa3b3f..413c9b9499 100644
--- a/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb
+++ b/meta/recipes-devtools/bootchart2/bootchart2_0.14.9.bb
@@ -90,7 +90,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=44ac4678311254db62edf8fd39cb8124"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+(\.\d+)*)"
-SRC_URI = "git://github.com/xrmx/bootchart.git \
+SRC_URI = "git://github.com/xrmx/bootchart.git;branch=master;protocol=https \
file://bootchartd_stop.sh \
file://0001-collector-Allocate-space-on-heap-for-chunks.patch \
file://0001-bootchart2-support-usrmerge.patch \
@@ -99,6 +99,10 @@ SRC_URI = "git://github.com/xrmx/bootchart.git \
S = "${WORKDIR}/git"
SRCREV = "868a2afab9da34f32c007d773b77253c93104636"
+# remove at next version upgrade or when output changes
+PR = "r1"
+HASHEQUIV_HASH_VERSION .= ".1"
+
inherit systemd update-rc.d python3native update-alternatives
ALTERNATIVE:${PN} = "bootchartd"
@@ -131,7 +135,7 @@ do_install () {
export PKGLIBDIR="${base_libdir}/bootchart"
export SYSTEMD_UNIT_DIR="${systemd_system_unitdir}"
- oe_runmake install
+ oe_runmake install NO_PYTHON_COMPILE=1
install -d ${D}${sysconfdir}/init.d
install -m 0755 ${WORKDIR}/bootchartd_stop.sh ${D}${sysconfdir}/init.d
@@ -146,7 +150,7 @@ do_install () {
PACKAGES =+ "pybootchartgui"
FILES:pybootchartgui += "${PYTHON_SITEPACKAGES_DIR}/pybootchartgui ${bindir}/pybootchartgui"
-RDEPENDS:pybootchartgui = "python3-pycairo python3-compression python3-image python3-shell python3-compression python3-codecs"
+RDEPENDS:pybootchartgui = "python3-pycairo python3-compression python3-image python3-math python3-shell python3-compression python3-codecs"
RDEPENDS:${PN}:class-target += "${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'sysvinit-pidof', 'procps', d)}"
RDEPENDS:${PN}:class-target += "lsb-release"
DEPENDS:append:class-native = " python3-pycairo-native"
diff --git a/meta/recipes-devtools/btrfs-tools/btrfs-tools_5.13.1.bb b/meta/recipes-devtools/btrfs-tools/btrfs-tools_5.13.1.bb
index 5288978943..9b28528ad9 100644
--- a/meta/recipes-devtools/btrfs-tools/btrfs-tools_5.13.1.bb
+++ b/meta/recipes-devtools/btrfs-tools/btrfs-tools_5.13.1.bb
@@ -16,7 +16,7 @@ SECTION = "base"
DEPENDS = "lzo util-linux zlib"
DEPENDS:append:class-target = " udev"
-SRC_URI = "git://git.kernel.org/pub/scm/linux/kernel/git/kdave/btrfs-progs.git \
+SRC_URI = "git://git.kernel.org/pub/scm/linux/kernel/git/kdave/btrfs-progs.git;branch=master \
file://0001-Add-a-possibility-to-specify-where-python-modules-ar.patch \
file://0001-btrfs-tools-include-linux-const.h-to-fix-build-with-.patch \
"
diff --git a/meta/recipes-devtools/createrepo-c/createrepo-c_0.17.4.bb b/meta/recipes-devtools/createrepo-c/createrepo-c_0.17.4.bb
index 500b508d72..7a9656bf86 100644
--- a/meta/recipes-devtools/createrepo-c/createrepo-c_0.17.4.bb
+++ b/meta/recipes-devtools/createrepo-c/createrepo-c_0.17.4.bb
@@ -4,7 +4,7 @@ HOMEPAGE = "https://github.com/rpm-software-management/createrepo_c/wiki"
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
-SRC_URI = "git://github.com/rpm-software-management/createrepo_c \
+SRC_URI = "git://github.com/rpm-software-management/createrepo_c;branch=master;protocol=https \
file://0001-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch \
"
diff --git a/meta/recipes-devtools/distcc/distcc_3.4.bb b/meta/recipes-devtools/distcc/distcc_3.4.bb
index 7adf8a8ff6..93983f6aee 100644
--- a/meta/recipes-devtools/distcc/distcc_3.4.bb
+++ b/meta/recipes-devtools/distcc/distcc_3.4.bb
@@ -15,7 +15,7 @@ PACKAGECONFIG[popt] = "--without-included-popt,--with-included-popt,popt"
RRECOMMENDS:${PN}-server = "avahi-daemon"
-SRC_URI = "git://github.com/distcc/distcc.git \
+SRC_URI = "git://github.com/distcc/distcc.git;branch=master;protocol=https \
file://default \
file://distcc \
file://distcc.service \
diff --git a/meta/recipes-devtools/dnf/dnf_4.8.0.bb b/meta/recipes-devtools/dnf/dnf_4.8.0.bb
index f51d74797d..9070077270 100644
--- a/meta/recipes-devtools/dnf/dnf_4.8.0.bb
+++ b/meta/recipes-devtools/dnf/dnf_4.8.0.bb
@@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
file://PACKAGE-LICENSING;md5=4a0548e303dbc77f067335b4d688e745 \
"
-SRC_URI = "git://github.com/rpm-software-management/dnf.git \
+SRC_URI = "git://github.com/rpm-software-management/dnf.git;branch=master;protocol=https \
file://0001-Corretly-install-tmpfiles.d-configuration.patch \
file://0001-Do-not-hardcode-etc-and-systemd-unit-directories.patch \
file://0005-Do-not-prepend-installroot-to-logdir.patch \
diff --git a/meta/recipes-devtools/dpkg/dpkg.inc b/meta/recipes-devtools/dpkg/dpkg.inc
index b6807b004f..74074cfdd7 100644
--- a/meta/recipes-devtools/dpkg/dpkg.inc
+++ b/meta/recipes-devtools/dpkg/dpkg.inc
@@ -15,7 +15,7 @@ inherit autotools gettext perlnative pkgconfig perl-version update-alternatives
PERL:class-native = "${STAGING_BINDIR_NATIVE}/perl-native/perl"
-export PERL_LIBDIR = "${libdir}/perl/${@get_perl_version(d)}"
+export PERL_LIBDIR = "${libdir}/perl5/${@get_perl_version(d)}"
PERL_LIBDIR:class-native = "${libdir}/perl-native/perl/${@get_perl_version(d)}"
EXTRA_OECONF = "\
@@ -66,7 +66,7 @@ FILES:update-alternatives-dpkg = "${bindir}/update-alternatives ${localstatedir}
RPROVIDES:update-alternatives-dpkg += "update-alternatives"
PACKAGES += "${PN}-perl"
-FILES:${PN}-perl = "${libdir}/perl/${@get_perl_version(d)}"
+FILES:${PN}-perl = "${libdir}/perl5/${@get_perl_version(d)}"
RDEPENDS:${PN}-perl += "perl-module-carp perl-module-constant \
perl-module-cwd perl-module-digest \
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs.inc b/meta/recipes-devtools/e2fsprogs/e2fsprogs.inc
index bcffa77db9..a030fa6fa8 100644
--- a/meta/recipes-devtools/e2fsprogs/e2fsprogs.inc
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs.inc
@@ -19,7 +19,7 @@ LIC_FILES_CHKSUM = "file://NOTICE;md5=d50be0580c0b0a7fbc7a4830bbe6c12b \
SECTION = "base"
DEPENDS = "util-linux attr autoconf-archive"
-SRC_URI = "git://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git"
+SRC_URI = "git://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git;branch=master"
S = "${WORKDIR}/git"
inherit autotools gettext texinfo pkgconfig multilib_header update-alternatives ptest
diff --git a/meta/recipes-devtools/erofs-utils/erofs-utils_1.3.bb b/meta/recipes-devtools/erofs-utils/erofs-utils_1.3.bb
index d07d5c4360..77cce2fdaf 100644
--- a/meta/recipes-devtools/erofs-utils/erofs-utils_1.3.bb
+++ b/meta/recipes-devtools/erofs-utils/erofs-utils_1.3.bb
@@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=94fa01670a2a8f2d3ab2de15004e0848"
HOMEPAGE = "https://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs-utils.git/tree/README"
SRCREV = "2cd522105ea771ec30b269cd4c57e2265a4d6349"
-SRC_URI = "git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs-utils.git"
+SRC_URI = "git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs-utils.git;branch=master"
UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>(\d+(\.\d+)+))"
diff --git a/meta/recipes-devtools/file/file_5.40.bb b/meta/recipes-devtools/file/file_5.40.bb
index 32b61f4f39..0360eb5ec7 100644
--- a/meta/recipes-devtools/file/file_5.40.bb
+++ b/meta/recipes-devtools/file/file_5.40.bb
@@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;beginline=2;md5=0251eaec1188b20d9a72c502ecfdd
DEPENDS = "file-replacement-native"
DEPENDS:class-native = "bzip2-replacement-native"
-SRC_URI = "git://github.com/file/file.git"
+SRC_URI = "git://github.com/file/file.git;branch=master;protocol=https"
SRCREV = "f49fda6f52a9477d817dbd9c06afab02daf025f8"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/gcc/gcc-11.2.inc b/meta/recipes-devtools/gcc/gcc-11.2.inc
index 9fd30f52a8..40d2b59354 100644
--- a/meta/recipes-devtools/gcc/gcc-11.2.inc
+++ b/meta/recipes-devtools/gcc/gcc-11.2.inc
@@ -68,6 +68,15 @@ SRC_URI = "\
file://0036-mingw32-Enable-operation_not_supported.patch \
file://0037-libatomic-Do-not-enforce-march-on-aarch64.patch \
file://0041-apply-debug-prefix-maps-before-checksumming-DIEs.patch \
+ file://0001-CVE-2021-35465.patch \
+ file://0002-CVE-2021-35465.patch \
+ file://0003-CVE-2021-35465.patch \
+ file://0004-CVE-2021-35465.patch \
+ file://0001-CVE-2021-42574.patch \
+ file://0002-CVE-2021-42574.patch \
+ file://0003-CVE-2021-42574.patch \
+ file://0004-CVE-2021-42574.patch \
+ file://0001-CVE-2021-46195.patch \
"
SRC_URI[sha256sum] = "d08edc536b54c372a1010ff6619dd274c0f1603aa49212ba20f7aa2cda36fa8b"
@@ -117,3 +126,6 @@ EXTRA_OECONF_PATHS = "\
--with-sysroot=/not/exist \
--with-build-sysroot=${STAGING_DIR_TARGET} \
"
+
+# Is a binutils 2.26 issue, not gcc
+CVE_CHECK_WHITELIST += "CVE-2021-37322"
diff --git a/meta/recipes-devtools/gcc/gcc-target.inc b/meta/recipes-devtools/gcc/gcc-target.inc
index bf55e692e6..bcea75b2fa 100644
--- a/meta/recipes-devtools/gcc/gcc-target.inc
+++ b/meta/recipes-devtools/gcc/gcc-target.inc
@@ -193,7 +193,7 @@ do_install () {
rm -f *c++*
# We don't care about the gcc-<version> ones for this
- rm -f *gcc-?.?*
+ rm -f *gcc-?*.?*
# Not sure why we end up with these but we don't want them...
rm -f ${TARGET_PREFIX}${TARGET_PREFIX}*
diff --git a/meta/recipes-devtools/gcc/gcc/0001-CVE-2021-35465.patch b/meta/recipes-devtools/gcc/gcc/0001-CVE-2021-35465.patch
new file mode 100644
index 0000000000..6b1d4e3fce
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc/0001-CVE-2021-35465.patch
@@ -0,0 +1,138 @@
+From 3929bca9ca95de9d35e82ae8828b188029e3eb70 Mon Sep 17 00:00:00 2001
+From: Richard Earnshaw <rearnsha@arm.com>
+Date: Fri, 11 Jun 2021 16:02:05 +0100
+Subject: [PATCH] arm: Add command-line option for enabling CVE-2021-35465
+ mitigation [PR102035]
+
+Add a new option, -mfix-cmse-cve-2021-35465 and document it. Enable it
+automatically for cortex-m33, cortex-m35p and cortex-m55.
+
+gcc:
+ PR target/102035
+ * config/arm/arm.opt (mfix-cmse-cve-2021-35465): New option.
+ * doc/invoke.texi (Arm Options): Document it.
+ * config/arm/arm-cpus.in (quirk_vlldm): New feature bit.
+ (ALL_QUIRKS): Add quirk_vlldm.
+ (cortex-m33): Add quirk_vlldm.
+ (cortex-m35p, cortex-m55): Likewise.
+ * config/arm/arm.c (arm_option_override): Enable fix_vlldm if
+ targetting an affected CPU and not explicitly controlled on
+ the command line.
+
+CVE: CVE-2021-35465
+Upstream-Status: Backport[https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=3929bca9ca95de9d35e82ae8828b188029e3eb70]
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+
+---
+ gcc/config/arm/arm-cpus.in | 9 +++++++--
+ gcc/config/arm/arm.c | 9 +++++++++
+ gcc/config/arm/arm.opt | 4 ++++
+ gcc/doc/invoke.texi | 9 +++++++++
+ 4 files changed, 29 insertions(+), 2 deletions(-)
+
+diff --git a/gcc/config/arm/arm.c b/gcc/config/arm/arm.c
+--- a/gcc/config/arm/arm.c 2021-11-15 02:13:11.100579812 -0800
++++ b/gcc/config/arm/arm.c 2021-11-15 02:17:36.988237692 -0800
+@@ -3610,6 +3610,15 @@ arm_option_override (void)
+ fix_cm3_ldrd = 0;
+ }
+
++ /* Enable fix_vlldm by default if required. */
++ if (fix_vlldm == 2)
++ {
++ if (bitmap_bit_p (arm_active_target.isa, isa_bit_quirk_vlldm))
++ fix_vlldm = 1;
++ else
++ fix_vlldm = 0;
++ }
++
+ /* Hot/Cold partitioning is not currently supported, since we can't
+ handle literal pool placement in that case. */
+ if (flag_reorder_blocks_and_partition)
+diff --git a/gcc/config/arm/arm-cpus.in b/gcc/config/arm/arm-cpus.in
+--- a/gcc/config/arm/arm-cpus.in 2021-11-15 02:13:11.104579747 -0800
++++ b/gcc/config/arm/arm-cpus.in 2021-11-15 02:17:36.984237757 -0800
+@@ -186,6 +186,9 @@ define feature quirk_armv6kz
+ # Cortex-M3 LDRD quirk.
+ define feature quirk_cm3_ldrd
+
++# v8-m/v8.1-m VLLDM errata.
++define feature quirk_vlldm
++
+ # Don't use .cpu assembly directive
+ define feature quirk_no_asmcpu
+
+@@ -322,7 +325,7 @@ define implied vfp_base MVE MVE_FP ALL_F
+ # architectures.
+ # xscale isn't really a 'quirk', but it isn't an architecture either and we
+ # need to ignore it for matching purposes.
+-define fgroup ALL_QUIRKS quirk_no_volatile_ce quirk_armv6kz quirk_cm3_ldrd xscale quirk_no_asmcpu
++define fgroup ALL_QUIRKS quirk_no_volatile_ce quirk_armv6kz quirk_cm3_ldrd quirk_vlldm xscale quirk_no_asmcpu
+
+ define fgroup IGNORE_FOR_MULTILIB cdecp0 cdecp1 cdecp2 cdecp3 cdecp4 cdecp5 cdecp6 cdecp7
+
+@@ -1570,6 +1573,7 @@ begin cpu cortex-m33
+ architecture armv8-m.main+dsp+fp
+ option nofp remove ALL_FP
+ option nodsp remove armv7em
++ isa quirk_vlldm
+ costs v7m
+ end cpu cortex-m33
+
+@@ -1579,6 +1583,7 @@ begin cpu cortex-m35p
+ architecture armv8-m.main+dsp+fp
+ option nofp remove ALL_FP
+ option nodsp remove armv7em
++ isa quirk_vlldm
+ costs v7m
+ end cpu cortex-m35p
+
+@@ -1590,7 +1595,7 @@ begin cpu cortex-m55
+ option nomve remove mve mve_float
+ option nofp remove ALL_FP mve_float
+ option nodsp remove MVE mve_float
+- isa quirk_no_asmcpu
++ isa quirk_no_asmcpu quirk_vlldm
+ costs v7m
+ vendor 41
+ end cpu cortex-m55
+diff --git a/gcc/config/arm/arm.opt b/gcc/config/arm/arm.opt
+--- a/gcc/config/arm/arm.opt 2021-11-15 02:13:11.104579747 -0800
++++ b/gcc/config/arm/arm.opt 2021-11-15 02:17:36.988237692 -0800
+@@ -268,6 +268,10 @@ Target Var(fix_cm3_ldrd) Init(2)
+ Avoid overlapping destination and address registers on LDRD instructions
+ that may trigger Cortex-M3 errata.
+
++mfix-cmse-cve-2021-35465
++Target Var(fix_vlldm) Init(2)
++Mitigate issues with VLLDM on some M-profile devices (CVE-2021-35465).
++
+ munaligned-access
+ Target Var(unaligned_access) Init(2) Save
+ Enable unaligned word and halfword accesses to packed data.
+diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
+--- a/gcc/doc/invoke.texi 2021-11-15 02:13:11.112579616 -0800
++++ b/gcc/doc/invoke.texi 2021-11-15 02:17:36.996237562 -0800
+@@ -804,6 +804,7 @@ Objective-C and Objective-C++ Dialects}.
+ -mverbose-cost-dump @gol
+ -mpure-code @gol
+ -mcmse @gol
++-mfix-cmse-cve-2021-35465 @gol
+ -mfdpic}
+
+ @emph{AVR Options}
+@@ -20487,6 +20488,14 @@ Generate secure code as per the "ARMv8-M
+ Development Tools Engineering Specification", which can be found on
+ @url{https://developer.arm.com/documentation/ecm0359818/latest/}.
+
++@item -mfix-cmse-cve-2021-35465
++@opindex mfix-cmse-cve-2021-35465
++Mitigate against a potential security issue with the @code{VLLDM} instruction
++in some M-profile devices when using CMSE (CVE-2021-365465). This option is
++enabled by default when the option @option{-mcpu=} is used with
++@code{cortex-m33}, @code{cortex-m35p} or @code{cortex-m55}. The option
++@option{-mno-fix-cmse-cve-2021-35465} can be used to disable the mitigation.
++
+ @item -mfdpic
+ @itemx -mno-fdpic
+ @opindex mfdpic
diff --git a/meta/recipes-devtools/gcc/gcc/0001-CVE-2021-42574.patch b/meta/recipes-devtools/gcc/gcc/0001-CVE-2021-42574.patch
new file mode 100644
index 0000000000..4d680ccc8f
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc/0001-CVE-2021-42574.patch
@@ -0,0 +1,2282 @@
+From bd5e882cf6e0def3dd1bc106075d59a303fe0d1e Mon Sep 17 00:00:00 2001
+From: David Malcolm <dmalcolm@redhat.com>
+Date: Mon, 18 Oct 2021 18:55:31 -0400
+Subject: [PATCH] diagnostics: escape non-ASCII source bytes for certain
+ diagnostics
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+This patch adds support to GCC's diagnostic subsystem for escaping certain
+bytes and Unicode characters when quoting source code.
+
+Specifically, this patch adds a new flag rich_location::m_escape_on_output
+which is a hint from a diagnostic that non-ASCII bytes in the pertinent
+lines of the user's source code should be escaped when printed.
+
+The patch sets this for the following diagnostics:
+- when complaining about stray bytes in the program (when these
+are non-printable)
+- when complaining about "null character(s) ignored");
+- for -Wnormalized= (and generate source ranges for such warnings)
+
+The escaping is controlled by a new option:
+ -fdiagnostics-escape-format=[unicode|bytes]
+
+For example, consider a diagnostic involing a source line containing the
+string "before" followed by the Unicode character U+03C0 ("GREEK SMALL
+LETTER PI", with UTF-8 encoding 0xCF 0x80) followed by the byte 0xBF
+(a stray UTF-8 trailing byte), followed by the string "after", where the
+diagnostic highlights the U+03C0 character.
+
+By default, this line will be printed verbatim to the user when
+reporting a diagnostic at it, as:
+
+ beforeÏXafter
+ ^
+
+(using X for the stray byte to avoid putting invalid UTF-8 in this
+commit message)
+
+If the diagnostic sets the "escape" flag, it will be printed as:
+
+ before<U+03C0><BF>after
+ ^~~~~~~~
+
+with -fdiagnostics-escape-format=unicode (the default), or as:
+
+ before<CF><80><BF>after
+ ^~~~~~~~
+
+if the user supplies -fdiagnostics-escape-format=bytes.
+
+This only affects how the source is printed; it does not affect
+how column numbers that are printed (as per -fdiagnostics-column-unit=
+and -fdiagnostics-column-origin=).
+
+gcc/c-family/ChangeLog:
+ * c-lex.c (c_lex_with_flags): When complaining about non-printable
+ CPP_OTHER tokens, set the "escape on output" flag.
+
+gcc/ChangeLog:
+ * common.opt (fdiagnostics-escape-format=): New.
+ (diagnostics_escape_format): New enum.
+ (DIAGNOSTICS_ESCAPE_FORMAT_UNICODE): New enum value.
+ (DIAGNOSTICS_ESCAPE_FORMAT_BYTES): Likewise.
+ * diagnostic-format-json.cc (json_end_diagnostic): Add
+ "escape-source" attribute.
+ * diagnostic-show-locus.c
+ (exploc_with_display_col::exploc_with_display_col): Replace
+ "tabstop" param with a cpp_char_column_policy and add an "aspect"
+ param. Use these to compute m_display_col accordingly.
+ (struct char_display_policy): New struct.
+ (layout::m_policy): New field.
+ (layout::m_escape_on_output): New field.
+ (def_policy): New function.
+ (make_range): Update for changes to exploc_with_display_col ctor.
+ (default_print_decoded_ch): New.
+ (width_per_escaped_byte): New.
+ (escape_as_bytes_width): New.
+ (escape_as_bytes_print): New.
+ (escape_as_unicode_width): New.
+ (escape_as_unicode_print): New.
+ (make_policy): New.
+ (layout::layout): Initialize new fields. Update m_exploc ctor
+ call for above change to ctor.
+ (layout::maybe_add_location_range): Update for changes to
+ exploc_with_display_col ctor.
+ (layout::calculate_x_offset_display): Update for change to
+ cpp_display_width.
+ (layout::print_source_line): Pass policy
+ to cpp_display_width_computation. Capture cpp_decoded_char when
+ calling process_next_codepoint. Move printing of source code to
+ m_policy.m_print_cb.
+ (line_label::line_label): Pass in policy rather than context.
+ (layout::print_any_labels): Update for change to line_label ctor.
+ (get_affected_range): Pass in policy rather than context, updating
+ calls to location_compute_display_column accordingly.
+ (get_printed_columns): Likewise, also for cpp_display_width.
+ (correction::correction): Pass in policy rather than tabstop.
+ (correction::compute_display_cols): Pass m_policy rather than
+ m_tabstop to cpp_display_width.
+ (correction::m_tabstop): Replace with...
+ (correction::m_policy): ...this.
+ (line_corrections::line_corrections): Pass in policy rather than
+ context.
+ (line_corrections::m_context): Replace with...
+ (line_corrections::m_policy): ...this.
+ (line_corrections::add_hint): Update to use m_policy rather than
+ m_context.
+ (line_corrections::add_hint): Likewise.
+ (layout::print_trailing_fixits): Likewise.
+ (selftest::test_display_widths): New.
+ (selftest::test_layout_x_offset_display_utf8): Update to use
+ policy rather than tabstop.
+ (selftest::test_one_liner_labels_utf8): Add test of escaping
+ source lines.
+ (selftest::test_diagnostic_show_locus_one_liner_utf8): Update to
+ use policy rather than tabstop.
+ (selftest::test_overlapped_fixit_printing): Likewise.
+ (selftest::test_overlapped_fixit_printing_utf8): Likewise.
+ (selftest::test_overlapped_fixit_printing_2): Likewise.
+ (selftest::test_tab_expansion): Likewise.
+ (selftest::test_escaping_bytes_1): New.
+ (selftest::test_escaping_bytes_2): New.
+ (selftest::diagnostic_show_locus_c_tests): Call the new tests.
+ * diagnostic.c (diagnostic_initialize): Initialize
+ context->escape_format.
+ (convert_column_unit): Update to use default character width policy.
+ (selftest::test_diagnostic_get_location_text): Likewise.
+ * diagnostic.h (enum diagnostics_escape_format): New enum.
+ (diagnostic_context::escape_format): New field.
+ * doc/invoke.texi (-fdiagnostics-escape-format=): New option.
+ (-fdiagnostics-format=): Add "escape-source" attribute to examples
+ of JSON output, and document it.
+ * input.c (location_compute_display_column): Pass in "policy"
+ rather than "tabstop", passing to
+ cpp_byte_column_to_display_column.
+ (selftest::test_cpp_utf8): Update to use cpp_char_column_policy.
+ * input.h (class cpp_char_column_policy): New forward decl.
+ (location_compute_display_column): Pass in "policy" rather than
+ "tabstop".
+ * opts.c (common_handle_option): Handle
+ OPT_fdiagnostics_escape_format_.
+ * selftest.c (temp_source_file::temp_source_file): New ctor
+ overload taking a size_t.
+ * selftest.h (temp_source_file::temp_source_file): Likewise.
+
+gcc/testsuite/ChangeLog:
+ * c-c++-common/diagnostic-format-json-1.c: Add regexp to consume
+ "escape-source" attribute.
+ * c-c++-common/diagnostic-format-json-2.c: Likewise.
+ * c-c++-common/diagnostic-format-json-3.c: Likewise.
+ * c-c++-common/diagnostic-format-json-4.c: Likewise, twice.
+ * c-c++-common/diagnostic-format-json-5.c: Likewise.
+ * gcc.dg/cpp/warn-normalized-4-bytes.c: New test.
+ * gcc.dg/cpp/warn-normalized-4-unicode.c: New test.
+ * gcc.dg/encoding-issues-bytes.c: New test.
+ * gcc.dg/encoding-issues-unicode.c: New test.
+ * gfortran.dg/diagnostic-format-json-1.F90: Add regexp to consume
+ "escape-source" attribute.
+ * gfortran.dg/diagnostic-format-json-2.F90: Likewise.
+ * gfortran.dg/diagnostic-format-json-3.F90: Likewise.
+
+libcpp/ChangeLog:
+ * charset.c (convert_escape): Use encoding_rich_location when
+ complaining about nonprintable unknown escape sequences.
+ (cpp_display_width_computation::::cpp_display_width_computation):
+ Pass in policy rather than tabstop.
+ (cpp_display_width_computation::process_next_codepoint): Add "out"
+ param and populate *out if non-NULL.
+ (cpp_display_width_computation::advance_display_cols): Pass NULL
+ to process_next_codepoint.
+ (cpp_byte_column_to_display_column): Pass in policy rather than
+ tabstop. Pass NULL to process_next_codepoint.
+ (cpp_display_column_to_byte_column): Pass in policy rather than
+ tabstop.
+ * errors.c (cpp_diagnostic_get_current_location): New function,
+ splitting out the logic from...
+ (cpp_diagnostic): ...here.
+ (cpp_warning_at): New function.
+ (cpp_pedwarning_at): New function.
+ * include/cpplib.h (cpp_warning_at): New decl for rich_location.
+ (cpp_pedwarning_at): Likewise.
+ (struct cpp_decoded_char): New.
+ (struct cpp_char_column_policy): New.
+ (cpp_display_width_computation::cpp_display_width_computation):
+ Replace "tabstop" param with "policy".
+ (cpp_display_width_computation::process_next_codepoint): Add "out"
+ param.
+ (cpp_display_width_computation::m_tabstop): Replace with...
+ (cpp_display_width_computation::m_policy): ...this.
+ (cpp_byte_column_to_display_column): Replace "tabstop" param with
+ "policy".
+ (cpp_display_width): Likewise.
+ (cpp_display_column_to_byte_column): Likewise.
+ * include/line-map.h (rich_location::escape_on_output_p): New.
+ (rich_location::set_escape_on_output): New.
+ (rich_location::m_escape_on_output): New.
+ * internal.h (cpp_diagnostic_get_current_location): New decl.
+ (class encoding_rich_location): New.
+ * lex.c (skip_whitespace): Use encoding_rich_location when
+ complaining about null characters.
+ (warn_about_normalization): Generate a source range when
+ complaining about improperly normalized tokens, rather than just a
+ point, and use encoding_rich_location so that the source code
+ is escaped on printing.
+ * line-map.c (rich_location::rich_location): Initialize
+ m_escape_on_output.
+
+Signed-off-by: David Malcolm <dmalcolm@redhat.com>
+
+CVE: CVE-2021-42574
+Upstream-Status: Backport [https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=bd5e882cf6e0def3dd1bc106075d59a303fe0d1e]
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+
+---
+ gcc/c-family/c-lex.c | 6 +-
+ gcc/common.opt | 13 +
+ gcc/diagnostic-format-json.cc | 3 +
+ gcc/diagnostic-show-locus.c | 580 +++++++++++++++---
+ gcc/diagnostic.c | 10 +-
+ gcc/diagnostic.h | 18 +
+ gcc/doc/invoke.texi | 43 +-
+ gcc/input.c | 62 +-
+ gcc/input.h | 7 +-
+ gcc/opts.c | 4 +
+ gcc/selftest.c | 15 +
+ gcc/selftest.h | 2 +
+ .../c-c++-common/diagnostic-format-json-1.c | 1 +
+ .../c-c++-common/diagnostic-format-json-2.c | 1 +
+ .../c-c++-common/diagnostic-format-json-3.c | 1 +
+ .../c-c++-common/diagnostic-format-json-4.c | 2 +
+ .../c-c++-common/diagnostic-format-json-5.c | 1 +
+ .../gcc.dg/cpp/warn-normalized-4-bytes.c | 21 +
+ .../gcc.dg/cpp/warn-normalized-4-unicode.c | 19 +
+ gcc/testsuite/gcc.dg/encoding-issues-bytes.c | Bin 0 -> 595 bytes
+ .../gcc.dg/encoding-issues-unicode.c | Bin 0 -> 613 bytes
+ .../gfortran.dg/diagnostic-format-json-1.F90 | 1 +
+ .../gfortran.dg/diagnostic-format-json-2.F90 | 1 +
+ .../gfortran.dg/diagnostic-format-json-3.F90 | 1 +
+ libcpp/charset.c | 63 +-
+ libcpp/errors.c | 82 ++-
+ libcpp/include/cpplib.h | 76 ++-
+ libcpp/include/line-map.h | 13 +
+ libcpp/internal.h | 23 +
+ libcpp/lex.c | 38 +-
+ libcpp/line-map.c | 3 +-
+ 31 files changed, 942 insertions(+), 168 deletions(-)
+ create mode 100644 gcc/testsuite/gcc.dg/cpp/warn-normalized-4-bytes.c
+ create mode 100644 gcc/testsuite/gcc.dg/cpp/warn-normalized-4-unicode.c
+ create mode 100644 gcc/testsuite/gcc.dg/encoding-issues-bytes.c
+ create mode 100644 gcc/testsuite/gcc.dg/encoding-issues-unicode.c
+
+diff --git a/gcc/c-family/c-lex.c b/gcc/c-family/c-lex.c
+--- a/gcc/c-family/c-lex.c 2021-07-27 23:55:06.980283060 -0700
++++ b/gcc/c-family/c-lex.c 2021-12-14 01:16:01.541943272 -0800
+@@ -603,7 +603,11 @@ c_lex_with_flags (tree *value, location_
+ else if (ISGRAPH (c))
+ error_at (*loc, "stray %qc in program", (int) c);
+ else
+- error_at (*loc, "stray %<\\%o%> in program", (int) c);
++ {
++ rich_location rich_loc (line_table, *loc);
++ rich_loc.set_escape_on_output (true);
++ error_at (&rich_loc, "stray %<\\%o%> in program", (int) c);
++ }
+ }
+ goto retry;
+
+diff --git a/gcc/common.opt b/gcc/common.opt
+--- a/gcc/common.opt 2021-12-13 22:08:44.939137107 -0800
++++ b/gcc/common.opt 2021-12-14 01:16:01.541943272 -0800
+@@ -1348,6 +1348,10 @@ fdiagnostics-format=
+ Common Joined RejectNegative Enum(diagnostics_output_format)
+ -fdiagnostics-format=[text|json] Select output format.
+
++fdiagnostics-escape-format=
++Common Joined RejectNegative Enum(diagnostics_escape_format)
++-fdiagnostics-escape-format=[unicode|bytes] Select how to escape non-printable-ASCII bytes in the source for diagnostics that suggest it.
++
+ ; Required for these enum values.
+ SourceInclude
+ diagnostic.h
+@@ -1362,6 +1366,15 @@ EnumValue
+ Enum(diagnostics_column_unit) String(byte) Value(DIAGNOSTICS_COLUMN_UNIT_BYTE)
+
+ Enum
++Name(diagnostics_escape_format) Type(int)
++
++EnumValue
++Enum(diagnostics_escape_format) String(unicode) Value(DIAGNOSTICS_ESCAPE_FORMAT_UNICODE)
++
++EnumValue
++Enum(diagnostics_escape_format) String(bytes) Value(DIAGNOSTICS_ESCAPE_FORMAT_BYTES)
++
++Enum
+ Name(diagnostics_output_format) Type(int)
+
+ EnumValue
+diff --git a/gcc/diagnostic.c b/gcc/diagnostic.c
+--- a/gcc/diagnostic.c 2021-07-27 23:55:07.232286576 -0700
++++ b/gcc/diagnostic.c 2021-12-14 01:16:01.545943202 -0800
+@@ -230,6 +230,7 @@ diagnostic_initialize (diagnostic_contex
+ context->column_unit = DIAGNOSTICS_COLUMN_UNIT_DISPLAY;
+ context->column_origin = 1;
+ context->tabstop = 8;
++ context->escape_format = DIAGNOSTICS_ESCAPE_FORMAT_UNICODE;
+ context->edit_context_ptr = NULL;
+ context->diagnostic_group_nesting_depth = 0;
+ context->diagnostic_group_emission_count = 0;
+@@ -382,7 +383,10 @@ convert_column_unit (enum diagnostics_co
+ gcc_unreachable ();
+
+ case DIAGNOSTICS_COLUMN_UNIT_DISPLAY:
+- return location_compute_display_column (s, tabstop);
++ {
++ cpp_char_column_policy policy (tabstop, cpp_wcwidth);
++ return location_compute_display_column (s, policy);
++ }
+
+ case DIAGNOSTICS_COLUMN_UNIT_BYTE:
+ return s.column;
+@@ -2275,8 +2279,8 @@ test_diagnostic_get_location_text ()
+ const char *const content = "smile \xf0\x9f\x98\x82\n";
+ const int line_bytes = strlen (content) - 1;
+ const int def_tabstop = 8;
+- const int display_width = cpp_display_width (content, line_bytes,
+- def_tabstop);
++ const cpp_char_column_policy policy (def_tabstop, cpp_wcwidth);
++ const int display_width = cpp_display_width (content, line_bytes, policy);
+ ASSERT_EQ (line_bytes - 2, display_width);
+ temp_source_file tmp (SELFTEST_LOCATION, ".c", content);
+ const char *const fname = tmp.get_filename ();
+diff --git a/gcc/diagnostic-format-json.cc b/gcc/diagnostic-format-json.cc
+--- a/gcc/diagnostic-format-json.cc 2021-07-27 23:55:07.232286576 -0700
++++ b/gcc/diagnostic-format-json.cc 2021-12-14 01:16:01.541943272 -0800
+@@ -264,6 +264,9 @@ json_end_diagnostic (diagnostic_context
+ json::value *path_value = context->make_json_for_path (context, path);
+ diag_obj->set ("path", path_value);
+ }
++
++ diag_obj->set ("escape-source",
++ new json::literal (richloc->escape_on_output_p ()));
+ }
+
+ /* No-op implementation of "begin_group_cb" for JSON output. */
+diff --git a/gcc/diagnostic.h b/gcc/diagnostic.h
+--- a/gcc/diagnostic.h 2021-07-27 23:55:07.236286632 -0700
++++ b/gcc/diagnostic.h 2021-12-14 01:16:01.545943202 -0800
+@@ -38,6 +38,20 @@ enum diagnostics_column_unit
+ DIAGNOSTICS_COLUMN_UNIT_BYTE
+ };
+
++/* An enum for controlling how to print non-ASCII characters/bytes when
++ a diagnostic suggests escaping the source code on output. */
++
++enum diagnostics_escape_format
++{
++ /* Escape non-ASCII Unicode characters in the form <U+XXXX> and
++ non-UTF-8 bytes in the form <XX>. */
++ DIAGNOSTICS_ESCAPE_FORMAT_UNICODE,
++
++ /* Escape non-ASCII bytes in the form <XX> (thus showing the underlying
++ encoding of non-ASCII Unicode characters). */
++ DIAGNOSTICS_ESCAPE_FORMAT_BYTES
++};
++
+ /* Enum for overriding the standard output format. */
+
+ enum diagnostics_output_format
+@@ -320,6 +334,10 @@ struct diagnostic_context
+ /* The size of the tabstop for tab expansion. */
+ int tabstop;
+
++ /* How should non-ASCII/non-printable bytes be escaped when
++ a diagnostic suggests escaping the source code on output. */
++ enum diagnostics_escape_format escape_format;
++
+ /* If non-NULL, an edit_context to which fix-it hints should be
+ applied, for generating patches. */
+ edit_context *edit_context_ptr;
+diff --git a/gcc/diagnostic-show-locus.c b/gcc/diagnostic-show-locus.c
+--- a/gcc/diagnostic-show-locus.c 2021-07-27 23:55:07.232286576 -0700
++++ b/gcc/diagnostic-show-locus.c 2021-12-14 01:16:01.545943202 -0800
+@@ -175,10 +175,26 @@ enum column_unit {
+ class exploc_with_display_col : public expanded_location
+ {
+ public:
+- exploc_with_display_col (const expanded_location &exploc, int tabstop)
+- : expanded_location (exploc),
+- m_display_col (location_compute_display_column (exploc, tabstop))
+- {}
++ exploc_with_display_col (const expanded_location &exploc,
++ const cpp_char_column_policy &policy,
++ enum location_aspect aspect)
++ : expanded_location (exploc),
++ m_display_col (location_compute_display_column (exploc, policy))
++ {
++ if (exploc.column > 0)
++ {
++ /* m_display_col is now the final column of the byte.
++ If escaping has happened, we may want the first column instead. */
++ if (aspect != LOCATION_ASPECT_FINISH)
++ {
++ expanded_location prev_exploc (exploc);
++ prev_exploc.column--;
++ int prev_display_col
++ = (location_compute_display_column (prev_exploc, policy));
++ m_display_col = prev_display_col + 1;
++ }
++ }
++ }
+
+ int m_display_col;
+ };
+@@ -313,6 +329,31 @@ test_line_span ()
+
+ #endif /* #if CHECKING_P */
+
++/* A bundle of information containing how to print unicode
++ characters and bytes when quoting source code.
++
++ Provides a unified place to support escaping some subset
++ of characters to some format.
++
++ Extends char_column_policy; printing is split out to avoid
++ libcpp having to know about pretty_printer. */
++
++struct char_display_policy : public cpp_char_column_policy
++{
++ public:
++ char_display_policy (int tabstop,
++ int (*width_cb) (cppchar_t c),
++ void (*print_cb) (pretty_printer *pp,
++ const cpp_decoded_char &cp))
++ : cpp_char_column_policy (tabstop, width_cb),
++ m_print_cb (print_cb)
++ {
++ }
++
++ void (*m_print_cb) (pretty_printer *pp,
++ const cpp_decoded_char &cp);
++};
++
+ /* A class to control the overall layout when printing a diagnostic.
+
+ The layout is determined within the constructor.
+@@ -345,6 +386,8 @@ class layout
+
+ void print_line (linenum_type row);
+
++ void on_bad_codepoint (const char *ptr, cppchar_t ch, size_t ch_sz);
++
+ private:
+ bool will_show_line_p (linenum_type row) const;
+ void print_leading_fixits (linenum_type row);
+@@ -386,6 +429,7 @@ class layout
+ private:
+ diagnostic_context *m_context;
+ pretty_printer *m_pp;
++ char_display_policy m_policy;
+ location_t m_primary_loc;
+ exploc_with_display_col m_exploc;
+ colorizer m_colorizer;
+@@ -398,6 +442,7 @@ class layout
+ auto_vec <line_span> m_line_spans;
+ int m_linenum_width;
+ int m_x_offset_display;
++ bool m_escape_on_output;
+ };
+
+ /* Implementation of "class colorizer". */
+@@ -646,6 +691,11 @@ layout_range::intersects_line_p (linenum
+ /* Default for when we don't care what the tab expansion is set to. */
+ static const int def_tabstop = 8;
+
++static cpp_char_column_policy def_policy ()
++{
++ return cpp_char_column_policy (8, cpp_wcwidth);
++}
++
+ /* Create some expanded locations for testing layout_range. The filename
+ member of the explocs is set to the empty string. This member will only be
+ inspected by the calls to location_compute_display_column() made from the
+@@ -662,10 +712,13 @@ make_range (int start_line, int start_co
+ = {"", start_line, start_col, NULL, false};
+ const expanded_location finish_exploc
+ = {"", end_line, end_col, NULL, false};
+- return layout_range (exploc_with_display_col (start_exploc, def_tabstop),
+- exploc_with_display_col (finish_exploc, def_tabstop),
++ return layout_range (exploc_with_display_col (start_exploc, def_policy (),
++ LOCATION_ASPECT_START),
++ exploc_with_display_col (finish_exploc, def_policy (),
++ LOCATION_ASPECT_FINISH),
+ SHOW_RANGE_WITHOUT_CARET,
+- exploc_with_display_col (start_exploc, def_tabstop),
++ exploc_with_display_col (start_exploc, def_policy (),
++ LOCATION_ASPECT_CARET),
+ 0, NULL);
+ }
+
+@@ -959,6 +1012,164 @@ fixit_cmp (const void *p_a, const void *
+ return hint_a->get_start_loc () - hint_b->get_start_loc ();
+ }
+
++/* Callbacks for use when not escaping the source. */
++
++/* The default callback for char_column_policy::m_width_cb is cpp_wcwidth. */
++
++/* Callback for char_display_policy::m_print_cb for printing source chars
++ when not escaping the source. */
++
++static void
++default_print_decoded_ch (pretty_printer *pp,
++ const cpp_decoded_char &decoded_ch)
++{
++ for (const char *ptr = decoded_ch.m_start_byte;
++ ptr != decoded_ch.m_next_byte; ptr++)
++ {
++ if (*ptr == '\0' || *ptr == '\r')
++ {
++ pp_space (pp);
++ continue;
++ }
++
++ pp_character (pp, *ptr);
++ }
++}
++
++/* Callbacks for use with DIAGNOSTICS_ESCAPE_FORMAT_BYTES. */
++
++static const int width_per_escaped_byte = 4;
++
++/* Callback for char_column_policy::m_width_cb for determining the
++ display width when escaping with DIAGNOSTICS_ESCAPE_FORMAT_BYTES. */
++
++static int
++escape_as_bytes_width (cppchar_t ch)
++{
++ if (ch < 0x80 && ISPRINT (ch))
++ return cpp_wcwidth (ch);
++ else
++ {
++ if (ch <= 0x7F) return 1 * width_per_escaped_byte;
++ if (ch <= 0x7FF) return 2 * width_per_escaped_byte;
++ if (ch <= 0xFFFF) return 3 * width_per_escaped_byte;
++ return 4 * width_per_escaped_byte;
++ }
++}
++
++/* Callback for char_display_policy::m_print_cb for printing source chars
++ when escaping with DIAGNOSTICS_ESCAPE_FORMAT_BYTES. */
++
++static void
++escape_as_bytes_print (pretty_printer *pp,
++ const cpp_decoded_char &decoded_ch)
++{
++ if (!decoded_ch.m_valid_ch)
++ {
++ for (const char *iter = decoded_ch.m_start_byte;
++ iter != decoded_ch.m_next_byte; ++iter)
++ {
++ char buf[16];
++ sprintf (buf, "<%02x>", (unsigned char)*iter);
++ pp_string (pp, buf);
++ }
++ return;
++ }
++
++ cppchar_t ch = decoded_ch.m_ch;
++ if (ch < 0x80 && ISPRINT (ch))
++ pp_character (pp, ch);
++ else
++ {
++ for (const char *iter = decoded_ch.m_start_byte;
++ iter < decoded_ch.m_next_byte; ++iter)
++ {
++ char buf[16];
++ sprintf (buf, "<%02x>", (unsigned char)*iter);
++ pp_string (pp, buf);
++ }
++ }
++}
++
++/* Callbacks for use with DIAGNOSTICS_ESCAPE_FORMAT_UNICODE. */
++
++/* Callback for char_column_policy::m_width_cb for determining the
++ display width when escaping with DIAGNOSTICS_ESCAPE_FORMAT_UNICODE. */
++
++static int
++escape_as_unicode_width (cppchar_t ch)
++{
++ if (ch < 0x80 && ISPRINT (ch))
++ return cpp_wcwidth (ch);
++ else
++ {
++ // Width of "<U+%04x>"
++ if (ch > 0xfffff)
++ return 10;
++ else if (ch > 0xffff)
++ return 9;
++ else
++ return 8;
++ }
++}
++
++/* Callback for char_display_policy::m_print_cb for printing source chars
++ when escaping with DIAGNOSTICS_ESCAPE_FORMAT_UNICODE. */
++
++static void
++escape_as_unicode_print (pretty_printer *pp,
++ const cpp_decoded_char &decoded_ch)
++{
++ if (!decoded_ch.m_valid_ch)
++ {
++ escape_as_bytes_print (pp, decoded_ch);
++ return;
++ }
++
++ cppchar_t ch = decoded_ch.m_ch;
++ if (ch < 0x80 && ISPRINT (ch))
++ pp_character (pp, ch);
++ else
++ {
++ char buf[16];
++ sprintf (buf, "<U+%04X>", ch);
++ pp_string (pp, buf);
++ }
++}
++
++/* Populate a char_display_policy based on DC and RICHLOC. */
++
++static char_display_policy
++make_policy (const diagnostic_context &dc,
++ const rich_location &richloc)
++{
++ /* The default is to not escape non-ASCII bytes. */
++ char_display_policy result
++ (dc.tabstop, cpp_wcwidth, default_print_decoded_ch);
++
++ /* If the diagnostic suggests escaping non-ASCII bytes, then
++ use policy from user-supplied options. */
++ if (richloc.escape_on_output_p ())
++ {
++ result.m_undecoded_byte_width = width_per_escaped_byte;
++ switch (dc.escape_format)
++ {
++ default:
++ gcc_unreachable ();
++ case DIAGNOSTICS_ESCAPE_FORMAT_UNICODE:
++ result.m_width_cb = escape_as_unicode_width;
++ result.m_print_cb = escape_as_unicode_print;
++ break;
++ case DIAGNOSTICS_ESCAPE_FORMAT_BYTES:
++ result.m_width_cb = escape_as_bytes_width;
++ result.m_print_cb = escape_as_bytes_print;
++ break;
++ }
++ }
++
++ return result;
++}
++
+ /* Implementation of class layout. */
+
+ /* Constructor for class layout.
+@@ -975,8 +1186,10 @@ layout::layout (diagnostic_context * con
+ diagnostic_t diagnostic_kind)
+ : m_context (context),
+ m_pp (context->printer),
++ m_policy (make_policy (*context, *richloc)),
+ m_primary_loc (richloc->get_range (0)->m_loc),
+- m_exploc (richloc->get_expanded_location (0), context->tabstop),
++ m_exploc (richloc->get_expanded_location (0), m_policy,
++ LOCATION_ASPECT_CARET),
+ m_colorizer (context, diagnostic_kind),
+ m_colorize_source_p (context->colorize_source_p),
+ m_show_labels_p (context->show_labels_p),
+@@ -986,7 +1199,8 @@ layout::layout (diagnostic_context * con
+ m_fixit_hints (richloc->get_num_fixit_hints ()),
+ m_line_spans (1 + richloc->get_num_locations ()),
+ m_linenum_width (0),
+- m_x_offset_display (0)
++ m_x_offset_display (0),
++ m_escape_on_output (richloc->escape_on_output_p ())
+ {
+ for (unsigned int idx = 0; idx < richloc->get_num_locations (); idx++)
+ {
+@@ -1072,10 +1286,13 @@ layout::maybe_add_location_range (const
+
+ /* Everything is now known to be in the correct source file,
+ but it may require further sanitization. */
+- layout_range ri (exploc_with_display_col (start, m_context->tabstop),
+- exploc_with_display_col (finish, m_context->tabstop),
++ layout_range ri (exploc_with_display_col (start, m_policy,
++ LOCATION_ASPECT_START),
++ exploc_with_display_col (finish, m_policy,
++ LOCATION_ASPECT_FINISH),
+ loc_range->m_range_display_kind,
+- exploc_with_display_col (caret, m_context->tabstop),
++ exploc_with_display_col (caret, m_policy,
++ LOCATION_ASPECT_CARET),
+ original_idx, loc_range->m_label);
+
+ /* If we have a range that finishes before it starts (perhaps
+@@ -1409,7 +1626,7 @@ layout::calculate_x_offset_display ()
+ = get_line_bytes_without_trailing_whitespace (line.get_buffer (),
+ line.length ());
+ int eol_display_column
+- = cpp_display_width (line.get_buffer (), line_bytes, m_context->tabstop);
++ = cpp_display_width (line.get_buffer (), line_bytes, m_policy);
+ if (caret_display_column > eol_display_column
+ || !caret_display_column)
+ {
+@@ -1488,7 +1705,7 @@ layout::print_source_line (linenum_type
+ /* This object helps to keep track of which display column we are at, which is
+ necessary for computing the line bounds in display units, for doing
+ tab expansion, and for implementing m_x_offset_display. */
+- cpp_display_width_computation dw (line, line_bytes, m_context->tabstop);
++ cpp_display_width_computation dw (line, line_bytes, m_policy);
+
+ /* Skip the first m_x_offset_display display columns. In case the leading
+ portion that will be skipped ends with a character with wcwidth > 1, then
+@@ -1536,7 +1753,8 @@ layout::print_source_line (linenum_type
+ tabs and replacing some control bytes with spaces as necessary. */
+ const char *c = dw.next_byte ();
+ const int start_disp_col = dw.display_cols_processed () + 1;
+- const int this_display_width = dw.process_next_codepoint ();
++ cpp_decoded_char cp;
++ const int this_display_width = dw.process_next_codepoint (&cp);
+ if (*c == '\t')
+ {
+ /* The returned display width is the number of spaces into which the
+@@ -1545,15 +1763,6 @@ layout::print_source_line (linenum_type
+ pp_space (m_pp);
+ continue;
+ }
+- if (*c == '\0' || *c == '\r')
+- {
+- /* cpp_wcwidth() promises to return 1 for all control bytes, and we
+- want to output these as a single space too, so this case is
+- actually the same as the '\t' case. */
+- gcc_assert (this_display_width == 1);
+- pp_space (m_pp);
+- continue;
+- }
+
+ /* We have a (possibly multibyte) character to output; update the line
+ bounds if it is not whitespace. */
+@@ -1565,7 +1774,8 @@ layout::print_source_line (linenum_type
+ }
+
+ /* Output the character. */
+- while (c != dw.next_byte ()) pp_character (m_pp, *c++);
++ m_policy.m_print_cb (m_pp, cp);
++ c = dw.next_byte ();
+ }
+ print_newline ();
+ return lbounds;
+@@ -1664,14 +1874,14 @@ layout::print_annotation_line (linenum_t
+ class line_label
+ {
+ public:
+- line_label (diagnostic_context *context, int state_idx, int column,
++ line_label (const cpp_char_column_policy &policy,
++ int state_idx, int column,
+ label_text text)
+ : m_state_idx (state_idx), m_column (column),
+ m_text (text), m_label_line (0), m_has_vbar (true)
+ {
+ const int bytes = strlen (text.m_buffer);
+- m_display_width
+- = cpp_display_width (text.m_buffer, bytes, context->tabstop);
++ m_display_width = cpp_display_width (text.m_buffer, bytes, policy);
+ }
+
+ /* Sorting is primarily by column, then by state index. */
+@@ -1731,7 +1941,7 @@ layout::print_any_labels (linenum_type r
+ if (text.m_buffer == NULL)
+ continue;
+
+- labels.safe_push (line_label (m_context, i, disp_col, text));
++ labels.safe_push (line_label (m_policy, i, disp_col, text));
+ }
+ }
+
+@@ -2011,7 +2221,7 @@ public:
+
+ /* Get the range of bytes or display columns that HINT would affect. */
+ static column_range
+-get_affected_range (diagnostic_context *context,
++get_affected_range (const cpp_char_column_policy &policy,
+ const fixit_hint *hint, enum column_unit col_unit)
+ {
+ expanded_location exploc_start = expand_location (hint->get_start_loc ());
+@@ -2022,13 +2232,11 @@ get_affected_range (diagnostic_context *
+ int finish_column;
+ if (col_unit == CU_DISPLAY_COLS)
+ {
+- start_column
+- = location_compute_display_column (exploc_start, context->tabstop);
++ start_column = location_compute_display_column (exploc_start, policy);
+ if (hint->insertion_p ())
+ finish_column = start_column - 1;
+ else
+- finish_column
+- = location_compute_display_column (exploc_finish, context->tabstop);
++ finish_column = location_compute_display_column (exploc_finish, policy);
+ }
+ else
+ {
+@@ -2041,12 +2249,13 @@ get_affected_range (diagnostic_context *
+ /* Get the range of display columns that would be printed for HINT. */
+
+ static column_range
+-get_printed_columns (diagnostic_context *context, const fixit_hint *hint)
++get_printed_columns (const cpp_char_column_policy &policy,
++ const fixit_hint *hint)
+ {
+ expanded_location exploc = expand_location (hint->get_start_loc ());
+- int start_column = location_compute_display_column (exploc, context->tabstop);
++ int start_column = location_compute_display_column (exploc, policy);
+ int hint_width = cpp_display_width (hint->get_string (), hint->get_length (),
+- context->tabstop);
++ policy);
+ int final_hint_column = start_column + hint_width - 1;
+ if (hint->insertion_p ())
+ {
+@@ -2056,8 +2265,7 @@ get_printed_columns (diagnostic_context
+ {
+ exploc = expand_location (hint->get_next_loc ());
+ --exploc.column;
+- int finish_column
+- = location_compute_display_column (exploc, context->tabstop);
++ int finish_column = location_compute_display_column (exploc, policy);
+ return column_range (start_column,
+ MAX (finish_column, final_hint_column));
+ }
+@@ -2075,13 +2283,13 @@ public:
+ column_range affected_columns,
+ column_range printed_columns,
+ const char *new_text, size_t new_text_len,
+- int tabstop)
++ const cpp_char_column_policy &policy)
+ : m_affected_bytes (affected_bytes),
+ m_affected_columns (affected_columns),
+ m_printed_columns (printed_columns),
+ m_text (xstrdup (new_text)),
+ m_byte_length (new_text_len),
+- m_tabstop (tabstop),
++ m_policy (policy),
+ m_alloc_sz (new_text_len + 1)
+ {
+ compute_display_cols ();
+@@ -2099,7 +2307,7 @@ public:
+
+ void compute_display_cols ()
+ {
+- m_display_cols = cpp_display_width (m_text, m_byte_length, m_tabstop);
++ m_display_cols = cpp_display_width (m_text, m_byte_length, m_policy);
+ }
+
+ void overwrite (int dst_offset, const char_span &src_span)
+@@ -2127,7 +2335,7 @@ public:
+ char *m_text;
+ size_t m_byte_length; /* Not including null-terminator. */
+ int m_display_cols;
+- int m_tabstop;
++ const cpp_char_column_policy &m_policy;
+ size_t m_alloc_sz;
+ };
+
+@@ -2163,15 +2371,16 @@ correction::ensure_terminated ()
+ class line_corrections
+ {
+ public:
+- line_corrections (diagnostic_context *context, const char *filename,
++ line_corrections (const char_display_policy &policy,
++ const char *filename,
+ linenum_type row)
+- : m_context (context), m_filename (filename), m_row (row)
++ : m_policy (policy), m_filename (filename), m_row (row)
+ {}
+ ~line_corrections ();
+
+ void add_hint (const fixit_hint *hint);
+
+- diagnostic_context *m_context;
++ const char_display_policy &m_policy;
+ const char *m_filename;
+ linenum_type m_row;
+ auto_vec <correction *> m_corrections;
+@@ -2217,10 +2426,10 @@ source_line::source_line (const char *fi
+ void
+ line_corrections::add_hint (const fixit_hint *hint)
+ {
+- column_range affected_bytes = get_affected_range (m_context, hint, CU_BYTES);
+- column_range affected_columns = get_affected_range (m_context, hint,
++ column_range affected_bytes = get_affected_range (m_policy, hint, CU_BYTES);
++ column_range affected_columns = get_affected_range (m_policy, hint,
+ CU_DISPLAY_COLS);
+- column_range printed_columns = get_printed_columns (m_context, hint);
++ column_range printed_columns = get_printed_columns (m_policy, hint);
+
+ /* Potentially consolidate. */
+ if (!m_corrections.is_empty ())
+@@ -2289,7 +2498,7 @@ line_corrections::add_hint (const fixit_
+ printed_columns,
+ hint->get_string (),
+ hint->get_length (),
+- m_context->tabstop));
++ m_policy));
+ }
+
+ /* If there are any fixit hints on source line ROW, print them.
+@@ -2303,7 +2512,7 @@ layout::print_trailing_fixits (linenum_t
+ {
+ /* Build a list of correction instances for the line,
+ potentially consolidating hints (for the sake of readability). */
+- line_corrections corrections (m_context, m_exploc.file, row);
++ line_corrections corrections (m_policy, m_exploc.file, row);
+ for (unsigned int i = 0; i < m_fixit_hints.length (); i++)
+ {
+ const fixit_hint *hint = m_fixit_hints[i];
+@@ -2646,6 +2855,59 @@ namespace selftest {
+
+ /* Selftests for diagnostic_show_locus. */
+
++/* Verify that cpp_display_width correctly handles escaping. */
++
++static void
++test_display_widths ()
++{
++ gcc_rich_location richloc (UNKNOWN_LOCATION);
++
++ /* U+03C0 "GREEK SMALL LETTER PI". */
++ const char *pi = "\xCF\x80";
++ /* U+1F642 "SLIGHTLY SMILING FACE". */
++ const char *emoji = "\xF0\x9F\x99\x82";
++ /* Stray trailing byte of a UTF-8 character. */
++ const char *stray = "\xBF";
++ /* U+10FFFF. */
++ const char *max_codepoint = "\xF4\x8F\xBF\xBF";
++
++ /* No escaping. */
++ {
++ test_diagnostic_context dc;
++ char_display_policy policy (make_policy (dc, richloc));
++ ASSERT_EQ (cpp_display_width (pi, strlen (pi), policy), 1);
++ ASSERT_EQ (cpp_display_width (emoji, strlen (emoji), policy), 2);
++ ASSERT_EQ (cpp_display_width (stray, strlen (stray), policy), 1);
++ /* Don't check width of U+10FFFF; it's in a private use plane. */
++ }
++
++ richloc.set_escape_on_output (true);
++
++ {
++ test_diagnostic_context dc;
++ dc.escape_format = DIAGNOSTICS_ESCAPE_FORMAT_UNICODE;
++ char_display_policy policy (make_policy (dc, richloc));
++ ASSERT_EQ (cpp_display_width (pi, strlen (pi), policy), 8);
++ ASSERT_EQ (cpp_display_width (emoji, strlen (emoji), policy), 9);
++ ASSERT_EQ (cpp_display_width (stray, strlen (stray), policy), 4);
++ ASSERT_EQ (cpp_display_width (max_codepoint, strlen (max_codepoint),
++ policy),
++ strlen ("<U+10FFFF>"));
++ }
++
++ {
++ test_diagnostic_context dc;
++ dc.escape_format = DIAGNOSTICS_ESCAPE_FORMAT_BYTES;
++ char_display_policy policy (make_policy (dc, richloc));
++ ASSERT_EQ (cpp_display_width (pi, strlen (pi), policy), 8);
++ ASSERT_EQ (cpp_display_width (emoji, strlen (emoji), policy), 16);
++ ASSERT_EQ (cpp_display_width (stray, strlen (stray), policy), 4);
++ ASSERT_EQ (cpp_display_width (max_codepoint, strlen (max_codepoint),
++ policy),
++ 16);
++ }
++}
++
+ /* For precise tests of the layout, make clear where the source line will
+ start. test_left_margin sets the total byte count from the left side of the
+ screen to the start of source lines, after the line number and the separator,
+@@ -2715,10 +2977,10 @@ test_layout_x_offset_display_utf8 (const
+ char_span lspan = location_get_source_line (tmp.get_filename (), 1);
+ ASSERT_EQ (line_display_cols,
+ cpp_display_width (lspan.get_buffer (), lspan.length (),
+- def_tabstop));
++ def_policy ()));
+ ASSERT_EQ (line_display_cols,
+ location_compute_display_column (expand_location (line_end),
+- def_tabstop));
++ def_policy ()));
+ ASSERT_EQ (0, memcmp (lspan.get_buffer () + (emoji_col - 1),
+ "\xf0\x9f\x98\x82\xf0\x9f\x98\x82", 8));
+
+@@ -2866,12 +3128,13 @@ test_layout_x_offset_display_tab (const
+ ASSERT_EQ ('\t', *(lspan.get_buffer () + (tab_col - 1)));
+ for (int tabstop = 1; tabstop != num_tabstops; ++tabstop)
+ {
++ cpp_char_column_policy policy (tabstop, cpp_wcwidth);
+ ASSERT_EQ (line_bytes + extra_width[tabstop],
+ cpp_display_width (lspan.get_buffer (), lspan.length (),
+- tabstop));
++ policy));
+ ASSERT_EQ (line_bytes + extra_width[tabstop],
+ location_compute_display_column (expand_location (line_end),
+- tabstop));
++ policy));
+ }
+
+ /* Check that the tab is expanded to the expected number of spaces. */
+@@ -4003,6 +4266,43 @@ test_one_liner_labels_utf8 ()
+ " bb\xf0\x9f\x98\x82\xf0\x9f\x98\x82\n",
+ pp_formatted_text (dc.printer));
+ }
++
++ /* Example of escaping the source lines. */
++ {
++ text_range_label label0 ("label 0\xf0\x9f\x98\x82");
++ text_range_label label1 ("label 1\xcf\x80");
++ text_range_label label2 ("label 2\xcf\x80");
++ gcc_rich_location richloc (foo, &label0);
++ richloc.add_range (bar, SHOW_RANGE_WITHOUT_CARET, &label1);
++ richloc.add_range (field, SHOW_RANGE_WITHOUT_CARET, &label2);
++ richloc.set_escape_on_output (true);
++
++ {
++ test_diagnostic_context dc;
++ dc.escape_format = DIAGNOSTICS_ESCAPE_FORMAT_UNICODE;
++ diagnostic_show_locus (&dc, &richloc, DK_ERROR);
++ ASSERT_STREQ (" <U+1F602>_foo = <U+03C0>_bar.<U+1F602>_field<U+03C0>;\n"
++ " ^~~~~~~~~~~~~ ~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~\n"
++ " | | |\n"
++ " | | label 2\xcf\x80\n"
++ " | label 1\xcf\x80\n"
++ " label 0\xf0\x9f\x98\x82\n",
++ pp_formatted_text (dc.printer));
++ }
++ {
++ test_diagnostic_context dc;
++ dc.escape_format = DIAGNOSTICS_ESCAPE_FORMAT_BYTES;
++ diagnostic_show_locus (&dc, &richloc, DK_ERROR);
++ ASSERT_STREQ
++ (" <f0><9f><98><82>_foo = <cf><80>_bar.<f0><9f><98><82>_field<cf><80>;\n"
++ " ^~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n"
++ " | | |\n"
++ " | | label 2\xcf\x80\n"
++ " | label 1\xcf\x80\n"
++ " label 0\xf0\x9f\x98\x82\n",
++ pp_formatted_text (dc.printer));
++ }
++ }
+ }
+
+ /* Make sure that colorization codes don't interrupt a multibyte
+@@ -4057,9 +4357,9 @@ test_diagnostic_show_locus_one_liner_utf
+
+ char_span lspan = location_get_source_line (tmp.get_filename (), 1);
+ ASSERT_EQ (25, cpp_display_width (lspan.get_buffer (), lspan.length (),
+- def_tabstop));
++ def_policy ()));
+ ASSERT_EQ (25, location_compute_display_column (expand_location (line_end),
+- def_tabstop));
++ def_policy ()));
+
+ test_one_liner_simple_caret_utf8 ();
+ test_one_liner_caret_and_range_utf8 ();
+@@ -4445,30 +4745,31 @@ test_overlapped_fixit_printing (const li
+ pp_formatted_text (dc.printer));
+
+ /* Unit-test the line_corrections machinery. */
++ char_display_policy policy (make_policy (dc, richloc));
+ ASSERT_EQ (3, richloc.get_num_fixit_hints ());
+ const fixit_hint *hint_0 = richloc.get_fixit_hint (0);
+ ASSERT_EQ (column_range (12, 12),
+- get_affected_range (&dc, hint_0, CU_BYTES));
++ get_affected_range (policy, hint_0, CU_BYTES));
+ ASSERT_EQ (column_range (12, 12),
+- get_affected_range (&dc, hint_0, CU_DISPLAY_COLS));
+- ASSERT_EQ (column_range (12, 22), get_printed_columns (&dc, hint_0));
++ get_affected_range (policy, hint_0, CU_DISPLAY_COLS));
++ ASSERT_EQ (column_range (12, 22), get_printed_columns (policy, hint_0));
+ const fixit_hint *hint_1 = richloc.get_fixit_hint (1);
+ ASSERT_EQ (column_range (18, 18),
+- get_affected_range (&dc, hint_1, CU_BYTES));
++ get_affected_range (policy, hint_1, CU_BYTES));
+ ASSERT_EQ (column_range (18, 18),
+- get_affected_range (&dc, hint_1, CU_DISPLAY_COLS));
+- ASSERT_EQ (column_range (18, 20), get_printed_columns (&dc, hint_1));
++ get_affected_range (policy, hint_1, CU_DISPLAY_COLS));
++ ASSERT_EQ (column_range (18, 20), get_printed_columns (policy, hint_1));
+ const fixit_hint *hint_2 = richloc.get_fixit_hint (2);
+ ASSERT_EQ (column_range (29, 28),
+- get_affected_range (&dc, hint_2, CU_BYTES));
++ get_affected_range (policy, hint_2, CU_BYTES));
+ ASSERT_EQ (column_range (29, 28),
+- get_affected_range (&dc, hint_2, CU_DISPLAY_COLS));
+- ASSERT_EQ (column_range (29, 29), get_printed_columns (&dc, hint_2));
++ get_affected_range (policy, hint_2, CU_DISPLAY_COLS));
++ ASSERT_EQ (column_range (29, 29), get_printed_columns (policy, hint_2));
+
+ /* Add each hint in turn to a line_corrections instance,
+ and verify that they are consolidated into one correction instance
+ as expected. */
+- line_corrections lc (&dc, tmp.get_filename (), 1);
++ line_corrections lc (policy, tmp.get_filename (), 1);
+
+ /* The first replace hint by itself. */
+ lc.add_hint (hint_0);
+@@ -4660,30 +4961,31 @@ test_overlapped_fixit_printing_utf8 (con
+ pp_formatted_text (dc.printer));
+
+ /* Unit-test the line_corrections machinery. */
++ char_display_policy policy (make_policy (dc, richloc));
+ ASSERT_EQ (3, richloc.get_num_fixit_hints ());
+ const fixit_hint *hint_0 = richloc.get_fixit_hint (0);
+ ASSERT_EQ (column_range (14, 14),
+- get_affected_range (&dc, hint_0, CU_BYTES));
++ get_affected_range (policy, hint_0, CU_BYTES));
+ ASSERT_EQ (column_range (12, 12),
+- get_affected_range (&dc, hint_0, CU_DISPLAY_COLS));
+- ASSERT_EQ (column_range (12, 22), get_printed_columns (&dc, hint_0));
++ get_affected_range (policy, hint_0, CU_DISPLAY_COLS));
++ ASSERT_EQ (column_range (12, 22), get_printed_columns (policy, hint_0));
+ const fixit_hint *hint_1 = richloc.get_fixit_hint (1);
+ ASSERT_EQ (column_range (22, 22),
+- get_affected_range (&dc, hint_1, CU_BYTES));
++ get_affected_range (policy, hint_1, CU_BYTES));
+ ASSERT_EQ (column_range (18, 18),
+- get_affected_range (&dc, hint_1, CU_DISPLAY_COLS));
+- ASSERT_EQ (column_range (18, 20), get_printed_columns (&dc, hint_1));
++ get_affected_range (policy, hint_1, CU_DISPLAY_COLS));
++ ASSERT_EQ (column_range (18, 20), get_printed_columns (policy, hint_1));
+ const fixit_hint *hint_2 = richloc.get_fixit_hint (2);
+ ASSERT_EQ (column_range (35, 34),
+- get_affected_range (&dc, hint_2, CU_BYTES));
++ get_affected_range (policy, hint_2, CU_BYTES));
+ ASSERT_EQ (column_range (30, 29),
+- get_affected_range (&dc, hint_2, CU_DISPLAY_COLS));
+- ASSERT_EQ (column_range (30, 30), get_printed_columns (&dc, hint_2));
++ get_affected_range (policy, hint_2, CU_DISPLAY_COLS));
++ ASSERT_EQ (column_range (30, 30), get_printed_columns (policy, hint_2));
+
+ /* Add each hint in turn to a line_corrections instance,
+ and verify that they are consolidated into one correction instance
+ as expected. */
+- line_corrections lc (&dc, tmp.get_filename (), 1);
++ line_corrections lc (policy, tmp.get_filename (), 1);
+
+ /* The first replace hint by itself. */
+ lc.add_hint (hint_0);
+@@ -4877,15 +5179,16 @@ test_overlapped_fixit_printing_2 (const
+ richloc.add_fixit_insert_before (col_21, "}");
+
+ /* These fixits should be accepted; they can't be consolidated. */
++ char_display_policy policy (make_policy (dc, richloc));
+ ASSERT_EQ (2, richloc.get_num_fixit_hints ());
+ const fixit_hint *hint_0 = richloc.get_fixit_hint (0);
+ ASSERT_EQ (column_range (23, 22),
+- get_affected_range (&dc, hint_0, CU_BYTES));
+- ASSERT_EQ (column_range (23, 23), get_printed_columns (&dc, hint_0));
++ get_affected_range (policy, hint_0, CU_BYTES));
++ ASSERT_EQ (column_range (23, 23), get_printed_columns (policy, hint_0));
+ const fixit_hint *hint_1 = richloc.get_fixit_hint (1);
+ ASSERT_EQ (column_range (21, 20),
+- get_affected_range (&dc, hint_1, CU_BYTES));
+- ASSERT_EQ (column_range (21, 21), get_printed_columns (&dc, hint_1));
++ get_affected_range (policy, hint_1, CU_BYTES));
++ ASSERT_EQ (column_range (21, 21), get_printed_columns (policy, hint_1));
+
+ /* Verify that they're printed correctly. */
+ diagnostic_show_locus (&dc, &richloc, DK_ERROR);
+@@ -5152,10 +5455,11 @@ test_tab_expansion (const line_table_cas
+ ....................123 45678901234 56789012345 columns */
+
+ const int tabstop = 8;
++ cpp_char_column_policy policy (tabstop, cpp_wcwidth);
+ const int first_non_ws_byte_col = 7;
+ const int right_quote_byte_col = 15;
+ const int last_byte_col = 25;
+- ASSERT_EQ (35, cpp_display_width (content, last_byte_col, tabstop));
++ ASSERT_EQ (35, cpp_display_width (content, last_byte_col, policy));
+
+ temp_source_file tmp (SELFTEST_LOCATION, ".c", content);
+ line_table_test ltt (case_);
+@@ -5198,6 +5502,114 @@ test_tab_expansion (const line_table_cas
+ }
+ }
+
++/* Verify that the escaping machinery can cope with a variety of different
++ invalid bytes. */
++
++static void
++test_escaping_bytes_1 (const line_table_case &case_)
++{
++ const char content[] = "before\0\1\2\3\r\x80\xff""after\n";
++ const size_t sz = sizeof (content);
++ temp_source_file tmp (SELFTEST_LOCATION, ".c", content, sz);
++ line_table_test ltt (case_);
++ const line_map_ordinary *ord_map = linemap_check_ordinary
++ (linemap_add (line_table, LC_ENTER, false, tmp.get_filename (), 0));
++ linemap_line_start (line_table, 1, 100);
++
++ location_t finish
++ = linemap_position_for_line_and_column (line_table, ord_map, 1,
++ strlen (content));
++
++ if (finish > LINE_MAP_MAX_LOCATION_WITH_COLS)
++ return;
++
++ /* Locations of the NUL and \r bytes. */
++ location_t nul_loc
++ = linemap_position_for_line_and_column (line_table, ord_map, 1, 7);
++ location_t r_loc
++ = linemap_position_for_line_and_column (line_table, ord_map, 1, 11);
++ gcc_rich_location richloc (nul_loc);
++ richloc.add_range (r_loc);
++
++ {
++ test_diagnostic_context dc;
++ diagnostic_show_locus (&dc, &richloc, DK_ERROR);
++ ASSERT_STREQ (" before \1\2\3 \x80\xff""after\n"
++ " ^ ~\n",
++ pp_formatted_text (dc.printer));
++ }
++ richloc.set_escape_on_output (true);
++ {
++ test_diagnostic_context dc;
++ dc.escape_format = DIAGNOSTICS_ESCAPE_FORMAT_UNICODE;
++ diagnostic_show_locus (&dc, &richloc, DK_ERROR);
++ ASSERT_STREQ
++ (" before<U+0000><U+0001><U+0002><U+0003><U+000D><80><ff>after\n"
++ " ^~~~~~~~ ~~~~~~~~\n",
++ pp_formatted_text (dc.printer));
++ }
++ {
++ test_diagnostic_context dc;
++ dc.escape_format = DIAGNOSTICS_ESCAPE_FORMAT_BYTES;
++ diagnostic_show_locus (&dc, &richloc, DK_ERROR);
++ ASSERT_STREQ (" before<00><01><02><03><0d><80><ff>after\n"
++ " ^~~~ ~~~~\n",
++ pp_formatted_text (dc.printer));
++ }
++}
++
++/* As above, but verify that we handle the initial byte of a line
++ correctly. */
++
++static void
++test_escaping_bytes_2 (const line_table_case &case_)
++{
++ const char content[] = "\0after\n";
++ const size_t sz = sizeof (content);
++ temp_source_file tmp (SELFTEST_LOCATION, ".c", content, sz);
++ line_table_test ltt (case_);
++ const line_map_ordinary *ord_map = linemap_check_ordinary
++ (linemap_add (line_table, LC_ENTER, false, tmp.get_filename (), 0));
++ linemap_line_start (line_table, 1, 100);
++
++ location_t finish
++ = linemap_position_for_line_and_column (line_table, ord_map, 1,
++ strlen (content));
++
++ if (finish > LINE_MAP_MAX_LOCATION_WITH_COLS)
++ return;
++
++ /* Location of the NUL byte. */
++ location_t nul_loc
++ = linemap_position_for_line_and_column (line_table, ord_map, 1, 1);
++ gcc_rich_location richloc (nul_loc);
++
++ {
++ test_diagnostic_context dc;
++ diagnostic_show_locus (&dc, &richloc, DK_ERROR);
++ ASSERT_STREQ (" after\n"
++ " ^\n",
++ pp_formatted_text (dc.printer));
++ }
++ richloc.set_escape_on_output (true);
++ {
++ test_diagnostic_context dc;
++ dc.escape_format = DIAGNOSTICS_ESCAPE_FORMAT_UNICODE;
++ diagnostic_show_locus (&dc, &richloc, DK_ERROR);
++ ASSERT_STREQ (" <U+0000>after\n"
++ " ^~~~~~~~\n",
++ pp_formatted_text (dc.printer));
++ }
++ {
++ test_diagnostic_context dc;
++ dc.escape_format = DIAGNOSTICS_ESCAPE_FORMAT_BYTES;
++ diagnostic_show_locus (&dc, &richloc, DK_ERROR);
++ ASSERT_STREQ (" <00>after\n"
++ " ^~~~\n",
++ pp_formatted_text (dc.printer));
++ }
++}
++
+ /* Verify that line numbers are correctly printed for the case of
+ a multiline range in which the width of the line numbers changes
+ (e.g. from "9" to "10"). */
+@@ -5254,6 +5666,8 @@ diagnostic_show_locus_c_tests ()
+ test_layout_range_for_single_line ();
+ test_layout_range_for_multiple_lines ();
+
++ test_display_widths ();
++
+ for_each_line_table_case (test_layout_x_offset_display_utf8);
+ for_each_line_table_case (test_layout_x_offset_display_tab);
+
+@@ -5274,6 +5688,8 @@ diagnostic_show_locus_c_tests ()
+ for_each_line_table_case (test_fixit_replace_containing_newline);
+ for_each_line_table_case (test_fixit_deletion_affecting_newline);
+ for_each_line_table_case (test_tab_expansion);
++ for_each_line_table_case (test_escaping_bytes_1);
++ for_each_line_table_case (test_escaping_bytes_2);
+
+ test_line_numbers_multiline_range ();
+ }
+diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
+--- a/gcc/doc/invoke.texi 2021-12-13 23:23:05.764437151 -0800
++++ b/gcc/doc/invoke.texi 2021-12-14 01:16:01.553943061 -0800
+@@ -312,7 +312,8 @@ Objective-C and Objective-C++ Dialects}.
+ -fdiagnostics-show-path-depths @gol
+ -fno-show-column @gol
+ -fdiagnostics-column-unit=@r{[}display@r{|}byte@r{]} @gol
+--fdiagnostics-column-origin=@var{origin}}
++-fdiagnostics-column-origin=@var{origin} @gol
++-fdiagnostics-escape-format=@r{[}unicode@r{|}bytes@r{]}}
+
+ @item Warning Options
+ @xref{Warning Options,,Options to Request or Suppress Warnings}.
+@@ -5083,6 +5084,38 @@ first column. The default value of 1 co
+ behavior and to the GNU style guide. Some utilities may perform better with an
+ origin of 0; any non-negative value may be specified.
+
++@item -fdiagnostics-escape-format=@var{FORMAT}
++@opindex fdiagnostics-escape-format
++When GCC prints pertinent source lines for a diagnostic it normally attempts
++to print the source bytes directly. However, some diagnostics relate to encoding
++issues in the source file, such as malformed UTF-8, or issues with Unicode
++normalization. These diagnostics are flagged so that GCC will escape bytes
++that are not printable ASCII when printing their pertinent source lines.
++
++This option controls how such bytes should be escaped.
++
++The default @var{FORMAT}, @samp{unicode} displays Unicode characters that
++are not printable ASCII in the form @samp{<U+XXXX>}, and bytes that do not
++correspond to a Unicode character validly-encoded in UTF-8-encoded will be
++displayed as hexadecimal in the form @samp{<XX>}.
++
++For example, a source line containing the string @samp{before} followed by the
++Unicode character U+03C0 (``GREEK SMALL LETTER PI'', with UTF-8 encoding
++0xCF 0x80) followed by the byte 0xBF (a stray UTF-8 trailing byte), followed by
++the string @samp{after} will be printed for such a diagnostic as:
++
++@smallexample
++ before<U+03C0><BF>after
++@end smallexample
++
++Setting @var{FORMAT} to @samp{bytes} will display all non-printable-ASCII bytes
++in the form @samp{<XX>}, thus showing the underlying encoding of non-ASCII
++Unicode characters. For the example above, the following will be printed:
++
++@smallexample
++ before<CF><80><BF>after
++@end smallexample
++
+ @item -fdiagnostics-format=@var{FORMAT}
+ @opindex fdiagnostics-format
+ Select a different format for printing diagnostics.
+@@ -5150,9 +5183,11 @@ might be printed in JSON form (after for
+ @}
+ @}
+ ],
++ "escape-source": false,
+ "message": "...this statement, but the latter is @dots{}"
+ @}
+ ]
++ "escape-source": false,
+ "column-origin": 1,
+ @},
+ @dots{}
+@@ -5239,6 +5274,7 @@ of the expression, which have labels. I
+ "label": "T @{aka struct t@}"
+ @}
+ ],
++ "escape-source": false,
+ "message": "invalid operands to binary + @dots{}"
+ @}
+ @end smallexample
+@@ -5292,6 +5328,7 @@ might be printed in JSON form as:
+ @}
+ @}
+ ],
++ "escape-source": false,
+ "message": "\u2018struct s\u2019 has no member named @dots{}"
+ @}
+ @end smallexample
+@@ -5349,6 +5386,10 @@ For example, the intraprocedural example
+ ]
+ @end smallexample
+
++Diagnostics have a boolean attribute @code{escape-source}, hinting whether
++non-ASCII bytes should be escaped when printing the pertinent lines of
++source code (@code{true} for diagnostics involving source encoding issues).
++
+ @end table
+
+ @node Warning Options
+diff --git a/gcc/input.c b/gcc/input.c
+--- a/gcc/input.c 2021-07-27 23:55:07.328287915 -0700
++++ b/gcc/input.c 2021-12-14 01:16:01.553943061 -0800
+@@ -913,7 +913,8 @@ make_location (location_t caret, source_
+ source line in order to calculate the display width. If that cannot be done
+ for any reason, then returns the byte column as a fallback. */
+ int
+-location_compute_display_column (expanded_location exploc, int tabstop)
++location_compute_display_column (expanded_location exploc,
++ const cpp_char_column_policy &policy)
+ {
+ if (!(exploc.file && *exploc.file && exploc.line && exploc.column))
+ return exploc.column;
+@@ -921,7 +922,7 @@ location_compute_display_column (expande
+ /* If line is NULL, this function returns exploc.column which is the
+ desired fallback. */
+ return cpp_byte_column_to_display_column (line.get_buffer (), line.length (),
+- exploc.column, tabstop);
++ exploc.column, policy);
+ }
+
+ /* Dump statistics to stderr about the memory usage of the line_table
+@@ -3611,43 +3612,50 @@ test_line_offset_overflow ()
+ void test_cpp_utf8 ()
+ {
+ const int def_tabstop = 8;
++ cpp_char_column_policy policy (def_tabstop, cpp_wcwidth);
++
+ /* Verify that wcwidth of invalid UTF-8 or control bytes is 1. */
+ {
+- int w_bad = cpp_display_width ("\xf0!\x9f!\x98!\x82!", 8, def_tabstop);
++ int w_bad = cpp_display_width ("\xf0!\x9f!\x98!\x82!", 8, policy);
+ ASSERT_EQ (8, w_bad);
+- int w_ctrl = cpp_display_width ("\r\n\v\0\1", 5, def_tabstop);
++ int w_ctrl = cpp_display_width ("\r\n\v\0\1", 5, policy);
+ ASSERT_EQ (5, w_ctrl);
+ }
+
+ /* Verify that wcwidth of valid UTF-8 is as expected. */
+ {
+- const int w_pi = cpp_display_width ("\xcf\x80", 2, def_tabstop);
++ const int w_pi = cpp_display_width ("\xcf\x80", 2, policy);
+ ASSERT_EQ (1, w_pi);
+- const int w_emoji = cpp_display_width ("\xf0\x9f\x98\x82", 4, def_tabstop);
++ const int w_emoji = cpp_display_width ("\xf0\x9f\x98\x82", 4, policy);
+ ASSERT_EQ (2, w_emoji);
+ const int w_umlaut_precomposed = cpp_display_width ("\xc3\xbf", 2,
+- def_tabstop);
++ policy);
+ ASSERT_EQ (1, w_umlaut_precomposed);
+ const int w_umlaut_combining = cpp_display_width ("y\xcc\x88", 3,
+- def_tabstop);
++ policy);
+ ASSERT_EQ (1, w_umlaut_combining);
+- const int w_han = cpp_display_width ("\xe4\xb8\xba", 3, def_tabstop);
++ const int w_han = cpp_display_width ("\xe4\xb8\xba", 3, policy);
+ ASSERT_EQ (2, w_han);
+- const int w_ascii = cpp_display_width ("GCC", 3, def_tabstop);
++ const int w_ascii = cpp_display_width ("GCC", 3, policy);
+ ASSERT_EQ (3, w_ascii);
+ const int w_mixed = cpp_display_width ("\xcf\x80 = 3.14 \xf0\x9f\x98\x82"
+ "\x9f! \xe4\xb8\xba y\xcc\x88",
+- 24, def_tabstop);
++ 24, policy);
+ ASSERT_EQ (18, w_mixed);
+ }
+
+ /* Verify that display width properly expands tabs. */
+ {
+ const char *tstr = "\tabc\td";
+- ASSERT_EQ (6, cpp_display_width (tstr, 6, 1));
+- ASSERT_EQ (10, cpp_display_width (tstr, 6, 3));
+- ASSERT_EQ (17, cpp_display_width (tstr, 6, 8));
+- ASSERT_EQ (1, cpp_display_column_to_byte_column (tstr, 6, 7, 8));
++ ASSERT_EQ (6, cpp_display_width (tstr, 6,
++ cpp_char_column_policy (1, cpp_wcwidth)));
++ ASSERT_EQ (10, cpp_display_width (tstr, 6,
++ cpp_char_column_policy (3, cpp_wcwidth)));
++ ASSERT_EQ (17, cpp_display_width (tstr, 6,
++ cpp_char_column_policy (8, cpp_wcwidth)));
++ ASSERT_EQ (1,
++ cpp_display_column_to_byte_column
++ (tstr, 6, 7, cpp_char_column_policy (8, cpp_wcwidth)));
+ }
+
+ /* Verify that cpp_byte_column_to_display_column can go past the end,
+@@ -3660,13 +3668,13 @@ void test_cpp_utf8 ()
+ /* 111122223456
+ Byte columns. */
+
+- ASSERT_EQ (5, cpp_display_width (str, 6, def_tabstop));
++ ASSERT_EQ (5, cpp_display_width (str, 6, policy));
+ ASSERT_EQ (105,
+- cpp_byte_column_to_display_column (str, 6, 106, def_tabstop));
++ cpp_byte_column_to_display_column (str, 6, 106, policy));
+ ASSERT_EQ (10000,
+- cpp_byte_column_to_display_column (NULL, 0, 10000, def_tabstop));
++ cpp_byte_column_to_display_column (NULL, 0, 10000, policy));
+ ASSERT_EQ (0,
+- cpp_byte_column_to_display_column (NULL, 10000, 0, def_tabstop));
++ cpp_byte_column_to_display_column (NULL, 10000, 0, policy));
+ }
+
+ /* Verify that cpp_display_column_to_byte_column can go past the end,
+@@ -3680,25 +3688,25 @@ void test_cpp_utf8 ()
+ /* 000000000000000000000000000000000111111
+ 111122223333444456666777788889999012345
+ Byte columns. */
+- ASSERT_EQ (4, cpp_display_column_to_byte_column (str, 15, 2, def_tabstop));
++ ASSERT_EQ (4, cpp_display_column_to_byte_column (str, 15, 2, policy));
+ ASSERT_EQ (15,
+- cpp_display_column_to_byte_column (str, 15, 11, def_tabstop));
++ cpp_display_column_to_byte_column (str, 15, 11, policy));
+ ASSERT_EQ (115,
+- cpp_display_column_to_byte_column (str, 15, 111, def_tabstop));
++ cpp_display_column_to_byte_column (str, 15, 111, policy));
+ ASSERT_EQ (10000,
+- cpp_display_column_to_byte_column (NULL, 0, 10000, def_tabstop));
++ cpp_display_column_to_byte_column (NULL, 0, 10000, policy));
+ ASSERT_EQ (0,
+- cpp_display_column_to_byte_column (NULL, 10000, 0, def_tabstop));
++ cpp_display_column_to_byte_column (NULL, 10000, 0, policy));
+
+ /* Verify that we do not interrupt a UTF-8 sequence. */
+- ASSERT_EQ (4, cpp_display_column_to_byte_column (str, 15, 1, def_tabstop));
++ ASSERT_EQ (4, cpp_display_column_to_byte_column (str, 15, 1, policy));
+
+ for (int byte_col = 1; byte_col <= 15; ++byte_col)
+ {
+ const int disp_col
+- = cpp_byte_column_to_display_column (str, 15, byte_col, def_tabstop);
++ = cpp_byte_column_to_display_column (str, 15, byte_col, policy);
+ const int byte_col2
+- = cpp_display_column_to_byte_column (str, 15, disp_col, def_tabstop);
++ = cpp_display_column_to_byte_column (str, 15, disp_col, policy);
+
+ /* If we ask for the display column in the middle of a UTF-8
+ sequence, it will return the length of the partial sequence,
+diff --git a/gcc/input.h b/gcc/input.h
+--- a/gcc/input.h 2021-07-27 23:55:07.328287915 -0700
++++ b/gcc/input.h 2021-12-14 01:16:01.553943061 -0800
+@@ -39,8 +39,11 @@ STATIC_ASSERT (BUILTINS_LOCATION < RESER
+ extern bool is_location_from_builtin_token (location_t);
+ extern expanded_location expand_location (location_t);
+
+-extern int location_compute_display_column (expanded_location exploc,
+- int tabstop);
++class cpp_char_column_policy;
++
++extern int
++location_compute_display_column (expanded_location exploc,
++ const cpp_char_column_policy &policy);
+
+ /* A class capturing the bounds of a buffer, to allow for run-time
+ bounds-checking in a checked build. */
+diff --git a/gcc/opts.c b/gcc/opts.c
+--- a/gcc/opts.c 2021-07-27 23:55:07.364288417 -0700
++++ b/gcc/opts.c 2021-12-14 01:16:01.553943061 -0800
+@@ -2573,6 +2573,10 @@ common_handle_option (struct gcc_options
+ dc->column_origin = value;
+ break;
+
++ case OPT_fdiagnostics_escape_format_:
++ dc->escape_format = (enum diagnostics_escape_format)value;
++ break;
++
+ case OPT_fdiagnostics_show_cwe:
+ dc->show_cwe = value;
+ break;
+diff --git a/gcc/selftest.c b/gcc/selftest.c
+--- a/gcc/selftest.c 2021-07-27 23:55:07.500290315 -0700
++++ b/gcc/selftest.c 2021-12-14 01:16:01.557942991 -0800
+@@ -193,6 +193,21 @@ temp_source_file::temp_source_file (cons
+ fclose (out);
+ }
+
++/* As above, but with a size, to allow for NUL bytes in CONTENT. */
++
++temp_source_file::temp_source_file (const location &loc,
++ const char *suffix,
++ const char *content,
++ size_t sz)
++: named_temp_file (suffix)
++{
++ FILE *out = fopen (get_filename (), "w");
++ if (!out)
++ fail_formatted (loc, "unable to open tempfile: %s", get_filename ());
++ fwrite (content, sz, 1, out);
++ fclose (out);
++}
++
+ /* Avoid introducing locale-specific differences in the results
+ by hardcoding open_quote and close_quote. */
+
+diff --git a/gcc/selftest.h b/gcc/selftest.h
+--- a/gcc/selftest.h 2021-07-27 23:55:07.500290315 -0700
++++ b/gcc/selftest.h 2021-12-14 01:16:01.557942991 -0800
+@@ -112,6 +112,8 @@ class temp_source_file : public named_te
+ public:
+ temp_source_file (const location &loc, const char *suffix,
+ const char *content);
++ temp_source_file (const location &loc, const char *suffix,
++ const char *content, size_t sz);
+ };
+
+ /* RAII-style class for avoiding introducing locale-specific differences
+diff --git a/gcc/testsuite/c-c++-common/diagnostic-format-json-1.c b/gcc/testsuite/c-c++-common/diagnostic-format-json-1.c
+--- a/gcc/testsuite/c-c++-common/diagnostic-format-json-1.c 2021-07-27 23:55:07.596291654 -0700
++++ b/gcc/testsuite/c-c++-common/diagnostic-format-json-1.c 2021-12-14 01:16:01.557942991 -0800
+@@ -9,6 +9,7 @@
+
+ /* { dg-regexp "\"kind\": \"error\"" } */
+ /* { dg-regexp "\"column-origin\": 1" } */
++/* { dg-regexp "\"escape-source\": false" } */
+ /* { dg-regexp "\"message\": \"#error message\"" } */
+
+ /* { dg-regexp "\"caret\": \{" } */
+diff --git a/gcc/testsuite/c-c++-common/diagnostic-format-json-2.c b/gcc/testsuite/c-c++-common/diagnostic-format-json-2.c
+--- a/gcc/testsuite/c-c++-common/diagnostic-format-json-2.c 2021-07-27 23:55:07.596291654 -0700
++++ b/gcc/testsuite/c-c++-common/diagnostic-format-json-2.c 2021-12-14 01:16:01.557942991 -0800
+@@ -9,6 +9,7 @@
+
+ /* { dg-regexp "\"kind\": \"warning\"" } */
+ /* { dg-regexp "\"column-origin\": 1" } */
++/* { dg-regexp "\"escape-source\": false" } */
+ /* { dg-regexp "\"message\": \"#warning message\"" } */
+ /* { dg-regexp "\"option\": \"-Wcpp\"" } */
+ /* { dg-regexp "\"option_url\": \"https:\[^\n\r\"\]*#index-Wcpp\"" } */
+diff --git a/gcc/testsuite/c-c++-common/diagnostic-format-json-3.c b/gcc/testsuite/c-c++-common/diagnostic-format-json-3.c
+--- a/gcc/testsuite/c-c++-common/diagnostic-format-json-3.c 2021-07-27 23:55:07.596291654 -0700
++++ b/gcc/testsuite/c-c++-common/diagnostic-format-json-3.c 2021-12-14 01:16:01.557942991 -0800
+@@ -9,6 +9,7 @@
+
+ /* { dg-regexp "\"kind\": \"error\"" } */
+ /* { dg-regexp "\"column-origin\": 1" } */
++/* { dg-regexp "\"escape-source\": false" } */
+ /* { dg-regexp "\"message\": \"#warning message\"" } */
+ /* { dg-regexp "\"option\": \"-Werror=cpp\"" } */
+ /* { dg-regexp "\"option_url\": \"https:\[^\n\r\"\]*#index-Wcpp\"" } */
+diff --git a/gcc/testsuite/c-c++-common/diagnostic-format-json-4.c b/gcc/testsuite/c-c++-common/diagnostic-format-json-4.c
+--- a/gcc/testsuite/c-c++-common/diagnostic-format-json-4.c 2021-07-27 23:55:07.596291654 -0700
++++ b/gcc/testsuite/c-c++-common/diagnostic-format-json-4.c 2021-12-14 01:16:01.557942991 -0800
+@@ -19,6 +19,7 @@ int test (void)
+
+ /* { dg-regexp "\"kind\": \"note\"" } */
+ /* { dg-regexp "\"message\": \"...this statement, but the latter is misleadingly indented as if it were guarded by the 'if'\"" } */
++/* { dg-regexp "\"escape-source\": false" } */
+
+ /* { dg-regexp "\"caret\": \{" } */
+ /* { dg-regexp "\"file\": \"\[^\n\r\"\]*diagnostic-format-json-4.c\"" } */
+@@ -39,6 +40,7 @@ int test (void)
+ /* { dg-regexp "\"kind\": \"warning\"" } */
+ /* { dg-regexp "\"column-origin\": 1" } */
+ /* { dg-regexp "\"message\": \"this 'if' clause does not guard...\"" } */
++/* { dg-regexp "\"escape-source\": false" } */
+ /* { dg-regexp "\"option\": \"-Wmisleading-indentation\"" } */
+ /* { dg-regexp "\"option_url\": \"https:\[^\n\r\"\]*#index-Wmisleading-indentation\"" } */
+
+diff --git a/gcc/testsuite/c-c++-common/diagnostic-format-json-5.c b/gcc/testsuite/c-c++-common/diagnostic-format-json-5.c
+--- a/gcc/testsuite/c-c++-common/diagnostic-format-json-5.c 2021-07-27 23:55:07.596291654 -0700
++++ b/gcc/testsuite/c-c++-common/diagnostic-format-json-5.c 2021-12-14 01:16:01.557942991 -0800
+@@ -14,6 +14,7 @@ int test (struct s *ptr)
+
+ /* { dg-regexp "\"kind\": \"error\"" } */
+ /* { dg-regexp "\"column-origin\": 1" } */
++/* { dg-regexp "\"escape-source\": false" } */
+ /* { dg-regexp "\"message\": \".*\"" } */
+
+ /* Verify fix-it hints. */
+diff --git a/gcc/testsuite/gcc.dg/cpp/warn-normalized-4-bytes.c b/gcc/testsuite/gcc.dg/cpp/warn-normalized-4-bytes.c
+--- a/gcc/testsuite/gcc.dg/cpp/warn-normalized-4-bytes.c 1969-12-31 16:00:00.000000000 -0800
++++ b/gcc/testsuite/gcc.dg/cpp/warn-normalized-4-bytes.c 2021-12-14 01:16:01.557942991 -0800
+@@ -0,0 +1,21 @@
++// { dg-do preprocess }
++// { dg-options "-std=gnu99 -Werror=normalized=nfc -fdiagnostics-show-caret -fdiagnostics-escape-format=bytes" }
++/* { dg-message "some warnings being treated as errors" "" {target "*-*-*"} 0 } */
++
++/* འ= U+0F43 TIBETAN LETTER GHA, which has decomposition "0F42 0FB7" i.e.
++ U+0F42 TIBETAN LETTER GA: à½
++ U+0FB7 TIBETAN SUBJOINED LETTER HA: ྷ
++
++ The UTF-8 encoding of U+0F43 TIBETAN LETTER GHA is: E0 BD 83. */
++
++foo before_\u0F43_after bar // { dg-error "`before_.U00000f43_after' is not in NFC .-Werror=normalized=." }
++/* { dg-begin-multiline-output "" }
++ foo before_\u0F43_after bar
++ ^~~~~~~~~~~~~~~~~~~
++ { dg-end-multiline-output "" } */
++
++foo before_à½_after bar // { dg-error "`before_.U00000f43_after' is not in NFC .-Werror=normalized=." }
++/* { dg-begin-multiline-output "" }
++ foo before_<e0><bd><83>_after bar
++ ^~~~~~~~~~~~~~~~~~~~~~~~~
++ { dg-end-multiline-output "" } */
+diff --git a/gcc/testsuite/gcc.dg/cpp/warn-normalized-4-unicode.c b/gcc/testsuite/gcc.dg/cpp/warn-normalized-4-unicode.c
+--- a/gcc/testsuite/gcc.dg/cpp/warn-normalized-4-unicode.c 1969-12-31 16:00:00.000000000 -0800
++++ b/gcc/testsuite/gcc.dg/cpp/warn-normalized-4-unicode.c 2021-12-14 01:16:01.557942991 -0800
+@@ -0,0 +1,19 @@
++// { dg-do preprocess }
++// { dg-options "-std=gnu99 -Werror=normalized=nfc -fdiagnostics-show-caret -fdiagnostics-escape-format=unicode" }
++/* { dg-message "some warnings being treated as errors" "" {target "*-*-*"} 0 } */
++
++/* འ= U+0F43 TIBETAN LETTER GHA, which has decomposition "0F42 0FB7" i.e.
++ U+0F42 TIBETAN LETTER GA: à½
++ U+0FB7 TIBETAN SUBJOINED LETTER HA: ྷ */
++
++foo before_\u0F43_after bar // { dg-error "`before_.U00000f43_after' is not in NFC .-Werror=normalized=." }
++/* { dg-begin-multiline-output "" }
++ foo before_\u0F43_after bar
++ ^~~~~~~~~~~~~~~~~~~
++ { dg-end-multiline-output "" } */
++
++foo before_à½_after bar // { dg-error "`before_.U00000f43_after' is not in NFC .-Werror=normalized=." }
++/* { dg-begin-multiline-output "" }
++ foo before_<U+0F43>_after bar
++ ^~~~~~~~~~~~~~~~~~~~~
++ { dg-end-multiline-output "" } */
+diff --git a/gcc/testsuite/gfortran.dg/diagnostic-format-json-1.F90 b/gcc/testsuite/gfortran.dg/diagnostic-format-json-1.F90
+--- a/gcc/testsuite/gfortran.dg/diagnostic-format-json-1.F90 2021-07-27 23:55:08.472303878 -0700
++++ b/gcc/testsuite/gfortran.dg/diagnostic-format-json-1.F90 2021-12-14 01:16:01.557942991 -0800
+@@ -9,6 +9,7 @@
+
+ ! { dg-regexp "\"kind\": \"error\"" }
+ ! { dg-regexp "\"column-origin\": 1" }
++! { dg-regexp "\"escape-source\": false" }
+ ! { dg-regexp "\"message\": \"#error message\"" }
+
+ ! { dg-regexp "\"caret\": \{" }
+diff --git a/gcc/testsuite/gfortran.dg/diagnostic-format-json-2.F90 b/gcc/testsuite/gfortran.dg/diagnostic-format-json-2.F90
+--- a/gcc/testsuite/gfortran.dg/diagnostic-format-json-2.F90 2021-07-27 23:55:08.472303878 -0700
++++ b/gcc/testsuite/gfortran.dg/diagnostic-format-json-2.F90 2021-12-14 01:16:01.557942991 -0800
+@@ -9,6 +9,7 @@
+
+ ! { dg-regexp "\"kind\": \"warning\"" }
+ ! { dg-regexp "\"column-origin\": 1" }
++! { dg-regexp "\"escape-source\": false" }
+ ! { dg-regexp "\"message\": \"#warning message\"" }
+ ! { dg-regexp "\"option\": \"-Wcpp\"" }
+ ! { dg-regexp "\"option_url\": \"\[^\n\r\"\]*#index-Wcpp\"" }
+diff --git a/gcc/testsuite/gfortran.dg/diagnostic-format-json-3.F90 b/gcc/testsuite/gfortran.dg/diagnostic-format-json-3.F90
+--- a/gcc/testsuite/gfortran.dg/diagnostic-format-json-3.F90 2021-07-27 23:55:08.472303878 -0700
++++ b/gcc/testsuite/gfortran.dg/diagnostic-format-json-3.F90 2021-12-14 01:16:01.557942991 -0800
+@@ -9,6 +9,7 @@
+
+ ! { dg-regexp "\"kind\": \"error\"" }
+ ! { dg-regexp "\"column-origin\": 1" }
++! { dg-regexp "\"escape-source\": false" }
+ ! { dg-regexp "\"message\": \"#warning message\"" }
+ ! { dg-regexp "\"option\": \"-Werror=cpp\"" }
+ ! { dg-regexp "\"option_url\": \"\[^\n\r\"\]*#index-Wcpp\"" }
+diff --git a/libcpp/charset.c b/libcpp/charset.c
+--- a/libcpp/charset.c 2021-07-27 23:55:08.712307227 -0700
++++ b/libcpp/charset.c 2021-12-14 01:16:01.557942991 -0800
+@@ -1552,12 +1552,14 @@ convert_escape (cpp_reader *pfile, const
+ "unknown escape sequence: '\\%c'", (int) c);
+ else
+ {
++ encoding_rich_location rich_loc (pfile);
++
+ /* diagnostic.c does not support "%03o". When it does, this
+ code can use %03o directly in the diagnostic again. */
+ char buf[32];
+ sprintf(buf, "%03o", (int) c);
+- cpp_error (pfile, CPP_DL_PEDWARN,
+- "unknown escape sequence: '\\%s'", buf);
++ cpp_error_at (pfile, CPP_DL_PEDWARN, &rich_loc,
++ "unknown escape sequence: '\\%s'", buf);
+ }
+ }
+
+@@ -2280,14 +2282,16 @@ cpp_string_location_reader::get_next ()
+ }
+
+ cpp_display_width_computation::
+-cpp_display_width_computation (const char *data, int data_length, int tabstop) :
++cpp_display_width_computation (const char *data, int data_length,
++ const cpp_char_column_policy &policy) :
+ m_begin (data),
+ m_next (m_begin),
+ m_bytes_left (data_length),
+- m_tabstop (tabstop),
++ m_policy (policy),
+ m_display_cols (0)
+ {
+- gcc_assert (m_tabstop > 0);
++ gcc_assert (policy.m_tabstop > 0);
++ gcc_assert (policy.m_width_cb);
+ }
+
+
+@@ -2299,19 +2303,28 @@ cpp_display_width_computation (const cha
+ point to a valid UTF-8-encoded sequence, then it will be treated as a single
+ byte with display width 1. m_cur_display_col is the current display column,
+ relative to which tab stops should be expanded. Returns the display width of
+- the codepoint just processed. */
++ the codepoint just processed.
++ If OUT is non-NULL, it is populated. */
+
+ int
+-cpp_display_width_computation::process_next_codepoint ()
++cpp_display_width_computation::process_next_codepoint (cpp_decoded_char *out)
+ {
+ cppchar_t c;
+ int next_width;
+
++ if (out)
++ out->m_start_byte = m_next;
++
+ if (*m_next == '\t')
+ {
+ ++m_next;
+ --m_bytes_left;
+- next_width = m_tabstop - (m_display_cols % m_tabstop);
++ next_width = m_policy.m_tabstop - (m_display_cols % m_policy.m_tabstop);
++ if (out)
++ {
++ out->m_ch = '\t';
++ out->m_valid_ch = true;
++ }
+ }
+ else if (one_utf8_to_cppchar ((const uchar **) &m_next, &m_bytes_left, &c)
+ != 0)
+@@ -2321,14 +2334,24 @@ cpp_display_width_computation::process_n
+ of one. */
+ ++m_next;
+ --m_bytes_left;
+- next_width = 1;
++ next_width = m_policy.m_undecoded_byte_width;
++ if (out)
++ out->m_valid_ch = false;
+ }
+ else
+ {
+ /* one_utf8_to_cppchar() has updated m_next and m_bytes_left for us. */
+- next_width = cpp_wcwidth (c);
++ next_width = m_policy.m_width_cb (c);
++ if (out)
++ {
++ out->m_ch = c;
++ out->m_valid_ch = true;
++ }
+ }
+
++ if (out)
++ out->m_next_byte = m_next;
++
+ m_display_cols += next_width;
+ return next_width;
+ }
+@@ -2344,7 +2367,7 @@ cpp_display_width_computation::advance_d
+ const int start = m_display_cols;
+ const int target = start + n;
+ while (m_display_cols < target && !done ())
+- process_next_codepoint ();
++ process_next_codepoint (NULL);
+ return m_display_cols - start;
+ }
+
+@@ -2352,29 +2375,33 @@ cpp_display_width_computation::advance_d
+ how many display columns are occupied by the first COLUMN bytes. COLUMN
+ may exceed DATA_LENGTH, in which case the phantom bytes at the end are
+ treated as if they have display width 1. Tabs are expanded to the next tab
+- stop, relative to the start of DATA. */
++ stop, relative to the start of DATA, and non-printable-ASCII characters
++ will be escaped as per POLICY. */
+
+ int
+ cpp_byte_column_to_display_column (const char *data, int data_length,
+- int column, int tabstop)
++ int column,
++ const cpp_char_column_policy &policy)
+ {
+ const int offset = MAX (0, column - data_length);
+- cpp_display_width_computation dw (data, column - offset, tabstop);
++ cpp_display_width_computation dw (data, column - offset, policy);
+ while (!dw.done ())
+- dw.process_next_codepoint ();
++ dw.process_next_codepoint (NULL);
+ return dw.display_cols_processed () + offset;
+ }
+
+ /* For the string of length DATA_LENGTH bytes that begins at DATA, compute
+ the least number of bytes that will result in at least DISPLAY_COL display
+ columns. The return value may exceed DATA_LENGTH if the entire string does
+- not occupy enough display columns. */
++ not occupy enough display columns. Non-printable-ASCII characters
++ will be escaped as per POLICY. */
+
+ int
+ cpp_display_column_to_byte_column (const char *data, int data_length,
+- int display_col, int tabstop)
++ int display_col,
++ const cpp_char_column_policy &policy)
+ {
+- cpp_display_width_computation dw (data, data_length, tabstop);
++ cpp_display_width_computation dw (data, data_length, policy);
+ const int avail_display = dw.advance_display_cols (display_col);
+ return dw.bytes_processed () + MAX (0, display_col - avail_display);
+ }
+diff --git a/libcpp/errors.c b/libcpp/errors.c
+--- a/libcpp/errors.c 2021-07-27 23:55:08.712307227 -0700
++++ b/libcpp/errors.c 2021-12-14 01:16:01.557942991 -0800
+@@ -27,6 +27,31 @@ along with this program; see the file CO
+ #include "cpplib.h"
+ #include "internal.h"
+
++/* Get a location_t for the current location in PFILE,
++ generally that of the previously lexed token. */
++
++location_t
++cpp_diagnostic_get_current_location (cpp_reader *pfile)
++{
++ if (CPP_OPTION (pfile, traditional))
++ {
++ if (pfile->state.in_directive)
++ return pfile->directive_line;
++ else
++ return pfile->line_table->highest_line;
++ }
++ /* We don't want to refer to a token before the beginning of the
++ current run -- that is invalid. */
++ else if (pfile->cur_token == pfile->cur_run->base)
++ {
++ return 0;
++ }
++ else
++ {
++ return pfile->cur_token[-1].src_loc;
++ }
++}
++
+ /* Print a diagnostic at the given location. */
+
+ ATTRIBUTE_FPTR_PRINTF(5,0)
+@@ -52,25 +77,7 @@ cpp_diagnostic (cpp_reader * pfile, enum
+ enum cpp_warning_reason reason,
+ const char *msgid, va_list *ap)
+ {
+- location_t src_loc;
+-
+- if (CPP_OPTION (pfile, traditional))
+- {
+- if (pfile->state.in_directive)
+- src_loc = pfile->directive_line;
+- else
+- src_loc = pfile->line_table->highest_line;
+- }
+- /* We don't want to refer to a token before the beginning of the
+- current run -- that is invalid. */
+- else if (pfile->cur_token == pfile->cur_run->base)
+- {
+- src_loc = 0;
+- }
+- else
+- {
+- src_loc = pfile->cur_token[-1].src_loc;
+- }
++ location_t src_loc = cpp_diagnostic_get_current_location (pfile);
+ rich_location richloc (pfile->line_table, src_loc);
+ return cpp_diagnostic_at (pfile, level, reason, &richloc, msgid, ap);
+ }
+@@ -142,6 +149,43 @@ cpp_warning_syshdr (cpp_reader * pfile,
+
+ va_end (ap);
+ return ret;
++}
++
++/* As cpp_warning above, but use RICHLOC as the location of the diagnostic. */
++
++bool cpp_warning_at (cpp_reader *pfile, enum cpp_warning_reason reason,
++ rich_location *richloc, const char *msgid, ...)
++{
++ va_list ap;
++ bool ret;
++
++ va_start (ap, msgid);
++
++ ret = cpp_diagnostic_at (pfile, CPP_DL_WARNING, reason, richloc,
++ msgid, &ap);
++
++ va_end (ap);
++ return ret;
++
++}
++
++/* As cpp_pedwarning above, but use RICHLOC as the location of the
++ diagnostic. */
++
++bool
++cpp_pedwarning_at (cpp_reader * pfile, enum cpp_warning_reason reason,
++ rich_location *richloc, const char *msgid, ...)
++{
++ va_list ap;
++ bool ret;
++
++ va_start (ap, msgid);
++
++ ret = cpp_diagnostic_at (pfile, CPP_DL_PEDWARN, reason, richloc,
++ msgid, &ap);
++
++ va_end (ap);
++ return ret;
+ }
+
+ /* Print a diagnostic at a specific location. */
+diff --git a/libcpp/include/cpplib.h b/libcpp/include/cpplib.h
+--- a/libcpp/include/cpplib.h 2021-12-13 23:23:05.768437079 -0800
++++ b/libcpp/include/cpplib.h 2021-12-14 01:20:16.189507386 -0800
+@@ -1275,6 +1275,14 @@ extern bool cpp_warning_syshdr (cpp_read
+ const char *msgid, ...)
+ ATTRIBUTE_PRINTF_3;
+
++/* As their counterparts above, but use RICHLOC. */
++extern bool cpp_warning_at (cpp_reader *, enum cpp_warning_reason,
++ rich_location *richloc, const char *msgid, ...)
++ ATTRIBUTE_PRINTF_4;
++extern bool cpp_pedwarning_at (cpp_reader *, enum cpp_warning_reason,
++ rich_location *richloc, const char *msgid, ...)
++ ATTRIBUTE_PRINTF_4;
++
+ /* Output a diagnostic with "MSGID: " preceding the
+ error string of errno. No location is printed. */
+ extern bool cpp_errno (cpp_reader *, enum cpp_diagnostic_level,
+@@ -1435,42 +1443,95 @@ extern const char * cpp_get_userdef_suff
+
+ /* In charset.c */
+
++/* The result of attempting to decode a run of UTF-8 bytes. */
++
++struct cpp_decoded_char
++{
++ const char *m_start_byte;
++ const char *m_next_byte;
++
++ bool m_valid_ch;
++ cppchar_t m_ch;
++};
++
++/* Information for mapping between code points and display columns.
++
++ This is a tabstop value, along with a callback for getting the
++ widths of characters. Normally this callback is cpp_wcwidth, but we
++ support other schemes for escaping non-ASCII unicode as a series of
++ ASCII chars when printing the user's source code in diagnostic-show-locus.c
++
++ For example, consider:
++ - the Unicode character U+03C0 "GREEK SMALL LETTER PI" (UTF-8: 0xCF 0x80)
++ - the Unicode character U+1F642 "SLIGHTLY SMILING FACE"
++ (UTF-8: 0xF0 0x9F 0x99 0x82)
++ - the byte 0xBF (a stray trailing byte of a UTF-8 character)
++ Normally U+03C0 would occupy one display column, U+1F642
++ would occupy two display columns, and the stray byte would be
++ printed verbatim as one display column.
++
++ However when escaping them as unicode code points as "<U+03C0>"
++ and "<U+1F642>" they occupy 8 and 9 display columns respectively,
++ and when escaping them as bytes as "<CF><80>" and "<F0><9F><99><82>"
++ they occupy 8 and 16 display columns respectively. In both cases
++ the stray byte is escaped to <BF> as 4 display columns. */
++
++struct cpp_char_column_policy
++{
++ cpp_char_column_policy (int tabstop,
++ int (*width_cb) (cppchar_t c))
++ : m_tabstop (tabstop),
++ m_undecoded_byte_width (1),
++ m_width_cb (width_cb)
++ {}
++
++ int m_tabstop;
++ /* Width in display columns of a stray byte that isn't decodable
++ as UTF-8. */
++ int m_undecoded_byte_width;
++ int (*m_width_cb) (cppchar_t c);
++};
++
+ /* A class to manage the state while converting a UTF-8 sequence to cppchar_t
+ and computing the display width one character at a time. */
+ class cpp_display_width_computation {
+ public:
+ cpp_display_width_computation (const char *data, int data_length,
+- int tabstop);
++ const cpp_char_column_policy &policy);
+ const char *next_byte () const { return m_next; }
+ int bytes_processed () const { return m_next - m_begin; }
+ int bytes_left () const { return m_bytes_left; }
+ bool done () const { return !bytes_left (); }
+ int display_cols_processed () const { return m_display_cols; }
+
+- int process_next_codepoint ();
++ int process_next_codepoint (cpp_decoded_char *out);
+ int advance_display_cols (int n);
+
+ private:
+ const char *const m_begin;
+ const char *m_next;
+ size_t m_bytes_left;
+- const int m_tabstop;
++ const cpp_char_column_policy &m_policy;
+ int m_display_cols;
+ };
+
+ /* Convenience functions that are simple use cases for class
+ cpp_display_width_computation. Tab characters will be expanded to spaces
+- as determined by TABSTOP. */
++ as determined by POLICY.m_tabstop, and non-printable-ASCII characters
++ will be escaped as per POLICY. */
++
+ int cpp_byte_column_to_display_column (const char *data, int data_length,
+- int column, int tabstop);
++ int column,
++ const cpp_char_column_policy &policy);
+ inline int cpp_display_width (const char *data, int data_length,
+- int tabstop)
++ const cpp_char_column_policy &policy)
+ {
+ return cpp_byte_column_to_display_column (data, data_length, data_length,
+- tabstop);
++ policy);
+ }
+ int cpp_display_column_to_byte_column (const char *data, int data_length,
+- int display_col, int tabstop);
++ int display_col,
++ const cpp_char_column_policy &policy);
+ int cpp_wcwidth (cppchar_t c);
+
+ #endif /* ! LIBCPP_CPPLIB_H */
+diff --git a/libcpp/include/line-map.h b/libcpp/include/line-map.h
+--- a/libcpp/include/line-map.h 2021-07-27 23:55:08.716307283 -0700
++++ b/libcpp/include/line-map.h 2021-12-14 01:16:01.557942991 -0800
+@@ -1781,6 +1781,18 @@ class rich_location
+ const diagnostic_path *get_path () const { return m_path; }
+ void set_path (const diagnostic_path *path) { m_path = path; }
+
++ /* A flag for hinting that the diagnostic involves character encoding
++ issues, and thus that it will be helpful to the user if we show some
++ representation of how the characters in the pertinent source lines
++ are encoded.
++ The default is false (i.e. do not escape).
++ When set to true, non-ASCII bytes in the pertinent source lines will
++ be escaped in a manner controlled by the user-supplied option
++ -fdiagnostics-escape-format=, so that the user can better understand
++ what's going on with the encoding in their source file. */
++ bool escape_on_output_p () const { return m_escape_on_output; }
++ void set_escape_on_output (bool flag) { m_escape_on_output = flag; }
++
+ private:
+ bool reject_impossible_fixit (location_t where);
+ void stop_supporting_fixits ();
+@@ -1807,6 +1819,7 @@ protected:
+ bool m_fixits_cannot_be_auto_applied;
+
+ const diagnostic_path *m_path;
++ bool m_escape_on_output;
+ };
+
+ /* A struct for the result of range_label::get_text: a NUL-terminated buffer
+diff --git a/libcpp/internal.h b/libcpp/internal.h
+--- a/libcpp/internal.h 2021-12-13 23:23:05.768437079 -0800
++++ b/libcpp/internal.h 2021-12-14 01:16:01.557942991 -0800
+@@ -776,6 +776,9 @@ extern void _cpp_do_file_change (cpp_rea
+ extern void _cpp_pop_buffer (cpp_reader *);
+ extern char *_cpp_bracket_include (cpp_reader *);
+
++/* In errors.c */
++extern location_t cpp_diagnostic_get_current_location (cpp_reader *);
++
+ /* In traditional.c. */
+ extern bool _cpp_scan_out_logical_line (cpp_reader *, cpp_macro *, bool);
+ extern bool _cpp_read_logical_line_trad (cpp_reader *);
+@@ -942,6 +945,26 @@ int linemap_get_expansion_line (class li
+ const char* linemap_get_expansion_filename (class line_maps *,
+ location_t);
+
++/* A subclass of rich_location for emitting a diagnostic
++ at the current location of the reader, but flagging
++ it with set_escape_on_output (true). */
++class encoding_rich_location : public rich_location
++{
++ public:
++ encoding_rich_location (cpp_reader *pfile)
++ : rich_location (pfile->line_table,
++ cpp_diagnostic_get_current_location (pfile))
++ {
++ set_escape_on_output (true);
++ }
++
++ encoding_rich_location (cpp_reader *pfile, location_t loc)
++ : rich_location (pfile->line_table, loc)
++ {
++ set_escape_on_output (true);
++ }
++};
++
+ #ifdef __cplusplus
+ }
+ #endif
+diff --git a/libcpp/lex.c b/libcpp/lex.c
+--- a/libcpp/lex.c 2021-12-14 01:14:48.435225968 -0800
++++ b/libcpp/lex.c 2021-12-14 01:24:37.220995816 -0800
+@@ -1774,7 +1774,11 @@ skip_whitespace (cpp_reader *pfile, cppc
+ while (is_nvspace (c));
+
+ if (saw_NUL)
+- cpp_error (pfile, CPP_DL_WARNING, "null character(s) ignored");
++ {
++ encoding_rich_location rich_loc (pfile);
++ cpp_error_at (pfile, CPP_DL_WARNING, &rich_loc,
++ "null character(s) ignored");
++ }
+
+ buffer->cur--;
+ }
+@@ -1803,6 +1807,28 @@ warn_about_normalization (cpp_reader *pf
+ if (CPP_OPTION (pfile, warn_normalize) < NORMALIZE_STATE_RESULT (s)
+ && !pfile->state.skipping)
+ {
++ location_t loc = token->src_loc;
++
++ /* If possible, create a location range for the token. */
++ if (loc >= RESERVED_LOCATION_COUNT
++ && token->type != CPP_EOF
++ /* There must be no line notes to process. */
++ && (!(pfile->buffer->cur
++ >= pfile->buffer->notes[pfile->buffer->cur_note].pos
++ && !pfile->overlaid_buffer)))
++ {
++ source_range tok_range;
++ tok_range.m_start = loc;
++ tok_range.m_finish
++ = linemap_position_for_column (pfile->line_table,
++ CPP_BUF_COLUMN (pfile->buffer,
++ pfile->buffer->cur));
++ loc = COMBINE_LOCATION_DATA (pfile->line_table,
++ loc, tok_range, NULL);
++ }
++
++ encoding_rich_location rich_loc (pfile, loc);
++
+ /* Make sure that the token is printed using UCNs, even
+ if we'd otherwise happily print UTF-8. */
+ unsigned char *buf = XNEWVEC (unsigned char, cpp_token_len (token));
+@@ -1810,11 +1836,11 @@ warn_about_normalization (cpp_reader *pf
+
+ sz = cpp_spell_token (pfile, token, buf, false) - buf;
+ if (NORMALIZE_STATE_RESULT (s) == normalized_C)
+- cpp_warning_with_line (pfile, CPP_W_NORMALIZE, token->src_loc, 0,
+- "`%.*s' is not in NFKC", (int) sz, buf);
++ cpp_warning_at (pfile, CPP_W_NORMALIZE, &rich_loc,
++ "`%.*s' is not in NFKC", (int) sz, buf);
+ else
+- cpp_warning_with_line (pfile, CPP_W_NORMALIZE, token->src_loc, 0,
+- "`%.*s' is not in NFC", (int) sz, buf);
++ cpp_warning_at (pfile, CPP_W_NORMALIZE, &rich_loc,
++ "`%.*s' is not in NFC", (int) sz, buf);
+ free (buf);
+ }
+ }
+diff --git a/libcpp/line-map.c b/libcpp/line-map.c
+--- a/libcpp/line-map.c 2021-07-27 23:55:08.716307283 -0700
++++ b/libcpp/line-map.c 2021-12-14 01:16:01.561942921 -0800
+@@ -2086,7 +2086,8 @@ rich_location::rich_location (line_maps
+ m_fixit_hints (),
+ m_seen_impossible_fixit (false),
+ m_fixits_cannot_be_auto_applied (false),
+- m_path (NULL)
++ m_path (NULL),
++ m_escape_on_output (false)
+ {
+ add_range (loc, SHOW_RANGE_WITH_CARET, label);
+ }
diff --git a/meta/recipes-devtools/gcc/gcc/0001-CVE-2021-46195.patch b/meta/recipes-devtools/gcc/gcc/0001-CVE-2021-46195.patch
new file mode 100644
index 0000000000..7b3651c73e
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc/0001-CVE-2021-46195.patch
@@ -0,0 +1,128 @@
+From f10bec5ffa487ad3033ed5f38cfd0fc7d696deab Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 31 Jan 2022 14:28:42 +0000
+Subject: [PATCH] libiberty: Fix infinite recursion in rust demangler.
+
+libiberty/
+ PR demangler/98886
+ PR demangler/99935
+ * rust-demangle.c (struct rust_demangler): Add a recursion
+ counter.
+ (demangle_path): Increment/decrement the recursion counter upon
+ entry and exit. Fail if the counter exceeds a fixed limit.
+ (demangle_type): Likewise.
+ (rust_demangle_callback): Initialise the recursion counter,
+ disabling if requested by the option flags.
+
+CVE: CVE-2021-46195
+Upstream-Status: Backport
+[https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab]
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+---
+ libiberty/rust-demangle.c | 47 ++++++++++++++++++++++++++++++++++-----
+ 1 file changed, 41 insertions(+), 6 deletions(-)
+
+diff --git a/libiberty/rust-demangle.c b/libiberty/rust-demangle.c
+index 18c760491bd..3b24d63892a 100644
+--- a/libiberty/rust-demangle.c
++++ b/libiberty/rust-demangle.c
+@@ -74,6 +74,12 @@ struct rust_demangler
+ /* Rust mangling version, with legacy mangling being -1. */
+ int version;
+
++ /* Recursion depth. */
++ unsigned int recursion;
++ /* Maximum number of times demangle_path may be called recursively. */
++#define RUST_MAX_RECURSION_COUNT 1024
++#define RUST_NO_RECURSION_LIMIT ((unsigned int) -1)
++
+ uint64_t bound_lifetime_depth;
+ };
+
+@@ -671,6 +677,15 @@ demangle_path (struct rust_demangler *rdm, int in_value)
+ if (rdm->errored)
+ return;
+
++ if (rdm->recursion != RUST_NO_RECURSION_LIMIT)
++ {
++ ++ rdm->recursion;
++ if (rdm->recursion > RUST_MAX_RECURSION_COUNT)
++ /* FIXME: There ought to be a way to report
++ that the recursion limit has been reached. */
++ goto fail_return;
++ }
++
+ switch (tag = next (rdm))
+ {
+ case 'C':
+@@ -688,10 +703,7 @@ demangle_path (struct rust_demangler *rdm, int in_value)
+ case 'N':
+ ns = next (rdm);
+ if (!ISLOWER (ns) && !ISUPPER (ns))
+- {
+- rdm->errored = 1;
+- return;
+- }
++ goto fail_return;
+
+ demangle_path (rdm, in_value);
+
+@@ -776,9 +788,15 @@ demangle_path (struct rust_demangler *rdm, int in_value)
+ }
+ break;
+ default:
+- rdm->errored = 1;
+- return;
++ goto fail_return;
+ }
++ goto pass_return;
++
++ fail_return:
++ rdm->errored = 1;
++ pass_return:
++ if (rdm->recursion != RUST_NO_RECURSION_LIMIT)
++ -- rdm->recursion;
+ }
+
+ static void
+@@ -870,6 +888,19 @@ demangle_type (struct rust_demangler *rdm)
+ return;
+ }
+
++ if (rdm->recursion != RUST_NO_RECURSION_LIMIT)
++ {
++ ++ rdm->recursion;
++ if (rdm->recursion > RUST_MAX_RECURSION_COUNT)
++ /* FIXME: There ought to be a way to report
++ that the recursion limit has been reached. */
++ {
++ rdm->errored = 1;
++ -- rdm->recursion;
++ return;
++ }
++ }
++
+ switch (tag)
+ {
+ case 'R':
+@@ -1030,6 +1061,9 @@ demangle_type (struct rust_demangler *rdm)
+ rdm->next--;
+ demangle_path (rdm, 0);
+ }
++
++ if (rdm->recursion != RUST_NO_RECURSION_LIMIT)
++ -- rdm->recursion;
+ }
+
+ /* A trait in a trait object may have some "existential projections"
+@@ -1320,6 +1354,7 @@ rust_demangle_callback (const char *mangled, int options,
+ rdm.skipping_printing = 0;
+ rdm.verbose = (options & DMGL_VERBOSE) != 0;
+ rdm.version = 0;
++ rdm.recursion = (options & DMGL_NO_RECURSE_LIMIT) ? RUST_NO_RECURSION_LIMIT : 0;
+ rdm.bound_lifetime_depth = 0;
+
+ /* Rust symbols always start with _R (v0) or _ZN (legacy). */
+--
+2.27.0
+
diff --git a/meta/recipes-devtools/gcc/gcc/0002-CVE-2021-35465.patch b/meta/recipes-devtools/gcc/gcc/0002-CVE-2021-35465.patch
new file mode 100644
index 0000000000..98841e6d7c
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc/0002-CVE-2021-35465.patch
@@ -0,0 +1,39 @@
+From 574e7950bd6b34e9e2cacce18c802b45505d1d0a Mon Sep 17 00:00:00 2001
+From: Richard Earnshaw <rearnsha@arm.com>
+Date: Fri, 18 Jun 2021 17:16:25 +0100
+Subject: [PATCH] arm: add erratum mitigation to __gnu_cmse_nonsecure_call
+ [PR102035]
+
+Add the recommended erratum mitigation sequence to
+__gnu_cmse_nonsecure_call for use on Armv8-m.main devices. Since this
+is in the library code we cannot know in advance whether the core we
+are running on will be affected by this, so always enable it.
+
+libgcc:
+ PR target/102035
+ * config/arm/cmse_nonsecure_call.S (__gnu_cmse_nonsecure_call):
+ Add vlldm erratum work-around.
+
+CVE: CVE-2021-35465
+Upstream-Status: Backport[https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=574e7950bd6b34e9e2cacce18c802b45505d1d0a]
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+
+---
+ libgcc/config/arm/cmse_nonsecure_call.S | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/libgcc/config/arm/cmse_nonsecure_call.S b/libgcc/config/arm/cmse_nonsecure_call.S
+--- a/libgcc/config/arm/cmse_nonsecure_call.S
++++ b/libgcc/config/arm/cmse_nonsecure_call.S
+@@ -102,6 +102,11 @@ blxns r4
+ #ifdef __ARM_PCS_VFP
+ vpop.f64 {d8-d15}
+ #else
++/* VLLDM erratum mitigation sequence. */
++mrs r5, control
++tst r5, #8 /* CONTROL_S.SFPA */
++it ne
++.inst.w 0xeeb00a40 /* vmovne s0, s0 */
+ vlldm sp /* Lazy restore of d0-d16 and FPSCR. */
+ add sp, sp, #0x88 /* Free space used to save floating point registers. */
+ #endif /* __ARM_PCS_VFP */
diff --git a/meta/recipes-devtools/gcc/gcc/0002-CVE-2021-42574.patch b/meta/recipes-devtools/gcc/gcc/0002-CVE-2021-42574.patch
new file mode 100644
index 0000000000..9bad81d4d0
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc/0002-CVE-2021-42574.patch
@@ -0,0 +1,1765 @@
+From 51c500269bf53749b107807d84271385fad35628 Mon Sep 17 00:00:00 2001
+From: Marek Polacek <polacek@redhat.com>
+Date: Wed, 6 Oct 2021 14:33:59 -0400
+Subject: [PATCH] libcpp: Implement -Wbidi-chars for CVE-2021-42574 [PR103026]
+
+From a link below:
+"An issue was discovered in the Bidirectional Algorithm in the Unicode
+Specification through 14.0. It permits the visual reordering of
+characters via control sequences, which can be used to craft source code
+that renders different logic than the logical ordering of tokens
+ingested by compilers and interpreters. Adversaries can leverage this to
+encode source code for compilers accepting Unicode such that targeted
+vulnerabilities are introduced invisibly to human reviewers."
+
+More info:
+https://nvd.nist.gov/vuln/detail/CVE-2021-42574
+https://trojansource.codes/
+
+This is not a compiler bug. However, to mitigate the problem, this patch
+implements -Wbidi-chars=[none|unpaired|any] to warn about possibly
+misleading Unicode bidirectional control characters the preprocessor may
+encounter.
+
+The default is =unpaired, which warns about improperly terminated
+bidirectional control characters; e.g. a LRE without its corresponding PDF.
+The level =any warns about any use of bidirectional control characters.
+
+This patch handles both UCNs and UTF-8 characters. UCNs designating
+bidi characters in identifiers are accepted since r204886. Then r217144
+enabled -fextended-identifiers by default. Extended characters in C/C++
+identifiers have been accepted since r275979. However, this patch still
+warns about mixing UTF-8 and UCN bidi characters; there seems to be no
+good reason to allow mixing them.
+
+We warn in different contexts: comments (both C and C++-style), string
+literals, character constants, and identifiers. Expectedly, UCNs are ignored
+in comments and raw string literals. The bidirectional control characters
+can nest so this patch handles that as well.
+
+I have not included nor tested this at all with Fortran (which also has
+string literals and line comments).
+
+Dave M. posted patches improving diagnostic involving Unicode characters.
+This patch does not make use of this new infrastructure yet.
+
+ PR preprocessor/103026
+
+gcc/c-family/ChangeLog:
+
+ * c.opt (Wbidi-chars, Wbidi-chars=): New option.
+
+gcc/ChangeLog:
+
+ * doc/invoke.texi: Document -Wbidi-chars.
+
+libcpp/ChangeLog:
+
+ * include/cpplib.h (enum cpp_bidirectional_level): New.
+ (struct cpp_options): Add cpp_warn_bidirectional.
+ (enum cpp_warning_reason): Add CPP_W_BIDIRECTIONAL.
+ * internal.h (struct cpp_reader): Add warn_bidi_p member
+ function.
+ * init.c (cpp_create_reader): Set cpp_warn_bidirectional.
+ * lex.c (bidi): New namespace.
+ (get_bidi_utf8): New function.
+ (get_bidi_ucn): Likewise.
+ (maybe_warn_bidi_on_close): Likewise.
+ (maybe_warn_bidi_on_char): Likewise.
+ (_cpp_skip_block_comment): Implement warning about bidirectional
+ control characters.
+ (skip_line_comment): Likewise.
+ (forms_identifier_p): Likewise.
+ (lex_identifier): Likewise.
+ (lex_string): Likewise.
+ (lex_raw_string): Likewise.
+
+gcc/testsuite/ChangeLog:
+
+ * c-c++-common/Wbidi-chars-1.c: New test.
+ * c-c++-common/Wbidi-chars-2.c: New test.
+ * c-c++-common/Wbidi-chars-3.c: New test.
+ * c-c++-common/Wbidi-chars-4.c: New test.
+ * c-c++-common/Wbidi-chars-5.c: New test.
+ * c-c++-common/Wbidi-chars-6.c: New test.
+ * c-c++-common/Wbidi-chars-7.c: New test.
+ * c-c++-common/Wbidi-chars-8.c: New test.
+ * c-c++-common/Wbidi-chars-9.c: New test.
+ * c-c++-common/Wbidi-chars-10.c: New test.
+ * c-c++-common/Wbidi-chars-11.c: New test.
+ * c-c++-common/Wbidi-chars-12.c: New test.
+ * c-c++-common/Wbidi-chars-13.c: New test.
+ * c-c++-common/Wbidi-chars-14.c: New test.
+ * c-c++-common/Wbidi-chars-15.c: New test.
+ * c-c++-common/Wbidi-chars-16.c: New test.
+ * c-c++-common/Wbidi-chars-17.c: New test.
+
+CVE: CVE-2021-42574
+Upstream-Status: Backport [https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=51c500269bf53749b107807d84271385fad35628]
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+
+---
+ gcc/c-family/c.opt | 24 ++
+ gcc/doc/invoke.texi | 21 +-
+ gcc/testsuite/c-c++-common/Wbidi-chars-1.c | 12 +
+ gcc/testsuite/c-c++-common/Wbidi-chars-10.c | 27 ++
+ gcc/testsuite/c-c++-common/Wbidi-chars-11.c | 13 +
+ gcc/testsuite/c-c++-common/Wbidi-chars-12.c | 19 +
+ gcc/testsuite/c-c++-common/Wbidi-chars-13.c | 17 +
+ gcc/testsuite/c-c++-common/Wbidi-chars-14.c | 38 ++
+ gcc/testsuite/c-c++-common/Wbidi-chars-15.c | 59 +++
+ gcc/testsuite/c-c++-common/Wbidi-chars-16.c | 26 ++
+ gcc/testsuite/c-c++-common/Wbidi-chars-17.c | 30 ++
+ gcc/testsuite/c-c++-common/Wbidi-chars-2.c | 9 +
+ gcc/testsuite/c-c++-common/Wbidi-chars-3.c | 11 +
+ gcc/testsuite/c-c++-common/Wbidi-chars-4.c | 188 +++++++++
+ gcc/testsuite/c-c++-common/Wbidi-chars-5.c | 188 +++++++++
+ gcc/testsuite/c-c++-common/Wbidi-chars-6.c | 155 ++++++++
+ gcc/testsuite/c-c++-common/Wbidi-chars-7.c | 9 +
+ gcc/testsuite/c-c++-common/Wbidi-chars-8.c | 13 +
+ gcc/testsuite/c-c++-common/Wbidi-chars-9.c | 29 ++
+ libcpp/include/cpplib.h | 18 +-
+ libcpp/init.c | 1 +
+ libcpp/internal.h | 7 +
+ libcpp/lex.c | 408 +++++++++++++++++++-
+ 23 files changed, 1315 insertions(+), 7 deletions(-)
+ create mode 100644 gcc/testsuite/c-c++-common/Wbidi-chars-1.c
+ create mode 100644 gcc/testsuite/c-c++-common/Wbidi-chars-10.c
+ create mode 100644 gcc/testsuite/c-c++-common/Wbidi-chars-11.c
+ create mode 100644 gcc/testsuite/c-c++-common/Wbidi-chars-12.c
+ create mode 100644 gcc/testsuite/c-c++-common/Wbidi-chars-13.c
+ create mode 100644 gcc/testsuite/c-c++-common/Wbidi-chars-14.c
+ create mode 100644 gcc/testsuite/c-c++-common/Wbidi-chars-15.c
+ create mode 100644 gcc/testsuite/c-c++-common/Wbidi-chars-16.c
+ create mode 100644 gcc/testsuite/c-c++-common/Wbidi-chars-17.c
+ create mode 100644 gcc/testsuite/c-c++-common/Wbidi-chars-2.c
+ create mode 100644 gcc/testsuite/c-c++-common/Wbidi-chars-3.c
+ create mode 100644 gcc/testsuite/c-c++-common/Wbidi-chars-4.c
+ create mode 100644 gcc/testsuite/c-c++-common/Wbidi-chars-5.c
+ create mode 100644 gcc/testsuite/c-c++-common/Wbidi-chars-6.c
+ create mode 100644 gcc/testsuite/c-c++-common/Wbidi-chars-7.c
+ create mode 100644 gcc/testsuite/c-c++-common/Wbidi-chars-8.c
+ create mode 100644 gcc/testsuite/c-c++-common/Wbidi-chars-9.c
+
+diff --git a/gcc/c-family/c.opt b/gcc/c-family/c.opt
+index 8a4cd634f77..3976fc368db 100644
+--- a/gcc/c-family/c.opt
++++ b/gcc/c-family/c.opt
+@@ -370,6 +370,30 @@ Wbad-function-cast
+ C ObjC Var(warn_bad_function_cast) Warning
+ Warn about casting functions to incompatible types.
+
++Wbidi-chars
++C ObjC C++ ObjC++ Warning Alias(Wbidi-chars=,any,none)
++;
++
++Wbidi-chars=
++C ObjC C++ ObjC++ RejectNegative Joined Warning CPP(cpp_warn_bidirectional) CppReason(CPP_W_BIDIRECTIONAL) Var(warn_bidirectional) Init(bidirectional_unpaired) Enum(cpp_bidirectional_level)
++-Wbidi-chars=[none|unpaired|any] Warn about UTF-8 bidirectional control characters.
++
++; Required for these enum values.
++SourceInclude
++cpplib.h
++
++Enum
++Name(cpp_bidirectional_level) Type(int) UnknownError(argument %qs to %<-Wbidi-chars%> not recognized)
++
++EnumValue
++Enum(cpp_bidirectional_level) String(none) Value(bidirectional_none)
++
++EnumValue
++Enum(cpp_bidirectional_level) String(unpaired) Value(bidirectional_unpaired)
++
++EnumValue
++Enum(cpp_bidirectional_level) String(any) Value(bidirectional_any)
++
+ Wbool-compare
+ C ObjC C++ ObjC++ Var(warn_bool_compare) Warning LangEnabledBy(C ObjC C++ ObjC++,Wall)
+ Warn about boolean expression compared with an integer value different from true/false.
+diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
+index 6070288856c..a22758d18ee 100644
+--- a/gcc/doc/invoke.texi
++++ b/gcc/doc/invoke.texi
+@@ -326,7 +326,9 @@ Objective-C and Objective-C++ Dialects}.
+ -Warith-conversion @gol
+ -Warray-bounds -Warray-bounds=@var{n} @gol
+ -Wno-attributes -Wattribute-alias=@var{n} -Wno-attribute-alias @gol
+--Wno-attribute-warning -Wbool-compare -Wbool-operation @gol
++-Wno-attribute-warning @gol
++-Wbidi-chars=@r{[}none@r{|}unpaired@r{|}any@r{]} @gol
++-Wbool-compare -Wbool-operation @gol
+ -Wno-builtin-declaration-mismatch @gol
+ -Wno-builtin-macro-redefined -Wc90-c99-compat -Wc99-c11-compat @gol
+ -Wc11-c2x-compat @gol
+@@ -7559,6 +7561,23 @@ Attributes considered include @code{allo
+ This is the default. You can disable these warnings with either
+ @option{-Wno-attribute-alias} or @option{-Wattribute-alias=0}.
+
++@item -Wbidi-chars=@r{[}none@r{|}unpaired@r{|}any@r{]}
++@opindex Wbidi-chars=
++@opindex Wbidi-chars
++@opindex Wno-bidi-chars
++Warn about possibly misleading UTF-8 bidirectional control characters in
++comments, string literals, character constants, and identifiers. Such
++characters can change left-to-right writing direction into right-to-left
++(and vice versa), which can cause confusion between the logical order and
++visual order. This may be dangerous; for instance, it may seem that a piece
++of code is not commented out, whereas it in fact is.
++
++There are three levels of warning supported by GCC@. The default is
++@option{-Wbidi-chars=unpaired}, which warns about improperly terminated
++bidi contexts. @option{-Wbidi-chars=none} turns the warning off.
++@option{-Wbidi-chars=any} warns about any use of bidirectional control
++characters.
++
+ @item -Wbool-compare
+ @opindex Wno-bool-compare
+ @opindex Wbool-compare
+diff --git a/gcc/testsuite/c-c++-common/Wbidi-chars-10.c b/gcc/testsuite/c-c++-common/Wbidi-chars-10.c
+new file mode 100644
+index 00000000000..34f5ac19271
+--- /dev/null
++++ b/gcc/testsuite/c-c++-common/Wbidi-chars-10.c
+@@ -0,0 +1,27 @@
++/* PR preprocessor/103026 */
++/* { dg-do compile } */
++/* { dg-options "-Wbidi-chars=unpaired" } */
++/* More nesting testing. */
++
++/* RLEâ« LRI⦠PDF⬠PDIâ©*/
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int LRE_\u202a_PDF_\u202c;
++int LRE_\u202a_PDF_\u202c_LRE_\u202a_PDF_\u202c;
++int LRE_\u202a_LRI_\u2066_PDF_\u202c_PDI_\u2069;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int RLE_\u202b_RLI_\u2067_PDF_\u202c_PDI_\u2069;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int RLE_\u202b_RLI_\u2067_PDI_\u2069_PDF_\u202c;
++int FSI_\u2068_LRO_\u202d_PDI_\u2069_PDF_\u202c;
++int FSI_\u2068;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int FSI_\u2068_PDI_\u2069;
++int FSI_\u2068_FSI_\u2068_PDI_\u2069;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int RLI_\u2067_RLI_\u2067_RLI_\u2067_RLI_\u2067_RLI_\u2067_RLI_\u2067_RLI_\u2067_PDI_\u2069_PDI_\u2069_PDI_\u2069_PDI_\u2069_PDI_\u2069_PDI_\u2069_PDI_\u2069;
++int RLI_\u2067_RLI_\u2067_RLI_\u2067_RLI_\u2067_RLI_\u2067_RLI_\u2067_RLI_\u2067_PDI_\u2069_PDI_\u2069_PDI_\u2069_PDI_\u2069_PDI_\u2069_PDI_\u2069;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int RLI_\u2067_RLI_\u2067_RLI_\u2067_RLI_\u2067_RLI_\u2067_RLI_\u2067_RLI_\u2067_PDI_\u2069_PDI_\u2069_PDI_\u2069_PDI_\u2069_PDI_\u2069_PDI_\u2069_PDF_\u202c;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int RLI_\u2067_RLI_\u2067_RLI_\u2067_RLI_\u2067_FSI_\u2068_PDI_\u2069_PDI_\u2069_PDI_\u2069_PDI_\u2069;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
+diff --git a/gcc/testsuite/c-c++-common/Wbidi-chars-11.c b/gcc/testsuite/c-c++-common/Wbidi-chars-11.c
+new file mode 100644
+index 00000000000..270ce2368a9
+--- /dev/null
++++ b/gcc/testsuite/c-c++-common/Wbidi-chars-11.c
+@@ -0,0 +1,13 @@
++/* PR preprocessor/103026 */
++/* { dg-do compile } */
++/* { dg-options "-Wbidi-chars=unpaired" } */
++/* Test that we warn when mixing UCN and UTF-8. */
++
++int LRE_âª_PDF_\u202c;
++/* { dg-warning "mismatch" "" { target *-*-* } .-1 } */
++int LRE_\u202a_PDF_â¬_;
++/* { dg-warning "mismatch" "" { target *-*-* } .-1 } */
++const char *s1 = "LRE_âª_PDF_\u202c";
++/* { dg-warning "mismatch" "" { target *-*-* } .-1 } */
++const char *s2 = "LRE_\u202a_PDF_â¬";
++/* { dg-warning "mismatch" "" { target *-*-* } .-1 } */
+diff --git a/gcc/testsuite/c-c++-common/Wbidi-chars-12.c b/gcc/testsuite/c-c++-common/Wbidi-chars-12.c
+new file mode 100644
+index 00000000000..b07eec1da91
+--- /dev/null
++++ b/gcc/testsuite/c-c++-common/Wbidi-chars-12.c
+@@ -0,0 +1,19 @@
++/* PR preprocessor/103026 */
++/* { dg-do compile { target { c || c++11 } } } */
++/* { dg-options "-Wbidi-chars=any" } */
++/* Test raw strings. */
++
++const char *s1 = R"(a b c LRE⪠1 2 3 PDF⬠x y z)";
++/* { dg-warning "U\\+202A" "" { target *-*-* } .-1 } */
++const char *s2 = R"(a b c RLE⫠1 2 3 PDF⬠x y z)";
++/* { dg-warning "U\\+202B" "" { target *-*-* } .-1 } */
++const char *s3 = R"(a b c LRO⭠1 2 3 PDF⬠x y z)";
++/* { dg-warning "U\\+202D" "" { target *-*-* } .-1 } */
++const char *s4 = R"(a b c RLO⮠1 2 3 PDF⬠x y z)";
++/* { dg-warning "U\\+202E" "" { target *-*-* } .-1 } */
++const char *s7 = R"(a b c FSI⨠1 2 3 PDI⩠x y) z";
++/* { dg-warning "U\\+2068" "" { target *-*-* } .-1 } */
++const char *s8 = R"(a b c PDIâ© x y )z";
++/* { dg-warning "U\\+2069" "" { target *-*-* } .-1 } */
++const char *s9 = R"(a b c PDF⬠x y z)";
++/* { dg-warning "U\\+202C" "" { target *-*-* } .-1 } */
+diff -uprN '-x*.orig' '-x*.rej' del/gcc-11.2.0/gcc/testsuite/c-c++-common/Wbidi-chars-13.c gcc-11.2.0/gcc/testsuite/c-c++-common/Wbidi-chars-13.c
+--- del/gcc-11.2.0/gcc/testsuite/c-c++-common/Wbidi-chars-13.c 1969-12-31 16:00:00.000000000 -0800
++++ gcc-11.2.0/gcc/testsuite/c-c++-common/Wbidi-chars-13.c 2021-12-13 23:11:22.328439287 -0800
+@@ -0,0 +1,17 @@
++/* PR preprocessor/103026 */
++/* { dg-do compile { target { c || c++11 } } } */
++/* { dg-options "-Wbidi-chars=unpaired" } */
++/* Test raw strings. */
++
++const char *s1 = R"(a b c LRE⪠1 2 3)";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++const char *s2 = R"(a b c RLEâ« 1 2 3)";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++const char *s3 = R"(a b c LROâ­ 1 2 3)";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++const char *s4 = R"(a b c FSI⨠1 2 3)";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++const char *s5 = R"(a b c LRI⦠1 2 3)";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++const char *s6 = R"(a b c RLI⧠1 2 3)";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
+diff --git a/gcc/testsuite/c-c++-common/Wbidi-chars-14.c b/gcc/testsuite/c-c++-common/Wbidi-chars-14.c
+new file mode 100644
+index 00000000000..ba5f75d9553
+--- /dev/null
++++ b/gcc/testsuite/c-c++-common/Wbidi-chars-14.c
+@@ -0,0 +1,38 @@
++/* PR preprocessor/103026 */
++/* { dg-do compile } */
++/* { dg-options "-Wbidi-chars=unpaired" } */
++/* Test PDI handling, which also pops any subsequent LREs, RLEs, LROs,
++ or RLOs. */
++
++/* LRI_â¦_LRI_â¦_RLE_â«_RLE_â«_RLE_â«_PDI_â©*/
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++// LRI_â¦_RLE_â«_RLE_â«_RLE_â«_PDI_â©
++// LRI_â¦_RLO_â®_RLE_â«_RLE_â«_PDI_â©
++// LRI_â¦_RLO_â®_RLE_â«_PDI_â©
++// FSI_â¨_RLO_â®_PDI_â©
++// FSI_â¨_FSI_â¨_RLO_â®_PDI_â©
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++
++int LRI_\u2066_LRI_\u2066_LRE_\u202a_LRE_\u202a_LRE_\u202a_PDI_\u2069;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int LRI_\u2066_LRI_\u2066_LRE_\u202a_LRE_\u202a_LRE_\u202a_PDI_\u2069_PDI_\u2069;
++int LRI_\u2066_LRI_\u2066_LRI_\u2066_LRE_\u202a_LRE_\u202a_LRE_\u202a_PDI_\u2069_PDI_\u2069;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int PDI_\u2069;
++int LRI_\u2066_PDI_\u2069;
++int RLI_\u2067_PDI_\u2069;
++int LRE_\u202a_LRI_\u2066_PDI_\u2069;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int LRI_\u2066_LRE_\u202a_PDF_\u202c_PDI_\u2069;
++int LRI_\u2066_LRE_\u202a_LRE_\u202a_PDF_\u202c_PDI_\u2069;
++int RLI_\u2067_LRI_\u2066_LRE_\u202a_LRE_\u202a_PDF_\u202c_PDI_\u2069;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int FSI_\u2068_LRI_\u2066_LRE_\u202a_LRE_\u202a_PDF_\u202c_PDI_\u2069;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int RLO_\u202e_PDI_\u2069;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int RLI_\u2067_PDI_\u2069_RLI_\u2067;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int FSI_\u2068_PDF_\u202c_PDI_\u2069;
++int FSI_\u2068_FSI_\u2068_PDF_\u202c_PDI_\u2069;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
+diff --git a/gcc/testsuite/c-c++-common/Wbidi-chars-15.c b/gcc/testsuite/c-c++-common/Wbidi-chars-15.c
+new file mode 100644
+index 00000000000..a0ce8ff5e2c
+--- /dev/null
++++ b/gcc/testsuite/c-c++-common/Wbidi-chars-15.c
+@@ -0,0 +1,59 @@
++/* PR preprocessor/103026 */
++/* { dg-do compile } */
++/* { dg-options "-Wbidi-chars=unpaired" } */
++/* Test unpaired bidi control chars in multiline comments. */
++
++/*
++ * LRE⪠end
++ */
++/* { dg-warning "unpaired" "" { target *-*-* } .-2 } */
++/*
++ * RLEâ« end
++ */
++/* { dg-warning "unpaired" "" { target *-*-* } .-2 } */
++/*
++ * LROâ­ end
++ */
++/* { dg-warning "unpaired" "" { target *-*-* } .-2 } */
++/*
++ * RLOâ® end
++ */
++/* { dg-warning "unpaired" "" { target *-*-* } .-2 } */
++/*
++ * LRI⦠end
++ */
++/* { dg-warning "unpaired" "" { target *-*-* } .-2 } */
++/*
++ * RLI⧠end
++ */
++/* { dg-warning "unpaired" "" { target *-*-* } .-2 } */
++/*
++ * FSI⨠end
++ */
++/* { dg-warning "unpaired" "" { target *-*-* } .-2 } */
++/* LREâª
++ PDF⬠*/
++/* { dg-warning "unpaired" "" { target *-*-* } .-2 } */
++/* FSIâ¨
++ PDIâ© */
++/* { dg-warning "unpaired" "" { target *-*-* } .-2 } */
++
++/* LRE<âª>
++ *
++ */
++/* { dg-warning "unpaired" "" { target *-*-* } .-3 } */
++
++/*
++ * LRE<âª>
++ */
++/* { dg-warning "unpaired" "" { target *-*-* } .-2 } */
++
++/*
++ *
++ * LRE<âª> */
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++
++/* RLI<â§> */ /* PDI<â©> */
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++/* LRE<âª> */ /* PDF<â¬> */
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
+diff --git a/gcc/testsuite/c-c++-common/Wbidi-chars-16.c b/gcc/testsuite/c-c++-common/Wbidi-chars-16.c
+new file mode 100644
+index 00000000000..baa0159861c
+--- /dev/null
++++ b/gcc/testsuite/c-c++-common/Wbidi-chars-16.c
+@@ -0,0 +1,26 @@
++/* PR preprocessor/103026 */
++/* { dg-do compile } */
++/* { dg-options "-Wbidi-chars=any" } */
++/* Test LTR/RTL chars. */
++
++/* LTR<â> */
++/* { dg-warning "U\\+200E" "" { target *-*-* } .-1 } */
++// LTR<â>
++/* { dg-warning "U\\+200E" "" { target *-*-* } .-1 } */
++/* RTL<â> */
++/* { dg-warning "U\\+200F" "" { target *-*-* } .-1 } */
++// RTL<â>
++/* { dg-warning "U\\+200F" "" { target *-*-* } .-1 } */
++
++const char *s1 = "LTR<â>";
++/* { dg-warning "U\\+200E" "" { target *-*-* } .-1 } */
++const char *s2 = "LTR\u200e";
++/* { dg-warning "U\\+200E" "" { target *-*-* } .-1 } */
++const char *s3 = "LTR\u200E";
++/* { dg-warning "U\\+200E" "" { target *-*-* } .-1 } */
++const char *s4 = "RTL<â>";
++/* { dg-warning "U\\+200F" "" { target *-*-* } .-1 } */
++const char *s5 = "RTL\u200f";
++/* { dg-warning "U\\+200F" "" { target *-*-* } .-1 } */
++const char *s6 = "RTL\u200F";
++/* { dg-warning "U\\+200F" "" { target *-*-* } .-1 } */
+diff --git a/gcc/testsuite/c-c++-common/Wbidi-chars-17.c b/gcc/testsuite/c-c++-common/Wbidi-chars-17.c
+new file mode 100644
+index 00000000000..07cb4321f96
+--- /dev/null
++++ b/gcc/testsuite/c-c++-common/Wbidi-chars-17.c
+@@ -0,0 +1,30 @@
++/* PR preprocessor/103026 */
++/* { dg-do compile } */
++/* { dg-options "-Wbidi-chars=unpaired" } */
++/* Test LTR/RTL chars. */
++
++/* LTR<â> */
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++// LTR<â>
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++/* RTL<â> */
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++// RTL<â>
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int ltr_\u200e;
++/* { dg-error "universal character " "" { target *-*-* } .-1 } */
++int rtl_\u200f;
++/* { dg-error "universal character " "" { target *-*-* } .-1 } */
++
++const char *s1 = "LTR<â>";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++const char *s2 = "LTR\u200e";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++const char *s3 = "LTR\u200E";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++const char *s4 = "RTL<â>";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++const char *s5 = "RTL\u200f";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++const char *s6 = "RTL\u200F";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
+diff --git a/gcc/testsuite/c-c++-common/Wbidi-chars-1.c b/gcc/testsuite/c-c++-common/Wbidi-chars-1.c
+new file mode 100644
+index 00000000000..2340374f276
+--- /dev/null
++++ b/gcc/testsuite/c-c++-common/Wbidi-chars-1.c
+@@ -0,0 +1,12 @@
++/* PR preprocessor/103026 */
++/* { dg-do compile } */
++
++int main() {
++ int isAdmin = 0;
++ /*â® } â¦if (isAdmin)⩠⦠begin admins only */
++/* { dg-warning "bidirectional" "" { target *-*-* } .-1 } */
++ __builtin_printf("You are an admin.\n");
++ /* end admins only â® { â¦*/
++/* { dg-warning "bidirectional" "" { target *-*-* } .-1 } */
++ return 0;
++}
+diff --git a/gcc/testsuite/c-c++-common/Wbidi-chars-2.c b/gcc/testsuite/c-c++-common/Wbidi-chars-2.c
+new file mode 100644
+index 00000000000..2340374f276
+--- /dev/null
++++ b/gcc/testsuite/c-c++-common/Wbidi-chars-2.c
+@@ -0,0 +1,9 @@
++/* PR preprocessor/103026 */
++/* { dg-do compile } */
++
++int main() {
++ /* Say hello; newlineâ§/*/ return 0 ;
++/* { dg-warning "bidirectional" "" { target *-*-* } .-1 } */
++ __builtin_printf("Hello world.\n");
++ return 0;
++}
+diff --git a/gcc/testsuite/c-c++-common/Wbidi-chars-3.c b/gcc/testsuite/c-c++-common/Wbidi-chars-3.c
+new file mode 100644
+index 00000000000..9dc7edb6e64
+--- /dev/null
++++ b/gcc/testsuite/c-c++-common/Wbidi-chars-3.c
+@@ -0,0 +1,11 @@
++/* PR preprocessor/103026 */
++/* { dg-do compile } */
++
++int main() {
++ const char* access_level = "user";
++ if (__builtin_strcmp(access_level, "userâ® â¦// Check if adminâ© â¦")) {
++/* { dg-warning "bidirectional" "" { target *-*-* } .-1 } */
++ __builtin_printf("You are an admin.\n");
++ }
++ return 0;
++}
+diff --git a/gcc/testsuite/c-c++-common/Wbidi-chars-4.c b/gcc/testsuite/c-c++-common/Wbidi-chars-4.c
+new file mode 100644
+index 00000000000..639e5c62e88
+--- /dev/null
++++ b/gcc/testsuite/c-c++-common/Wbidi-chars-4.c
+@@ -0,0 +1,188 @@
++/* PR preprocessor/103026 */
++/* { dg-do compile } */
++/* { dg-options "-Wbidi-chars=any -Wno-multichar -Wno-overflow" } */
++/* Test all bidi chars in various contexts (identifiers, comments,
++ string literals, character constants), both UCN and UTF-8. The bidi
++ chars here are properly terminated, except for the character constants. */
++
++/* a b c LRE⪠1 2 3 PDF⬠x y z */
++/* { dg-warning "U\\+202A" "" { target *-*-* } .-1 } */
++/* a b c RLE⫠1 2 3 PDF⬠x y z */
++/* { dg-warning "U\\+202B" "" { target *-*-* } .-1 } */
++/* a b c LRO⭠1 2 3 PDF⬠x y z */
++/* { dg-warning "U\\+202D" "" { target *-*-* } .-1 } */
++/* a b c RLO⮠1 2 3 PDF⬠x y z */
++/* { dg-warning "U\\+202E" "" { target *-*-* } .-1 } */
++/* a b c LRI⦠1 2 3 PDI⩠x y z */
++/* { dg-warning "U\\+2066" "" { target *-*-* } .-1 } */
++/* a b c RLI⧠1 2 3 PDI⩠x y */
++/* { dg-warning "U\\+2067" "" { target *-*-* } .-1 } */
++/* a b c FSI⨠1 2 3 PDI⩠x y z */
++/* { dg-warning "U\\+2068" "" { target *-*-* } .-1 } */
++
++/* Same but C++ comments instead. */
++// a b c LRE⪠1 2 3 PDF⬠x y z
++/* { dg-warning "U\\+202A" "" { target *-*-* } .-1 } */
++// a b c RLE⫠1 2 3 PDF⬠x y z
++/* { dg-warning "U\\+202B" "" { target *-*-* } .-1 } */
++// a b c LRO⭠1 2 3 PDF⬠x y z
++/* { dg-warning "U\\+202D" "" { target *-*-* } .-1 } */
++// a b c RLO⮠1 2 3 PDF⬠x y z
++/* { dg-warning "U\\+202E" "" { target *-*-* } .-1 } */
++// a b c LRI⦠1 2 3 PDI⩠x y z
++/* { dg-warning "U\\+2066" "" { target *-*-* } .-1 } */
++// a b c RLI⧠1 2 3 PDI⩠x y
++/* { dg-warning "U\\+2067" "" { target *-*-* } .-1 } */
++// a b c FSI⨠1 2 3 PDI⩠x y z
++/* { dg-warning "U\\+2068" "" { target *-*-* } .-1 } */
++
++/* Here we're closing an unopened context, warn when =any. */
++/* a b c PDIâ© x y z */
++/* { dg-warning "U\\+2069" "" { target *-*-* } .-1 } */
++/* a b c PDF⬠x y z */
++/* { dg-warning "U\\+202C" "" { target *-*-* } .-1 } */
++// a b c PDIâ© x y z
++/* { dg-warning "U\\+2069" "" { target *-*-* } .-1 } */
++// a b c PDF⬠x y z
++/* { dg-warning "U\\+202C" "" { target *-*-* } .-1 } */
++
++/* Multiline comments. */
++/* a b c PDIâ© x y z
++ */
++/* { dg-warning "U\\+2069" "" { target *-*-* } .-2 } */
++/* a b c PDF⬠x y z
++ */
++/* { dg-warning "U\\+202C" "" { target *-*-* } .-2 } */
++/* first
++ a b c PDIâ© x y z
++ */
++/* { dg-warning "U\\+2069" "" { target *-*-* } .-2 } */
++/* first
++ a b c PDF⬠x y z
++ */
++/* { dg-warning "U\\+202C" "" { target *-*-* } .-2 } */
++/* first
++ a b c PDIâ© x y z */
++/* { dg-warning "U\\+2069" "" { target *-*-* } .-1 } */
++/* first
++ a b c PDF⬠x y z */
++/* { dg-warning "U\\+202C" "" { target *-*-* } .-1 } */
++
++void
++g1 ()
++{
++ const char *s1 = "a b c LRE⪠1 2 3 PDF⬠x y z";
++/* { dg-warning "U\\+202A" "" { target *-*-* } .-1 } */
++ const char *s2 = "a b c RLE⫠1 2 3 PDF⬠x y z";
++/* { dg-warning "U\\+202B" "" { target *-*-* } .-1 } */
++ const char *s3 = "a b c LRO⭠1 2 3 PDF⬠x y z";
++/* { dg-warning "U\\+202D" "" { target *-*-* } .-1 } */
++ const char *s4 = "a b c RLO⮠1 2 3 PDF⬠x y z";
++/* { dg-warning "U\\+202E" "" { target *-*-* } .-1 } */
++ const char *s5 = "a b c LRI⦠1 2 3 PDI⩠x y z";
++/* { dg-warning "U\\+2066" "" { target *-*-* } .-1 } */
++ const char *s6 = "a b c RLI⧠1 2 3 PDI⩠x y z";
++/* { dg-warning "U\\+2067" "" { target *-*-* } .-1 } */
++ const char *s7 = "a b c FSI⨠1 2 3 PDI⩠x y z";
++/* { dg-warning "U\\+2068" "" { target *-*-* } .-1 } */
++ const char *s8 = "a b c PDIâ© x y z";
++/* { dg-warning "U\\+2069" "" { target *-*-* } .-1 } */
++ const char *s9 = "a b c PDF⬠x y z";
++/* { dg-warning "U\\+202C" "" { target *-*-* } .-1 } */
++
++ const char *s10 = "a b c LRE\u202a 1 2 3 PDF\u202c x y z";
++/* { dg-warning "U\\+202A" "" { target *-*-* } .-1 } */
++ const char *s11 = "a b c LRE\u202A 1 2 3 PDF\u202c x y z";
++/* { dg-warning "U\\+202A" "" { target *-*-* } .-1 } */
++ const char *s12 = "a b c RLE\u202b 1 2 3 PDF\u202c x y z";
++/* { dg-warning "U\\+202B" "" { target *-*-* } .-1 } */
++ const char *s13 = "a b c RLE\u202B 1 2 3 PDF\u202c x y z";
++/* { dg-warning "U\\+202B" "" { target *-*-* } .-1 } */
++ const char *s14 = "a b c LRO\u202d 1 2 3 PDF\u202c x y z";
++/* { dg-warning "U\\+202D" "" { target *-*-* } .-1 } */
++ const char *s15 = "a b c LRO\u202D 1 2 3 PDF\u202c x y z";
++/* { dg-warning "U\\+202D" "" { target *-*-* } .-1 } */
++ const char *s16 = "a b c RLO\u202e 1 2 3 PDF\u202c x y z";
++/* { dg-warning "U\\+202E" "" { target *-*-* } .-1 } */
++ const char *s17 = "a b c RLO\u202E 1 2 3 PDF\u202c x y z";
++/* { dg-warning "U\\+202E" "" { target *-*-* } .-1 } */
++ const char *s18 = "a b c LRI\u2066 1 2 3 PDI\u2069 x y z";
++/* { dg-warning "U\\+2066" "" { target *-*-* } .-1 } */
++ const char *s19 = "a b c RLI\u2067 1 2 3 PDI\u2069 x y z";
++/* { dg-warning "U\\+2067" "" { target *-*-* } .-1 } */
++ const char *s20 = "a b c FSI\u2068 1 2 3 PDI\u2069 x y z";
++/* { dg-warning "U\\+2068" "" { target *-*-* } .-1 } */
++}
++
++void
++g2 ()
++{
++ const char c1 = '\u202a';
++/* { dg-warning "U\\+202A" "" { target *-*-* } .-1 } */
++ const char c2 = '\u202A';
++/* { dg-warning "U\\+202A" "" { target *-*-* } .-1 } */
++ const char c3 = '\u202b';
++/* { dg-warning "U\\+202B" "" { target *-*-* } .-1 } */
++ const char c4 = '\u202B';
++/* { dg-warning "U\\+202B" "" { target *-*-* } .-1 } */
++ const char c5 = '\u202d';
++/* { dg-warning "U\\+202D" "" { target *-*-* } .-1 } */
++ const char c6 = '\u202D';
++/* { dg-warning "U\\+202D" "" { target *-*-* } .-1 } */
++ const char c7 = '\u202e';
++/* { dg-warning "U\\+202E" "" { target *-*-* } .-1 } */
++ const char c8 = '\u202E';
++/* { dg-warning "U\\+202E" "" { target *-*-* } .-1 } */
++ const char c9 = '\u2066';
++/* { dg-warning "U\\+2066" "" { target *-*-* } .-1 } */
++ const char c10 = '\u2067';
++/* { dg-warning "U\\+2067" "" { target *-*-* } .-1 } */
++ const char c11 = '\u2068';
++/* { dg-warning "U\\+2068" "" { target *-*-* } .-1 } */
++}
++
++int aâªbâ¬c;
++/* { dg-warning "U\\+202A" "" { target *-*-* } .-1 } */
++int aâ«bâ¬c;
++/* { dg-warning "U\\+202B" "" { target *-*-* } .-1 } */
++int aâ­bâ¬c;
++/* { dg-warning "U\\+202D" "" { target *-*-* } .-1 } */
++int aâ®bâ¬c;
++/* { dg-warning "U\\+202E" "" { target *-*-* } .-1 } */
++int aâ¦bâ©c;
++/* { dg-warning "U\\+2066" "" { target *-*-* } .-1 } */
++int aâ§bâ©c;
++/* { dg-warning "U\\+2067" "" { target *-*-* } .-1 } */
++int aâ¨bâ©c;
++/* { dg-warning "U\\+2068" "" { target *-*-* } .-1 } */
++int Aâ¬X;
++/* { dg-warning "U\\+202C" "" { target *-*-* } .-1 } */
++int A\u202cY;
++/* { dg-warning "U\\+202C" "" { target *-*-* } .-1 } */
++int A\u202CY2;
++/* { dg-warning "U\\+202C" "" { target *-*-* } .-1 } */
++
++int d\u202ae\u202cf;
++/* { dg-warning "U\\+202A" "" { target *-*-* } .-1 } */
++int d\u202Ae\u202cf2;
++/* { dg-warning "U\\+202A" "" { target *-*-* } .-1 } */
++int d\u202be\u202cf;
++/* { dg-warning "U\\+202B" "" { target *-*-* } .-1 } */
++int d\u202Be\u202cf2;
++/* { dg-warning "U\\+202B" "" { target *-*-* } .-1 } */
++int d\u202de\u202cf;
++/* { dg-warning "U\\+202D" "" { target *-*-* } .-1 } */
++int d\u202De\u202cf2;
++/* { dg-warning "U\\+202D" "" { target *-*-* } .-1 } */
++int d\u202ee\u202cf;
++/* { dg-warning "U\\+202E" "" { target *-*-* } .-1 } */
++int d\u202Ee\u202cf2;
++/* { dg-warning "U\\+202E" "" { target *-*-* } .-1 } */
++int d\u2066e\u2069f;
++/* { dg-warning "U\\+2066" "" { target *-*-* } .-1 } */
++int d\u2067e\u2069f;
++/* { dg-warning "U\\+2067" "" { target *-*-* } .-1 } */
++int d\u2068e\u2069f;
++/* { dg-warning "U\\+2068" "" { target *-*-* } .-1 } */
++int X\u2069;
++/* { dg-warning "U\\+2069" "" { target *-*-* } .-1 } */
+diff --git a/gcc/testsuite/c-c++-common/Wbidi-chars-5.c b/gcc/testsuite/c-c++-common/Wbidi-chars-5.c
+new file mode 100644
+index 00000000000..68cb053144b
+--- /dev/null
++++ b/gcc/testsuite/c-c++-common/Wbidi-chars-5.c
+@@ -0,0 +1,188 @@
++/* PR preprocessor/103026 */
++/* { dg-do compile } */
++/* { dg-options "-Wbidi-chars=unpaired -Wno-multichar -Wno-overflow" } */
++/* Test all bidi chars in various contexts (identifiers, comments,
++ string literals, character constants), both UCN and UTF-8. The bidi
++ chars here are properly terminated, except for the character constants. */
++
++/* a b c LRE⪠1 2 3 PDF⬠x y z */
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++/* a b c RLE⫠1 2 3 PDF⬠x y z */
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++/* a b c LRO⭠1 2 3 PDF⬠x y z */
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++/* a b c RLO⮠1 2 3 PDF⬠x y z */
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++/* a b c LRI⦠1 2 3 PDI⩠x y z */
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++/* a b c RLI⧠1 2 3 PDI⩠x y */
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++/* a b c FSI⨠1 2 3 PDI⩠x y z */
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++
++/* Same but C++ comments instead. */
++// a b c LRE⪠1 2 3 PDF⬠x y z
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++// a b c RLE⫠1 2 3 PDF⬠x y z
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++// a b c LRO⭠1 2 3 PDF⬠x y z
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++// a b c RLO⮠1 2 3 PDF⬠x y z
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++// a b c LRI⦠1 2 3 PDI⩠x y z
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++// a b c RLI⧠1 2 3 PDI⩠x y
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++// a b c FSI⨠1 2 3 PDI⩠x y z
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++
++/* Here we're closing an unopened context, warn when =any. */
++/* a b c PDIâ© x y z */
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++/* a b c PDF⬠x y z */
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++// a b c PDIâ© x y z
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++// a b c PDF⬠x y z
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++
++/* Multiline comments. */
++/* a b c PDIâ© x y z
++ */
++/* { dg-bogus "unpaired" "" { target *-*-* } .-2 } */
++/* a b c PDF⬠x y z
++ */
++/* { dg-bogus "unpaired" "" { target *-*-* } .-2 } */
++/* first
++ a b c PDIâ© x y z
++ */
++/* { dg-bogus "unpaired" "" { target *-*-* } .-2 } */
++/* first
++ a b c PDF⬠x y z
++ */
++/* { dg-bogus "unpaired" "" { target *-*-* } .-2 } */
++/* first
++ a b c PDIâ© x y z */
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++/* first
++ a b c PDF⬠x y z */
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++
++void
++g1 ()
++{
++ const char *s1 = "a b c LRE⪠1 2 3 PDF⬠x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++ const char *s2 = "a b c RLE⫠1 2 3 PDF⬠x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++ const char *s3 = "a b c LRO⭠1 2 3 PDF⬠x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++ const char *s4 = "a b c RLO⮠1 2 3 PDF⬠x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++ const char *s5 = "a b c LRI⦠1 2 3 PDI⩠x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++ const char *s6 = "a b c RLI⧠1 2 3 PDI⩠x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++ const char *s7 = "a b c FSI⨠1 2 3 PDI⩠x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++ const char *s8 = "a b c PDIâ© x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++ const char *s9 = "a b c PDF⬠x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++
++ const char *s10 = "a b c LRE\u202a 1 2 3 PDF\u202c x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++ const char *s11 = "a b c LRE\u202A 1 2 3 PDF\u202c x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++ const char *s12 = "a b c RLE\u202b 1 2 3 PDF\u202c x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++ const char *s13 = "a b c RLE\u202B 1 2 3 PDF\u202c x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++ const char *s14 = "a b c LRO\u202d 1 2 3 PDF\u202c x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++ const char *s15 = "a b c LRO\u202D 1 2 3 PDF\u202c x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++ const char *s16 = "a b c RLO\u202e 1 2 3 PDF\u202c x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++ const char *s17 = "a b c RLO\u202E 1 2 3 PDF\u202c x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++ const char *s18 = "a b c LRI\u2066 1 2 3 PDI\u2069 x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++ const char *s19 = "a b c RLI\u2067 1 2 3 PDI\u2069 x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++ const char *s20 = "a b c FSI\u2068 1 2 3 PDI\u2069 x y z";
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++}
++
++void
++g2 ()
++{
++ const char c1 = '\u202a';
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++ const char c2 = '\u202A';
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++ const char c3 = '\u202b';
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++ const char c4 = '\u202B';
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++ const char c5 = '\u202d';
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++ const char c6 = '\u202D';
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++ const char c7 = '\u202e';
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++ const char c8 = '\u202E';
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++ const char c9 = '\u2066';
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++ const char c10 = '\u2067';
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++ const char c11 = '\u2068';
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++}
++
++int aâªbâ¬c;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int aâ«bâ¬c;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int aâ­bâ¬c;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int aâ®bâ¬c;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int aâ¦bâ©c;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int aâ§bâ©c;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int aâ¨bâ©c;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int Aâ¬X;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int A\u202cY;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int A\u202CY2;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++
++int d\u202ae\u202cf;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int d\u202Ae\u202cf2;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int d\u202be\u202cf;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int d\u202Be\u202cf2;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int d\u202de\u202cf;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int d\u202De\u202cf2;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int d\u202ee\u202cf;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int d\u202Ee\u202cf2;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int d\u2066e\u2069f;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int d\u2067e\u2069f;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int d\u2068e\u2069f;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
++int X\u2069;
++/* { dg-bogus "unpaired" "" { target *-*-* } .-1 } */
+diff --git a/gcc/testsuite/c-c++-common/Wbidi-chars-6.c b/gcc/testsuite/c-c++-common/Wbidi-chars-6.c
+new file mode 100644
+index 00000000000..0ce6fff2dee
+--- /dev/null
++++ b/gcc/testsuite/c-c++-common/Wbidi-chars-6.c
+@@ -0,0 +1,155 @@
++/* PR preprocessor/103026 */
++/* { dg-do compile } */
++/* { dg-options "-Wbidi-chars=unpaired" } */
++/* Test nesting of bidi chars in various contexts. */
++
++/* Terminated by the wrong char: */
++/* a b c LRE⪠1 2 3 PDI⩠x y z */
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++/* a b c RLEâ« 1 2 3 PDIâ© x y z*/
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++/* a b c LROâ­ 1 2 3 PDIâ© x y z */
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++/* a b c RLOâ® 1 2 3 PDIâ© x y z */
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++/* a b c LRI⦠1 2 3 PDF⬠x y z */
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++/* a b c RLI⧠1 2 3 PDF⬠x y z */
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++/* a b c FSI⨠1 2 3 PDF⬠x y z*/
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++
++/* LRE⪠PDF⬠*/
++/* LRE⪠LRE⪠PDF⬠PDF⬠*/
++/* PDF⬠LRE⪠PDF⬠*/
++/* LRE⪠PDF⬠LRE⪠PDF⬠*/
++/* LRE⪠LRE⪠PDF⬠*/
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++/* PDF⬠LRE⪠*/
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++
++// a b c LRE⪠1 2 3 PDI⩠x y z
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++// a b c RLEâ« 1 2 3 PDIâ© x y z*/
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++// a b c LROâ­ 1 2 3 PDIâ© x y z
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++// a b c RLOâ® 1 2 3 PDIâ© x y z
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++// a b c LRI⦠1 2 3 PDF⬠x y z
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++// a b c RLI⧠1 2 3 PDF⬠x y z
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++// a b c FSI⨠1 2 3 PDF⬠x y z
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++
++// LRE⪠PDFâ¬
++// LRE⪠LRE⪠PDF⬠PDFâ¬
++// PDF⬠LRE⪠PDFâ¬
++// LRE⪠PDF⬠LRE⪠PDFâ¬
++// LRE⪠LRE⪠PDFâ¬
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++// PDF⬠LREâª
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++
++void
++g1 ()
++{
++ const char *s1 = "a b c LRE⪠1 2 3 PDI⩠x y z";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++ const char *s2 = "a b c LRE\u202a 1 2 3 PDI\u2069 x y z";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++ const char *s3 = "a b c RLEâ« 1 2 3 PDIâ© x y ";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++ const char *s4 = "a b c RLE\u202b 1 2 3 PDI\u2069 x y z";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++ const char *s5 = "a b c LROâ­ 1 2 3 PDIâ© x y z";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++ const char *s6 = "a b c LRO\u202d 1 2 3 PDI\u2069 x y z";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++ const char *s7 = "a b c RLOâ® 1 2 3 PDIâ© x y z";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++ const char *s8 = "a b c RLO\u202e 1 2 3 PDI\u2069 x y z";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++ const char *s9 = "a b c LRI⦠1 2 3 PDF⬠x y z";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++ const char *s10 = "a b c LRI\u2066 1 2 3 PDF\u202c x y z";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++ const char *s11 = "a b c RLI⧠1 2 3 PDF⬠x y z\
++ ";
++/* { dg-warning "unpaired" "" { target *-*-* } .-2 } */
++ const char *s12 = "a b c RLI\u2067 1 2 3 PDF\u202c x y z";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++ const char *s13 = "a b c FSI⨠1 2 3 PDF⬠x y z";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++ const char *s14 = "a b c FSI\u2068 1 2 3 PDF\u202c x y z";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++ const char *s15 = "PDF⬠LREâª";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++ const char *s16 = "PDF\u202c LRE\u202a";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++ const char *s17 = "LRE⪠PDFâ¬";
++ const char *s18 = "LRE\u202a PDF\u202c";
++ const char *s19 = "LRE⪠LRE⪠PDF⬠PDFâ¬";
++ const char *s20 = "LRE\u202a LRE\u202a PDF\u202c PDF\u202c";
++ const char *s21 = "PDF⬠LRE⪠PDFâ¬";
++ const char *s22 = "PDF\u202c LRE\u202a PDF\u202c";
++ const char *s23 = "LRE⪠LRE⪠PDFâ¬";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++ const char *s24 = "LRE\u202a LRE\u202a PDF\u202c";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++ const char *s25 = "PDF⬠LREâª";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++ const char *s26 = "PDF\u202c LRE\u202a";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++ const char *s27 = "PDF⬠LRE\u202a";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++ const char *s28 = "PDF\u202c LREâª";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++}
++
++int aLREâªbPDIâ©;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int A\u202aB\u2069C;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int aRLEâ«bPDIâ©;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int a\u202bB\u2069c;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int aLROâ­bPDIâ©;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int a\u202db\u2069c2;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int aRLOâ®bPDIâ©;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int a\u202eb\u2069;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int aLRIâ¦bPDFâ¬;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int a\u2066b\u202c;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int aRLIâ§bPDFâ¬c
++;
++/* { dg-warning "unpaired" "" { target *-*-* } .-2 } */
++int a\u2067b\u202c;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int aFSIâ¨bPDFâ¬;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int a\u2068b\u202c;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int aFSIâ¨bPD\u202C;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int aFSI\u2068bPDFâ¬_;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int aLREâªbPDFâ¬b;
++int A\u202aB\u202c;
++int a_LREâª_LREâª_b_PDFâ¬_PDFâ¬;
++int A\u202aA\u202aB\u202cB\u202c;
++int aPDFâ¬bLREadPDFâ¬;
++int a_\u202C_\u202a_\u202c;
++int a_LREâª_b_PDFâ¬_c_LREâª_PDFâ¬;
++int a_\u202a_\u202c_\u202a_\u202c_;
++int a_LREâª_b_PDFâ¬_c_LREâª;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int a_\u202a_\u202c_\u202a_;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
+diff --git a/gcc/testsuite/c-c++-common/Wbidi-chars-7.c b/gcc/testsuite/c-c++-common/Wbidi-chars-7.c
+new file mode 100644
+index 00000000000..d012d420ec0
+--- /dev/null
++++ b/gcc/testsuite/c-c++-common/Wbidi-chars-7.c
+@@ -0,0 +1,9 @@
++/* PR preprocessor/103026 */
++/* { dg-do compile } */
++/* { dg-options "-Wbidi-chars=any" } */
++/* Test we ignore UCNs in comments. */
++
++// a b c \u202a 1 2 3
++// a b c \u202A 1 2 3
++/* a b c \u202a 1 2 3 */
++/* a b c \u202A 1 2 3 */
+diff --git a/gcc/testsuite/c-c++-common/Wbidi-chars-8.c b/gcc/testsuite/c-c++-common/Wbidi-chars-8.c
+new file mode 100644
+index 00000000000..4f54c5092ec
+--- /dev/null
++++ b/gcc/testsuite/c-c++-common/Wbidi-chars-8.c
+@@ -0,0 +1,13 @@
++/* PR preprocessor/103026 */
++/* { dg-do compile } */
++/* { dg-options "-Wbidi-chars=any" } */
++/* Test \u vs \U. */
++
++int a_\u202A;
++/* { dg-warning "U\\+202A" "" { target *-*-* } .-1 } */
++int a_\u202a_2;
++/* { dg-warning "U\\+202A" "" { target *-*-* } .-1 } */
++int a_\U0000202A_3;
++/* { dg-warning "U\\+202A" "" { target *-*-* } .-1 } */
++int a_\U0000202a_4;
++/* { dg-warning "U\\+202A" "" { target *-*-* } .-1 } */
+diff --git a/gcc/testsuite/c-c++-common/Wbidi-chars-9.c b/gcc/testsuite/c-c++-common/Wbidi-chars-9.c
+new file mode 100644
+index 00000000000..e2af1b1ca97
+--- /dev/null
++++ b/gcc/testsuite/c-c++-common/Wbidi-chars-9.c
+@@ -0,0 +1,29 @@
++/* PR preprocessor/103026 */
++/* { dg-do compile } */
++/* { dg-options "-Wbidi-chars=unpaired" } */
++/* Test that we properly separate bidi contexts (comment/identifier/character
++ constant/string literal). */
++
++/* LRE ->âª<- */ int pdf_\u202c_1;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++/* RLE ->â«<- */ int pdf_\u202c_2;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++/* LRO ->â­<- */ int pdf_\u202c_3;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++/* RLO ->â®<- */ int pdf_\u202c_4;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++/* LRI ->â¦<-*/ int pdi_\u2069_1;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++/* RLI ->â§<- */ int pdi_\u2069_12;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++/* FSI ->â¨<- */ int pdi_\u2069_3;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++
++const char *s1 = "LRE\u202a"; /* PDF ->â¬<- */
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++/* LRE ->âª<- */ const char *s2 = "PDF\u202c";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++const char *s3 = "LRE\u202a"; int pdf_\u202c_5;
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
++int lre_\u202a; const char *s4 = "PDF\u202c";
++/* { dg-warning "unpaired" "" { target *-*-* } .-1 } */
+diff --git a/libcpp/include/cpplib.h b/libcpp/include/cpplib.h
+index 176f8c5bbce..112b9c24751 100644
+--- a/libcpp/include/cpplib.h
++++ b/libcpp/include/cpplib.h
+@@ -318,6 +318,17 @@ enum cpp_main_search
+ CMS_system, /* Search the system INCLUDE path. */
+ };
+
++/* The possible bidirectional control characters checking levels, from least
++ restrictive to most. */
++enum cpp_bidirectional_level {
++ /* No checking. */
++ bidirectional_none,
++ /* Only detect unpaired uses of bidirectional control characters. */
++ bidirectional_unpaired,
++ /* Detect any use of bidirectional control characters. */
++ bidirectional_any
++};
++
+ /* This structure is nested inside struct cpp_reader, and
+ carries all the options visible to the command line. */
+ struct cpp_options
+@@ -531,6 +542,10 @@ struct cpp_options
+ /* True if warn about differences between C++98 and C++11. */
+ bool cpp_warn_cxx11_compat;
+
++ /* Nonzero if bidirectional control characters checking is on. See enum
++ cpp_bidirectional_level. */
++ unsigned char cpp_warn_bidirectional;
++
+ /* Dependency generation. */
+ struct
+ {
+@@ -635,7 +650,8 @@ enum cpp_warning_reason {
+ CPP_W_C90_C99_COMPAT,
+ CPP_W_C11_C2X_COMPAT,
+ CPP_W_CXX11_COMPAT,
+- CPP_W_EXPANSION_TO_DEFINED
++ CPP_W_EXPANSION_TO_DEFINED,
++ CPP_W_BIDIRECTIONAL
+ };
+
+ /* Callback for header lookup for HEADER, which is the name of a
+diff --git a/libcpp/init.c b/libcpp/init.c
+index 5a424e23553..f9a8f5f088f 100644
+--- a/libcpp/init.c
++++ b/libcpp/init.c
+@@ -219,6 +219,7 @@ cpp_create_reader (enum c_lang lang, cpp
+ = ENABLE_CANONICAL_SYSTEM_HEADERS;
+ CPP_OPTION (pfile, ext_numeric_literals) = 1;
+ CPP_OPTION (pfile, warn_date_time) = 0;
++ CPP_OPTION (pfile, cpp_warn_bidirectional) = bidirectional_unpaired;
+
+ /* Default CPP arithmetic to something sensible for the host for the
+ benefit of dumb users like fix-header. */
+diff --git a/libcpp/internal.h b/libcpp/internal.h
+index 8577cab6c83..0ce0246c5a2 100644
+--- a/libcpp/internal.h
++++ b/libcpp/internal.h
+@@ -597,6 +597,13 @@ struct cpp_reader
+ /* Location identifying the main source file -- intended to be line
+ zero of said file. */
+ location_t main_loc;
++
++ /* Returns true iff we should warn about UTF-8 bidirectional control
++ characters. */
++ bool warn_bidi_p () const
++ {
++ return CPP_OPTION (this, cpp_warn_bidirectional) != bidirectional_none;
++ }
+ };
+
+ /* Character classes. Based on the more primitive macros in safe-ctype.h.
+diff --git a/libcpp/lex.c b/libcpp/lex.c
+index fa2253d41c3..6a4fbce6030 100644
+--- a/libcpp/lex.c
++++ b/libcpp/lex.c
+@@ -1164,6 +1164,324 @@ _cpp_process_line_notes (cpp_reader *pfi
+ }
+ }
+
++namespace bidi {
++ enum class kind {
++ NONE, LRE, RLE, LRO, RLO, LRI, RLI, FSI, PDF, PDI, LTR, RTL
++ };
++
++ /* All the UTF-8 encodings of bidi characters start with E2. */
++ constexpr uchar utf8_start = 0xe2;
++
++ /* A vector holding currently open bidi contexts. We use a char for
++ each context, its LSB is 1 if it represents a PDF context, 0 if it
++ represents a PDI context. The next bit is 1 if this context was open
++ by a bidi character written as a UCN, and 0 when it was UTF-8. */
++ semi_embedded_vec <unsigned char, 16> vec;
++
++ /* Close the whole comment/identifier/string literal/character constant
++ context. */
++ void on_close ()
++ {
++ vec.truncate (0);
++ }
++
++ /* Pop the last element in the vector. */
++ void pop ()
++ {
++ unsigned int len = vec.count ();
++ gcc_checking_assert (len > 0);
++ vec.truncate (len - 1);
++ }
++
++ /* Return the context of the Ith element. */
++ kind ctx_at (unsigned int i)
++ {
++ return (vec[i] & 1) ? kind::PDF : kind::PDI;
++ }
++
++ /* Return which context is currently opened. */
++ kind current_ctx ()
++ {
++ unsigned int len = vec.count ();
++ if (len == 0)
++ return kind::NONE;
++ return ctx_at (len - 1);
++ }
++
++ /* Return true if the current context comes from a UCN origin, that is,
++ the bidi char which started this bidi context was written as a UCN. */
++ bool current_ctx_ucn_p ()
++ {
++ unsigned int len = vec.count ();
++ gcc_checking_assert (len > 0);
++ return (vec[len - 1] >> 1) & 1;
++ }
++
++ /* We've read a bidi char, update the current vector as necessary. */
++ void on_char (kind k, bool ucn_p)
++ {
++ switch (k)
++ {
++ case kind::LRE:
++ case kind::RLE:
++ case kind::LRO:
++ case kind::RLO:
++ vec.push (ucn_p ? 3u : 1u);
++ break;
++ case kind::LRI:
++ case kind::RLI:
++ case kind::FSI:
++ vec.push (ucn_p ? 2u : 0u);
++ break;
++ /* PDF terminates the scope of the last LRE, RLE, LRO, or RLO
++ whose scope has not yet been terminated. */
++ case kind::PDF:
++ if (current_ctx () == kind::PDF)
++ pop ();
++ break;
++ /* PDI terminates the scope of the last LRI, RLI, or FSI whose
++ scope has not yet been terminated, as well as the scopes of
++ any subsequent LREs, RLEs, LROs, or RLOs whose scopes have not
++ yet been terminated. */
++ case kind::PDI:
++ for (int i = vec.count () - 1; i >= 0; --i)
++ if (ctx_at (i) == kind::PDI)
++ {
++ vec.truncate (i);
++ break;
++ }
++ break;
++ case kind::LTR:
++ case kind::RTL:
++ /* These aren't popped by a PDF/PDI. */
++ break;
++ [[likely]] case kind::NONE:
++ break;
++ default:
++ abort ();
++ }
++ }
++
++ /* Return a descriptive string for K. */
++ const char *to_str (kind k)
++ {
++ switch (k)
++ {
++ case kind::LRE:
++ return "U+202A (LEFT-TO-RIGHT EMBEDDING)";
++ case kind::RLE:
++ return "U+202B (RIGHT-TO-LEFT EMBEDDING)";
++ case kind::LRO:
++ return "U+202D (LEFT-TO-RIGHT OVERRIDE)";
++ case kind::RLO:
++ return "U+202E (RIGHT-TO-LEFT OVERRIDE)";
++ case kind::LRI:
++ return "U+2066 (LEFT-TO-RIGHT ISOLATE)";
++ case kind::RLI:
++ return "U+2067 (RIGHT-TO-LEFT ISOLATE)";
++ case kind::FSI:
++ return "U+2068 (FIRST STRONG ISOLATE)";
++ case kind::PDF:
++ return "U+202C (POP DIRECTIONAL FORMATTING)";
++ case kind::PDI:
++ return "U+2069 (POP DIRECTIONAL ISOLATE)";
++ case kind::LTR:
++ return "U+200E (LEFT-TO-RIGHT MARK)";
++ case kind::RTL:
++ return "U+200F (RIGHT-TO-LEFT MARK)";
++ default:
++ abort ();
++ }
++ }
++}
++
++/* Parse a sequence of 3 bytes starting with P and return its bidi code. */
++
++static bidi::kind
++get_bidi_utf8 (const unsigned char *const p)
++{
++ gcc_checking_assert (p[0] == bidi::utf8_start);
++
++ if (p[1] == 0x80)
++ switch (p[2])
++ {
++ case 0xaa:
++ return bidi::kind::LRE;
++ case 0xab:
++ return bidi::kind::RLE;
++ case 0xac:
++ return bidi::kind::PDF;
++ case 0xad:
++ return bidi::kind::LRO;
++ case 0xae:
++ return bidi::kind::RLO;
++ case 0x8e:
++ return bidi::kind::LTR;
++ case 0x8f:
++ return bidi::kind::RTL;
++ default:
++ break;
++ }
++ else if (p[1] == 0x81)
++ switch (p[2])
++ {
++ case 0xa6:
++ return bidi::kind::LRI;
++ case 0xa7:
++ return bidi::kind::RLI;
++ case 0xa8:
++ return bidi::kind::FSI;
++ case 0xa9:
++ return bidi::kind::PDI;
++ default:
++ break;
++ }
++
++ return bidi::kind::NONE;
++}
++
++/* Parse a UCN where P points just past \u or \U and return its bidi code. */
++
++static bidi::kind
++get_bidi_ucn (const unsigned char *p, bool is_U)
++{
++ /* 6.4.3 Universal Character Names
++ \u hex-quad
++ \U hex-quad hex-quad
++ where \unnnn means \U0000nnnn. */
++
++ if (is_U)
++ {
++ if (p[0] != '0' || p[1] != '0' || p[2] != '0' || p[3] != '0')
++ return bidi::kind::NONE;
++ /* Skip 4B so we can treat \u and \U the same below. */
++ p += 4;
++ }
++
++ /* All code points we are looking for start with 20xx. */
++ if (p[0] != '2' || p[1] != '0')
++ return bidi::kind::NONE;
++ else if (p[2] == '2')
++ switch (p[3])
++ {
++ case 'a':
++ case 'A':
++ return bidi::kind::LRE;
++ case 'b':
++ case 'B':
++ return bidi::kind::RLE;
++ case 'c':
++ case 'C':
++ return bidi::kind::PDF;
++ case 'd':
++ case 'D':
++ return bidi::kind::LRO;
++ case 'e':
++ case 'E':
++ return bidi::kind::RLO;
++ default:
++ break;
++ }
++ else if (p[2] == '6')
++ switch (p[3])
++ {
++ case '6':
++ return bidi::kind::LRI;
++ case '7':
++ return bidi::kind::RLI;
++ case '8':
++ return bidi::kind::FSI;
++ case '9':
++ return bidi::kind::PDI;
++ default:
++ break;
++ }
++ else if (p[2] == '0')
++ switch (p[3])
++ {
++ case 'e':
++ case 'E':
++ return bidi::kind::LTR;
++ case 'f':
++ case 'F':
++ return bidi::kind::RTL;
++ default:
++ break;
++ }
++
++ return bidi::kind::NONE;
++}
++
++/* We're closing a bidi context, that is, we've encountered a newline,
++ are closing a C-style comment, or are at the end of a string literal,
++ character constant, or identifier. Warn if this context was not
++ properly terminated by a PDI or PDF. P points to the last character
++ in this context. */
++
++static void
++maybe_warn_bidi_on_close (cpp_reader *pfile, const uchar *p)
++{
++ if (CPP_OPTION (pfile, cpp_warn_bidirectional) == bidirectional_unpaired
++ && bidi::vec.count () > 0)
++ {
++ const location_t loc
++ = linemap_position_for_column (pfile->line_table,
++ CPP_BUF_COLUMN (pfile->buffer, p));
++ cpp_warning_with_line (pfile, CPP_W_BIDIRECTIONAL, loc, 0,
++ "unpaired UTF-8 bidirectional control character "
++ "detected");
++ }
++ /* We're done with this context. */
++ bidi::on_close ();
++}
++
++/* We're at the beginning or in the middle of an identifier/comment/string
++ literal/character constant. Warn if we've encountered a bidi character.
++ KIND says which bidi character it was; P points to it in the character
++ stream. UCN_P is true iff this bidi character was written as a UCN. */
++
++static void
++maybe_warn_bidi_on_char (cpp_reader *pfile, const uchar *p, bidi::kind kind,
++ bool ucn_p)
++{
++ if (__builtin_expect (kind == bidi::kind::NONE, 1))
++ return;
++
++ const auto warn_bidi = CPP_OPTION (pfile, cpp_warn_bidirectional);
++
++ if (warn_bidi != bidirectional_none)
++ {
++ const location_t loc
++ = linemap_position_for_column (pfile->line_table,
++ CPP_BUF_COLUMN (pfile->buffer, p));
++ /* It seems excessive to warn about a PDI/PDF that is closing
++ an opened context because we've already warned about the
++ opening character. Except warn when we have a UCN x UTF-8
++ mismatch. */
++ if (kind == bidi::current_ctx ())
++ {
++ if (warn_bidi == bidirectional_unpaired
++ && bidi::current_ctx_ucn_p () != ucn_p)
++ cpp_warning_with_line (pfile, CPP_W_BIDIRECTIONAL, loc, 0,
++ "UTF-8 vs UCN mismatch when closing "
++ "a context by \"%s\"", bidi::to_str (kind));
++ }
++ else if (warn_bidi == bidirectional_any)
++ {
++ if (kind == bidi::kind::PDF || kind == bidi::kind::PDI)
++ cpp_warning_with_line (pfile, CPP_W_BIDIRECTIONAL, loc, 0,
++ "\"%s\" is closing an unopened context",
++ bidi::to_str (kind));
++ else
++ cpp_warning_with_line (pfile, CPP_W_BIDIRECTIONAL, loc, 0,
++ "found problematic Unicode character \"%s\"",
++ bidi::to_str (kind));
++ }
++ }
++ /* We're done with this context. */
++ bidi::on_char (kind, ucn_p);
++}
++
+ /* Skip a C-style block comment. We find the end of the comment by
+ seeing if an asterisk is before every '/' we encounter. Returns
+ nonzero if comment terminated by EOF, zero otherwise.
+@@ -1175,6 +1493,7 @@ _cpp_skip_block_comment (cpp_reader *pfi
+ cpp_buffer *buffer = pfile->buffer;
+ const uchar *cur = buffer->cur;
+ uchar c;
++ const bool warn_bidi_p = pfile->warn_bidi_p ();
+
+ cur++;
+ if (*cur == '/')
+@@ -1189,7 +1508,11 @@ _cpp_skip_block_comment (cpp_reader *pfi
+ if (c == '/')
+ {
+ if (cur[-2] == '*')
+- break;
++ {
++ if (warn_bidi_p)
++ maybe_warn_bidi_on_close (pfile, cur);
++ break;
++ }
+
+ /* Warn about potential nested comments, but not if the '/'
+ comes immediately before the true comment delimiter.
+@@ -1208,6 +1531,8 @@ _cpp_skip_block_comment (cpp_reader *pfi
+ {
+ unsigned int cols;
+ buffer->cur = cur - 1;
++ if (warn_bidi_p)
++ maybe_warn_bidi_on_close (pfile, cur);
+ _cpp_process_line_notes (pfile, true);
+ if (buffer->next_line >= buffer->rlimit)
+ return true;
+@@ -1218,6 +1543,13 @@ _cpp_skip_block_comment (cpp_reader *pfi
+
+ cur = buffer->cur;
+ }
++ /* If this is a beginning of a UTF-8 encoding, it might be
++ a bidirectional control character. */
++ else if (__builtin_expect (c == bidi::utf8_start, 0) && warn_bidi_p)
++ {
++ bidi::kind kind = get_bidi_utf8 (cur - 1);
++ maybe_warn_bidi_on_char (pfile, cur, kind, /*ucn_p=*/false);
++ }
+ }
+
+ buffer->cur = cur;
+@@ -1233,9 +1565,31 @@ skip_line_comment (cpp_reader *pfile)
+ {
+ cpp_buffer *buffer = pfile->buffer;
+ location_t orig_line = pfile->line_table->highest_line;
++ const bool warn_bidi_p = pfile->warn_bidi_p ();
+
+- while (*buffer->cur != '\n')
+- buffer->cur++;
++ if (!warn_bidi_p)
++ while (*buffer->cur != '\n')
++ buffer->cur++;
++ else
++ {
++ while (*buffer->cur != '\n'
++ && *buffer->cur != bidi::utf8_start)
++ buffer->cur++;
++ if (__builtin_expect (*buffer->cur == bidi::utf8_start, 0))
++ {
++ while (*buffer->cur != '\n')
++ {
++ if (__builtin_expect (*buffer->cur == bidi::utf8_start, 0))
++ {
++ bidi::kind kind = get_bidi_utf8 (buffer->cur);
++ maybe_warn_bidi_on_char (pfile, buffer->cur, kind,
++ /*ucn_p=*/false);
++ }
++ buffer->cur++;
++ }
++ maybe_warn_bidi_on_close (pfile, buffer->cur);
++ }
++ }
+
+ _cpp_process_line_notes (pfile, true);
+ return orig_line != pfile->line_table->highest_line;
+@@ -1317,11 +1671,13 @@ static const cppchar_t utf8_signifier =
+
+ /* Returns TRUE if the sequence starting at buffer->cur is valid in
+ an identifier. FIRST is TRUE if this starts an identifier. */
++
+ static bool
+ forms_identifier_p (cpp_reader *pfile, int first,
+ struct normalize_state *state)
+ {
+ cpp_buffer *buffer = pfile->buffer;
++ const bool warn_bidi_p = pfile->warn_bidi_p ();
+
+ if (*buffer->cur == '$')
+ {
+@@ -1344,6 +1700,13 @@ forms_identifier_p (cpp_reader *pfile, i
+ cppchar_t s;
+ if (*buffer->cur >= utf8_signifier)
+ {
++ if (__builtin_expect (*buffer->cur == bidi::utf8_start, 0)
++ && warn_bidi_p)
++ {
++ bidi::kind kind = get_bidi_utf8 (buffer->cur);
++ maybe_warn_bidi_on_char (pfile, buffer->cur, kind,
++ /*ucn_p=*/false);
++ }
+ if (_cpp_valid_utf8 (pfile, &buffer->cur, buffer->rlimit, 1 + !first,
+ state, &s))
+ return true;
+@@ -1352,6 +1715,13 @@ forms_identifier_p (cpp_reader *pfile, i
+ && (buffer->cur[1] == 'u' || buffer->cur[1] == 'U'))
+ {
+ buffer->cur += 2;
++ if (warn_bidi_p)
++ {
++ bidi::kind kind = get_bidi_ucn (buffer->cur,
++ buffer->cur[-1] == 'U');
++ maybe_warn_bidi_on_char (pfile, buffer->cur, kind,
++ /*ucn_p=*/true);
++ }
+ if (_cpp_valid_ucn (pfile, &buffer->cur, buffer->rlimit, 1 + !first,
+ state, &s, NULL, NULL))
+ return true;
+@@ -1460,6 +1830,7 @@ lex_identifier (cpp_reader *pfile, const
+ const uchar *cur;
+ unsigned int len;
+ unsigned int hash = HT_HASHSTEP (0, *base);
++ const bool warn_bidi_p = pfile->warn_bidi_p ();
+
+ cur = pfile->buffer->cur;
+ if (! starts_ucn)
+@@ -1483,6 +1854,8 @@ lex_identifier (cpp_reader *pfile, const
+ pfile->buffer->cur++;
+ }
+ } while (forms_identifier_p (pfile, false, nst));
++ if (warn_bidi_p)
++ maybe_warn_bidi_on_close (pfile, pfile->buffer->cur);
+ result = _cpp_interpret_identifier (pfile, base,
+ pfile->buffer->cur - base);
+ *spelling = cpp_lookup (pfile, base, pfile->buffer->cur - base);
+@@ -1719,6 +2092,7 @@ static void
+ lex_raw_string (cpp_reader *pfile, cpp_token *token, const uchar *base)
+ {
+ const uchar *pos = base;
++ const bool warn_bidi_p = pfile->warn_bidi_p ();
+
+ /* 'tis a pity this information isn't passed down from the lexer's
+ initial categorization of the token. */
+@@ -1955,8 +2329,15 @@ lex_raw_string (cpp_reader *pfile, cpp_t
+ pos = base = pfile->buffer->cur;
+ note = &pfile->buffer->notes[pfile->buffer->cur_note];
+ }
++ else if (__builtin_expect ((unsigned char) c == bidi::utf8_start, 0)
++ && warn_bidi_p)
++ maybe_warn_bidi_on_char (pfile, pos - 1, get_bidi_utf8 (pos - 1),
++ /*ucn_p=*/false);
+ }
+
++ if (warn_bidi_p)
++ maybe_warn_bidi_on_close (pfile, pos);
++
+ if (CPP_OPTION (pfile, user_literals))
+ {
+ /* If a string format macro, say from inttypes.h, is placed touching
+@@ -2051,15 +2432,27 @@ lex_string (cpp_reader *pfile, cpp_token
+ else
+ terminator = '>', type = CPP_HEADER_NAME;
+
++ const bool warn_bidi_p = pfile->warn_bidi_p ();
+ for (;;)
+ {
+ cppchar_t c = *cur++;
+
+ /* In #include-style directives, terminators are not escapable. */
+ if (c == '\\' && !pfile->state.angled_headers && *cur != '\n')
+- cur++;
++ {
++ if ((cur[0] == 'u' || cur[0] == 'U') && warn_bidi_p)
++ {
++ bidi::kind kind = get_bidi_ucn (cur + 1, cur[0] == 'U');
++ maybe_warn_bidi_on_char (pfile, cur, kind, /*ucn_p=*/true);
++ }
++ cur++;
++ }
+ else if (c == terminator)
+- break;
++ {
++ if (warn_bidi_p)
++ maybe_warn_bidi_on_close (pfile, cur - 1);
++ break;
++ }
+ else if (c == '\n')
+ {
+ cur--;
+@@ -2076,6 +2469,11 @@ lex_string (cpp_reader *pfile, cpp_token
+ }
+ else if (c == '\0')
+ saw_NUL = true;
++ else if (__builtin_expect (c == bidi::utf8_start, 0) && warn_bidi_p)
++ {
++ bidi::kind kind = get_bidi_utf8 (cur - 1);
++ maybe_warn_bidi_on_char (pfile, cur - 1, kind, /*ucn_p=*/false);
++ }
+ }
+
+ if (saw_NUL && !pfile->state.skipping)
diff --git a/meta/recipes-devtools/gcc/gcc/0003-CVE-2021-35465.patch b/meta/recipes-devtools/gcc/gcc/0003-CVE-2021-35465.patch
new file mode 100644
index 0000000000..d87be19866
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc/0003-CVE-2021-35465.patch
@@ -0,0 +1,103 @@
+From 30461cf8dba3d3adb15a125e4da48800eb2b9b8f Mon Sep 17 00:00:00 2001
+From: Richard Earnshaw <rearnsha@arm.com>
+Date: Fri, 18 Jun 2021 17:18:37 +0100
+Subject: [PATCH] arm: fix vlldm erratum for Armv8.1-m [PR102035]
+
+For Armv8.1-m we generate code that emits VLLDM directly and do not
+rely on support code in the library, so emit the mitigation directly
+as well, when required. In this case, we can use the compiler options
+to determine when to apply the fix and when it is safe to omit it.
+
+gcc:
+ PR target/102035
+ * config/arm/arm.md (attribute arch): Add fix_vlldm.
+ (arch_enabled): Use it.
+ * config/arm/vfp.md (lazy_store_multiple_insn): Add alternative to
+ use when erratum mitigation is needed.
+
+CVE: CVE-2021-35465
+Upstream-Status: Backport[https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=30461cf8dba3d3adb15a125e4da48800eb2b9b8f]
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+
+---
+ gcc/config/arm/arm.md | 11 +++++++++--
+ gcc/config/arm/vfp.md | 10 +++++++---
+ 2 files changed, 16 insertions(+), 5 deletions(-)
+
+diff -upr a/gcc/config/arm/arm.md b/gcc/config/arm/arm.md
+--- a/gcc/config/arm/arm.md 2020-07-22 23:35:17.344384552 -0700
++++ b/gcc/config/arm/arm.md 2021-11-11 20:33:58.431543947 -0800
+@@ -132,9 +132,12 @@
+ ; TARGET_32BIT, "t1" or "t2" to specify a specific Thumb mode. "v6"
+ ; for ARM or Thumb-2 with arm_arch6, and nov6 for ARM without
+ ; arm_arch6. "v6t2" for Thumb-2 with arm_arch6 and "v8mb" for ARMv8-M
+-; Baseline. This attribute is used to compute attribute "enabled",
++; Baseline. "fix_vlldm" is for fixing the v8-m/v8.1-m VLLDM erratum.
++; This attribute is used to compute attribute "enabled",
+ ; use type "any" to enable an alternative in all cases.
+-(define_attr "arch" "any,a,t,32,t1,t2,v6,nov6,v6t2,v8mb,iwmmxt,iwmmxt2,armv6_or_vfpv3,neon,mve"
++(define_attr "arch" "any, a, t, 32, t1, t2, v6,nov6, v6t2, \
++ v8mb, fix_vlldm, iwmmxt, iwmmxt2, armv6_or_vfpv3, \
++ neon, mve"
+ (const_string "any"))
+
+ (define_attr "arch_enabled" "no,yes"
+@@ -177,6 +180,10 @@
+ (match_test "TARGET_THUMB1 && arm_arch8"))
+ (const_string "yes")
+
++ (and (eq_attr "arch" "fix_vlldm")
++ (match_test "fix_vlldm"))
++ (const_string "yes")
++
+ (and (eq_attr "arch" "iwmmxt2")
+ (match_test "TARGET_REALLY_IWMMXT2"))
+ (const_string "yes")
+diff -upr a/gcc/config/arm/vfp.md b/gcc/config/arm/vfp.md
+--- a/gcc/config/arm/vfp.md 2020-07-22 23:35:17.356384684 -0700
++++ b/gcc/config/arm/vfp.md 2021-11-11 20:33:58.431543947 -0800
+@@ -1703,12 +1703,15 @@
+ (set_attr "type" "mov_reg")]
+ )
+
++;; Both this and the next instruction are treated by GCC in the same
++;; way as a blockage pattern. That's perhaps stronger than it needs
++;; to be, but we do not want accesses to the VFP register bank to be
++;; moved across either instruction.
++
+ (define_insn "lazy_store_multiple_insn"
+- [(set (match_operand:SI 0 "s_register_operand" "+&rk")
+- (post_dec:SI (match_dup 0)))
+- (unspec_volatile [(const_int 0)
+- (mem:SI (post_dec:SI (match_dup 0)))]
+- VUNSPEC_VLSTM)]
++ [(unspec_volatile
++ [(mem:BLK (match_operand:SI 0 "s_register_operand" "rk"))]
++ VUNSPEC_VLSTM)]
+ "use_cmse && reload_completed"
+ "vlstm%?\\t%0"
+ [(set_attr "predicable" "yes")
+@@ -1716,14 +1719,16 @@
+ )
+
+ (define_insn "lazy_load_multiple_insn"
+- [(set (match_operand:SI 0 "s_register_operand" "+&rk")
+- (post_inc:SI (match_dup 0)))
+- (unspec_volatile:SI [(const_int 0)
+- (mem:SI (match_dup 0))]
+- VUNSPEC_VLLDM)]
++ [(unspec_volatile
++ [(mem:BLK (match_operand:SI 0 "s_register_operand" "rk,rk"))]
++ VUNSPEC_VLLDM)]
+ "use_cmse && reload_completed"
+- "vlldm%?\\t%0"
+- [(set_attr "predicable" "yes")
++ "@
++ vscclrm\\t{vpr}\;vlldm\\t%0
++ vlldm\\t%0"
++ [(set_attr "arch" "fix_vlldm,*")
++ (set_attr "predicable" "no")
++ (set_attr "length" "8,4")
+ (set_attr "type" "load_4")]
+ )
+
diff --git a/meta/recipes-devtools/gcc/gcc/0003-CVE-2021-42574.patch b/meta/recipes-devtools/gcc/gcc/0003-CVE-2021-42574.patch
new file mode 100644
index 0000000000..2995a6fc61
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc/0003-CVE-2021-42574.patch
@@ -0,0 +1,142 @@
+From 1a7f2c0774129750fdf73e9f1b78f0ce983c9ab3 Mon Sep 17 00:00:00 2001
+From: David Malcolm <dmalcolm@redhat.com>
+Date: Tue, 2 Nov 2021 09:54:32 -0400
+Subject: [PATCH] libcpp: escape non-ASCII source bytes in -Wbidi-chars=
+ [PR103026]
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+This flags rich_locations associated with -Wbidi-chars= so that
+non-ASCII bytes will be escaped when printing the source lines
+(using the diagnostics support I added in
+r12-4825-gbd5e882cf6e0def3dd1bc106075d59a303fe0d1e).
+
+In particular, this ensures that the printed source lines will
+be pure ASCII, and thus the visual ordering of the characters
+will be the same as the logical ordering.
+
+Before:
+
+ Wbidi-chars-1.c: In function âmainâ:
+ Wbidi-chars-1.c:6:43: warning: unpaired UTF-8 bidirectional control character detected [-Wbidi-chars=]
+ 6 | /*â® } â¦if (isAdmin)⩠⦠begin admins only */
+ | ^
+ Wbidi-chars-1.c:9:28: warning: unpaired UTF-8 bidirectional control character detected [-Wbidi-chars=]
+ 9 | /* end admins only â® { â¦*/
+ | ^
+
+ Wbidi-chars-11.c:6:15: warning: UTF-8 vs UCN mismatch when closing a context by "U+202C (POP DIRECTIONAL FORMATTING)" [-Wbidi-chars=]
+ 6 | int LRE_âª_PDF_\u202c;
+ | ^
+ Wbidi-chars-11.c:8:19: warning: UTF-8 vs UCN mismatch when closing a context by "U+202C (POP DIRECTIONAL FORMATTING)" [-Wbidi-chars=]
+ 8 | int LRE_\u202a_PDF_â¬_;
+ | ^
+ Wbidi-chars-11.c:10:28: warning: UTF-8 vs UCN mismatch when closing a context by "U+202C (POP DIRECTIONAL FORMATTING)" [-Wbidi-chars=]
+ 10 | const char *s1 = "LRE_âª_PDF_\u202c";
+ | ^
+ Wbidi-chars-11.c:12:33: warning: UTF-8 vs UCN mismatch when closing a context by "U+202C (POP DIRECTIONAL FORMATTING)" [-Wbidi-chars=]
+ 12 | const char *s2 = "LRE_\u202a_PDF_â¬";
+ | ^
+
+After:
+
+ Wbidi-chars-1.c: In function âmainâ:
+ Wbidi-chars-1.c:6:43: warning: unpaired UTF-8 bidirectional control character detected [-Wbidi-chars=]
+ 6 | /*<U+202E> } <U+2066>if (isAdmin)<U+2069> <U+2066> begin admins only */
+ | ^
+ Wbidi-chars-1.c:9:28: warning: unpaired UTF-8 bidirectional control character detected [-Wbidi-chars=]
+ 9 | /* end admins only <U+202E> { <U+2066>*/
+ | ^
+
+ Wbidi-chars-11.c:6:15: warning: UTF-8 vs UCN mismatch when closing a context by "U+202C (POP DIRECTIONAL FORMATTING)" [-Wbidi-chars=]
+ 6 | int LRE_<U+202A>_PDF_\u202c;
+ | ^
+ Wbidi-chars-11.c:8:19: warning: UTF-8 vs UCN mismatch when closing a context by "U+202C (POP DIRECTIONAL FORMATTING)" [-Wbidi-chars=]
+ 8 | int LRE_\u202a_PDF_<U+202C>_;
+ | ^
+ Wbidi-chars-11.c:10:28: warning: UTF-8 vs UCN mismatch when closing a context by "U+202C (POP DIRECTIONAL FORMATTING)" [-Wbidi-chars=]
+ 10 | const char *s1 = "LRE_<U+202A>_PDF_\u202c";
+ | ^
+ Wbidi-chars-11.c:12:33: warning: UTF-8 vs UCN mismatch when closing a context by "U+202C (POP DIRECTIONAL FORMATTING)" [-Wbidi-chars=]
+ 12 | const char *s2 = "LRE_\u202a_PDF_<U+202C>";
+ | ^
+
+libcpp/ChangeLog:
+ PR preprocessor/103026
+ * lex.c (maybe_warn_bidi_on_close): Use a rich_location
+ and call set_escape_on_output (true) on it.
+ (maybe_warn_bidi_on_char): Likewise.
+
+Signed-off-by: David Malcolm <dmalcolm@redhat.com>
+
+CVE: CVE-2021-42574
+Upstream-Status: Backport [https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a7f2c0774129750fdf73e9f1b78f0ce983c9ab3]
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+
+---
+ libcpp/lex.c | 29 +++++++++++++++++------------
+ 1 file changed, 17 insertions(+), 12 deletions(-)
+
+diff --git a/libcpp/lex.c b/libcpp/lex.c
+index 8188e33b07d..2421d6c0f40 100644
+--- a/libcpp/lex.c
++++ b/libcpp/lex.c
+@@ -1427,9 +1427,11 @@ maybe_warn_bidi_on_close (cpp_reader *pfile, const uchar *p)
+ const location_t loc
+ = linemap_position_for_column (pfile->line_table,
+ CPP_BUF_COLUMN (pfile->buffer, p));
+- cpp_warning_with_line (pfile, CPP_W_BIDIRECTIONAL, loc, 0,
+- "unpaired UTF-8 bidirectional control character "
+- "detected");
++ rich_location rich_loc (pfile->line_table, loc);
++ rich_loc.set_escape_on_output (true);
++ cpp_warning_at (pfile, CPP_W_BIDIRECTIONAL, &rich_loc,
++ "unpaired UTF-8 bidirectional control character "
++ "detected");
+ }
+ /* We're done with this context. */
+ bidi::on_close ();
+@@ -1454,6 +1456,9 @@ maybe_warn_bidi_on_char (cpp_reader *pfile, const uchar *p, bidi::kind kind,
+ const location_t loc
+ = linemap_position_for_column (pfile->line_table,
+ CPP_BUF_COLUMN (pfile->buffer, p));
++ rich_location rich_loc (pfile->line_table, loc);
++ rich_loc.set_escape_on_output (true);
++
+ /* It seems excessive to warn about a PDI/PDF that is closing
+ an opened context because we've already warned about the
+ opening character. Except warn when we have a UCN x UTF-8
+@@ -1462,20 +1467,20 @@ maybe_warn_bidi_on_char (cpp_reader *pfile, const uchar *p, bidi::kind kind,
+ {
+ if (warn_bidi == bidirectional_unpaired
+ && bidi::current_ctx_ucn_p () != ucn_p)
+- cpp_warning_with_line (pfile, CPP_W_BIDIRECTIONAL, loc, 0,
+- "UTF-8 vs UCN mismatch when closing "
+- "a context by \"%s\"", bidi::to_str (kind));
++ cpp_warning_at (pfile, CPP_W_BIDIRECTIONAL, &rich_loc,
++ "UTF-8 vs UCN mismatch when closing "
++ "a context by \"%s\"", bidi::to_str (kind));
+ }
+ else if (warn_bidi == bidirectional_any)
+ {
+ if (kind == bidi::kind::PDF || kind == bidi::kind::PDI)
+- cpp_warning_with_line (pfile, CPP_W_BIDIRECTIONAL, loc, 0,
+- "\"%s\" is closing an unopened context",
+- bidi::to_str (kind));
++ cpp_warning_at (pfile, CPP_W_BIDIRECTIONAL, &rich_loc,
++ "\"%s\" is closing an unopened context",
++ bidi::to_str (kind));
+ else
+- cpp_warning_with_line (pfile, CPP_W_BIDIRECTIONAL, loc, 0,
+- "found problematic Unicode character \"%s\"",
+- bidi::to_str (kind));
++ cpp_warning_at (pfile, CPP_W_BIDIRECTIONAL, &rich_loc,
++ "found problematic Unicode character \"%s\"",
++ bidi::to_str (kind));
+ }
+ }
+ /* We're done with this context. */
+--
+2.27.0
+
diff --git a/meta/recipes-devtools/gcc/gcc/0004-CVE-2021-35465.patch b/meta/recipes-devtools/gcc/gcc/0004-CVE-2021-35465.patch
new file mode 100644
index 0000000000..12dfe682fa
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc/0004-CVE-2021-35465.patch
@@ -0,0 +1,304 @@
+From 809330ab8450261e05919b472783bf15e4b000f7 Mon Sep 17 00:00:00 2001
+From: Richard Earnshaw <rearnsha@arm.com>
+Date: Tue, 6 Jul 2021 15:10:18 +0100
+Subject: [PATCH] arm: Add tests for VLLDM mitigation [PR102035]
+
+New tests for the erratum mitigation.
+
+gcc/testsuite:
+ PR target/102035
+ * gcc.target/arm/cmse/mainline/8_1m/soft/cmse-13a.c: New test.
+ * gcc.target/arm/cmse/mainline/8_1m/soft/cmse-7a.c: Likewise.
+ * gcc.target/arm/cmse/mainline/8_1m/soft/cmse-8a.c: Likewise.
+ * gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-7a.c: Likewise.
+ * gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-8a.c: Likewise.
+ * gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-13a.c: Likewise.
+ * gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-7a.c: Likewise.
+ * gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-8a.c: Likewise.
+
+CVE: CVE-2021-35465
+Upstream-Status: Backport[https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=809330ab8450261e05919b472783bf15e4b000f7]
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+
+---
+ .../arm/cmse/mainline/8_1m/soft/cmse-13a.c | 31 +++++++++++++++++++
+ .../arm/cmse/mainline/8_1m/soft/cmse-7a.c | 28 +++++++++++++++++
+ .../arm/cmse/mainline/8_1m/soft/cmse-8a.c | 30 ++++++++++++++++++
+ .../cmse/mainline/8_1m/softfp-sp/cmse-7a.c | 27 ++++++++++++++++
+ .../cmse/mainline/8_1m/softfp-sp/cmse-8a.c | 29 +++++++++++++++++
+ .../arm/cmse/mainline/8_1m/softfp/cmse-13a.c | 30 ++++++++++++++++++
+ .../arm/cmse/mainline/8_1m/softfp/cmse-7a.c | 27 ++++++++++++++++
+ .../arm/cmse/mainline/8_1m/softfp/cmse-8a.c | 29 +++++++++++++++++
+ 8 files changed, 231 insertions(+)
+ create mode 100644 gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-13a.c
+ create mode 100644 gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-7a.c
+ create mode 100644 gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-8a.c
+ create mode 100644 gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-7a.c
+ create mode 100644 gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-8a.c
+ create mode 100644 gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-13a.c
+ create mode 100644 gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-7a.c
+ create mode 100644 gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-8a.c
+
+diff --git a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-13a.c b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-13a.c
+--- a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-13a.c 1969-12-31 16:00:00.000000000 -0800
++++ b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-13a.c 2021-11-15 02:30:37.210637445 -0800
+@@ -0,0 +1,31 @@
++/* { dg-do compile } */
++/* { dg-options "-mcmse -mfloat-abi=soft -mfix-cmse-cve-2021-35465" } */
++/* { dg-skip-if "Incompatible float ABI" { *-*-* } { "-mfloat-abi=*" } { "-mfloat-abi=soft" } } */
++
++#include "../../../cmse-13.x"
++
++/* Checks for saving and clearing prior to function call. */
++/* Shift on the same register as blxns. */
++/* { dg-final { scan-assembler "lsrs\t(r\[1,4-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler "lsls\t(r\[1,4-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler-not "mov\tr0, r4" } } */
++/* { dg-final { scan-assembler-not "mov\tr2, r4" } } */
++/* { dg-final { scan-assembler-not "mov\tr3, r4" } } */
++/* { dg-final { scan-assembler "push\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++/* { dg-final { scan-assembler "vlstm\tsp" } } */
++/* Check the right registers are cleared and none appears twice. */
++/* { dg-final { scan-assembler "clrm\t\{(r1, )?(r4, )?(r5, )?(r6, )?(r7, )?(r8, )?(r9, )?(r10, )?(fp, )?(ip, )?APSR\}" } } */
++/* Check that the right number of registers is cleared and thus only one
++ register is missing. */
++/* { dg-final { scan-assembler "clrm\t\{((r\[1,4-9\]|r10|fp|ip), ){9}APSR\}" } } */
++/* Check that no cleared register is used for blxns. */
++/* { dg-final { scan-assembler-not "clrm\t\{\[^\}\]\+(r\[1,4-9\]|r10|fp|ip),\[^\}\]\+\}.*blxns\t\\1" } } */
++/* Check for v8.1-m variant of erratum work-around. */
++/* { dg-final { scan-assembler "vscclrm\t\{vpr\}" } } */
++/* { dg-final { scan-assembler "vlldm\tsp" } } */
++/* { dg-final { scan-assembler "pop\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++/* { dg-final { scan-assembler-not "vmov" } } */
++/* { dg-final { scan-assembler-not "vmsr" } } */
++
++/* Now we check that we use the correct intrinsic to call. */
++/* { dg-final { scan-assembler "blxns" } } */
+diff --git a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-7a.c b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-7a.c
+--- a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-7a.c 1969-12-31 16:00:00.000000000 -0800
++++ b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-7a.c 2021-11-15 02:30:37.210637445 -0800
+@@ -0,0 +1,28 @@
++/* { dg-do compile } */
++/* { dg-options "-mcmse -mfloat-abi=soft -mfix-cmse-cve-2021-35465" } */
++/* { dg-skip-if "Incompatible float ABI" { *-*-* } { "-mfloat-abi=*" } { "-mfloat-abi=soft" } } */
++
++#include "../../../cmse-7.x"
++
++/* Checks for saving and clearing prior to function call. */
++/* Shift on the same register as blxns. */
++/* { dg-final { scan-assembler "lsrs\t(r\[0-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler "lsls\t(r\[0-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler "push\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++/* { dg-final { scan-assembler "vlstm\tsp" } } */
++/* Check the right registers are cleared and none appears twice. */
++/* { dg-final { scan-assembler "clrm\t\{(r0, )?(r1, )?(r2, )?(r3, )?(r4, )?(r5, )?(r6, )?(r7, )?(r8, )?(r9, )?(r10, )?(fp, )?(ip, )?APSR\}" } } */
++/* Check that the right number of registers is cleared and thus only one
++ register is missing. */
++/* { dg-final { scan-assembler "clrm\t\{((r\[0-9\]|r10|fp|ip), ){12}APSR\}" } } */
++/* Check that no cleared register is used for blxns. */
++/* { dg-final { scan-assembler-not "clrm\t\{\[^\}\]\+(r\[0-9\]|r10|fp|ip),\[^\}\]\+\}.*blxns\t\\1" } } */
++/* Check for v8.1-m variant of erratum work-around. */
++/* { dg-final { scan-assembler "vscclrm\t\{vpr\}" } } */
++/* { dg-final { scan-assembler "vlldm\tsp" } } */
++/* { dg-final { scan-assembler "pop\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++/* { dg-final { scan-assembler-not "vmov" } } */
++/* { dg-final { scan-assembler-not "vmsr" } } */
++
++/* Now we check that we use the correct intrinsic to call. */
++/* { dg-final { scan-assembler "blxns" } } */
+diff --git a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-8a.c b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-8a.c
+--- a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-8a.c 1969-12-31 16:00:00.000000000 -0800
++++ b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/soft/cmse-8a.c 2021-11-15 02:30:37.210637445 -0800
+@@ -0,0 +1,30 @@
++/* { dg-do compile } */
++/* { dg-options "-mcmse -mfloat-abi=soft -mfix-cmse-cve-2021-35465" } */
++/* { dg-skip-if "Incompatible float ABI" { *-*-* } { "-mfloat-abi=*" } { "-mfloat-abi=soft" } } */
++
++#include "../../../cmse-8.x"
++
++/* Checks for saving and clearing prior to function call. */
++/* Shift on the same register as blxns. */
++/* { dg-final { scan-assembler "lsrs\t(r\[2-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler "lsls\t(r\[2-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler-not "mov\tr0, r4" } } */
++/* { dg-final { scan-assembler-not "mov\tr1, r4" } } */
++/* { dg-final { scan-assembler "push\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++/* { dg-final { scan-assembler "vlstm\tsp" } } */
++/* Check the right registers are cleared and none appears twice. */
++/* { dg-final { scan-assembler "clrm\t\{(r2, )?(r3, )?(r4, )?(r5, )?(r6, )?(r7, )?(r8, )?(r9, )?(r10, )?(fp, )?(ip, )?APSR\}" } } */
++/* Check that the right number of registers is cleared and thus only one
++ register is missing. */
++/* { dg-final { scan-assembler "clrm\t\{((r\[2-9\]|r10|fp|ip), ){10}APSR\}" } } */
++/* Check that no cleared register is used for blxns. */
++/* { dg-final { scan-assembler-not "clrm\t\{\[^\}\]\+(r\[2-9\]|r10|fp|ip),\[^\}\]\+\}.*blxns\t\\1" } } */
++/* Check for v8.1-m variant of erratum work-around. */
++/* { dg-final { scan-assembler "vscclrm\t\{vpr\}" } } */
++/* { dg-final { scan-assembler "vlldm\tsp" } } */
++/* { dg-final { scan-assembler "pop\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++/* { dg-final { scan-assembler-not "vmov" } } */
++/* { dg-final { scan-assembler-not "vmsr" } } */
++
++/* Now we check that we use the correct intrinsic to call. */
++/* { dg-final { scan-assembler "blxns" } } */
+diff --git a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-13a.c b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-13a.c
+--- a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-13a.c 1969-12-31 16:00:00.000000000 -0800
++++ b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-13a.c 2021-11-15 02:30:37.210637445 -0800
+@@ -0,0 +1,30 @@
++/* { dg-do compile } */
++/* { dg-options "-mcmse -mfloat-abi=softfp -mfpu=fpv5-d16 -mfix-cmse-cve-2021-35465" } */
++/* { dg-skip-if "Incompatible float ABI" { *-*-* } { "-mfloat-abi=*" } { "-mfloat-abi=softfp" } } */
++/* { dg-skip-if "Skip these if testing single precision" {*-*-*} {"-mfpu=*-sp-*"} {""} } */
++
++#include "../../../cmse-13.x"
++
++/* Checks for saving and clearing prior to function call. */
++/* Shift on the same register as blxns. */
++/* { dg-final { scan-assembler "lsrs\t(r\[1,4-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler "lsls\t(r\[1,4-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler-not "mov\tr0, r4" } } */
++/* { dg-final { scan-assembler-not "mov\tr2, r4" } } */
++/* { dg-final { scan-assembler-not "mov\tr3, r4" } } */
++/* { dg-final { scan-assembler "push\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++/* { dg-final { scan-assembler "vlstm\tsp" } } */
++/* Check the right registers are cleared and none appears twice. */
++/* { dg-final { scan-assembler "clrm\t\{(r1, )?(r4, )?(r5, )?(r6, )?(r7, )?(r8, )?(r9, )?(r10, )?(fp, )?(ip, )?APSR\}" } } */
++/* Check that the right number of registers is cleared and thus only one
++ register is missing. */
++/* { dg-final { scan-assembler "clrm\t\{((r\[1,4-9\]|r10|fp|ip), ){9}APSR\}" } } */
++/* Check that no cleared register is used for blxns. */
++/* { dg-final { scan-assembler-not "clrm\t\{\[^\}\]\+(r\[1,4-9\]|r10|fp|ip),\[^\}\]\+\}.*blxns\t\\1" } } */
++/* Check for v8.1-m variant of erratum work-around. */
++/* { dg-final { scan-assembler "vscclrm\t\{vpr\}" } } */
++/* { dg-final { scan-assembler "vlldm\tsp" } } */
++/* { dg-final { scan-assembler "pop\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++
++/* Now we check that we use the correct intrinsic to call. */
++/* { dg-final { scan-assembler "blxns" } } */
+diff --git a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-7a.c b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-7a.c
+--- a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-7a.c 1969-12-31 16:00:00.000000000 -0800
++++ b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-7a.c 2021-11-15 02:30:37.210637445 -0800
+@@ -0,0 +1,27 @@
++/* { dg-do compile } */
++/* { dg-options "-mcmse -mfloat-abi=softfp -mfpu=fpv5-d16 -mfix-cmse-cve-2021-35465" } */
++/* { dg-skip-if "Incompatible float ABI" { *-*-* } { "-mfloat-abi=*" } { "-mfloat-abi=softfp" } } */
++/* { dg-skip-if "Skip these if testing single precision" {*-*-*} {"-mfpu=*-sp-*"} {""} } */
++
++#include "../../../cmse-7.x"
++
++/* Checks for saving and clearing prior to function call. */
++/* Shift on the same register as blxns. */
++/* { dg-final { scan-assembler "lsrs\t(r\[0-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler "lsls\t(r\[0-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler "push\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++/* { dg-final { scan-assembler "vlstm\tsp" } } */
++/* Check the right registers are cleared and none appears twice. */
++/* { dg-final { scan-assembler "clrm\t\{(r0, )?(r1, )?(r2, )?(r3, )?(r4, )?(r5, )?(r6, )?(r7, )?(r8, )?(r9, )?(r10, )?(fp, )?(ip, )?APSR\}" } } */
++/* Check that the right number of registers is cleared and thus only one
++ register is missing. */
++/* { dg-final { scan-assembler "clrm\t\{((r\[0-9\]|r10|fp|ip), ){12}APSR\}" } } */
++/* Check that no cleared register is used for blxns. */
++/* { dg-final { scan-assembler-not "clrm\t\{\[^\}\]\+(r\[0-9\]|r10|fp|ip),\[^\}\]\+\}.*blxns\t\\1" } } */
++/* Check for v8.1-m variant of erratum work-around. */
++/* { dg-final { scan-assembler "vscclrm\t\{vpr\}" } } */
++/* { dg-final { scan-assembler "vlldm\tsp" } } */
++/* { dg-final { scan-assembler "pop\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++
++/* Now we check that we use the correct intrinsic to call. */
++/* { dg-final { scan-assembler "blxns" } } */
+diff --git a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-8a.c b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-8a.c
+--- a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-8a.c 1969-12-31 16:00:00.000000000 -0800
++++ b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp/cmse-8a.c 2021-11-15 02:30:37.210637445 -0800
+@@ -0,0 +1,29 @@
++/* { dg-do compile } */
++/* { dg-options "-mcmse -mfloat-abi=softfp -mfpu=fpv5-d16 -mfix-cmse-cve-2021-35465" } */
++/* { dg-skip-if "Incompatible float ABI" { *-*-* } { "-mfloat-abi=*" } { "-mfloat-abi=softfp" } } */
++/* { dg-skip-if "Skip these if testing single precision" {*-*-*} {"-mfpu=*-sp-*"} {""} } */
++
++#include "../../../cmse-8.x"
++
++/* Checks for saving and clearing prior to function call. */
++/* Shift on the same register as blxns. */
++/* { dg-final { scan-assembler "lsrs\t(r\[2-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler "lsls\t(r\[2-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler-not "mov\tr0, r4" } } */
++/* { dg-final { scan-assembler-not "mov\tr1, r4" } } */
++/* { dg-final { scan-assembler "push\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++/* { dg-final { scan-assembler "vlstm\tsp" } } */
++/* Check the right registers are cleared and none appears twice. */
++/* { dg-final { scan-assembler "clrm\t\{(r2, )?(r3, )?(r4, )?(r5, )?(r6, )?(r7, )?(r8, )?(r9, )?(r10, )?(fp, )?(ip, )?APSR\}" } } */
++/* Check that the right number of registers is cleared and thus only one
++ register is missing. */
++/* { dg-final { scan-assembler "clrm\t\{((r\[2-9\]|r10|fp|ip), ){10}APSR\}" } } */
++/* Check that no cleared register is used for blxns. */
++/* { dg-final { scan-assembler-not "clrm\t\{\[^\}\]\+(r\[2-9\]|r10|fp|ip),\[^\}\]\+\}.*blxns\t\\1" } } */
++/* Check for v8.1-m variant of erratum work-around. */
++/* { dg-final { scan-assembler "vscclrm\t\{vpr\}" } } */
++/* { dg-final { scan-assembler "vlldm\tsp" } } */
++/* { dg-final { scan-assembler "pop\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++
++/* Now we check that we use the correct intrinsic to call. */
++/* { dg-final { scan-assembler "blxns" } } */
+diff --git a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-7a.c b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-7a.c
+--- a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-7a.c 1969-12-31 16:00:00.000000000 -0800
++++ b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-7a.c 2021-11-15 02:30:37.210637445 -0800
+@@ -0,0 +1,27 @@
++/* { dg-do compile } */
++/* { dg-options "-mcmse -mfloat-abi=softfp -mfpu=fpv5-sp-d16 -mfix-cmse-cve-2021-35465" } */
++/* { dg-skip-if "Incompatible float ABI" { *-*-* } { "-mfloat-abi=*" } { "-mfloat-abi=softfp" } } */
++/* { dg-skip-if "Skip these if testing double precision" {*-*-*} {"-mfpu=fpv[4-5]-d16"} {""} } */
++
++#include "../../../cmse-7.x"
++
++/* Checks for saving and clearing prior to function call. */
++/* Shift on the same register as blxns. */
++/* { dg-final { scan-assembler "lsrs\t(r\[0-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler "lsls\t(r\[0-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler "push\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++/* { dg-final { scan-assembler "vlstm\tsp" } } */
++/* Check the right registers are cleared and none appears twice. */
++/* { dg-final { scan-assembler "clrm\t\{(r0, )?(r1, )?(r2, )?(r3, )?(r4, )?(r5, )?(r6, )?(r7, )?(r8, )?(r9, )?(r10, )?(fp, )?(ip, )?APSR\}" } } */
++/* Check that the right number of registers is cleared and thus only one
++ register is missing. */
++/* { dg-final { scan-assembler "clrm\t\{((r\[0-9\]|r10|fp|ip), ){12}APSR\}" } } */
++/* Check that no cleared register is used for blxns. */
++/* { dg-final { scan-assembler-not "clrm\t\{\[^\}\]\+(r\[0-9\]|r10|fp|ip),\[^\}\]\+\}.*blxns\t\\1" } } */
++/* Check for v8.1-m variant of erratum work-around. */
++/* { dg-final { scan-assembler "vscclrm\t\{vpr\}" } } */
++/* { dg-final { scan-assembler "vlldm\tsp" } } */
++/* { dg-final { scan-assembler "pop\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++
++/* Now we check that we use the correct intrinsic to call. */
++/* { dg-final { scan-assembler "blxns" } } */
+diff --git a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-8a.c b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-8a.c
+--- a/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-8a.c 1969-12-31 16:00:00.000000000 -0800
++++ b/gcc/testsuite/gcc.target/arm/cmse/mainline/8_1m/softfp-sp/cmse-8a.c 2021-11-15 02:30:37.210637445 -0800
+@@ -0,0 +1,29 @@
++/* { dg-do compile } */
++/* { dg-options "-mcmse -mfloat-abi=softfp -mfpu=fpv5-sp-d16 -mfix-cmse-cve-2021-35465" } */
++/* { dg-skip-if "Incompatible float ABI" { *-*-* } { "-mfloat-abi=*" } { "-mfloat-abi=softfp" } } */
++/* { dg-skip-if "Skip these if testing double precision" {*-*-*} {"-mfpu=fpv[4-5]-d16"} {""} } */
++
++#include "../../../cmse-8.x"
++
++/* Checks for saving and clearing prior to function call. */
++/* Shift on the same register as blxns. */
++/* { dg-final { scan-assembler "lsrs\t(r\[2-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler "lsls\t(r\[2-9\]|r10|fp|ip), \\1, #1.*blxns\t\\1" } } */
++/* { dg-final { scan-assembler-not "mov\tr0, r4" } } */
++/* { dg-final { scan-assembler-not "mov\tr1, r4" } } */
++/* { dg-final { scan-assembler "push\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++/* { dg-final { scan-assembler "vlstm\tsp" } } */
++/* Check the right registers are cleared and none appears twice. */
++/* { dg-final { scan-assembler "clrm\t\{(r2, )?(r3, )?(r4, )?(r5, )?(r6, )?(r7, )?(r8, )?(r9, )?(r10, )?(fp, )?(ip, )?APSR\}" } } */
++/* Check that the right number of registers is cleared and thus only one
++ register is missing. */
++/* { dg-final { scan-assembler "clrm\t\{((r\[2-9\]|r10|fp|ip), ){10}APSR\}" } } */
++/* Check that no cleared register is used for blxns. */
++/* { dg-final { scan-assembler-not "clrm\t\{\[^\}\]\+(r\[2-9\]|r10|fp|ip),\[^\}\]\+\}.*blxns\t\\1" } } */
++/* Check for v8.1-m variant of erratum work-around. */
++/* { dg-final { scan-assembler "vscclrm\t\{vpr\}" } } */
++/* { dg-final { scan-assembler "vlldm\tsp" } } */
++/* { dg-final { scan-assembler "pop\t\{r4, r5, r6, r7, r8, r9, r10, fp\}" } } */
++
++/* Now we check that we use the correct intrinsic to call. */
++/* { dg-final { scan-assembler "blxns" } } */
diff --git a/meta/recipes-devtools/gcc/gcc/0004-CVE-2021-42574.patch b/meta/recipes-devtools/gcc/gcc/0004-CVE-2021-42574.patch
new file mode 100644
index 0000000000..4999c71b64
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc/0004-CVE-2021-42574.patch
@@ -0,0 +1,573 @@
+From bef32d4a28595e933f24fef378cf052a30b674a7 Mon Sep 17 00:00:00 2001
+From: David Malcolm <dmalcolm@redhat.com>
+Date: Tue, 2 Nov 2021 15:45:22 -0400
+Subject: [PATCH] libcpp: capture and underline ranges in -Wbidi-chars=
+ [PR103026]
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+This patch converts the bidi::vec to use a struct so that we can
+capture location_t values for the bidirectional control characters.
+
+Before:
+
+ Wbidi-chars-1.c: In function âmainâ:
+ Wbidi-chars-1.c:6:43: warning: unpaired UTF-8 bidirectional control character detected [-Wbidi-chars=]
+ 6 | /*<U+202E> } <U+2066>if (isAdmin)<U+2069> <U+2066> begin admins only */
+ | ^
+ Wbidi-chars-1.c:9:28: warning: unpaired UTF-8 bidirectional control character detected [-Wbidi-chars=]
+ 9 | /* end admins only <U+202E> { <U+2066>*/
+ | ^
+
+After:
+
+ Wbidi-chars-1.c: In function âmainâ:
+ Wbidi-chars-1.c:6:43: warning: unpaired UTF-8 bidirectional control characters detected [-Wbidi-chars=]
+ 6 | /*<U+202E> } <U+2066>if (isAdmin)<U+2069> <U+2066> begin admins only */
+ | ~~~~~~~~ ~~~~~~~~ ^
+ | | | |
+ | | | end of bidirectional context
+ | U+202E (RIGHT-TO-LEFT OVERRIDE) U+2066 (LEFT-TO-RIGHT ISOLATE)
+ Wbidi-chars-1.c:9:28: warning: unpaired UTF-8 bidirectional control characters detected [-Wbidi-chars=]
+ 9 | /* end admins only <U+202E> { <U+2066>*/
+ | ~~~~~~~~ ~~~~~~~~ ^
+ | | | |
+ | | | end of bidirectional context
+ | | U+2066 (LEFT-TO-RIGHT ISOLATE)
+ | U+202E (RIGHT-TO-LEFT OVERRIDE)
+
+Signed-off-by: David Malcolm <dmalcolm@redhat.com>
+
+gcc/testsuite/ChangeLog:
+ PR preprocessor/103026
+ * c-c++-common/Wbidi-chars-ranges.c: New test.
+
+libcpp/ChangeLog:
+ PR preprocessor/103026
+ * lex.c (struct bidi::context): New.
+ (bidi::vec): Convert to a vec of context rather than unsigned
+ char.
+ (bidi::ctx_at): Rename to...
+ (bidi::pop_kind_at): ...this and reimplement for above change.
+ (bidi::current_ctx): Update for change to vec.
+ (bidi::current_ctx_ucn_p): Likewise.
+ (bidi::current_ctx_loc): New.
+ (bidi::on_char): Update for usage of context struct. Add "loc"
+ param and pass it when pushing contexts.
+ (get_location_for_byte_range_in_cur_line): New.
+ (get_bidi_utf8): Rename to...
+ (get_bidi_utf8_1): ...this, reintroducing...
+ (get_bidi_utf8): ...as a wrapper, setting *OUT when the result is
+ not NONE.
+ (get_bidi_ucn): Rename to...
+ (get_bidi_ucn_1): ...this, reintroducing...
+ (get_bidi_ucn): ...as a wrapper, setting *OUT when the result is
+ not NONE.
+ (class unpaired_bidi_rich_location): New.
+ (maybe_warn_bidi_on_close): Use unpaired_bidi_rich_location when
+ reporting on unpaired bidi chars. Split into singular vs plural
+ spellings.
+ (maybe_warn_bidi_on_char): Pass in a location_t rather than a
+ const uchar * and use it when emitting warnings, and when calling
+ bidi::on_char.
+ (_cpp_skip_block_comment): Capture location when kind is not NONE
+ and pass it to maybe_warn_bidi_on_char.
+ (skip_line_comment): Likewise.
+ (forms_identifier_p): Likewise.
+ (lex_raw_string): Likewise.
+ (lex_string): Likewise.
+
+Signed-off-by: David Malcolm <dmalcolm@redhat.com>
+
+CVE: CVE-2021-42574
+Upstream-Status: Backport [https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=bef32d4a28595e933f24fef378cf052a30b674a7]
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+
+---
+ .../c-c++-common/Wbidi-chars-ranges.c | 54 ++++
+ libcpp/lex.c | 251 ++++++++++++++----
+ 2 files changed, 257 insertions(+), 48 deletions(-)
+ create mode 100644 gcc/testsuite/c-c++-common/Wbidi-chars-ranges.c
+
+diff --git a/gcc/testsuite/c-c++-common/Wbidi-chars-ranges.c b/gcc/testsuite/c-c++-common/Wbidi-chars-ranges.c
+new file mode 100644
+index 00000000000..298750a2a64
+--- /dev/null
++++ b/gcc/testsuite/c-c++-common/Wbidi-chars-ranges.c
+@@ -0,0 +1,54 @@
++/* PR preprocessor/103026 */
++/* { dg-do compile } */
++/* { dg-options "-Wbidi-chars=unpaired -fdiagnostics-show-caret" } */
++/* Verify that we escape and underline pertinent bidirectional
++ control characters when quoting the source. */
++
++int test_unpaired_bidi () {
++ int isAdmin = 0;
++ /*â® } â¦if (isAdmin)⩠⦠begin admins only */
++/* { dg-warning "bidirectional" "" { target *-*-* } .-1 } */
++#if 0
++ { dg-begin-multiline-output "" }
++ /*<U+202E> } <U+2066>if (isAdmin)<U+2069> <U+2066> begin admins only */
++ ~~~~~~~~ ~~~~~~~~ ^
++ | | |
++ | | end of bidirectional context
++ U+202E (RIGHT-TO-LEFT OVERRIDE) U+2066 (LEFT-TO-RIGHT ISOLATE)
++ { dg-end-multiline-output "" }
++#endif
++
++ __builtin_printf("You are an admin.\n");
++ /* end admins only â® { â¦*/
++/* { dg-warning "bidirectional" "" { target *-*-* } .-1 } */
++#if 0
++ { dg-begin-multiline-output "" }
++ /* end admins only <U+202E> { <U+2066>*/
++ ~~~~~~~~ ~~~~~~~~ ^
++ | | |
++ | | end of bidirectional context
++ | U+2066 (LEFT-TO-RIGHT ISOLATE)
++ U+202E (RIGHT-TO-LEFT OVERRIDE)
++ { dg-end-multiline-output "" }
++#endif
++
++ return 0;
++}
++
++int LRE_âª_PDF_\u202c;
++/* { dg-warning "mismatch" "" { target *-*-* } .-1 } */
++#if 0
++ { dg-begin-multiline-output "" }
++ int LRE_<U+202A>_PDF_\u202c;
++ ~~~~~~~~ ^~~~~~
++ { dg-end-multiline-output "" }
++#endif
++
++const char *s1 = "LRE_âª_PDF_\u202c";
++/* { dg-warning "mismatch" "" { target *-*-* } .-1 } */
++#if 0
++ { dg-begin-multiline-output "" }
++ const char *s1 = "LRE_<U+202A>_PDF_\u202c";
++ ~~~~~~~~ ^~~~~~
++ { dg-end-multiline-output "" }
++#endif
+diff --git a/libcpp/lex.c b/libcpp/lex.c
+index 2421d6c0f40..94c36f0d014 100644
+--- a/libcpp/lex.c
++++ b/libcpp/lex.c
+@@ -1172,11 +1172,34 @@ namespace bidi {
+ /* All the UTF-8 encodings of bidi characters start with E2. */
+ constexpr uchar utf8_start = 0xe2;
+
++ struct context
++ {
++ context () {}
++ context (location_t loc, kind k, bool pdf, bool ucn)
++ : m_loc (loc), m_kind (k), m_pdf (pdf), m_ucn (ucn)
++ {
++ }
++
++ kind get_pop_kind () const
++ {
++ return m_pdf ? kind::PDF : kind::PDI;
++ }
++ bool ucn_p () const
++ {
++ return m_ucn;
++ }
++
++ location_t m_loc;
++ kind m_kind;
++ unsigned m_pdf : 1;
++ unsigned m_ucn : 1;
++ };
++
+ /* A vector holding currently open bidi contexts. We use a char for
+ each context, its LSB is 1 if it represents a PDF context, 0 if it
+ represents a PDI context. The next bit is 1 if this context was open
+ by a bidi character written as a UCN, and 0 when it was UTF-8. */
+- semi_embedded_vec <unsigned char, 16> vec;
++ semi_embedded_vec <context, 16> vec;
+
+ /* Close the whole comment/identifier/string literal/character constant
+ context. */
+@@ -1193,19 +1216,19 @@ namespace bidi {
+ vec.truncate (len - 1);
+ }
+
+- /* Return the context of the Ith element. */
+- kind ctx_at (unsigned int i)
++ /* Return the pop kind of the context of the Ith element. */
++ kind pop_kind_at (unsigned int i)
+ {
+- return (vec[i] & 1) ? kind::PDF : kind::PDI;
++ return vec[i].get_pop_kind ();
+ }
+
+- /* Return which context is currently opened. */
++ /* Return the pop kind of the context that is currently opened. */
+ kind current_ctx ()
+ {
+ unsigned int len = vec.count ();
+ if (len == 0)
+ return kind::NONE;
+- return ctx_at (len - 1);
++ return vec[len - 1].get_pop_kind ();
+ }
+
+ /* Return true if the current context comes from a UCN origin, that is,
+@@ -1214,11 +1237,19 @@ namespace bidi {
+ {
+ unsigned int len = vec.count ();
+ gcc_checking_assert (len > 0);
+- return (vec[len - 1] >> 1) & 1;
++ return vec[len - 1].m_ucn;
+ }
+
+- /* We've read a bidi char, update the current vector as necessary. */
+- void on_char (kind k, bool ucn_p)
++ location_t current_ctx_loc ()
++ {
++ unsigned int len = vec.count ();
++ gcc_checking_assert (len > 0);
++ return vec[len - 1].m_loc;
++ }
++
++ /* We've read a bidi char, update the current vector as necessary.
++ LOC is only valid when K is not kind::NONE. */
++ void on_char (kind k, bool ucn_p, location_t loc)
+ {
+ switch (k)
+ {
+@@ -1226,12 +1257,12 @@ namespace bidi {
+ case kind::RLE:
+ case kind::LRO:
+ case kind::RLO:
+- vec.push (ucn_p ? 3u : 1u);
++ vec.push (context (loc, k, true, ucn_p));
+ break;
+ case kind::LRI:
+ case kind::RLI:
+ case kind::FSI:
+- vec.push (ucn_p ? 2u : 0u);
++ vec.push (context (loc, k, false, ucn_p));
+ break;
+ /* PDF terminates the scope of the last LRE, RLE, LRO, or RLO
+ whose scope has not yet been terminated. */
+@@ -1245,7 +1276,7 @@ namespace bidi {
+ yet been terminated. */
+ case kind::PDI:
+ for (int i = vec.count () - 1; i >= 0; --i)
+- if (ctx_at (i) == kind::PDI)
++ if (pop_kind_at (i) == kind::PDI)
+ {
+ vec.truncate (i);
+ break;
+@@ -1295,10 +1326,47 @@ namespace bidi {
+ }
+ }
+
++/* Get location_t for the range of bytes [START, START + NUM_BYTES)
++ within the current line in FILE, with the caret at START. */
++
++static location_t
++get_location_for_byte_range_in_cur_line (cpp_reader *pfile,
++ const unsigned char *const start,
++ size_t num_bytes)
++{
++ gcc_checking_assert (num_bytes > 0);
++
++ /* CPP_BUF_COLUMN and linemap_position_for_column both refer
++ to offsets in bytes, but CPP_BUF_COLUMN is 0-based,
++ whereas linemap_position_for_column is 1-based. */
++
++ /* Get 0-based offsets within the line. */
++ size_t start_offset = CPP_BUF_COLUMN (pfile->buffer, start);
++ size_t end_offset = start_offset + num_bytes - 1;
++
++ /* Now convert to location_t, where "columns" are 1-based byte offsets. */
++ location_t start_loc = linemap_position_for_column (pfile->line_table,
++ start_offset + 1);
++ location_t end_loc = linemap_position_for_column (pfile->line_table,
++ end_offset + 1);
++
++ if (start_loc == end_loc)
++ return start_loc;
++
++ source_range src_range;
++ src_range.m_start = start_loc;
++ src_range.m_finish = end_loc;
++ location_t combined_loc = COMBINE_LOCATION_DATA (pfile->line_table,
++ start_loc,
++ src_range,
++ NULL);
++ return combined_loc;
++}
++
+ /* Parse a sequence of 3 bytes starting with P and return its bidi code. */
+
+ static bidi::kind
+-get_bidi_utf8 (const unsigned char *const p)
++get_bidi_utf8_1 (const unsigned char *const p)
+ {
+ gcc_checking_assert (p[0] == bidi::utf8_start);
+
+@@ -1340,10 +1408,25 @@ get_bidi_utf8 (const unsigned char *cons
+ return bidi::kind::NONE;
+ }
+
++/* Parse a sequence of 3 bytes starting with P and return its bidi code.
++ If the kind is not NONE, write the location to *OUT.*/
++
++static bidi::kind
++get_bidi_utf8 (cpp_reader *pfile, const unsigned char *const p, location_t *out)
++{
++ bidi::kind result = get_bidi_utf8_1 (p);
++ if (result != bidi::kind::NONE)
++ {
++ /* We have a sequence of 3 bytes starting at P. */
++ *out = get_location_for_byte_range_in_cur_line (pfile, p, 3);
++ }
++ return result;
++}
++
+ /* Parse a UCN where P points just past \u or \U and return its bidi code. */
+
+ static bidi::kind
+-get_bidi_ucn (const unsigned char *p, bool is_U)
++get_bidi_ucn_1 (const unsigned char *p, bool is_U)
+ {
+ /* 6.4.3 Universal Character Names
+ \u hex-quad
+@@ -1412,6 +1495,62 @@ get_bidi_ucn (const unsigned char *p, bo
+ return bidi::kind::NONE;
+ }
+
++/* Parse a UCN where P points just past \u or \U and return its bidi code.
++ If the kind is not NONE, write the location to *OUT.*/
++
++static bidi::kind
++get_bidi_ucn (cpp_reader *pfile, const unsigned char *p, bool is_U,
++ location_t *out)
++{
++ bidi::kind result = get_bidi_ucn_1 (p, is_U);
++ if (result != bidi::kind::NONE)
++ {
++ const unsigned char *start = p - 2;
++ size_t num_bytes = 2 + (is_U ? 8 : 4);
++ *out = get_location_for_byte_range_in_cur_line (pfile, start, num_bytes);
++ }
++ return result;
++}
++
++/* Subclass of rich_location for reporting on unpaired UTF-8
++ bidirectional control character(s).
++ Escape the source lines on output, and show all unclosed
++ bidi context, labelling everything. */
++
++class unpaired_bidi_rich_location : public rich_location
++{
++ public:
++ class custom_range_label : public range_label
++ {
++ public:
++ label_text get_text (unsigned range_idx) const FINAL OVERRIDE
++ {
++ /* range 0 is the primary location; each subsequent range i + 1
++ is for bidi::vec[i]. */
++ if (range_idx > 0)
++ {
++ const bidi::context &ctxt (bidi::vec[range_idx - 1]);
++ return label_text::borrow (bidi::to_str (ctxt.m_kind));
++ }
++ else
++ return label_text::borrow (_("end of bidirectional context"));
++ }
++ };
++
++ unpaired_bidi_rich_location (cpp_reader *pfile, location_t loc)
++ : rich_location (pfile->line_table, loc, &m_custom_label)
++ {
++ set_escape_on_output (true);
++ for (unsigned i = 0; i < bidi::vec.count (); i++)
++ add_range (bidi::vec[i].m_loc,
++ SHOW_RANGE_WITHOUT_CARET,
++ &m_custom_label);
++ }
++
++ private:
++ custom_range_label m_custom_label;
++};
++
+ /* We're closing a bidi context, that is, we've encountered a newline,
+ are closing a C-style comment, or are at the end of a string literal,
+ character constant, or identifier. Warn if this context was not
+@@ -1427,11 +1566,17 @@ maybe_warn_bidi_on_close (cpp_reader *pf
+ const location_t loc
+ = linemap_position_for_column (pfile->line_table,
+ CPP_BUF_COLUMN (pfile->buffer, p));
+- rich_location rich_loc (pfile->line_table, loc);
+- rich_loc.set_escape_on_output (true);
+- cpp_warning_at (pfile, CPP_W_BIDIRECTIONAL, &rich_loc,
+- "unpaired UTF-8 bidirectional control character "
+- "detected");
++ unpaired_bidi_rich_location rich_loc (pfile, loc);
++ /* cpp_callbacks doesn't yet have a way to handle singular vs plural
++ forms of a diagnostic, so fake it for now. */
++ if (bidi::vec.count () > 1)
++ cpp_warning_at (pfile, CPP_W_BIDIRECTIONAL, &rich_loc,
++ "unpaired UTF-8 bidirectional control characters "
++ "detected");
++ else
++ cpp_warning_at (pfile, CPP_W_BIDIRECTIONAL, &rich_loc,
++ "unpaired UTF-8 bidirectional control character "
++ "detected");
+ }
+ /* We're done with this context. */
+ bidi::on_close ();
+@@ -1439,12 +1584,13 @@ maybe_warn_bidi_on_close (cpp_reader *pf
+
+ /* We're at the beginning or in the middle of an identifier/comment/string
+ literal/character constant. Warn if we've encountered a bidi character.
+- KIND says which bidi character it was; P points to it in the character
+- stream. UCN_P is true iff this bidi character was written as a UCN. */
++ KIND says which bidi control character it was; UCN_P is true iff this bidi
++ control character was written as a UCN. LOC is the location of the
++ character, but is only valid if KIND != bidi::kind::NONE. */
+
+ static void
+-maybe_warn_bidi_on_char (cpp_reader *pfile, const uchar *p, bidi::kind kind,
+- bool ucn_p)
++maybe_warn_bidi_on_char (cpp_reader *pfile, bidi::kind kind,
++ bool ucn_p, location_t loc)
+ {
+ if (__builtin_expect (kind == bidi::kind::NONE, 1))
+ return;
+@@ -1453,9 +1599,6 @@ maybe_warn_bidi_on_char (cpp_reader *pfi
+
+ if (warn_bidi != bidirectional_none)
+ {
+- const location_t loc
+- = linemap_position_for_column (pfile->line_table,
+- CPP_BUF_COLUMN (pfile->buffer, p));
+ rich_location rich_loc (pfile->line_table, loc);
+ rich_loc.set_escape_on_output (true);
+
+@@ -1467,9 +1610,12 @@ maybe_warn_bidi_on_char (cpp_reader *pfi
+ {
+ if (warn_bidi == bidirectional_unpaired
+ && bidi::current_ctx_ucn_p () != ucn_p)
+- cpp_warning_at (pfile, CPP_W_BIDIRECTIONAL, &rich_loc,
+- "UTF-8 vs UCN mismatch when closing "
+- "a context by \"%s\"", bidi::to_str (kind));
++ {
++ rich_loc.add_range (bidi::current_ctx_loc ());
++ cpp_warning_at (pfile, CPP_W_BIDIRECTIONAL, &rich_loc,
++ "UTF-8 vs UCN mismatch when closing "
++ "a context by \"%s\"", bidi::to_str (kind));
++ }
+ }
+ else if (warn_bidi == bidirectional_any)
+ {
+@@ -1484,7 +1630,7 @@ maybe_warn_bidi_on_char (cpp_reader *pfi
+ }
+ }
+ /* We're done with this context. */
+- bidi::on_char (kind, ucn_p);
++ bidi::on_char (kind, ucn_p, loc);
+ }
+
+ /* Skip a C-style block comment. We find the end of the comment by
+@@ -1552,8 +1698,9 @@ _cpp_skip_block_comment (cpp_reader *pfi
+ a bidirectional control character. */
+ else if (__builtin_expect (c == bidi::utf8_start, 0) && warn_bidi_p)
+ {
+- bidi::kind kind = get_bidi_utf8 (cur - 1);
+- maybe_warn_bidi_on_char (pfile, cur, kind, /*ucn_p=*/false);
++ location_t loc;
++ bidi::kind kind = get_bidi_utf8 (pfile, cur - 1, &loc);
++ maybe_warn_bidi_on_char (pfile, kind, /*ucn_p=*/false, loc);
+ }
+ }
+
+@@ -1586,9 +1733,9 @@ skip_line_comment (cpp_reader *pfile)
+ {
+ if (__builtin_expect (*buffer->cur == bidi::utf8_start, 0))
+ {
+- bidi::kind kind = get_bidi_utf8 (buffer->cur);
+- maybe_warn_bidi_on_char (pfile, buffer->cur, kind,
+- /*ucn_p=*/false);
++ location_t loc;
++ bidi::kind kind = get_bidi_utf8 (pfile, buffer->cur, &loc);
++ maybe_warn_bidi_on_char (pfile, kind, /*ucn_p=*/false, loc);
+ }
+ buffer->cur++;
+ }
+@@ -1708,9 +1855,9 @@ forms_identifier_p (cpp_reader *pfile, i
+ if (__builtin_expect (*buffer->cur == bidi::utf8_start, 0)
+ && warn_bidi_p)
+ {
+- bidi::kind kind = get_bidi_utf8 (buffer->cur);
+- maybe_warn_bidi_on_char (pfile, buffer->cur, kind,
+- /*ucn_p=*/false);
++ location_t loc;
++ bidi::kind kind = get_bidi_utf8 (pfile, buffer->cur, &loc);
++ maybe_warn_bidi_on_char (pfile, kind, /*ucn_p=*/false, loc);
+ }
+ if (_cpp_valid_utf8 (pfile, &buffer->cur, buffer->rlimit, 1 + !first,
+ state, &s))
+@@ -1722,10 +1869,12 @@ forms_identifier_p (cpp_reader *pfile, i
+ buffer->cur += 2;
+ if (warn_bidi_p)
+ {
+- bidi::kind kind = get_bidi_ucn (buffer->cur,
+- buffer->cur[-1] == 'U');
+- maybe_warn_bidi_on_char (pfile, buffer->cur, kind,
+- /*ucn_p=*/true);
++ location_t loc;
++ bidi::kind kind = get_bidi_ucn (pfile,
++ buffer->cur,
++ buffer->cur[-1] == 'U',
++ &loc);
++ maybe_warn_bidi_on_char (pfile, kind, /*ucn_p=*/true, loc);
+ }
+ if (_cpp_valid_ucn (pfile, &buffer->cur, buffer->rlimit, 1 + !first,
+ state, &s, NULL, NULL))
+@@ -2336,8 +2485,11 @@ lex_raw_string (cpp_reader *pfile, cpp_t
+ }
+ else if (__builtin_expect ((unsigned char) c == bidi::utf8_start, 0)
+ && warn_bidi_p)
+- maybe_warn_bidi_on_char (pfile, pos - 1, get_bidi_utf8 (pos - 1),
+- /*ucn_p=*/false);
++ {
++ location_t loc;
++ bidi::kind kind = get_bidi_utf8 (pfile, pos - 1, &loc);
++ maybe_warn_bidi_on_char (pfile, kind, /*ucn_p=*/false, loc);
++ }
+ }
+
+ if (warn_bidi_p)
+@@ -2447,8 +2599,10 @@ lex_string (cpp_reader *pfile, cpp_token
+ {
+ if ((cur[0] == 'u' || cur[0] == 'U') && warn_bidi_p)
+ {
+- bidi::kind kind = get_bidi_ucn (cur + 1, cur[0] == 'U');
+- maybe_warn_bidi_on_char (pfile, cur, kind, /*ucn_p=*/true);
++ location_t loc;
++ bidi::kind kind = get_bidi_ucn (pfile, cur + 1, cur[0] == 'U',
++ &loc);
++ maybe_warn_bidi_on_char (pfile, kind, /*ucn_p=*/true, loc);
+ }
+ cur++;
+ }
+@@ -2476,8 +2630,9 @@ lex_string (cpp_reader *pfile, cpp_token
+ saw_NUL = true;
+ else if (__builtin_expect (c == bidi::utf8_start, 0) && warn_bidi_p)
+ {
+- bidi::kind kind = get_bidi_utf8 (cur - 1);
+- maybe_warn_bidi_on_char (pfile, cur - 1, kind, /*ucn_p=*/false);
++ location_t loc;
++ bidi::kind kind = get_bidi_utf8 (pfile, cur - 1, &loc);
++ maybe_warn_bidi_on_char (pfile, kind, /*ucn_p=*/false, loc);
+ }
+ }
+
diff --git a/meta/recipes-devtools/glide/glide_0.13.3.bb b/meta/recipes-devtools/glide/glide_0.13.3.bb
index e943dc1762..db703c2d21 100644
--- a/meta/recipes-devtools/glide/glide_0.13.3.bb
+++ b/meta/recipes-devtools/glide/glide_0.13.3.bb
@@ -5,7 +5,7 @@ LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://src/${GO_IMPORT}/LICENSE;md5=54905cf894f8cc416a92f4fc350c35b2"
GO_IMPORT = "github.com/Masterminds/glide"
-SRC_URI = "git://${GO_IMPORT}"
+SRC_URI = "git://${GO_IMPORT};branch=master;protocol=https"
SRCREV = "8ed5b9292379d86c39592a7e6a58eb9c903877cf"
inherit go
diff --git a/meta/recipes-devtools/gnu-config/gnu-config_git.bb b/meta/recipes-devtools/gnu-config/gnu-config_git.bb
index 34b425031f..f4bc752d9f 100644
--- a/meta/recipes-devtools/gnu-config/gnu-config_git.bb
+++ b/meta/recipes-devtools/gnu-config/gnu-config_git.bb
@@ -12,7 +12,7 @@ INHIBIT_DEFAULT_DEPS = "1"
SRCREV = "805517123cbfe33d17c989a18e78c5789fab0437"
PV = "20210722+git${SRCPV}"
-SRC_URI = "git://git.savannah.gnu.org/config.git \
+SRC_URI = "git://git.savannah.gnu.org/git/config.git;protocol=https;branch=master \
file://gnu-configize.in"
S = "${WORKDIR}/git"
UPSTREAM_CHECK_COMMITS = "1"
diff --git a/meta/recipes-devtools/go/go-1.16.7.inc b/meta/recipes-devtools/go/go-1.16.15.inc
index 02a9268779..50772346df 100644
--- a/meta/recipes-devtools/go/go-1.16.7.inc
+++ b/meta/recipes-devtools/go/go-1.16.15.inc
@@ -1,7 +1,7 @@
require go-common.inc
GO_BASEVERSION = "1.16"
-PV = "1.16.7"
+PV = "1.16.15"
FILESEXTRAPATHS:prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"
LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707"
@@ -17,7 +17,7 @@ SRC_URI += "\
file://0008-use-GOBUILDMODE-to-set-buildmode.patch \
file://0009-Revert-cmd-go-make-sure-CC-and-CXX-are-absolute.patch \
"
-SRC_URI[main.sha256sum] = "1a9f2894d3d878729f7045072f30becebe243524cf2fce4e0a7b248b1e0654ac"
+SRC_URI[main.sha256sum] = "90a08c689279e35f3865ba510998c33a63255c36089b3ec206c912fc0568c3d3"
# Upstream don't believe it is a signifiant real world issue and will only
# fix in 1.17 onwards where we can drop this.
diff --git a/meta/recipes-devtools/go/go-binary-native_1.16.7.bb b/meta/recipes-devtools/go/go-binary-native_1.16.15.bb
index cb54c2868e..ba11ee5695 100644
--- a/meta/recipes-devtools/go/go-binary-native_1.16.7.bb
+++ b/meta/recipes-devtools/go/go-binary-native_1.16.15.bb
@@ -8,8 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707"
PROVIDES = "go-native"
SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}"
-SRC_URI[go_linux_amd64.sha256sum] = "7fe7a73f55ba3e2285da36f8b085e5c0159e9564ef5f63ee0ed6b818ade8ef04"
-SRC_URI[go_linux_arm64.sha256sum] = "63d6b53ecbd2b05c1f0e9903c92042663f2f68afdbb67f4d0d12700156869bac"
+SRC_URI[go_linux_amd64.sha256sum] = "77c782a633186d78c384f972fb113a43c24be0234c42fef22c2d8c4c4c8e7475"
+SRC_URI[go_linux_arm64.sha256sum] = "c2f27f0ce5620a9bc2ff3446165d1974ef94e9b885ec12dbfa3c07e0e198b7ce"
UPSTREAM_CHECK_URI = "https://golang.org/dl/"
UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux"
diff --git a/meta/recipes-devtools/go/go-cross-canadian_1.16.7.bb b/meta/recipes-devtools/go/go-cross-canadian_1.16.15.bb
index 7ac9449e47..7ac9449e47 100644
--- a/meta/recipes-devtools/go/go-cross-canadian_1.16.7.bb
+++ b/meta/recipes-devtools/go/go-cross-canadian_1.16.15.bb
diff --git a/meta/recipes-devtools/go/go-cross_1.16.7.bb b/meta/recipes-devtools/go/go-cross_1.16.15.bb
index 80b5a03f6c..80b5a03f6c 100644
--- a/meta/recipes-devtools/go/go-cross_1.16.7.bb
+++ b/meta/recipes-devtools/go/go-cross_1.16.15.bb
diff --git a/meta/recipes-devtools/go/go-crosssdk_1.16.7.bb b/meta/recipes-devtools/go/go-crosssdk_1.16.15.bb
index 1857c8a577..1857c8a577 100644
--- a/meta/recipes-devtools/go/go-crosssdk_1.16.7.bb
+++ b/meta/recipes-devtools/go/go-crosssdk_1.16.15.bb
diff --git a/meta/recipes-devtools/go/go-native_1.16.7.bb b/meta/recipes-devtools/go/go-native_1.16.15.bb
index ffe4ef3523..ffe4ef3523 100644
--- a/meta/recipes-devtools/go/go-native_1.16.7.bb
+++ b/meta/recipes-devtools/go/go-native_1.16.15.bb
diff --git a/meta/recipes-devtools/go/go-runtime_1.16.7.bb b/meta/recipes-devtools/go/go-runtime_1.16.15.bb
index 63464a1501..63464a1501 100644
--- a/meta/recipes-devtools/go/go-runtime_1.16.7.bb
+++ b/meta/recipes-devtools/go/go-runtime_1.16.15.bb
diff --git a/meta/recipes-devtools/go/go_1.16.7.bb b/meta/recipes-devtools/go/go_1.16.15.bb
index 34dc89bb0c..34dc89bb0c 100644
--- a/meta/recipes-devtools/go/go_1.16.7.bb
+++ b/meta/recipes-devtools/go/go_1.16.15.bb
diff --git a/meta/recipes-devtools/libcomps/libcomps_0.1.17.bb b/meta/recipes-devtools/libcomps/libcomps_0.1.17.bb
index 502bc4688b..09861d9c26 100644
--- a/meta/recipes-devtools/libcomps/libcomps_0.1.17.bb
+++ b/meta/recipes-devtools/libcomps/libcomps_0.1.17.bb
@@ -4,7 +4,7 @@ DESCRIPTION = "Libcomps is alternative for yum.comps library. It's written in pu
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
-SRC_URI = "git://github.com/rpm-software-management/libcomps.git \
+SRC_URI = "git://github.com/rpm-software-management/libcomps.git;branch=master;protocol=https \
file://0001-Add-crc32.c-to-sources-list.patch \
file://0002-Do-not-set-PYTHON_INSTALL_DIR-by-running-python.patch \
"
diff --git a/meta/recipes-devtools/libdnf/libdnf_0.63.1.bb b/meta/recipes-devtools/libdnf/libdnf_0.63.1.bb
index 282c28e2c4..6294509d2e 100644
--- a/meta/recipes-devtools/libdnf/libdnf_0.63.1.bb
+++ b/meta/recipes-devtools/libdnf/libdnf_0.63.1.bb
@@ -4,7 +4,7 @@ DESCRIPTION = "This library provides a high level package-manager. It's core lib
LICENSE = "LGPLv2.1+"
LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
-SRC_URI = "git://github.com/rpm-software-management/libdnf;branch=dnf-4-master \
+SRC_URI = "git://github.com/rpm-software-management/libdnf;branch=dnf-4-master;protocol=https \
file://0001-FindGtkDoc.cmake-drop-the-requirement-for-GTKDOC_SCA.patch \
file://0004-Set-libsolv-variables-with-pkg-config-cmake-s-own-mo.patch \
file://0001-Get-parameters-for-both-libsolv-and-libsolvext-libdn.patch \
diff --git a/meta/recipes-devtools/librepo/librepo_1.14.1.bb b/meta/recipes-devtools/librepo/librepo_1.14.1.bb
index 8676452587..cdb5946905 100644
--- a/meta/recipes-devtools/librepo/librepo_1.14.1.bb
+++ b/meta/recipes-devtools/librepo/librepo_1.14.1.bb
@@ -5,7 +5,7 @@ DESCRIPTION = "${SUMMARY}"
LICENSE = "LGPLv2.1"
LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
-SRC_URI = "git://github.com/rpm-software-management/librepo.git \
+SRC_URI = "git://github.com/rpm-software-management/librepo.git;branch=master;protocol=https \
file://0002-Do-not-try-to-obtain-PYTHON_INSTALL_DIR-by-running-p.patch \
file://0004-Set-gpgme-variables-with-pkg-config-not-with-cmake-m.patch \
"
diff --git a/meta/recipes-devtools/libtool/libtool-2.4.6.inc b/meta/recipes-devtools/libtool/libtool-2.4.6.inc
index 7104c98c20..a636926ef9 100644
--- a/meta/recipes-devtools/libtool/libtool-2.4.6.inc
+++ b/meta/recipes-devtools/libtool/libtool-2.4.6.inc
@@ -9,22 +9,23 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
file://libltdl/COPYING.LIB;md5=4fbd65380cdd255951079008b364516c "
SRC_URI = "${GNU_MIRROR}/libtool/libtool-${PV}.tar.gz \
- file://trailingslash.patch \
- file://rename-with-sysroot.patch \
- file://use-sysroot-in-libpath.patch \
- file://fix-final-rpath.patch \
- file://fix-rpath.patch \
- file://norm-rpath.patch \
+ file://0001-ltmain.in-Handle-trailing-slashes-on-install-command.patch \
+ file://0002-libtool.m4-Rename-the-with-sysroot-option-to-avoid-c.patch \
+ file://0003-ltmain.in-Add-missing-sysroot-to-library-path.patch \
+ file://0004-ltmain.sh-Fix-sysroot-paths-being-encoded-into-RPATH.patch \
+ file://0005-ltmain.in-Don-t-encode-RATHS-which-match-default-lin.patch \
file://dont-depend-on-help2man.patch \
- file://fix-resolve-lt-sysroot.patch \
+ file://0006-libtool.m4-Handle-as-a-sysroot-correctly.patch \
file://nohardcodepaths.patch \
file://unwind-opt-parsing.patch \
- file://0001-libtool-Fix-support-for-NIOS2-processor.patch \
- file://0001-libtool-Check-for-static-libs-for-internal-compiler-.patch \
- file://0001-Makefile.am-make-sure-autoheader-run-before-autoconf.patch \
- file://0001-Makefile.am-make-sure-autoheader-run-before-automake.patch \
- file://lto-prefix.patch \
- file://debian-no_hostname.patch \
+ file://0007-libtool-Fix-support-for-NIOS2-processor.patch \
+ file://0008-libtool-Check-for-static-libs-for-internal-compiler-.patch \
+ file://0009-Makefile.am-make-sure-autoheader-run-before-autoconf.patch \
+ file://0010-Makefile.am-make-sure-autoheader-run-before-automake.patch \
+ file://0011-ltmain.in-Handle-prefix-map-compiler-options-correct.patch \
+ file://0012-libtool.m4-For-reproducibility-stop-encoding-hostnam.patch \
+ file://libool.m4-add-ARFLAGS-variable.patch \
+ file://ARFLAGS-use-cr-instead-of-cru-by-default.patch \
"
SRC_URI[md5sum] = "addf44b646ddb4e3919805aa88fa7c5e"
diff --git a/meta/recipes-devtools/libtool/libtool/0001-ltmain.in-Handle-trailing-slashes-on-install-command.patch b/meta/recipes-devtools/libtool/libtool/0001-ltmain.in-Handle-trailing-slashes-on-install-command.patch
new file mode 100644
index 0000000000..eeb5ebf416
--- /dev/null
+++ b/meta/recipes-devtools/libtool/libtool/0001-ltmain.in-Handle-trailing-slashes-on-install-command.patch
@@ -0,0 +1,35 @@
+From: Richard Purdie <richard.purdie@linuxfoundation.org>
+Subject: [PATCH 01/12] ltmain.in: Handle trailing slashes on install commands correctly
+
+A command like:
+
+libtool --mode=install /usr/bin/install -c gck-roots-store-standalone.la '/image/usr/lib/gnome-keyring/standalone/'
+
+where the path ends with a trailing slash currently fails. This occurs in
+software like gnome-keyring or pulseaudio and is because the comparision
+code doesn't see the paths as equal. Strip both paths to ensure this works
+reliably.
+
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Upstream-Status: Submitted [https://lists.gnu.org/archive/html/libtool-patches/2021-10/msg00010.html]
+
+diff --git a/build-aux/ltmain.in b/build-aux/ltmain.in
+--- a/build-aux/ltmain.in
++++ b/build-aux/ltmain.in
+@@ -2356,8 +2356,14 @@ func_mode_install ()
+ func_append dir "$objdir"
+
+ if test -n "$relink_command"; then
++ # Strip any trailing slash from the destination.
++ func_stripname '' '/' "$libdir"
++ destlibdir=$func_stripname_result
++ func_stripname '' '/' "$destdir"
++ s_destdir=$func_stripname_result
++
+ # Determine the prefix the user has applied to our future dir.
+- inst_prefix_dir=`$ECHO "$destdir" | $SED -e "s%$libdir\$%%"`
++ inst_prefix_dir=`$ECHO "X$s_destdir" | $Xsed -e "s%$destlibdir\$%%"`
+
+ # Don't allow the user to place us outside of our expected
+ # location b/c this prevents finding dependent libraries that
diff --git a/meta/recipes-devtools/libtool/libtool/rename-with-sysroot.patch b/meta/recipes-devtools/libtool/libtool/0002-libtool.m4-Rename-the-with-sysroot-option-to-avoid-c.patch
index ad2b110530..6da283959e 100644
--- a/meta/recipes-devtools/libtool/libtool/rename-with-sysroot.patch
+++ b/meta/recipes-devtools/libtool/libtool/0002-libtool.m4-Rename-the-with-sysroot-option-to-avoid-c.patch
@@ -1,16 +1,17 @@
-Upstream-Status: Pending
+From: Khem Raj <raj.khem@gmail.com>
+Subject: [PATCH 02/12] libtool.m4: Rename the --with-sysroot option to avoid conflict with gcc/binutils
This patch renames the --with-sysroot option to --with-libtool-sysroot
to avoid namespace conflict with binutils, gcc and other toolchain
-components.
+components since these componets also add that option to configure
+and this becomes confusing and conflicting otherwise.
-I also reported the problem to libtool here
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+Upstream report:
http://lists.gnu.org/archive/html/libtool/2010-10/msg00048.html
--Khem Raj <raj.khem@gmail.com>
-
-Updated by: Robert Yang <liezhi.yang@windriver.com>
+Upstream-Status: Submitted [https://lists.gnu.org/archive/html/libtool-patches/2021-10/msg00014.html]
diff --git a/m4/libtool.m4 b/m4/libtool.m4
--- a/m4/libtool.m4
diff --git a/meta/recipes-devtools/libtool/libtool/use-sysroot-in-libpath.patch b/meta/recipes-devtools/libtool/libtool/0003-ltmain.in-Add-missing-sysroot-to-library-path.patch
index 6af99f327c..0103a00451 100644
--- a/meta/recipes-devtools/libtool/libtool/use-sysroot-in-libpath.patch
+++ b/meta/recipes-devtools/libtool/libtool/0003-ltmain.in-Add-missing-sysroot-to-library-path.patch
@@ -1,12 +1,14 @@
-Upstream-Status: Pending
+From: Khem Raj <raj.khem@gmail.com>
+Subject: [PATCH 03/12] ltmain.in: Add missing sysroot to library path
-When using sysroot we should append it to libdir, which is helpful in
+When using a sysroot we should append it to libdir, which is helpful in
cross builds as the system is staged in the sysroot. For normal builds,
i.e. when lt_sysroot is not set, it will still behave the same and add
-L/usr/lib to the relink command.
--Khem Raj <raj.khem@gmail.com>
-Updated by: Robert Yang <liezhi.yang@windriver.com>
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Upstream-Status: Submitted [https://lists.gnu.org/archive/html/libtool-patches/2021-10/msg00017.html]
diff --git a/build-aux/ltmain.in b/build-aux/ltmain.in
--- a/build-aux/ltmain.in
diff --git a/meta/recipes-devtools/libtool/libtool/fix-final-rpath.patch b/meta/recipes-devtools/libtool/libtool/0004-ltmain.sh-Fix-sysroot-paths-being-encoded-into-RPATH.patch
index 5c9f8cc9c0..21b3dfe306 100644
--- a/meta/recipes-devtools/libtool/libtool/fix-final-rpath.patch
+++ b/meta/recipes-devtools/libtool/libtool/0004-ltmain.sh-Fix-sysroot-paths-being-encoded-into-RPATH.patch
@@ -1,13 +1,13 @@
-Upstream-Status: Inappropriate [embedded specific]
+From: Richard Purdie <richard.purdie@linuxfoundation.org>
+Subject: [PATCH 04/12] ltmain.sh: Fix sysroot paths being encoded into RPATHs
-Enalbing sysroot support exposed a bug where the final library
-had an RPATH encoded into it which still pointed to the sysroot.
-This works around the issue until it gets sorted out upstream.
+There is a bug where RPATHs could end up containing sysroot values when
+cross compiling which is obviously incorrect. Strip out sysroot components
+from libdir when building RPATH values to avoid this.
-Fix suggested by Richard Purdie <richard.purdie@intel.com>
-Signed-off-by: Scott Garman <scott.a.garman@intel.com>
-Signed-off-by: Randy Witt <randy.e.witt@linux.intel.com>
-Updated by: Robert Yang <liezhi.yang@windriver.com>
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Upstream-Status: Submitted [https://lists.gnu.org/archive/html/libtool-patches/2021-10/msg00009.html]
diff --git a/build-aux/ltmain.in b/build-aux/ltmain.in
--- a/build-aux/ltmain.in
diff --git a/meta/recipes-devtools/libtool/libtool/fix-rpath.patch b/meta/recipes-devtools/libtool/libtool/0005-ltmain.in-Don-t-encode-RATHS-which-match-default-lin.patch
index a2ec9473e7..50d47d9f7a 100644
--- a/meta/recipes-devtools/libtool/libtool/fix-rpath.patch
+++ b/meta/recipes-devtools/libtool/libtool/0005-ltmain.in-Don-t-encode-RATHS-which-match-default-lin.patch
@@ -1,18 +1,21 @@
-We don't want to add RPATHS which match default linker
-search paths, they're a waste of space. This patch
-filters libtools list and removes the ones we don't need.
+From: Richard Purdie <richard.purdie@linuxfoundation.org>
+Subject: [PATCH 05/12] ltmain.in: Don't encode RATHS which match default linker paths
-RP 23/9/2011
+We don't want to add RPATHS which match default linker search paths, they're
+a waste of space. This patch filters libtools list of paths to encoode and
+removes the ones we don't need.
-Upstream-Status: Pending
+Libtool may be passed link paths of the form "/usr/lib/../lib" so normalize
+the paths before comparision.
-Updated by: Robert Yang <liezhi.yang@windriver.com>
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-Index: libtool-2.4.2/build-aux/ltmain.in
-===================================================================
---- libtool-2.4.2.orig/build-aux/ltmain.in
-+++ libtool-2.4.2/build-aux/ltmain.in
-@@ -7286,8 +7286,14 @@ EOF
+Upstream-Status: Submitted [https://lists.gnu.org/archive/html/libtool-patches/2021-10/msg00013.html]
+
+diff -u b/build-aux/ltmain.in b/build-aux/ltmain.in
+--- b/build-aux/ltmain.in
++++ b/build-aux/ltmain.in 2012-08-22 11:01:34.191345989 -0700
+@@ -7286,8 +7286,16 @@
esac
fi
else
@@ -20,8 +23,10 @@ Index: libtool-2.4.2/build-aux/ltmain.in
- func_append dep_rpath " $flag"
+ # We only want to hardcode in an rpath if it isn't in the
+ # default dlsearch path.
++ func_normal_abspath "$libdir"
++ libdir_norm=$func_normal_abspath_result
+ case " $sys_lib_dlsearch_path " in
-+ *" $libdir "*) ;;
++ *" $libdir_norm "*) ;;
+ *) eval flag=\"$hardcode_libdir_flag_spec\"
+ func_append dep_rpath " $flag"
+ ;;
@@ -29,7 +34,7 @@ Index: libtool-2.4.2/build-aux/ltmain.in
fi
elif test -n "$runpath_var"; then
case "$perm_rpath " in
-@@ -8019,8 +8025,14 @@ EOF
+@@ -8019,8 +8027,16 @@
esac
fi
else
@@ -37,8 +42,10 @@ Index: libtool-2.4.2/build-aux/ltmain.in
- func_append rpath " $flag"
+ # We only want to hardcode in an rpath if it isn't in the
+ # default dlsearch path.
++ func_normal_abspath "$libdir"
++ libdir_norm=$func_normal_abspath_result
+ case " $sys_lib_dlsearch_path " in
-+ *" $libdir "*) ;;
++ *" $libdir_norm "*) ;;
+ *) eval flag=\"$hardcode_libdir_flag_spec\"
+ rpath+=" $flag"
+ ;;
@@ -46,7 +53,7 @@ Index: libtool-2.4.2/build-aux/ltmain.in
fi
elif test -n "$runpath_var"; then
case "$perm_rpath " in
-@@ -8070,8 +8082,14 @@ EOF
+@@ -8070,8 +8086,14 @@
esac
fi
else
diff --git a/meta/recipes-devtools/libtool/libtool/fix-resolve-lt-sysroot.patch b/meta/recipes-devtools/libtool/libtool/0006-libtool.m4-Handle-as-a-sysroot-correctly.patch
index 1bd95980c0..999971241f 100644
--- a/meta/recipes-devtools/libtool/libtool/fix-resolve-lt-sysroot.patch
+++ b/meta/recipes-devtools/libtool/libtool/0006-libtool.m4-Handle-as-a-sysroot-correctly.patch
@@ -1,16 +1,18 @@
-Upstream-Status: Pending
+From: Richard Purdie <richard.purdie@linuxfoundation.org>
+Subject: [PATCH 06/12] libtool.m4: Handle "/" as a sysroot correctly
-This patch updates libtool.m4 (and its output) to resolve a problem
-with variable 'lt_sysroot' not being properly updated if the option
-'--with[-libtool]-sysroot' is not provided when running the 'configure'
-script for a package.
+Update libtool.m4 to resolve a problem with lt_sysroot not being properly
+updated if the option '--with[-libtool]-sysroot' is not provided when
+running the 'configure' script for a package so that "/" as a sysroot
+is handled correctly by libtool.
-I have also reported the problem to libtool here
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+Upstream Report:
http://lists.gnu.org/archive/html/bug-libtool/2013-09/msg00005.html
-Signed-off-by: Hans Beckerus <hans.beckerus at gmail.com>
-Updated by: Robert Yang <liezhi.yang@windriver.com>
+Upstream-Status: Submitted [https://lists.gnu.org/archive/html/libtool-patches/2021-10/msg00018.html]
+
---
diff --git a/m4/libtool.m4 b/m4/libtool.m4
--- a/m4/libtool.m4
diff --git a/meta/recipes-devtools/libtool/libtool/0001-libtool-Fix-support-for-NIOS2-processor.patch b/meta/recipes-devtools/libtool/libtool/0007-libtool-Fix-support-for-NIOS2-processor.patch
index bbd36d8dc1..395464e908 100644
--- a/meta/recipes-devtools/libtool/libtool/0001-libtool-Fix-support-for-NIOS2-processor.patch
+++ b/meta/recipes-devtools/libtool/libtool/0007-libtool-Fix-support-for-NIOS2-processor.patch
@@ -1,7 +1,5 @@
-From df2cd898e48208f26320d40c3ed6b19c75c27142 Mon Sep 17 00:00:00 2001
From: Marek Vasut <marex@denx.de>
-Date: Thu, 17 Sep 2015 00:43:15 +0200
-Subject: [PATCH] libtool: Fix support for NIOS2 processor
+Subject: [PATCH 07/12] libtool: Fix support for NIOS2 processor
The name of the system contains the string "nios2". This string
is caught by the some of the greedy checks for OS/2 in libtool,
@@ -13,7 +11,10 @@ checks to prevent the OS/2 check incorrectly trapping the nios2
as well.
Signed-off-by: Marek Vasut <marex@denx.de>
-Upstream-Status: Submitted
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Upstream-Status: Submitted [https://lists.gnu.org/archive/html/libtool-patches/2021-10/msg00021.html]
+
---
build-aux/ltmain.in | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/meta/recipes-devtools/libtool/libtool/0001-libtool-Check-for-static-libs-for-internal-compiler-.patch b/meta/recipes-devtools/libtool/libtool/0008-libtool-Check-for-static-libs-for-internal-compiler-.patch
index 8c7c39feb6..afffdb9fd4 100644
--- a/meta/recipes-devtools/libtool/libtool/0001-libtool-Check-for-static-libs-for-internal-compiler-.patch
+++ b/meta/recipes-devtools/libtool/libtool/0008-libtool-Check-for-static-libs-for-internal-compiler-.patch
@@ -1,8 +1,7 @@
-From 40a2da75e6d95cc7c498ebda95ab19ae0db2ebfb Mon Sep 17 00:00:00 2001
+From b9993338080325a6e2b2ec94ca0ece80e7fa3fb6 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Sat, 26 Jan 2019 12:54:26 -0800
-Subject: [PATCH] libtool: Check for static libs for internal compiler
- libraries
+Subject: [PATCH 08/12] libtool: Check for static libs for internal compiler libraries
Libtool checks only for libraries linked as -l* when trying to
find internal compiler libraries. Clang, however uses the absolute
@@ -10,11 +9,13 @@ path to link its internal libraries e.g. compiler_rt. This patch
handles clang's statically linked libraries when finding internal
compiler libraries.
-https://crbug.com/749263
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-Upstream-Status: Submitted [https://debbugs.gnu.org/cgi/bugreport.cgi?bug=27866]
+https://crbug.com/749263
+https://debbugs.gnu.org/cgi/bugreport.cgi?bug=27866
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Upstream-Status: Submitted [https://lists.gnu.org/archive/html/libtool-patches/2021-10/msg00016.html]
---
m4/libtool.m4 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/libtool/libtool/0001-Makefile.am-make-sure-autoheader-run-before-autoconf.patch b/meta/recipes-devtools/libtool/libtool/0009-Makefile.am-make-sure-autoheader-run-before-autoconf.patch
index 2e9908725e..348cd3c1ae 100644
--- a/meta/recipes-devtools/libtool/libtool/0001-Makefile.am-make-sure-autoheader-run-before-autoconf.patch
+++ b/meta/recipes-devtools/libtool/libtool/0009-Makefile.am-make-sure-autoheader-run-before-autoconf.patch
@@ -1,7 +1,5 @@
-From dfbbbd359e43e0a55fbea06f2647279ad8761cb9 Mon Sep 17 00:00:00 2001
From: Mingli Yu <mingli.yu@windriver.com>
-Date: Wed, 24 Mar 2021 03:04:13 +0000
-Subject: [PATCH] Makefile.am: make sure autoheader run before autoconf
+Subject: [PATCH 09/12] Makefile.am: make sure autoheader run before autoconf
autoheader will update ../libtool-2.4.6/libltdl/config-h.in which
autoconf needs, so there comes a race sometimes as below:
@@ -10,9 +8,11 @@ autoconf needs, so there comes a race sometimes as below:
So make sure autoheader run before autoconf to avoid this race.
-Upstream-Status: Submitted [libtool-patches@gnu.org maillist]
-
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Upstream-Status: Submitted [https://lists.gnu.org/archive/html/libtool-patches/2021-10/msg00015.html]
+
---
Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/libtool/libtool/0001-Makefile.am-make-sure-autoheader-run-before-automake.patch b/meta/recipes-devtools/libtool/libtool/0010-Makefile.am-make-sure-autoheader-run-before-automake.patch
index 87f8492346..cd963ef1be 100644
--- a/meta/recipes-devtools/libtool/libtool/0001-Makefile.am-make-sure-autoheader-run-before-automake.patch
+++ b/meta/recipes-devtools/libtool/libtool/0010-Makefile.am-make-sure-autoheader-run-before-automake.patch
@@ -1,7 +1,5 @@
-From e82c06584f02e3e4487aa73aa05981e2a35dc6d1 Mon Sep 17 00:00:00 2001
From: Mingli Yu <mingli.yu@windriver.com>
-Date: Tue, 13 Apr 2021 07:17:29 +0000
-Subject: [PATCH] Makefile.am: make sure autoheader run before automake
+Subject: [PATCH 10/12] Makefile.am: make sure autoheader run before automake
When use automake to generate Makefile.in from Makefile.am, there
comes below race:
@@ -10,7 +8,10 @@ comes below race:
It is because the file config-h.in in updating process by autoheader,
so make automake run after autoheader to avoid the above race.
-Upstream-Status: Submitted [libtool-patches@gnu.org maillist]
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Upstream-Status: Submitted [https://lists.gnu.org/archive/html/libtool-patches/2021-10/msg00020.html]
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
---
diff --git a/meta/recipes-devtools/libtool/libtool/lto-prefix.patch b/meta/recipes-devtools/libtool/libtool/0011-ltmain.in-Handle-prefix-map-compiler-options-correct.patch
index 2bd010b8e4..b121a3c750 100644
--- a/meta/recipes-devtools/libtool/libtool/lto-prefix.patch
+++ b/meta/recipes-devtools/libtool/libtool/0011-ltmain.in-Handle-prefix-map-compiler-options-correct.patch
@@ -1,9 +1,13 @@
+From: Richard Purdie <richard.purdie@linuxfoundation.org>
+Subject: [PATCH 11/12] ltmain.in: Handle prefix-map compiler options correctly
+
If lto is enabled, we need the prefix-map variables to be passed to the linker.
Add these to the list of options libtool passes through.
-Upstream-Status: Pending
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+Upstream-Status: Submitted [https://lists.gnu.org/archive/html/libtool-patches/2021-10/msg00019.html]
+
Index: libtool-2.4.6/build-aux/ltmain.in
===================================================================
--- libtool-2.4.6.orig/build-aux/ltmain.in
diff --git a/meta/recipes-devtools/libtool/libtool/debian-no_hostname.patch b/meta/recipes-devtools/libtool/libtool/0012-libtool.m4-For-reproducibility-stop-encoding-hostnam.patch
index 5add0cca3b..64f911d46c 100755..100644
--- a/meta/recipes-devtools/libtool/libtool/debian-no_hostname.patch
+++ b/meta/recipes-devtools/libtool/libtool/0012-libtool.m4-For-reproducibility-stop-encoding-hostnam.patch
@@ -1,10 +1,16 @@
-libtool: remove host specific info from header file
+From: Richard Purdie <richard.purdie@linuxfoundation.org>
+Subject: [PATCH 12/12] libtool.m4: For reproducibility stop encoding hostname in libtool script
+
+For reproducibilty, stop encoding the hostname into the libtool script, this isn't
+really adding much to debugging and most distros are carrying such a patch now as
+reproducibility is important.
+
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
https://sources.debian.org/data/main/libt/libtool/2.4.6-10/debian/patches/
no_hostname.patch
-Upstream-Status: Inappropriate [not author]
-Signed-off-by: Joe Slater <joe.slater@windriver.com>
+Upstream-Status: Submitted [https://lists.gnu.org/archive/html/libtool-patches/2021-10/msg00011.html]
---
Index: libtool-2.4.6/m4/libtool.m4
diff --git a/meta/recipes-devtools/libtool/libtool/ARFLAGS-use-cr-instead-of-cru-by-default.patch b/meta/recipes-devtools/libtool/libtool/ARFLAGS-use-cr-instead-of-cru-by-default.patch
new file mode 100644
index 0000000000..447640cef6
--- /dev/null
+++ b/meta/recipes-devtools/libtool/libtool/ARFLAGS-use-cr-instead-of-cru-by-default.patch
@@ -0,0 +1,133 @@
+From 418129bc63afc312701e84cb8afa5ca413df1ab5 Mon Sep 17 00:00:00 2001
+From: Pavel Raiskup <praiskup@redhat.com>
+Date: Fri, 17 Apr 2015 16:54:58 +0200
+Subject: ARFLAGS: use 'cr' instead of 'cru' by default
+
+In some GNU/Linux distributions people started to compile 'ar'
+binary with --enable-deterministic-archives (binutils project).
+That, however, in combination with our previous long time working
+default AR_FLAGS=cru causes warnings on such installations:
+ar: `u' modifier ignored since `D' is the default (see `U')
+
+The 'u' option (at least with GNU binutils) did small optimization
+during repeated builds because it instructed 'ar' to not
+open/close unchanged *.o files and to rather read their contents
+from old archive file. However, its removal should not cause a
+big performance hit for usual workflows.
+
+Distributions started using --enable-deterministic-archives
+knowing that it would disable the 'u', just to rather have a bit
+more deterministic builds.
+
+Also, to justify this change a bit more, keeping 'u' in ARFLAGS
+could only result in many per-project changes to override
+Libtool's ARFLAGS default, just to silent such warnings.
+
+Fixes bug#19967. Reported by Eric Blake.
+
+* m4/libtool.m4 (_LT_PROG_AR): Default AR_FLAGS to 'cr'.
+(_LT_REQUIRED_DARWIN_CHECKS): Use $AR_FLAGS instead 'cru' string.
+* doc/libtool.texi: Do 's/ar cru/ar cr/' in whole documentation.
+* NEWS: Document.
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/libtool.git/commit/?id=418129bc63afc312701e84cb8afa5ca413df1ab5]
+
+Signed-off-by: Li Wang <li.wang@windriver.com>
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ NEWS | 4 ++++
+ doc/libtool.texi | 10 +++++-----
+ m4/libtool.m4 | 6 +++---
+ 3 files changed, 12 insertions(+), 8 deletions(-)
+
+diff --git a/NEWS b/NEWS
+index 71a932d..1518f09 100644
+--- a/NEWS
++++ b/NEWS
+@@ -13,6 +13,10 @@ NEWS - list of user-visible changes between releases of GNU Libtool
+ variable, which obsoletes AR_FLAGS. This is due to naming conventions
+ among other *FLAGS and to be consistent with Automake's ARFLAGS.
+
++** Important incompatible changes:
++
++ - Libtool changed ARFLAGS/AR_FLAGS default from 'cru' to 'cr'.
++
+ ** Bug fixes:
+
+ - Fix a race condition in ltdl dryrun test that would cause spurious
+diff --git a/doc/libtool.texi b/doc/libtool.texi
+index 0298627..4c664bb 100644
+--- a/doc/libtool.texi
++++ b/doc/libtool.texi
+@@ -602,7 +602,7 @@ Without libtool, the programmer would invoke the @command{ar} command to
+ create a static library:
+
+ @example
+-burger$ @kbd{ar cru libhello.a hello.o foo.o}
++burger$ @kbd{ar cr libhello.a hello.o foo.o}
+ burger$
+ @end example
+
+@@ -632,7 +632,7 @@ libtool are the same ones you would use to produce an executable named
+ a23$ @kbd{libtool --mode=link gcc -g -O -o libhello.la foo.o hello.o}
+ *** Warning: Linking the shared library libhello.la against the
+ *** non-libtool objects foo.o hello.o is not portable!
+-ar cru .libs/libhello.a
++ar cr .libs/libhello.a
+ ranlib .libs/libhello.a
+ creating libhello.la
+ (cd .libs && rm -f libhello.la && ln -s ../libhello.la libhello.la)
+@@ -662,7 +662,7 @@ archive, not a shared library (@pxref{Static libraries}).}:
+ @example
+ a23$ @kbd{libtool --mode=link gcc -g -O -o libhello.la foo.lo hello.lo \
+ -rpath /usr/local/lib -lm}
+-ar cru @value{objdir}/libhello.a foo.o hello.o
++ar cr @value{objdir}/libhello.a foo.o hello.o
+ ranlib @value{objdir}/libhello.a
+ creating libhello.la
+ (cd @value{objdir} && rm -f libhello.la && ln -s ../libhello.la libhello.la)
+@@ -676,7 +676,7 @@ burger$ @kbd{libtool --mode=link gcc -g -O -o libhello.la foo.lo hello.lo \
+ -rpath /usr/local/lib -lm}
+ rm -fr @value{objdir}/libhello.a @value{objdir}/libhello.la
+ ld -Bshareable -o @value{objdir}/libhello.so.0.0 @value{objdir}/foo.o @value{objdir}/hello.o -lm
+-ar cru @value{objdir}/libhello.a foo.o hello.o
++ar cr @value{objdir}/libhello.a foo.o hello.o
+ ranlib @value{objdir}/libhello.a
+ creating libhello.la
+ (cd @value{objdir} && rm -f libhello.la && ln -s ../libhello.la libhello.la)
+@@ -6001,7 +6001,7 @@ in cases where it is necessary.
+ @subsection Archivers
+
+ On all known systems, building a static library can be accomplished by
+-running @kbd{ar cru lib@var{name}.a @var{obj1}.o @var{obj2}.o @dots{}},
++running @kbd{ar cr lib@var{name}.a @var{obj1}.o @var{obj2}.o @dots{}},
+ where the @file{.a} file is the output library, and each @file{.o} file is an
+ object file.
+
+diff --git a/m4/libtool.m4 b/m4/libtool.m4
+index 6514196..add06ee 100644
+--- a/m4/libtool.m4
++++ b/m4/libtool.m4
+@@ -1041,8 +1041,8 @@ int forced_loaded() { return 2;}
+ _LT_EOF
+ echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD
+ $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD
+- echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
+- $AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
++ echo "$AR $AR_FLAGS libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
++ $AR $AR_FLAGS libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
+ echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD
+ $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD
+ cat > conftest.c << _LT_EOF
+@@ -1505,7 +1505,7 @@ _LT_DECL([], [AR], [1], [The archiver])
+ # ARFLAGS for automake and AR_FLAGS for libtool). FIXME: Make the AR_FLAGS
+ # variable obsoleted/removed.
+
+-test ${AR_FLAGS+y} || AR_FLAGS=${ARFLAGS-cru}
++test ${AR_FLAGS+y} || AR_FLAGS=${ARFLAGS-cr}
+ lt_ar_flags=$AR_FLAGS
+ _LT_DECL([], [lt_ar_flags], [0], [Flags to create an archive (by configure)])
+
+--
+2.23.0
+
diff --git a/meta/recipes-devtools/libtool/libtool/fixinstall.patch b/meta/recipes-devtools/libtool/libtool/fixinstall.patch
index 8f343bf436..48330d82fb 100644
--- a/meta/recipes-devtools/libtool/libtool/fixinstall.patch
+++ b/meta/recipes-devtools/libtool/libtool/fixinstall.patch
@@ -27,9 +27,9 @@ diff --git a/build-aux/ltmain.in b/build-aux/ltmain.in
- if test -n "$relink_command"; then
+ if test "$fast_install" = no && test -n "$relink_command"; then
- # Strip any trailing slash from the destination.
- func_stripname '' '/' "$libdir"
- destlibdir=$func_stripname_result
+ # Strip any trailing slash from the destination.
+ func_stripname '' '/' "$libdir"
+ destlibdir=$func_stripname_result
@@ -2394,7 +2394,7 @@ func_mode_install ()
shift
diff --git a/meta/recipes-devtools/libtool/libtool/libool.m4-add-ARFLAGS-variable.patch b/meta/recipes-devtools/libtool/libtool/libool.m4-add-ARFLAGS-variable.patch
new file mode 100644
index 0000000000..bb11887cda
--- /dev/null
+++ b/meta/recipes-devtools/libtool/libtool/libool.m4-add-ARFLAGS-variable.patch
@@ -0,0 +1,77 @@
+From 4335de1dfb7d2ec728427e07a54136b94a2d40f6 Mon Sep 17 00:00:00 2001
+From: Pavel Raiskup <praiskup@redhat.com>
+Date: Fri, 17 Apr 2015 15:05:42 +0200
+Subject: libool.m4: add ARFLAGS variable
+
+Libtool has used $AR_FLAGS since 2000-05-29 commit
+8300de4c54e6f04f0d, Automake ARFLAGS since 2003-04-06 commit
+a71b3490639831ca. Even though ARFLAGS is younger, it sounds like
+better name according GNU Coding Standards.
+
+Related to bug#20082.
+
+* m4/libtool.m4 (_LT_PROG_AR): Copy ARFLAGS value into AR_FLAGS
+variable if AR_FLAGS is not set. Add new _LT_DECL'ed variable
+'lt_ar_flags' to keep the configure-time value of AR_FLAGS. The
+new 'lt_ar_flags' is to be used as the default value for AR_FLAGS
+at libtool-runtime.
+* NEWS: Document.
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/libtool.git/commit/?id=4335de1dfb7d2ec728427e07a54136b94a2d40f6]
+
+Signed-off-by: Li Wang <li.wang@windriver.com>
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ NEWS | 6 ++++++
+ m4/libtool.m4 | 17 +++++++++++++++--
+ 2 files changed, 21 insertions(+), 2 deletions(-)
+
+diff --git a/NEWS b/NEWS
+index d7ca434..71a932d 100644
+--- a/NEWS
++++ b/NEWS
+@@ -7,6 +7,12 @@ NEWS - list of user-visible changes between releases of GNU Libtool
+ - LT_SYS_LIBRARY_PATH can be set in config.site, or at configure time
+ and persists correctly in the generated libtool script.
+
++** New features:
++
++ - Libtool script now supports (configure-time and runtime) ARFLAGS
++ variable, which obsoletes AR_FLAGS. This is due to naming conventions
++ among other *FLAGS and to be consistent with Automake's ARFLAGS.
++
+ ** Bug fixes:
+
+ - Fix a race condition in ltdl dryrun test that would cause spurious
+diff --git a/m4/libtool.m4 b/m4/libtool.m4
+index 63acd09..6514196 100644
+--- a/m4/libtool.m4
++++ b/m4/libtool.m4
+@@ -1497,9 +1497,22 @@ need_locks=$enable_libtool_lock
+ m4_defun([_LT_PROG_AR],
+ [AC_CHECK_TOOLS(AR, [ar], false)
+ : ${AR=ar}
+-: ${AR_FLAGS=cru}
+ _LT_DECL([], [AR], [1], [The archiver])
+-_LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive])
++
++# Use ARFLAGS variable as AR's operation code to sync the variable naming with
++# Automake. If both AR_FLAGS and ARFLAGS are specified, AR_FLAGS should have
++# higher priority because thats what people were doing historically (setting
++# ARFLAGS for automake and AR_FLAGS for libtool). FIXME: Make the AR_FLAGS
++# variable obsoleted/removed.
++
++test ${AR_FLAGS+y} || AR_FLAGS=${ARFLAGS-cru}
++lt_ar_flags=$AR_FLAGS
++_LT_DECL([], [lt_ar_flags], [0], [Flags to create an archive (by configure)])
++
++# Make AR_FLAGS overridable by 'make ARFLAGS='. Don't try to run-time override
++# by AR_FLAGS because that was never working and AR_FLAGS is about to die.
++_LT_DECL([], [AR_FLAGS], [\@S|@{ARFLAGS-"\@S|@lt_ar_flags"}],
++ [Flags to create an archive])
+
+ AC_CACHE_CHECK([for archiver @FILE support], [lt_cv_ar_at_file],
+ [lt_cv_ar_at_file=no
+--
+2.23.0
+
diff --git a/meta/recipes-devtools/libtool/libtool/norm-rpath.patch b/meta/recipes-devtools/libtool/libtool/norm-rpath.patch
deleted file mode 100644
index 1e4c65e024..0000000000
--- a/meta/recipes-devtools/libtool/libtool/norm-rpath.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-libtool: normalize link paths before considering for RPATH
-
-Libtool may be passed link paths of the form "/usr/lib/../lib", which
-fool its detection code into thinking it should be included as an
-RPATH in the generated binary. Normalize before comparision.
-
-Signed-off-by: Andy Ross <andy.ross@windriver.com>
-Upstream-Status: Pending
-
-Updated by: Robert Yang <liezhi.yang@windriver.com>
-
-diff -ur a/build-aux/ltmain.in b/build-aux/ltmain.in
---- a/build-aux/ltmain.in 2012-08-16 13:58:55.058900363 -0700
-+++ b/build-aux/ltmain.in 2012-08-22 11:01:34.191345989 -0700
-@@ -7288,8 +7288,10 @@
- else
- # We only want to hardcode in an rpath if it isn't in the
- # default dlsearch path.
-+ func_normal_abspath "$libdir"
-+ libdir_norm=$func_normal_abspath_result
- case " $sys_lib_dlsearch_path " in
-- *" $libdir "*) ;;
-+ *" $libdir_norm "*) ;;
- *) eval flag=\"$hardcode_libdir_flag_spec\"
- func_append dep_rpath " $flag"
- ;;
-@@ -8027,8 +8029,10 @@
- else
- # We only want to hardcode in an rpath if it isn't in the
- # default dlsearch path.
-+ func_normal_abspath "$libdir"
-+ libdir_norm=$func_normal_abspath_result
- case " $sys_lib_dlsearch_path " in
-- *" $libdir "*) ;;
-+ *" $libdir_norm "*) ;;
- *) eval flag=\"$hardcode_libdir_flag_spec\"
- rpath+=" $flag"
- ;;
diff --git a/meta/recipes-devtools/libtool/libtool/trailingslash.patch b/meta/recipes-devtools/libtool/libtool/trailingslash.patch
deleted file mode 100644
index e8824d7db9..0000000000
--- a/meta/recipes-devtools/libtool/libtool/trailingslash.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-Upstream-Status: Pending
-
-A command like /bin/sh ../../i586-poky-linux-libtool --mode=install /usr/bin/install -c gck-roots-store-standalone.la '/media/data1/builds/poky1/tmp/work/core2-poky-linux/gnome-keyring-2.26.1-r1/image/usr/lib/gnome-keyring/standalone/' fails (e.g. gnome-keyring or pulseaudio)
-
-This is because libdir has a trailing slash which breaks the comparision.
-
-RP 2/1/10
-
-Merged a patch received from Gary Thomas <gary@mlbassoc.com>
-
-Date: 2010/07/12
-Nitin A Kamble <nitin.a.kamble@intel.com>
-
-Updated by: Robert Yang <liezhi.yang@windriver.com>
-
-diff --git a/build-aux/ltmain.in b/build-aux/ltmain.in
---- a/build-aux/ltmain.in
-+++ b/build-aux/ltmain.in
-@@ -2356,8 +2356,15 @@ func_mode_install ()
- func_append dir "$objdir"
-
- if test -n "$relink_command"; then
-+ # Strip any trailing slash from the destination.
-+ func_stripname '' '/' "$libdir"
-+ destlibdir=$func_stripname_result
-+
-+ func_stripname '' '/' "$destdir"
-+ s_destdir=$func_stripname_result
-+
- # Determine the prefix the user has applied to our future dir.
-- inst_prefix_dir=`$ECHO "$destdir" | $SED -e "s%$libdir\$%%"`
-+ inst_prefix_dir=`$ECHO "X$s_destdir" | $Xsed -e "s%$destlibdir\$%%"`
-
- # Don't allow the user to place us outside of our expected
- # location b/c this prevents finding dependent libraries that
diff --git a/meta/recipes-devtools/llvm/llvm_git.bb b/meta/recipes-devtools/llvm/llvm_git.bb
index 4167080653..d9efa53499 100644
--- a/meta/recipes-devtools/llvm/llvm_git.bb
+++ b/meta/recipes-devtools/llvm/llvm_git.bb
@@ -28,7 +28,7 @@ LLVM_DIR = "llvm${LLVM_RELEASE}"
BRANCH = "release/${MAJOR_VERSION}.x"
SRCREV = "fed41342a82f5a3a9201819a82bf7a48313e296b"
-SRC_URI = "git://github.com/llvm/llvm-project.git;branch=${BRANCH} \
+SRC_URI = "git://github.com/llvm/llvm-project.git;branch=${BRANCH};protocol=https \
file://0006-llvm-TargetLibraryInfo-Undefine-libc-functions-if-th.patch;striplevel=2 \
file://0007-llvm-allow-env-override-of-exe-path.patch;striplevel=2 \
file://0001-AsmMatcherEmitter-sort-ClassInfo-lists-by-name-as-we.patch;striplevel=2 \
diff --git a/meta/recipes-devtools/meson/meson/meson-setup.py b/meta/recipes-devtools/meson/meson/meson-setup.py
index 7ac4e3ad47..daaa551de2 100755
--- a/meta/recipes-devtools/meson/meson/meson-setup.py
+++ b/meta/recipes-devtools/meson/meson/meson-setup.py
@@ -27,9 +27,17 @@ except KeyError:
template_file = os.path.join(sysroot, 'usr/share/meson/meson.cross.template')
cross_file = os.path.join(sysroot, 'usr/share/meson/%smeson.cross' % os.environ["TARGET_PREFIX"])
+native_template_file = os.path.join(sysroot, 'usr/share/meson/meson.native.template')
+native_file = os.path.join(sysroot, 'usr/share/meson/meson.native')
with open(template_file) as in_file:
template = in_file.read()
output = Template(template).substitute(Environ())
with open(cross_file, "w") as out_file:
out_file.write(output)
+
+with open(native_template_file) as in_file:
+ template = in_file.read()
+ output = Template(template).substitute({'OECORE_NATIVE_SYSROOT': os.environ['OECORE_NATIVE_SYSROOT']})
+ with open(native_file, "w") as out_file:
+ out_file.write(output)
diff --git a/meta/recipes-devtools/meson/meson/meson-wrapper b/meta/recipes-devtools/meson/meson/meson-wrapper
index d4ffe60f9a..d4b5187f8d 100755
--- a/meta/recipes-devtools/meson/meson/meson-wrapper
+++ b/meta/recipes-devtools/meson/meson/meson-wrapper
@@ -11,4 +11,5 @@ unset CC CXX CPP LD AR NM STRIP
exec "$OECORE_NATIVE_SYSROOT/usr/bin/meson.real" \
--cross-file "${OECORE_NATIVE_SYSROOT}/usr/share/meson/${TARGET_PREFIX}meson.cross" \
+ --native-file "${OECORE_NATIVE_SYSROOT}/usr/share/meson/meson.native" \
"$@"
diff --git a/meta/recipes-devtools/meson/nativesdk-meson_0.58.1.bb b/meta/recipes-devtools/meson/nativesdk-meson_0.58.1.bb
index 0e76cc78f8..7b77041c7e 100644
--- a/meta/recipes-devtools/meson/nativesdk-meson_0.58.1.bb
+++ b/meta/recipes-devtools/meson/nativesdk-meson_0.58.1.bb
@@ -13,8 +13,54 @@ SRC_URI += "file://meson-setup.py \
# real paths by meson-setup.sh when the SDK is extracted.
# - Some overrides aren't needed, since the SDK injects paths that take care of
# them.
+def var_list2str(var, d):
+ items = d.getVar(var).split()
+ return items[0] if len(items) == 1 else ', '.join(repr(s) for s in items)
+
+def generate_native_link_template(d):
+ val = ['-L@{OECORE_NATIVE_SYSROOT}${libdir_native}',
+ '-L@{OECORE_NATIVE_SYSROOT}${base_libdir_native}',
+ '-Wl,-rpath-link,@{OECORE_NATIVE_SYSROOT}${libdir_native}',
+ '-Wl,-rpath-link,@{OECORE_NATIVE_SYSROOT}${base_libdir_native}',
+ '-Wl,--allow-shlib-undefined'
+ ]
+ build_arch = d.getVar('BUILD_ARCH')
+ if 'x86_64' in build_arch:
+ loader = 'ld-linux-x86-64.so.2'
+ elif 'i686' in build_arch:
+ loader = 'ld-linux.so.2'
+ elif 'aarch64' in build_arch:
+ loader = 'ld-linux-aarch64.so.1'
+ elif 'ppc64le' in build_arch:
+ loader = 'ld64.so.2'
+
+ if loader:
+ val += ['-Wl,--dynamic-linker=@{OECORE_NATIVE_SYSROOT}${base_libdir_native}/' + loader]
+
+ return repr(val)
+
do_install:append() {
install -d ${D}${datadir}/meson
+
+ cat >${D}${datadir}/meson/meson.native.template <<EOF
+[binaries]
+c = ${@meson_array('BUILD_CC', d)}
+cpp = ${@meson_array('BUILD_CXX', d)}
+ar = ${@meson_array('BUILD_AR', d)}
+nm = ${@meson_array('BUILD_NM', d)}
+strip = ${@meson_array('BUILD_STRIP', d)}
+readelf = ${@meson_array('BUILD_READELF', d)}
+pkgconfig = 'pkg-config-native'
+
+[built-in options]
+c_args = ['-isystem@{OECORE_NATIVE_SYSROOT}${includedir_native}' , ${@var_list2str('BUILD_OPTIMIZATION', d)}]
+c_link_args = ${@generate_native_link_template(d)}
+cpp_args = ['-isystem@{OECORE_NATIVE_SYSROOT}${includedir_native}' , ${@var_list2str('BUILD_OPTIMIZATION', d)}]
+cpp_link_args = ${@generate_native_link_template(d)}
+[properties]
+sys_root = '@OECORE_NATIVE_SYSROOT'
+EOF
+
cat >${D}${datadir}/meson/meson.cross.template <<EOF
[binaries]
c = @CC
@@ -24,12 +70,14 @@ nm = @NM
strip = @STRIP
pkgconfig = 'pkg-config'
-[properties]
-needs_exe_wrapper = true
+[built-in options]
c_args = @CFLAGS
c_link_args = @LDFLAGS
cpp_args = @CPPFLAGS
cpp_link_args = @LDFLAGS
+
+[properties]
+needs_exe_wrapper = true
sys_root = @OECORE_TARGET_SYSROOT
[host_machine]
diff --git a/meta/recipes-devtools/mtd/mtd-utils_git.bb b/meta/recipes-devtools/mtd/mtd-utils_git.bb
index 057ae806a1..2004572375 100644
--- a/meta/recipes-devtools/mtd/mtd-utils_git.bb
+++ b/meta/recipes-devtools/mtd/mtd-utils_git.bb
@@ -14,7 +14,7 @@ RDEPENDS:mtd-utils-tests += "bash"
PV = "2.1.3"
SRCREV = "42ea7cd48d2b3c306d59bb6c530d79f8c25bf9f5"
-SRC_URI = "git://git.infradead.org/mtd-utils.git \
+SRC_URI = "git://git.infradead.org/mtd-utils.git;branch=master \
file://add-exclusion-to-mkfs-jffs2-git-2.patch \
"
diff --git a/meta/recipes-devtools/ninja/ninja_1.10.2.bb b/meta/recipes-devtools/ninja/ninja_1.10.2.bb
index c908bcb738..7270321d6e 100644
--- a/meta/recipes-devtools/ninja/ninja_1.10.2.bb
+++ b/meta/recipes-devtools/ninja/ninja_1.10.2.bb
@@ -8,7 +8,7 @@ DEPENDS = "re2c-native ninja-native"
SRCREV = "e72d1d581c945c158ed68d9bc48911063022a2c6"
-SRC_URI = "git://github.com/ninja-build/ninja.git;branch=release"
+SRC_URI = "git://github.com/ninja-build/ninja.git;branch=release;protocol=https"
UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>.*)"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/opkg/opkg_0.4.5.bb b/meta/recipes-devtools/opkg/opkg_0.4.5.bb
index ef18ccf63a..8152fa0658 100644
--- a/meta/recipes-devtools/opkg/opkg_0.4.5.bb
+++ b/meta/recipes-devtools/opkg/opkg_0.4.5.bb
@@ -60,7 +60,7 @@ do_install_ptest () {
sed -i -e '/@PYTHONPATH=. $(PYTHON) $^/a\\t@if [ "$$?" != "0" ];then echo "FAIL:"$^;else echo "PASS:"$^;fi' ${D}${PTEST_PATH}/tests/Makefile
}
-WARN_QA:append += "openssl-deprecation"
+WARN_QA:append = " openssl-deprecation"
QAPKGTEST[openssl-deprecation] = "package_qa_check_openssl_deprecation"
def package_qa_check_openssl_deprecation (package, d, messages):
sane = True
diff --git a/meta/recipes-devtools/patchelf/patchelf_0.13.bb b/meta/recipes-devtools/patchelf/patchelf_0.13.bb
index 1b0561b8ba..b24c74a149 100644
--- a/meta/recipes-devtools/patchelf/patchelf_0.13.bb
+++ b/meta/recipes-devtools/patchelf/patchelf_0.13.bb
@@ -4,7 +4,7 @@ HOMEPAGE = "https://github.com/NixOS/patchelf"
LICENSE = "GPLv3"
-SRC_URI = "git://github.com/NixOS/patchelf;protocol=https \
+SRC_URI = "git://github.com/NixOS/patchelf;protocol=https;branch=master \
file://handle-read-only-files.patch \
"
SRCREV = "a949ff23315bbb5863627c4655fe216ecbf341a2"
diff --git a/meta/recipes-devtools/perl/files/perl-rdepends.txt b/meta/recipes-devtools/perl/files/perl-rdepends.txt
index dd23dc222a..3415f32ab1 100644
--- a/meta/recipes-devtools/perl/files/perl-rdepends.txt
+++ b/meta/recipes-devtools/perl/files/perl-rdepends.txt
@@ -1,7 +1,15 @@
# Some additional dependencies that the above doesn't manage to figure out
RDEPENDS:perl-module-file-spec += "perl-module-file-spec-unix"
+RDEPENDS:perl-module-io-file += "perl-module-symbol"
RDEPENDS:perl-module-math-bigint += "perl-module-math-bigint-calc"
+RDEPENDS:perl-module-test-builder += "perl-module-list-util"
+RDEPENDS:perl-module-test-builder += "perl-module-scalar-util"
+RDEPENDS:perl-module-test-builder-formatter += "perl-module-test2-formatter-tap"
+RDEPENDS:perl-module-test2-api += "perl-module-test2-event-fail"
+RDEPENDS:perl-module-test2-api += "perl-module-test2-event-pass"
+RDEPENDS:perl-module-test2-api += "perl-module-test2-event-v2"
+RDEPENDS:perl-module-test2-formatter-tap += "perl-module-test2-formatter"
RDEPENDS:perl-module-thread-queue += "perl-module-attributes"
RDEPENDS:perl-module-overload += "perl-module-overloading"
@@ -50,6 +58,7 @@ RDEPENDS:perl-module-archive-tar-constant += "perl-module-exporter"
RDEPENDS:perl-module-archive-tar-constant += "perl-module-io-compress-bzip2"
RDEPENDS:perl-module-archive-tar-constant += "perl-module-strict"
RDEPENDS:perl-module-archive-tar-constant += "perl-module-time-local"
+RDEPENDS:perl-module-archive-tar-constant += "perl-module-vars"
RDEPENDS:perl-module-archive-tar-constant += "perl-module-warnings"
RDEPENDS:perl-module-archive-tar-file += "perl-module-archive-tar"
RDEPENDS:perl-module-archive-tar-file += "perl-module-archive-tar-constant"
@@ -157,6 +166,8 @@ RDEPENDS:perl-module-b-xref += "perl-module-b"
RDEPENDS:perl-module-b-xref += "perl-module-config"
RDEPENDS:perl-module-b-xref += "perl-module-strict"
RDEPENDS:perl-module-bytes += "perl-module-bytes-heavy"
+RDEPENDS:perl-module-bytes += "perl-module-strict"
+RDEPENDS:perl-module-bytes += "perl-module-warnings"
RDEPENDS:perl-module--charnames += "perl-module-bytes"
RDEPENDS:perl-module-charnames += "perl-module-bytes"
RDEPENDS:perl-module-charnames += "perl-module--charnames"
@@ -245,14 +256,9 @@ RDEPENDS:perl-module-cwd += "perl-module-xsloader"
RDEPENDS:perl-module-data-dumper += "perl-module-config"
RDEPENDS:perl-module-data-dumper += "perl-module-constant"
RDEPENDS:perl-module-data-dumper += "perl-module-exporter"
+RDEPENDS:perl-module-data-dumper += "perl-module-strict"
+RDEPENDS:perl-module-data-dumper += "perl-module-warnings"
RDEPENDS:perl-module-data-dumper += "perl-module-xsloader"
-RDEPENDS:perl-module-db-file += "perl-module-dynaloader"
-RDEPENDS:perl-module-db-file += "perl-module-exporter"
-RDEPENDS:perl-module-db-file += "perl-module-fcntl"
-RDEPENDS:perl-module-db-file += "perl-module-strict "
-RDEPENDS:perl-module-db-file += "perl-module-strict"
-RDEPENDS:perl-module-db-file += "perl-module-tie-hash"
-RDEPENDS:perl-module-db-file += "perl-module-warnings"
RDEPENDS:perl-module-dbm-filter-compress += "perl-module-strict"
RDEPENDS:perl-module-dbm-filter-compress += "perl-module-warnings"
RDEPENDS:perl-module-dbm-filter-encode += "perl-module-strict"
@@ -281,18 +287,18 @@ RDEPENDS:perl-module-diagnostics += "perl-module-strict"
RDEPENDS:perl-module-diagnostics += "perl-module-text-tabs"
RDEPENDS:perl-module-digest-base += "perl-module-mime-base64"
RDEPENDS:perl-module-digest-base += "perl-module-strict"
-RDEPENDS:perl-module-digest-base += "perl-module-vars"
+RDEPENDS:perl-module-digest-base += "perl-module-warnings"
RDEPENDS:perl-module-digest-file += "perl-module-digest"
RDEPENDS:perl-module-digest-file += "perl-module-exporter"
RDEPENDS:perl-module-digest-file += "perl-module-strict"
-RDEPENDS:perl-module-digest-file += "perl-module-vars"
+RDEPENDS:perl-module-digest-file += "perl-module-warnings"
RDEPENDS:perl-module-digest-md5 += "perl-module-digest-base"
RDEPENDS:perl-module-digest-md5 += "perl-module-exporter"
RDEPENDS:perl-module-digest-md5 += "perl-module-strict"
-RDEPENDS:perl-module-digest-md5 += "perl-module-vars"
+RDEPENDS:perl-module-digest-md5 += "perl-module-warnings"
RDEPENDS:perl-module-digest-md5 += "perl-module-xsloader"
RDEPENDS:perl-module-digest += "perl-module-strict"
-RDEPENDS:perl-module-digest += "perl-module-vars"
+RDEPENDS:perl-module-digest += "perl-module-warnings"
RDEPENDS:perl-module-digest-sha += "perl-module-digest-base"
RDEPENDS:perl-module-digest-sha += "perl-module-dynaloader"
RDEPENDS:perl-module-digest-sha += "perl-module-exporter"
@@ -444,9 +450,9 @@ RDEPENDS:perl-module-errno += "perl-module-strict"
RDEPENDS:perl-module-experimental += "perl-module-strict"
RDEPENDS:perl-module-experimental += "perl-module-version"
RDEPENDS:perl-module-experimental += "perl-module-warnings"
-RDEPENDS:perl-module-exporter-heavy += "perl-module-exporter"
RDEPENDS:perl-module-exporter-heavy += "perl-module-strict"
RDEPENDS:perl-module-exporter += "perl-module-exporter-heavy"
+RDEPENDS:perl-module-exporter += "perl-module-strict"
RDEPENDS:perl-module-extutils-cbuilder-base += "perl-module-config"
RDEPENDS:perl-module-extutils-cbuilder-base += "perl-module-cwd"
RDEPENDS:perl-module-extutils-cbuilder-base += "perl-module-dynaloader"
@@ -511,6 +517,7 @@ RDEPENDS:perl-module-extutils-command += "perl-module-file-find"
RDEPENDS:perl-module-extutils-command += "perl-module-file-path"
RDEPENDS:perl-module-extutils-command += "perl-module-strict"
RDEPENDS:perl-module-extutils-command += "perl-module-vars"
+RDEPENDS:perl-module-extutils-command += "perl-module-warnings"
RDEPENDS:perl-module-extutils-constant-base += "perl-module-constant"
RDEPENDS:perl-module-extutils-constant-base += "perl-module-extutils-constant-utils"
RDEPENDS:perl-module-extutils-constant-base += "perl-module-strict"
@@ -550,7 +557,6 @@ RDEPENDS:perl-module-extutils-installed += "perl-module-extutils-packlist"
RDEPENDS:perl-module-extutils-installed += "perl-module-file-basename"
RDEPENDS:perl-module-extutils-installed += "perl-module-file-find"
RDEPENDS:perl-module-extutils-installed += "perl-module-strict"
-RDEPENDS:perl-module-extutils-installed += "perl-module-vars"
RDEPENDS:perl-module-extutils-install += "perl-module-autosplit"
RDEPENDS:perl-module-extutils-install += "perl-module-config"
RDEPENDS:perl-module-extutils-install += "perl-module-cwd"
@@ -570,13 +576,16 @@ RDEPENDS:perl-module-extutils-liblist-kid += "perl-module-text-parsewords"
RDEPENDS:perl-module-extutils-liblist-kid += "perl-module-warnings"
RDEPENDS:perl-module-extutils-liblist += "perl-module-extutils-liblist-kid"
RDEPENDS:perl-module-extutils-liblist += "perl-module-strict"
+RDEPENDS:perl-module-extutils-liblist += "perl-module-warnings"
RDEPENDS:perl-module-extutils-makemaker-config += "perl-module-config"
RDEPENDS:perl-module-extutils-makemaker-config += "perl-module-strict"
+RDEPENDS:perl-module-extutils-makemaker-config += "perl-module-warnings"
RDEPENDS:perl-module-extutils-makemaker-locale += "perl-module-base"
RDEPENDS:perl-module-extutils-makemaker-locale += "perl-module-encode"
RDEPENDS:perl-module-extutils-makemaker-locale += "perl-module-encode-alias"
RDEPENDS:perl-module-extutils-makemaker-locale += "perl-module-i18n-langinfo"
RDEPENDS:perl-module-extutils-makemaker-locale += "perl-module-strict"
+RDEPENDS:perl-module-extutils-makemaker-locale += "perl-module-warnings"
RDEPENDS:perl-module-extutils-makemaker += "perl-module-b"
RDEPENDS:perl-module-extutils-makemaker += "perl-module-cpan"
RDEPENDS:perl-module-extutils-makemaker += "perl-module-cwd"
@@ -589,8 +598,10 @@ RDEPENDS:perl-module-extutils-makemaker += "perl-module-extutils-my"
RDEPENDS:perl-module-extutils-makemaker += "perl-module-file-path"
RDEPENDS:perl-module-extutils-makemaker += "perl-module-strict"
RDEPENDS:perl-module-extutils-makemaker += "perl-module-version"
+RDEPENDS:perl-module-extutils-makemaker += "perl-module-warnings"
RDEPENDS:perl-module-extutils-makemaker-version += "perl-module-strict"
RDEPENDS:perl-module-extutils-makemaker-version += "perl-module-vars"
+RDEPENDS:perl-module-extutils-makemaker-version += "perl-module-warnings"
RDEPENDS:perl-module-extutils-manifest += "perl-module-config"
RDEPENDS:perl-module-extutils-manifest += "perl-module-exporter"
RDEPENDS:perl-module-extutils-manifest += "perl-module-file-basename"
@@ -606,12 +617,15 @@ RDEPENDS:perl-module-extutils-mkbootstrap += "perl-module-config"
RDEPENDS:perl-module-extutils-mkbootstrap += "perl-module-dynaloader"
RDEPENDS:perl-module-extutils-mkbootstrap += "perl-module-exporter"
RDEPENDS:perl-module-extutils-mkbootstrap += "perl-module-strict"
+RDEPENDS:perl-module-extutils-mkbootstrap += "perl-module-warnings"
RDEPENDS:perl-module-extutils-mksymlists += "perl-module-config"
RDEPENDS:perl-module-extutils-mksymlists += "perl-module-exporter"
RDEPENDS:perl-module-extutils-mksymlists += "perl-module-strict"
+RDEPENDS:perl-module-extutils-mksymlists += "perl-module-warnings"
RDEPENDS:perl-module-extutils-mm-aix += "perl-module-extutils-makemaker-config"
RDEPENDS:perl-module-extutils-mm-aix += "perl-module-extutils-mm-unix"
RDEPENDS:perl-module-extutils-mm-aix += "perl-module-strict"
+RDEPENDS:perl-module-extutils-mm-aix += "perl-module-warnings"
RDEPENDS:perl-module-extutils-mm-any += "perl-module-autosplit"
RDEPENDS:perl-module-extutils-mm-any += "perl-module-cpan"
RDEPENDS:perl-module-extutils-mm-any += "perl-module-data-dumper"
@@ -621,35 +635,49 @@ RDEPENDS:perl-module-extutils-mm-any += "perl-module-file-basename"
RDEPENDS:perl-module-extutils-mm-any += "perl-module-file-find"
RDEPENDS:perl-module-extutils-mm-any += "perl-module-strict"
RDEPENDS:perl-module-extutils-mm-any += "perl-module-version"
+RDEPENDS:perl-module-extutils-mm-any += "perl-module-warnings"
RDEPENDS:perl-module-extutils-mm-beos += "perl-module-extutils-makemaker-config"
RDEPENDS:perl-module-extutils-mm-beos += "perl-module-extutils-mm-any"
RDEPENDS:perl-module-extutils-mm-beos += "perl-module-extutils-mm-unix"
RDEPENDS:perl-module-extutils-mm-beos += "perl-module-strict"
+RDEPENDS:perl-module-extutils-mm-beos += "perl-module-warnings"
RDEPENDS:perl-module-extutils-mm-cygwin += "perl-module-extutils-makemaker-config"
RDEPENDS:perl-module-extutils-mm-cygwin += "perl-module-extutils-mm-unix"
RDEPENDS:perl-module-extutils-mm-cygwin += "perl-module-extutils-mm-win32"
RDEPENDS:perl-module-extutils-mm-cygwin += "perl-module-strict"
+RDEPENDS:perl-module-extutils-mm-cygwin += "perl-module-warnings"
RDEPENDS:perl-module-extutils-mm-darwin += "perl-module-extutils-mm-unix"
RDEPENDS:perl-module-extutils-mm-darwin += "perl-module-strict"
+RDEPENDS:perl-module-extutils-mm-darwin += "perl-module-warnings"
RDEPENDS:perl-module-extutils-mm-dos += "perl-module-extutils-mm-any"
RDEPENDS:perl-module-extutils-mm-dos += "perl-module-extutils-mm-unix"
RDEPENDS:perl-module-extutils-mm-dos += "perl-module-strict"
+RDEPENDS:perl-module-extutils-mm-dos += "perl-module-warnings"
RDEPENDS:perl-module-extutils-mm-macos += "perl-module-strict"
+RDEPENDS:perl-module-extutils-mm-macos += "perl-module-warnings"
RDEPENDS:perl-module-extutils-mm-nw5 += "perl-module-extutils-makemaker"
RDEPENDS:perl-module-extutils-mm-nw5 += "perl-module-extutils-makemaker-config"
RDEPENDS:perl-module-extutils-mm-nw5 += "perl-module-extutils-mm-win32"
RDEPENDS:perl-module-extutils-mm-nw5 += "perl-module-file-basename"
RDEPENDS:perl-module-extutils-mm-nw5 += "perl-module-strict"
+RDEPENDS:perl-module-extutils-mm-nw5 += "perl-module-warnings"
RDEPENDS:perl-module-extutils-mm-os2 += "perl-module-extutils-makemaker"
RDEPENDS:perl-module-extutils-mm-os2 += "perl-module-extutils-mm-any"
RDEPENDS:perl-module-extutils-mm-os2 += "perl-module-extutils-mm-unix"
RDEPENDS:perl-module-extutils-mm-os2 += "perl-module-strict"
+RDEPENDS:perl-module-extutils-mm-os2 += "perl-module-warnings"
+RDEPENDS:perl-module-extutils-mm-os390 += "perl-module-extutils-makemaker-config"
+RDEPENDS:perl-module-extutils-mm-os390 += "perl-module-extutils-mm-unix"
+RDEPENDS:perl-module-extutils-mm-os390 += "perl-module-strict"
+RDEPENDS:perl-module-extutils-mm-os390 += "perl-module-warnings"
RDEPENDS:perl-module-extutils-mm += "perl-module-extutils-liblist"
RDEPENDS:perl-module-extutils-mm += "perl-module-extutils-makemaker"
RDEPENDS:perl-module-extutils-mm += "perl-module-extutils-makemaker-config"
RDEPENDS:perl-module-extutils-mm += "perl-module-strict"
+RDEPENDS:perl-module-extutils-mm += "perl-module-warnings"
RDEPENDS:perl-module-extutils-mm-qnx += "perl-module-extutils-mm-unix"
RDEPENDS:perl-module-extutils-mm-qnx += "perl-module-strict"
+RDEPENDS:perl-module-extutils-mm-qnx += "perl-module-warnings"
RDEPENDS:perl-module-extutils-mm-unix += "perl-module-cwd"
RDEPENDS:perl-module-extutils-mm-unix += "perl-module-encode"
RDEPENDS:perl-module-extutils-mm-unix += "perl-module-extutils-liblist"
@@ -661,8 +689,10 @@ RDEPENDS:perl-module-extutils-mm-unix += "perl-module-file-find"
RDEPENDS:perl-module-extutils-mm-unix += "perl-module-strict"
RDEPENDS:perl-module-extutils-mm-unix += "perl-module-vars"
RDEPENDS:perl-module-extutils-mm-unix += "perl-module-version"
+RDEPENDS:perl-module-extutils-mm-unix += "perl-module-warnings"
RDEPENDS:perl-module-extutils-mm-uwin += "perl-module-extutils-mm-unix"
RDEPENDS:perl-module-extutils-mm-uwin += "perl-module-strict"
+RDEPENDS:perl-module-extutils-mm-uwin += "perl-module-warnings"
RDEPENDS:perl-module-extutils-mm-vms += "perl-module-exporter"
RDEPENDS:perl-module-extutils-mm-vms += "perl-module-extutils-liblist-kid"
RDEPENDS:perl-module-extutils-mm-vms += "perl-module-extutils-makemaker"
@@ -672,23 +702,26 @@ RDEPENDS:perl-module-extutils-mm-vms += "perl-module-extutils-mm-unix"
RDEPENDS:perl-module-extutils-mm-vms += "perl-module-file-basename"
RDEPENDS:perl-module-extutils-mm-vms += "perl-module-file-find"
RDEPENDS:perl-module-extutils-mm-vms += "perl-module-strict"
+RDEPENDS:perl-module-extutils-mm-vms += "perl-module-warnings"
RDEPENDS:perl-module-extutils-mm-vos += "perl-module-extutils-mm-unix"
RDEPENDS:perl-module-extutils-mm-vos += "perl-module-strict"
+RDEPENDS:perl-module-extutils-mm-vos += "perl-module-warnings"
RDEPENDS:perl-module-extutils-mm-win32 += "perl-module-extutils-makemaker"
RDEPENDS:perl-module-extutils-mm-win32 += "perl-module-extutils-makemaker-config"
RDEPENDS:perl-module-extutils-mm-win32 += "perl-module-extutils-mm-any"
RDEPENDS:perl-module-extutils-mm-win32 += "perl-module-extutils-mm-unix"
RDEPENDS:perl-module-extutils-mm-win32 += "perl-module-file-basename"
RDEPENDS:perl-module-extutils-mm-win32 += "perl-module-strict"
+RDEPENDS:perl-module-extutils-mm-win32 += "perl-module-warnings"
RDEPENDS:perl-module-extutils-mm-win95 += "perl-module-extutils-makemaker-config"
RDEPENDS:perl-module-extutils-mm-win95 += "perl-module-extutils-mm-win32"
RDEPENDS:perl-module-extutils-mm-win95 += "perl-module-strict"
+RDEPENDS:perl-module-extutils-mm-win95 += "perl-module-warnings"
RDEPENDS:perl-module-extutils-my += "perl-module-extutils-mm"
RDEPENDS:perl-module-extutils-my += "perl-module-strict"
RDEPENDS:perl-module-extutils-packlist += "perl-module-config"
RDEPENDS:perl-module-extutils-packlist += "perl-module-cwd"
RDEPENDS:perl-module-extutils-packlist += "perl-module-strict"
-RDEPENDS:perl-module-extutils-packlist += "perl-module-vars"
RDEPENDS:perl-module-extutils-parsexs-constants += "perl-module-strict"
RDEPENDS:perl-module-extutils-parsexs-constants += "perl-module-warnings"
RDEPENDS:perl-module-extutils-parsexs-countlines += "perl-module-strict"
@@ -709,6 +742,9 @@ RDEPENDS:perl-module-extutils-parsexs-utilities += "perl-module-extutils-parsexs
RDEPENDS:perl-module-extutils-parsexs-utilities += "perl-module-extutils-typemaps"
RDEPENDS:perl-module-extutils-parsexs-utilities += "perl-module-strict"
RDEPENDS:perl-module-extutils-parsexs-utilities += "perl-module-warnings"
+RDEPENDS:perl-module-extutils-pl2bat += "perl-module-config"
+RDEPENDS:perl-module-extutils-pl2bat += "perl-module-strict"
+RDEPENDS:perl-module-extutils-pl2bat += "perl-module-warnings"
RDEPENDS:perl-module-extutils-testlib += "perl-module-cwd"
RDEPENDS:perl-module-extutils-testlib += "perl-module-lib"
RDEPENDS:perl-module-extutils-testlib += "perl-module-strict"
@@ -829,6 +865,8 @@ RDEPENDS:perl-module-filter-util-call += "perl-module-xsloader"
RDEPENDS:perl-module-findbin += "perl-module-cwd"
RDEPENDS:perl-module-findbin += "perl-module-exporter"
RDEPENDS:perl-module-findbin += "perl-module-file-basename"
+RDEPENDS:perl-module-findbin += "perl-module-strict"
+RDEPENDS:perl-module-findbin += "perl-module-warnings"
RDEPENDS:perl-module-gdbm-file += "perl-module-exporter"
RDEPENDS:perl-module-gdbm-file += "perl-module-strict"
RDEPENDS:perl-module-gdbm-file += "perl-module-tie-hash"
@@ -843,6 +881,8 @@ RDEPENDS:perl-module-getopt-long += "perl-module-text-parsewords"
RDEPENDS:perl-module-getopt-long += "perl-module-vars"
RDEPENDS:perl-module-getopt-long += "perl-module-warnings"
RDEPENDS:perl-module-getopt-std += "perl-module-exporter"
+RDEPENDS:perl-module-getopt-std += "perl-module-strict"
+RDEPENDS:perl-module-getopt-std += "perl-module-warnings"
RDEPENDS:perl-module-hash-util-fieldhash += "perl-module-exporter"
RDEPENDS:perl-module-hash-util-fieldhash += "perl-module-strict"
RDEPENDS:perl-module-hash-util-fieldhash += "perl-module-warnings"
@@ -867,6 +907,7 @@ RDEPENDS:perl-module-i18n-langtags-detect += "perl-module-strict"
RDEPENDS:perl-module-i18n-langtags-list += "perl-module-strict"
RDEPENDS:perl-module-i18n-langtags += "perl-module-exporter"
RDEPENDS:perl-module-i18n-langtags += "perl-module-strict"
+RDEPENDS:perl-module-if += "perl-module-strict"
RDEPENDS:perl-module-io-compress-adapter-bzip2 += "perl-module-bytes"
RDEPENDS:perl-module-io-compress-adapter-bzip2 += "perl-module-compress-raw-bzip2"
RDEPENDS:perl-module-io-compress-adapter-bzip2 += "perl-module-io-compress-base-common"
@@ -1105,7 +1146,7 @@ RDEPENDS:perl-module-io-zlib += "perl-module-fcntl"
RDEPENDS:perl-module-io-zlib += "perl-module-io-handle"
RDEPENDS:perl-module-io-zlib += "perl-module-strict"
RDEPENDS:perl-module-io-zlib += "perl-module-tie-handle"
-RDEPENDS:perl-module-io-zlib += "perl-module-vars"
+RDEPENDS:perl-module-io-zlib += "perl-module-warnings"
RDEPENDS:perl-module-ipc-cmd += "perl-module-constant"
RDEPENDS:perl-module-ipc-cmd += "perl-module-exporter"
RDEPENDS:perl-module-ipc-cmd += "perl-module-extutils-makemaker"
@@ -1144,10 +1185,10 @@ RDEPENDS:perl-module-ipc-sharedmem += "perl-module-ipc-sysv"
RDEPENDS:perl-module-ipc-sharedmem += "perl-module-strict"
RDEPENDS:perl-module-ipc-sharedmem += "perl-module-vars"
RDEPENDS:perl-module-ipc-sysv += "perl-module-config"
-RDEPENDS:perl-module-ipc-sysv += "perl-module-dynaloader"
RDEPENDS:perl-module-ipc-sysv += "perl-module-exporter"
RDEPENDS:perl-module-ipc-sysv += "perl-module-strict"
RDEPENDS:perl-module-ipc-sysv += "perl-module-vars"
+RDEPENDS:perl-module-ipc-sysv += "perl-module-xsloader"
RDEPENDS:perl-module-json-pp-boolean += "perl-module-overload"
RDEPENDS:perl-module-json-pp-boolean += "perl-module-strict"
RDEPENDS:perl-module-json-pp += "perl-module-b"
@@ -1195,6 +1236,8 @@ RDEPENDS:perl-module-locale-maketext += "perl-module-strict"
RDEPENDS:perl-module-locale-maketext-simple += "perl-module-base"
RDEPENDS:perl-module-locale-maketext-simple += "perl-module-strict"
RDEPENDS:perl-module-locale += "perl-module-config"
+RDEPENDS:perl-module-locale += "perl-module-strict"
+RDEPENDS:perl-module-locale += "perl-module-warnings"
RDEPENDS:perl-module-math-bigfloat += "perl-module-exporter"
RDEPENDS:perl-module-math-bigfloat += "perl-module-math-bigint"
RDEPENDS:perl-module-math-bigfloat += "perl-module-math-complex"
@@ -1251,12 +1294,12 @@ RDEPENDS:perl-module-memoize-sdbm-file += "perl-module-sdbm-file"
RDEPENDS:perl-module-memoize-storable += "perl-module-storable"
RDEPENDS:perl-module-mime-base64 += "perl-module-exporter"
RDEPENDS:perl-module-mime-base64 += "perl-module-strict"
-RDEPENDS:perl-module-mime-base64 += "perl-module-vars"
+RDEPENDS:perl-module-mime-base64 += "perl-module-warnings"
RDEPENDS:perl-module-mime-base64 += "perl-module-xsloader"
RDEPENDS:perl-module-mime-quotedprint += "perl-module-exporter"
RDEPENDS:perl-module-mime-quotedprint += "perl-module-mime-base64"
RDEPENDS:perl-module-mime-quotedprint += "perl-module-strict"
-RDEPENDS:perl-module-mime-quotedprint += "perl-module-vars"
+RDEPENDS:perl-module-mime-quotedprint += "perl-module-warnings"
RDEPENDS:perl-module-mro += "perl-module-strict"
RDEPENDS:perl-module-mro += "perl-module-warnings"
RDEPENDS:perl-module-mro += "perl-module-xsloader"
@@ -1331,6 +1374,7 @@ RDEPENDS:perl-module-net-ping += "perl-module-posix"
RDEPENDS:perl-module-net-ping += "perl-module-socket"
RDEPENDS:perl-module-net-ping += "perl-module-strict"
RDEPENDS:perl-module-net-ping += "perl-module-time-hires"
+RDEPENDS:perl-module-net-ping += "perl-module-vars"
RDEPENDS:perl-module-net-pop3 += "perl-module-io-socket"
RDEPENDS:perl-module-net-pop3 += "perl-module-io-socket-ip"
RDEPENDS:perl-module-net-pop3 += "perl-module-mime-base64"
@@ -1376,6 +1420,7 @@ RDEPENDS:perl-module-ops += "perl-module-opcode"
RDEPENDS:perl-module-overloading += "perl-module-overload-numbers"
RDEPENDS:perl-module-overloading += "perl-module-warnings"
RDEPENDS:perl-module-overload += "perl-module-mro"
+RDEPENDS:perl-module-overload += "perl-module-strict"
RDEPENDS:perl-module-overload += "perl-module-warnings-register"
RDEPENDS:perl-module-params-check += "perl-module-exporter"
RDEPENDS:perl-module-params-check += "perl-module-locale-maketext-simple"
@@ -1585,7 +1630,6 @@ RDEPENDS:perl-module-pod-text-termcap += "perl-module-warnings"
RDEPENDS:perl-module-pod-usage += "perl-module-config"
RDEPENDS:perl-module-pod-usage += "perl-module-exporter"
RDEPENDS:perl-module-pod-usage += "perl-module-strict"
-RDEPENDS:perl-module-pod-usage += "perl-module-vars"
RDEPENDS:perl-module-posix += "perl-module-exporter"
RDEPENDS:perl-module-posix += "perl-module-fcntl"
RDEPENDS:perl-module-posix += "perl-module-strict"
@@ -1619,6 +1663,8 @@ RDEPENDS:perl-module-socket += "perl-module-xsloader"
RDEPENDS:perl-module-sort += "perl-module-strict"
RDEPENDS:perl-module-storable += "perl-module-exporter"
RDEPENDS:perl-module-storable += "perl-module-io-file"
+RDEPENDS:perl-module-subs += "perl-module-strict"
+RDEPENDS:perl-module-subs += "perl-module-warnings"
RDEPENDS:perl-module-sub-util += "perl-module-exporter"
RDEPENDS:perl-module-sub-util += "perl-module-list-util"
RDEPENDS:perl-module-sub-util += "perl-module-strict"
@@ -1838,7 +1884,251 @@ RDEPENDS:perl-module-term-complete += "perl-module-exporter"
RDEPENDS:perl-module-term-complete += "perl-module-strict"
RDEPENDS:perl-module-term-readline += "perl-module-strict"
RDEPENDS:perl-module-term-readline += "perl-module-term-cap"
+RDEPENDS:perl-module-test2-api-breakage += "perl-module-strict"
+RDEPENDS:perl-module-test2-api-breakage += "perl-module-test2-util"
+RDEPENDS:perl-module-test2-api-breakage += "perl-module-warnings"
+RDEPENDS:perl-module-test2-api-context += "perl-module-strict"
+RDEPENDS:perl-module-test2-api-context += "perl-module-test2-api"
+RDEPENDS:perl-module-test2-api-context += "perl-module-test2-eventfacet-trace"
+RDEPENDS:perl-module-test2-api-context += "perl-module-test2-util"
+RDEPENDS:perl-module-test2-api-context += "perl-module-test2-util-externalmeta"
+RDEPENDS:perl-module-test2-api-context += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-api-context += "perl-module-warnings"
+RDEPENDS:perl-module-test2-api-instance += "perl-module-strict"
+RDEPENDS:perl-module-test2-api-instance += "perl-module-test2-api-stack"
+RDEPENDS:perl-module-test2-api-instance += "perl-module-test2-eventfacet-trace"
+RDEPENDS:perl-module-test2-api-instance += "perl-module-test2-util"
+RDEPENDS:perl-module-test2-api-instance += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-api-instance += "perl-module-warnings"
+RDEPENDS:perl-module-test2-api-interceptresult-event += "perl-module-list-util"
+RDEPENDS:perl-module-test2-api-interceptresult-event += "perl-module-storable"
+RDEPENDS:perl-module-test2-api-interceptresult-event += "perl-module-strict"
+RDEPENDS:perl-module-test2-api-interceptresult-event += "perl-module-test2-api-interceptresult-facet"
+RDEPENDS:perl-module-test2-api-interceptresult-event += "perl-module-test2-api-interceptresult-hub"
+RDEPENDS:perl-module-test2-api-interceptresult-event += "perl-module-test2-util"
+RDEPENDS:perl-module-test2-api-interceptresult-event += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-api-interceptresult-event += "perl-module-warnings"
+RDEPENDS:perl-module-test2-api-interceptresult-facet += "perl-module-strict"
+RDEPENDS:perl-module-test2-api-interceptresult-facet += "perl-module-test2-eventfacet"
+RDEPENDS:perl-module-test2-api-interceptresult-facet += "perl-module-warnings"
+RDEPENDS:perl-module-test2-api-interceptresult-hub += "perl-module-strict"
+RDEPENDS:perl-module-test2-api-interceptresult-hub += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-api-interceptresult-hub += "perl-module-warnings"
+RDEPENDS:perl-module-test2-api-interceptresult += "perl-module-storable"
+RDEPENDS:perl-module-test2-api-interceptresult += "perl-module-strict"
+RDEPENDS:perl-module-test2-api-interceptresult += "perl-module-test2-api-interceptresult-event"
+RDEPENDS:perl-module-test2-api-interceptresult += "perl-module-test2-api-interceptresult-hub"
+RDEPENDS:perl-module-test2-api-interceptresult += "perl-module-test2-api-interceptresult-squasher"
+RDEPENDS:perl-module-test2-api-interceptresult += "perl-module-test2-util"
+RDEPENDS:perl-module-test2-api-interceptresult += "perl-module-warnings"
+RDEPENDS:perl-module-test2-api-interceptresult-squasher += "perl-module-list-util"
+RDEPENDS:perl-module-test2-api-interceptresult-squasher += "perl-module-strict"
+RDEPENDS:perl-module-test2-api-interceptresult-squasher += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-api-interceptresult-squasher += "perl-module-warnings"
+RDEPENDS:perl-module-test2-api += "perl-module-strict"
+RDEPENDS:perl-module-test2-api += "perl-module-test2-api-context"
+RDEPENDS:perl-module-test2-api += "perl-module-test2-api-interceptresult"
+RDEPENDS:perl-module-test2-api += "perl-module-test2-event-bail"
+RDEPENDS:perl-module-test2-api += "perl-module-test2-event-diag"
+RDEPENDS:perl-module-test2-api += "perl-module-test2-event-exception"
+RDEPENDS:perl-module-test2-api += "perl-module-test2-eventfacet-trace"
+RDEPENDS:perl-module-test2-api += "perl-module-test2-event-note"
+RDEPENDS:perl-module-test2-api += "perl-module-test2-event-ok"
+RDEPENDS:perl-module-test2-api += "perl-module-test2-event-plan"
+RDEPENDS:perl-module-test2-api += "perl-module-test2-event-skip"
+RDEPENDS:perl-module-test2-api += "perl-module-test2-event-subtest"
+RDEPENDS:perl-module-test2-api += "perl-module-test2-event-waiting"
+RDEPENDS:perl-module-test2-api += "perl-module-test2-hub-interceptor"
+RDEPENDS:perl-module-test2-api += "perl-module-test2-hub-interceptor-terminator"
+RDEPENDS:perl-module-test2-api += "perl-module-test2-hub-subtest"
+RDEPENDS:perl-module-test2-api += "perl-module-test2-util"
+RDEPENDS:perl-module-test2-api += "perl-module-test2-util-trace"
+RDEPENDS:perl-module-test2-api += "perl-module-warnings"
+RDEPENDS:perl-module-test2-api-stack += "perl-module-strict"
+RDEPENDS:perl-module-test2-api-stack += "perl-module-test2-api"
+RDEPENDS:perl-module-test2-api-stack += "perl-module-test2-hub"
+RDEPENDS:perl-module-test2-api-stack += "perl-module-warnings"
+RDEPENDS:perl-module-test2-event-bail += "perl-module-strict"
+RDEPENDS:perl-module-test2-event-bail += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-event-bail += "perl-module-warnings"
+RDEPENDS:perl-module-test2-event-diag += "perl-module-strict"
+RDEPENDS:perl-module-test2-event-diag += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-event-diag += "perl-module-warnings"
+RDEPENDS:perl-module-test2-event-encoding += "perl-module-strict"
+RDEPENDS:perl-module-test2-event-encoding += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-event-encoding += "perl-module-warnings"
+RDEPENDS:perl-module-test2-event-exception += "perl-module-strict"
+RDEPENDS:perl-module-test2-event-exception += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-event-exception += "perl-module-warnings"
+RDEPENDS:perl-module-test2-eventfacet-about += "perl-module-strict"
+RDEPENDS:perl-module-test2-eventfacet-about += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-eventfacet-about += "perl-module-warnings"
+RDEPENDS:perl-module-test2-eventfacet-amnesty += "perl-module-strict"
+RDEPENDS:perl-module-test2-eventfacet-amnesty += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-eventfacet-amnesty += "perl-module-warnings"
+RDEPENDS:perl-module-test2-eventfacet-assert += "perl-module-strict"
+RDEPENDS:perl-module-test2-eventfacet-assert += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-eventfacet-assert += "perl-module-warnings"
+RDEPENDS:perl-module-test2-eventfacet-control += "perl-module-strict"
+RDEPENDS:perl-module-test2-eventfacet-control += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-eventfacet-control += "perl-module-warnings"
+RDEPENDS:perl-module-test2-eventfacet-error += "perl-module-strict"
+RDEPENDS:perl-module-test2-eventfacet-error += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-eventfacet-error += "perl-module-warnings"
+RDEPENDS:perl-module-test2-eventfacet-hub += "perl-module-strict"
+RDEPENDS:perl-module-test2-eventfacet-hub += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-eventfacet-hub += "perl-module-warnings"
+RDEPENDS:perl-module-test2-eventfacet-info += "perl-module-strict"
+RDEPENDS:perl-module-test2-eventfacet-info += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-eventfacet-info += "perl-module-warnings"
+RDEPENDS:perl-module-test2-eventfacet-info-table += "perl-module-strict"
+RDEPENDS:perl-module-test2-eventfacet-info-table += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-eventfacet-info-table += "perl-module-warnings"
+RDEPENDS:perl-module-test2-eventfacet-meta += "perl-module-strict"
+RDEPENDS:perl-module-test2-eventfacet-meta += "perl-module-vars"
+RDEPENDS:perl-module-test2-eventfacet-meta += "perl-module-warnings"
+RDEPENDS:perl-module-test2-eventfacet-parent += "perl-module-strict"
+RDEPENDS:perl-module-test2-eventfacet-parent += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-eventfacet-parent += "perl-module-warnings"
+RDEPENDS:perl-module-test2-eventfacet += "perl-module-strict"
+RDEPENDS:perl-module-test2-eventfacet += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-eventfacet += "perl-module-warnings"
+RDEPENDS:perl-module-test2-eventfacet-plan += "perl-module-strict"
+RDEPENDS:perl-module-test2-eventfacet-plan += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-eventfacet-plan += "perl-module-warnings"
+RDEPENDS:perl-module-test2-eventfacet-render += "perl-module-strict"
+RDEPENDS:perl-module-test2-eventfacet-render += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-eventfacet-render += "perl-module-warnings"
+RDEPENDS:perl-module-test2-eventfacet-trace += "perl-module-strict"
+RDEPENDS:perl-module-test2-eventfacet-trace += "perl-module-test2-util"
+RDEPENDS:perl-module-test2-eventfacet-trace += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-eventfacet-trace += "perl-module-warnings"
+RDEPENDS:perl-module-test2-event-fail += "perl-module-strict"
+RDEPENDS:perl-module-test2-event-fail += "perl-module-test2-event"
+RDEPENDS:perl-module-test2-event-fail += "perl-module-test2-eventfacet-info"
+RDEPENDS:perl-module-test2-event-fail += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-event-fail += "perl-module-warnings"
+RDEPENDS:perl-module-test2-event-generic += "perl-module-strict"
+RDEPENDS:perl-module-test2-event-generic += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-event-generic += "perl-module-warnings"
+RDEPENDS:perl-module-test2-event-note += "perl-module-strict"
+RDEPENDS:perl-module-test2-event-note += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-event-note += "perl-module-warnings"
+RDEPENDS:perl-module-test2-event-ok += "perl-module-strict"
+RDEPENDS:perl-module-test2-event-ok += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-event-ok += "perl-module-warnings"
+RDEPENDS:perl-module-test2-event-pass += "perl-module-strict"
+RDEPENDS:perl-module-test2-event-pass += "perl-module-test2-event"
+RDEPENDS:perl-module-test2-event-pass += "perl-module-test2-eventfacet-info"
+RDEPENDS:perl-module-test2-event-pass += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-event-pass += "perl-module-warnings"
+RDEPENDS:perl-module-test2-event += "perl-module-strict"
+RDEPENDS:perl-module-test2-event += "perl-module-test2-eventfacet-about"
+RDEPENDS:perl-module-test2-event += "perl-module-test2-eventfacet-amnesty"
+RDEPENDS:perl-module-test2-event += "perl-module-test2-eventfacet-assert"
+RDEPENDS:perl-module-test2-event += "perl-module-test2-eventfacet-control"
+RDEPENDS:perl-module-test2-event += "perl-module-test2-eventfacet-error"
+RDEPENDS:perl-module-test2-event += "perl-module-test2-eventfacet-hub"
+RDEPENDS:perl-module-test2-event += "perl-module-test2-eventfacet-info"
+RDEPENDS:perl-module-test2-event += "perl-module-test2-eventfacet-meta"
+RDEPENDS:perl-module-test2-event += "perl-module-test2-eventfacet-parent"
+RDEPENDS:perl-module-test2-event += "perl-module-test2-eventfacet-plan"
+RDEPENDS:perl-module-test2-event += "perl-module-test2-eventfacet-trace"
+RDEPENDS:perl-module-test2-event += "perl-module-test2-util"
+RDEPENDS:perl-module-test2-event += "perl-module-test2-util-externalmeta"
+RDEPENDS:perl-module-test2-event += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-event += "perl-module-test2-util-trace"
+RDEPENDS:perl-module-test2-event += "perl-module-warnings"
+RDEPENDS:perl-module-test2-event-plan += "perl-module-strict"
+RDEPENDS:perl-module-test2-event-plan += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-event-plan += "perl-module-warnings"
+RDEPENDS:perl-module-test2-event-skip += "perl-module-strict"
+RDEPENDS:perl-module-test2-event-skip += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-event-skip += "perl-module-warnings"
+RDEPENDS:perl-module-test2-event-subtest += "perl-module-strict"
+RDEPENDS:perl-module-test2-event-subtest += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-event-subtest += "perl-module-warnings"
+RDEPENDS:perl-module-test2-event-tap-version += "perl-module-strict"
+RDEPENDS:perl-module-test2-event-tap-version += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-event-tap-version += "perl-module-warnings"
+RDEPENDS:perl-module-test2-event-v2 += "perl-module-strict"
+RDEPENDS:perl-module-test2-event-v2 += "perl-module-test2-util-facets2legacy"
+RDEPENDS:perl-module-test2-event-v2 += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-event-v2 += "perl-module-warnings"
+RDEPENDS:perl-module-test2-event-waiting += "perl-module-strict"
+RDEPENDS:perl-module-test2-event-waiting += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-event-waiting += "perl-module-warnings"
+RDEPENDS:perl-module-test2-formatter += "perl-module-strict"
+RDEPENDS:perl-module-test2-formatter += "perl-module-test2-api"
+RDEPENDS:perl-module-test2-formatter += "perl-module-warnings"
+RDEPENDS:perl-module-test2-formatter-tap += "perl-module-data-dumper"
+RDEPENDS:perl-module-test2-formatter-tap += "perl-module-strict"
+RDEPENDS:perl-module-test2-formatter-tap += "perl-module-test2-api"
+RDEPENDS:perl-module-test2-formatter-tap += "perl-module-test2-util"
+RDEPENDS:perl-module-test2-formatter-tap += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-formatter-tap += "perl-module-warnings"
+RDEPENDS:perl-module-test2-hub-interceptor += "perl-module-strict"
+RDEPENDS:perl-module-test2-hub-interceptor += "perl-module-test2-hub-interceptor-terminator"
+RDEPENDS:perl-module-test2-hub-interceptor += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-hub-interceptor += "perl-module-warnings"
+RDEPENDS:perl-module-test2-hub-interceptor-terminator += "perl-module-strict"
+RDEPENDS:perl-module-test2-hub-interceptor-terminator += "perl-module-warnings"
+RDEPENDS:perl-module-test2-hub += "perl-module-list-util"
+RDEPENDS:perl-module-test2-hub += "perl-module-strict"
+RDEPENDS:perl-module-test2-hub += "perl-module-test2-util"
+RDEPENDS:perl-module-test2-hub += "perl-module-test2-util-externalmeta"
+RDEPENDS:perl-module-test2-hub += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-hub += "perl-module-warnings"
+RDEPENDS:perl-module-test2-hub-subtest += "perl-module-strict"
+RDEPENDS:perl-module-test2-hub-subtest += "perl-module-test2-util"
+RDEPENDS:perl-module-test2-hub-subtest += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-hub-subtest += "perl-module-warnings"
+RDEPENDS:perl-module-test2-ipc-driver-files += "perl-module-data-dumper"
+RDEPENDS:perl-module-test2-ipc-driver-files += "perl-module-file-temp"
+RDEPENDS:perl-module-test2-ipc-driver-files += "perl-module-json-pp"
+RDEPENDS:perl-module-test2-ipc-driver-files += "perl-module-posix"
+RDEPENDS:perl-module-test2-ipc-driver-files += "perl-module-storable"
+RDEPENDS:perl-module-test2-ipc-driver-files += "perl-module-strict"
+RDEPENDS:perl-module-test2-ipc-driver-files += "perl-module-test2-api"
+RDEPENDS:perl-module-test2-ipc-driver-files += "perl-module-test2-event-waiting"
+RDEPENDS:perl-module-test2-ipc-driver-files += "perl-module-test2-util"
+RDEPENDS:perl-module-test2-ipc-driver-files += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-ipc-driver-files += "perl-module-warnings"
+RDEPENDS:perl-module-test2-ipc-driver += "perl-module-strict"
+RDEPENDS:perl-module-test2-ipc-driver += "perl-module-test2-api"
+RDEPENDS:perl-module-test2-ipc-driver += "perl-module-test2-util-hashbase"
+RDEPENDS:perl-module-test2-ipc-driver += "perl-module-warnings"
+RDEPENDS:perl-module-test2-ipc += "perl-module-strict"
+RDEPENDS:perl-module-test2-ipc += "perl-module-test2-api"
+RDEPENDS:perl-module-test2-ipc += "perl-module-test2-api-instance"
+RDEPENDS:perl-module-test2-ipc += "perl-module-test2-ipc-driver-files"
+RDEPENDS:perl-module-test2-ipc += "perl-module-test2-util"
+RDEPENDS:perl-module-test2-ipc += "perl-module-warnings"
+RDEPENDS:perl-module-test2 += "perl-module-strict"
+RDEPENDS:perl-module-test2 += "perl-module-warnings"
+RDEPENDS:perl-module-test2-tools-tiny += "perl-module-data-dumper"
+RDEPENDS:perl-module-test2-tools-tiny += "perl-module-strict"
+RDEPENDS:perl-module-test2-tools-tiny += "perl-module-test2-api"
+RDEPENDS:perl-module-test2-tools-tiny += "perl-module-test2-hub-interceptor"
+RDEPENDS:perl-module-test2-tools-tiny += "perl-module-test2-hub-interceptor-terminator"
+RDEPENDS:perl-module-test2-tools-tiny += "perl-module-test2-util"
+RDEPENDS:perl-module-test2-tools-tiny += "perl-module-warnings"
+RDEPENDS:perl-module-test2-util-externalmeta += "perl-module-strict"
+RDEPENDS:perl-module-test2-util-externalmeta += "perl-module-warnings"
+RDEPENDS:perl-module-test2-util-facets2legacy += "perl-module-base"
+RDEPENDS:perl-module-test2-util-facets2legacy += "perl-module-strict"
+RDEPENDS:perl-module-test2-util-facets2legacy += "perl-module-warnings"
+RDEPENDS:perl-module-test2-util-hashbase += "perl-module-strict"
+RDEPENDS:perl-module-test2-util-hashbase += "perl-module-warnings"
+RDEPENDS:perl-module-test2-util += "perl-module-config"
+RDEPENDS:perl-module-test2-util += "perl-module-posix"
+RDEPENDS:perl-module-test2-util += "perl-module-strict"
+RDEPENDS:perl-module-test2-util += "perl-module-warnings"
+RDEPENDS:perl-module-test2-util-trace += "perl-module-strict"
+RDEPENDS:perl-module-test2-util-trace += "perl-module-test2-eventfacet-trace"
+RDEPENDS:perl-module-test2-util-trace += "perl-module-warnings"
RDEPENDS:perl-module-test-builder-formatter += "perl-module-strict"
+RDEPENDS:perl-module-test-builder-formatter += "perl-module-test2-util-hashbase"
RDEPENDS:perl-module-test-builder-formatter += "perl-module-warnings"
RDEPENDS:perl-module-test-builder-module += "perl-module-exporter"
RDEPENDS:perl-module-test-builder-module += "perl-module-strict"
@@ -1846,6 +2136,12 @@ RDEPENDS:perl-module-test-builder-module += "perl-module-test-builder"
RDEPENDS:perl-module-test-builder += "perl-module-data-dumper"
RDEPENDS:perl-module-test-builder += "perl-module-overload"
RDEPENDS:perl-module-test-builder += "perl-module-strict"
+RDEPENDS:perl-module-test-builder += "perl-module-test2-api"
+RDEPENDS:perl-module-test-builder += "perl-module-test2-event-subtest"
+RDEPENDS:perl-module-test-builder += "perl-module-test2-hub-subtest"
+RDEPENDS:perl-module-test-builder += "perl-module-test2-ipc"
+RDEPENDS:perl-module-test-builder += "perl-module-test2-ipc-driver-files"
+RDEPENDS:perl-module-test-builder += "perl-module-test2-util"
RDEPENDS:perl-module-test-builder += "perl-module-test-builder-formatter"
RDEPENDS:perl-module-test-builder += "perl-module-test-builder-tododiag"
RDEPENDS:perl-module-test-builder += "perl-module-warnings"
@@ -1893,7 +2189,6 @@ RDEPENDS:perl-module-test-tester += "perl-module-vars"
RDEPENDS:perl-module-text-abbrev += "perl-module-exporter"
RDEPENDS:perl-module-text-balanced += "perl-module-exporter"
RDEPENDS:perl-module-text-balanced += "perl-module-overload"
-RDEPENDS:perl-module-text-balanced += "perl-module-selfloader"
RDEPENDS:perl-module-text-balanced += "perl-module-strict"
RDEPENDS:perl-module-text-balanced += "perl-module-vars"
RDEPENDS:perl-module-text-parsewords += "perl-module-exporter"
@@ -1943,7 +2238,6 @@ RDEPENDS:perl-module-tie-refhash += "perl-module-config"
RDEPENDS:perl-module-tie-refhash += "perl-module-overload"
RDEPENDS:perl-module-tie-refhash += "perl-module-strict"
RDEPENDS:perl-module-tie-refhash += "perl-module-tie-hash"
-RDEPENDS:perl-module-tie-refhash += "perl-module-vars"
RDEPENDS:perl-module-tie-scalar += "perl-module-warnings-register"
RDEPENDS:perl-module-tie-stdhandle += "perl-module-strict"
RDEPENDS:perl-module-tie-stdhandle += "perl-module-tie-handle"
@@ -2018,6 +2312,8 @@ RDEPENDS:perl-module-user-pwent += "perl-module-config"
RDEPENDS:perl-module-user-pwent += "perl-module-exporter"
RDEPENDS:perl-module-user-pwent += "perl-module-strict"
RDEPENDS:perl-module-user-pwent += "perl-module-warnings"
+RDEPENDS:perl-module-utf8 += "perl-module-strict"
+RDEPENDS:perl-module-utf8 += "perl-module-warnings"
RDEPENDS:perl-module-version += "perl-module-strict"
RDEPENDS:perl-module-version += "perl-module-version-regex"
RDEPENDS:perl-module-version += "perl-module-warnings-register"
diff --git a/meta/recipes-devtools/perl/libxml-parser-perl_2.46.bb b/meta/recipes-devtools/perl/libxml-parser-perl_2.46.bb
index 3b9206e984..7e72b70418 100644
--- a/meta/recipes-devtools/perl/libxml-parser-perl_2.46.bb
+++ b/meta/recipes-devtools/perl/libxml-parser-perl_2.46.bb
@@ -53,6 +53,7 @@ do_install_ptest() {
chown -R root:root ${D}${PTEST_PATH}/samples
}
+RDEPENDS:${PN} += "perl-module-carp perl-module-file-spec"
RDEPENDS:${PN}-ptest += "perl-module-filehandle perl-module-if perl-module-test perl-module-test-more"
BBCLASSEXTEND="native nativesdk"
diff --git a/meta/recipes-devtools/perl/perl_5.34.0.bb b/meta/recipes-devtools/perl/perl_5.34.0.bb
index 175db4ee31..0a1998a6f5 100644
--- a/meta/recipes-devtools/perl/perl_5.34.0.bb
+++ b/meta/recipes-devtools/perl/perl_5.34.0.bb
@@ -348,7 +348,15 @@ do_create_rdepends_inc() {
# Some additional dependencies that the above doesn't manage to figure out
RDEPENDS:${PN}-module-file-spec += "${PN}-module-file-spec-unix"
+RDEPENDS:${PN}-module-io-file += "${PN}-module-symbol"
RDEPENDS:${PN}-module-math-bigint += "${PN}-module-math-bigint-calc"
+RDEPENDS:${PN}-module-test-builder += "${PN}-module-list-util"
+RDEPENDS:${PN}-module-test-builder += "${PN}-module-scalar-util"
+RDEPENDS:${PN}-module-test-builder-formatter += "${PN}-module-test2-formatter-tap"
+RDEPENDS:${PN}-module-test2-api += "${PN}-module-test2-event-fail"
+RDEPENDS:${PN}-module-test2-api += "${PN}-module-test2-event-pass"
+RDEPENDS:${PN}-module-test2-api += "${PN}-module-test2-event-v2"
+RDEPENDS:${PN}-module-test2-formatter-tap += "${PN}-module-test2-formatter"
RDEPENDS:${PN}-module-thread-queue += "${PN}-module-attributes"
RDEPENDS:${PN}-module-overload += "${PN}-module-overloading"
@@ -358,12 +366,12 @@ EOPREAMBLE
cp -r packages-split packages-split.new && cd packages-split.new
find . -name \*.pm | xargs sed -i '/^=head/,/^=cut/d'
egrep -r "^\s*(\<use .*|\<require .*);?" perl-module-* --include="*.pm" | \
- sed "s/\/.*\.pm: */ += /g;s/[\"\']//g;s/;.*/\"/g;s/+= .*\(require\|use\)\> */+= \"perl-module-/g;s/CPANPLUS::.*/cpanplus/g;s/CPAN::.*/cpan/g;s/::/-/g;s/ [^+\"].*//g;s/_/-/g;s/\.pl\"$/\"/;s/\"\?\$/\"/;s/(//;" | tr [:upper:] [:lower:] | \
+ sed "s/\/.*\.pm: */ += /g;s/[\"\']//g;s/;.*/\"/g;s/+= .*\(require\|use\)\> */+= \"perl-module-/g;s/CPANPLUS::.*/cpanplus/g;s/CPAN::.*/cpan/g;s/::/-/g;s/ [^+\"].*//g;s/_/-/g;s/\.pl\"$/\"/;s/\"\?\$/\"/;s/(//;s/)//;" | tr [:upper:] [:lower:] | \
awk '{if ($3 != "\x22"$1"\x22"){ print $0}}'| \
grep -v -e "\-vms\-" -e module-5 -e "^$" -e "\\$" -e your -e tk -e autoperl -e html -e http -e parse-cpan -e perl-ostype -e ndbm-file -e module-mac -e fcgi -e lwp -e dbd -e dbix | \
sort -u | \
sed 's/^/RDEPENDS:/;s/perl-module-/${PN}-module-/g;s/module-\(module-\)/\1/g;s/\(module-load\)-conditional/\1/g;s/encode-configlocal/&-pm/;' | \
- egrep -wv '=>|module-a|module-apache.?|module-apr|module-authen-sasl|module-b-asmdata|module-convert-ebcdic|module-devel-size|module-digest-perl-md5|module-dumpvalue|module-extutils-constant-aaargh56hash|module-extutils-xssymset|module-file-bsdglob|module-for|module-it|module-io-socket-inet6|module-io-socket-ssl|module-io-string|module-ipc-system-simple|module-lexical|module-local-lib|metadata|module-modperl-util|module-pluggable-object|module-test-builder-io-scalar|module-test2|module-text-unidecode|module-unicore|module-win32|objects\sload|syscall.ph|systeminfo.ph|%s' | \
+ egrep -wv '=>|module-a|module-apache.?|module-apr|module-authen-sasl|module-b-asmdata|module-convert-ebcdic|module-devel-size|module-digest-perl-md5|module-dumpvalue|module-extutils-constant-aaargh56hash|module-extutils-xssymset|module-file-bsdglob|module-for|module-it|module-io-socket-inet6|module-io-socket-ssl|module-io-string|module-ipc-system-simple|module-lexical|module-local-lib|metadata|module-modperl-util|module-pluggable-object|module-test-builder-io-scalar|module-text-unidecode|module-unicore|module-win32|objects\sload|syscall.ph|systeminfo.ph|%s' | \
egrep -wv '=>|module-algorithm-diff|module-carp|module-c<extutils-mm-unix>|module-l<extutils-mm-unix>|module-encode-hanextra|module-extutils-makemaker-version-regex|module-file-spec|module-io-compress-lzma|module-io-uncompress-unxz|module-locale-maketext-lexicon|module-log-agent|module-meta-notation|module-net-localcfg|module-net-ping-external|module-b-deparse|module-scalar-util|module-some-module|module-symbol|module-uri|module-win32api-file' > ${WORKDIR}/perl-rdepends.generated
cat ${WORKDIR}/perl-rdepends.inc ${WORKDIR}/perl-rdepends.generated > ${THISDIR}/files/perl-rdepends.txt
}
diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb
index 7acb1d64d5..e7ef6a730c 100644
--- a/meta/recipes-devtools/pseudo/pseudo_git.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_git.bb
@@ -13,7 +13,7 @@ SRC_URI:append:class-nativesdk = " \
file://older-glibc-symbols.patch"
SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa"
-SRCREV = "0cda3ba5f94aed8d50652a99ee9c502975aa2926"
+SRCREV = "2b4b88eb513335b0ece55fe51854693d9b20de35"
S = "${WORKDIR}/git"
PV = "1.9.0+git${SRCPV}"
diff --git a/meta/recipes-devtools/python/python3-pyelftools_0.27.bb b/meta/recipes-devtools/python/python3-pyelftools_0.27.bb
index 0cfd99504b..e2d0e18277 100644
--- a/meta/recipes-devtools/python/python3-pyelftools_0.27.bb
+++ b/meta/recipes-devtools/python/python3-pyelftools_0.27.bb
@@ -11,3 +11,5 @@ PYPI_PACKAGE = "pyelftools"
inherit pypi setuptools3
BBCLASSEXTEND = "native"
+
+RDEPENDS:${PN} += "${PYTHON_PN}-debugger ${PYTHON_PN}-pprint"
diff --git a/meta/recipes-devtools/python/python3-setuptools/0001-_distutils-sysconfig-append-STAGING_LIBDIR-python-sy.patch b/meta/recipes-devtools/python/python3-setuptools/0001-_distutils-sysconfig-append-STAGING_LIBDIR-python-sy.patch
new file mode 100644
index 0000000000..565cf8ae8d
--- /dev/null
+++ b/meta/recipes-devtools/python/python3-setuptools/0001-_distutils-sysconfig-append-STAGING_LIBDIR-python-sy.patch
@@ -0,0 +1,34 @@
+From 44349672cbff8945693c8d2821c82e9f04bfc8b5 Mon Sep 17 00:00:00 2001
+From: Tim Orling <timothy.t.orling@intel.com>
+Date: Wed, 20 Oct 2021 17:38:10 +0000
+Subject: [PATCH] _distutils/sysconfig: append
+ STAGING_LIBDIR/python-sysconfigdata to sys.path
+
+When python modules set SETUPTOOLS_USE_DISTULS='local', this uses the
+vendored _distutils in setuptools rather than distutils in the Standard
+Library. This is needed so that target configuration can be used with
+python3-setuptools-native.
+
+Based on python3/0001-distutils-sysconfig-append-STAGING_LIBDIR-python-sys.patch
+from Alex Kanavin <alex.kanavin@gmail.com>
+
+Upstream-Status: Inappropriate [oe-specific]
+
+Signed-off-by: Tim Orling <timothy.t.orling@intel.com>
+---
+ setuptools/_distutils/sysconfig.py | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/setuptools/_distutils/sysconfig.py b/setuptools/_distutils/sysconfig.py
+index 8832b3e..bbc7c08 100644
+--- a/setuptools/_distutils/sysconfig.py
++++ b/setuptools/_distutils/sysconfig.py
+@@ -461,6 +461,8 @@ def _init_posix():
+ platform=sys.platform,
+ multiarch=getattr(sys.implementation, '_multiarch', ''),
+ ))
++ if 'STAGING_LIBDIR' in os.environ:
++ sys.path.append(os.environ['STAGING_LIBDIR']+'/python-sysconfigdata')
+ try:
+ _temp = __import__(name, globals(), locals(), ['build_time_vars'], 0)
+ except ImportError:
diff --git a/meta/recipes-devtools/python/python3-setuptools_57.4.0.bb b/meta/recipes-devtools/python/python3-setuptools_57.4.0.bb
index ae45936c39..fcf20e9efd 100644
--- a/meta/recipes-devtools/python/python3-setuptools_57.4.0.bb
+++ b/meta/recipes-devtools/python/python3-setuptools_57.4.0.bb
@@ -8,7 +8,10 @@ inherit pypi setuptools3
SRC_URI:append:class-native = " file://0001-conditionally-do-not-fetch-code-by-easy_install.patch"
-SRC_URI += "file://0001-change-shebang-to-python3.patch"
+SRC_URI += "\
+ file://0001-change-shebang-to-python3.patch \
+ file://0001-_distutils-sysconfig-append-STAGING_LIBDIR-python-sy.patch \
+"
SRC_URI[sha256sum] = "6bac238ffdf24e8806c61440e755192470352850f3419a52f26ffe0a1a64f465"
diff --git a/meta/recipes-devtools/python/python3/0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch b/meta/recipes-devtools/python/python3/0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch
index c4fae09a5b..99968b81de 100644
--- a/meta/recipes-devtools/python/python3/0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch
+++ b/meta/recipes-devtools/python/python3/0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch
@@ -1,7 +1,8 @@
-From 1ad771d86728ee2ed30e202e9768d8d825f96467 Mon Sep 17 00:00:00 2001
+From d9eb634b3d2e6ba831e864c50f6a37c48edfc4f3 Mon Sep 17 00:00:00 2001
From: Matthias Schoepfer <matthias.schoepfer@ithinx.io>
Date: Fri, 31 May 2019 15:34:34 +0200
Subject: [PATCH] bpo-36852: proper detection of mips architecture for soft
+
float
When (cross) compiling for softfloat mips, __mips_hard_float will not be
@@ -13,18 +14,18 @@ to do this in a more autoconf/autotools manner.
Upstream-Status: Submitted [https://github.com/python/cpython/pull/13196]
Signed-off-by: Matthias Schoepfer <matthias.schoepfer@ithinx.io>
-%% original patch: 0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch
+
---
configure.ac | 175 +++++++--------------------------------------------
1 file changed, 21 insertions(+), 154 deletions(-)
diff --git a/configure.ac b/configure.ac
-index ede710e..bc81b0b 100644
+index e2979a8..337182d 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -710,160 +710,27 @@ fi
- MULTIARCH=$($CC --print-multiarch 2>/dev/null)
- AC_SUBST(MULTIARCH)
+@@ -728,160 +728,27 @@ then
+ fi
+
-AC_MSG_CHECKING([for the platform triplet based on compiler characteristics])
-cat >> conftest.c <<EOF
@@ -202,8 +203,5 @@ index ede710e..bc81b0b 100644
+ ;;
+esac
- if test x$PLATFORM_TRIPLET != x && test x$MULTIARCH != x; then
- if test x$PLATFORM_TRIPLET != x$MULTIARCH; then
---
-2.24.1
-
+ if test x$PLATFORM_TRIPLET != xdarwin; then
+ MULTIARCH=$($CC --print-multiarch 2>/dev/null)
diff --git a/meta/recipes-devtools/python/python3_3.9.6.bb b/meta/recipes-devtools/python/python3_3.9.9.bb
index 8a638b142b..5c6077a467 100644
--- a/meta/recipes-devtools/python/python3_3.9.6.bb
+++ b/meta/recipes-devtools/python/python3_3.9.9.bb
@@ -39,7 +39,7 @@ SRC_URI:append:class-native = " \
file://12-distutils-prefix-is-inside-staging-area.patch \
file://0001-Don-t-search-system-for-headers-libraries.patch \
"
-SRC_URI[sha256sum] = "397920af33efc5b97f2e0b57e91923512ef89fc5b3c1d21dbfc8c4828ce0108a"
+SRC_URI[sha256sum] = "06828c04a573c073a4e51c4292a27c1be4ae26621c3edc7cf9318418ce3b6d27"
# exclude pre-releases for both python 2.x and 3.x
UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 4c94060222..d51a1b0007 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -9,7 +9,7 @@ LICENSE = "GPLv2 & LGPLv2.1"
RDEPENDS:${PN}-ptest = "bash"
require qemu-targets.inc
-inherit pkgconfig ptest
+inherit pkgconfig ptest python3-dir
LIC_FILES_CHKSUM = "file://COPYING;md5=441c28d2cf86e15a37fa47e15a72fbac \
file://COPYING.LIB;endline=24;md5=8c5efda6cf1e1b03dcfd0e6c0d271c7f"
@@ -122,7 +122,11 @@ do_configure:prepend:class-native() {
}
do_configure() {
- ${S}/configure ${EXTRA_OECONF}
+ # This is taken from meson.bbclass to avoid errors when updating to a
+ # new version of meson.
+ rmdir ${STAGING_LIBDIR_NATIVE}/${PYTHON_DIR}/site-packages/*.egg-info 2>/dev/null || :
+
+ ${S}/configure ${EXTRA_OECONF}
}
do_configure[cleandirs] += "${B}"
diff --git a/meta/recipes-devtools/quilt/quilt.inc b/meta/recipes-devtools/quilt/quilt.inc
index f85de384d2..4a725cb327 100644
--- a/meta/recipes-devtools/quilt/quilt.inc
+++ b/meta/recipes-devtools/quilt/quilt.inc
@@ -26,8 +26,9 @@ PATCHTOOL:class-native = "patch"
CLEANBROKEN = "1"
-EXTRA_OECONF = "--with-perl='${USRBINPATH}/env perl' --with-patch=patch"
+EXTRA_OECONF = "--with-perl='${USRBINPATH}/env perl' --with-patch=patch --without-sendmail"
EXTRA_OECONF:append:class-native = " --disable-nls"
+
EXTRA_AUTORECONF += "--exclude=aclocal"
CACHED_CONFIGUREVARS += "ac_cv_path_BASH=/bin/bash ac_cv_path_COLUMN=column"
diff --git a/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb b/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb
index aa6b5ee8aa..48cd79f9cb 100644
--- a/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb
+++ b/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb
@@ -24,7 +24,7 @@ HOMEPAGE = "http://www.rpm.org"
LICENSE = "GPL-2.0"
LIC_FILES_CHKSUM = "file://COPYING;md5=c4eec0c20c6034b9407a09945b48a43f"
-SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.16.x \
+SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.16.x;protocol=https \
file://environment.d-rpm.sh \
file://0001-Do-not-add-an-unsatisfiable-dependency-when-building.patch \
file://0001-Do-not-read-config-files-from-HOME.patch \
@@ -133,6 +133,9 @@ do_install:append:class-nativesdk() {
do_install:append:class-target() {
rm -rf ${D}/var
}
+do_install:append:class-nativesdk() {
+ rm -rf ${D}${SDKPATHNATIVE}/var
+}
do_install:append () {
sed -i -e 's:${HOSTTOOLS_DIR}/::g' \
diff --git a/meta/recipes-devtools/ruby/ruby_3.0.2.bb b/meta/recipes-devtools/ruby/ruby_3.0.3.bb
index 2abf504d91..95feb94dd4 100644
--- a/meta/recipes-devtools/ruby/ruby_3.0.2.bb
+++ b/meta/recipes-devtools/ruby/ruby_3.0.3.bb
@@ -13,7 +13,7 @@ SRC_URI += " \
file://0006-Make-gemspecs-reproducible.patch \
"
-SRC_URI[sha256sum] = "5085dee0ad9f06996a8acec7ebea4a8735e6fac22f22e2d98c3f2bc3bef7e6f1"
+SRC_URI[sha256sum] = "3586861cb2df56970287f0fd83f274bd92058872d830d15570b36def7f1a92ac"
PACKAGECONFIG ??= ""
PACKAGECONFIG += "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
@@ -83,8 +83,6 @@ do_install_ptest () {
-i ${D}${PTEST_PATH}/test/erb/test_erb_command.rb
cp -r ${S}/include ${D}/${libdir}/ruby/
- test_case_rb=`grep rubygems/test_case.rb ${B}/.installed.list`
- sed -i -e 's:../../../test/:../../../ptest/test/:g' ${D}/$test_case_rb
}
PACKAGES =+ "${PN}-ri-docs ${PN}-rdoc"
diff --git a/meta/recipes-devtools/rust/rust-cross.inc b/meta/recipes-devtools/rust/rust-cross.inc
index bee7c9f12f..5f8671257e 100644
--- a/meta/recipes-devtools/rust/rust-cross.inc
+++ b/meta/recipes-devtools/rust/rust-cross.inc
@@ -32,7 +32,7 @@ DEPENDS += "virtual/${TARGET_PREFIX}gcc virtual/${TARGET_PREFIX}compilerlibs vir
DEPENDS += "rust-native"
PROVIDES = "virtual/${TARGET_PREFIX}rust"
-PN = "rust-cross-${TARGET_ARCH}"
+PN = "rust-cross-${TUNE_PKGARCH}-${TCLIBC}"
# In the cross compilation case, rustc doesn't seem to get the rpath quite
# right. It manages to include '../../lib/${TARGET_PREFIX}', but doesn't
diff --git a/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-1.patch b/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-1.patch
new file mode 100644
index 0000000000..d01b5c6871
--- /dev/null
+++ b/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-1.patch
@@ -0,0 +1,135 @@
+The commit is required by the fix for CVE-2021-41072.
+
+Upstream-Status: Backport [https://github.com/plougher/squashfs-tools/commit/80b8441]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From 80b8441a37fcf8bf07dacf24d9d6c6459a0f6e36 Mon Sep 17 00:00:00 2001
+From: Phillip Lougher <phillip@squashfs.org.uk>
+Date: Sun, 12 Sep 2021 19:58:19 +0100
+Subject: [PATCH] unsquashfs: use squashfs_closedir() to delete directory
+
+Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
+---
+ squashfs-tools/unsquash-1.c | 3 +--
+ squashfs-tools/unsquash-1234.c | 11 +++++++++--
+ squashfs-tools/unsquash-2.c | 3 +--
+ squashfs-tools/unsquash-3.c | 3 +--
+ squashfs-tools/unsquash-4.c | 3 +--
+ squashfs-tools/unsquashfs.c | 7 -------
+ squashfs-tools/unsquashfs.h | 1 +
+ 7 files changed, 14 insertions(+), 17 deletions(-)
+
+diff --git a/squashfs-tools/unsquash-1.c b/squashfs-tools/unsquash-1.c
+index acba821..7598499 100644
+--- a/squashfs-tools/unsquash-1.c
++++ b/squashfs-tools/unsquash-1.c
+@@ -373,8 +373,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
+ return dir;
+
+ corrupted:
+- free(dir->dirs);
+- free(dir);
++ squashfs_closedir(dir);
+ return NULL;
+ }
+
+diff --git a/squashfs-tools/unsquash-1234.c b/squashfs-tools/unsquash-1234.c
+index c2d4f42..0c8dfbb 100644
+--- a/squashfs-tools/unsquash-1234.c
++++ b/squashfs-tools/unsquash-1234.c
+@@ -25,8 +25,8 @@
+ * unsquash-4.
+ */
+
+-#define TRUE 1
+-#define FALSE 0
++#include "unsquashfs.h"
++
+ /*
+ * Check name for validity, name should not
+ * - be ".", "./", or
+@@ -56,3 +56,10 @@ int check_name(char *name, int size)
+
+ return TRUE;
+ }
++
++
++void squashfs_closedir(struct dir *dir)
++{
++ free(dir->dirs);
++ free(dir);
++}
+diff --git a/squashfs-tools/unsquash-2.c b/squashfs-tools/unsquash-2.c
+index 0746b3d..86f62ba 100644
+--- a/squashfs-tools/unsquash-2.c
++++ b/squashfs-tools/unsquash-2.c
+@@ -465,8 +465,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
+ return dir;
+
+ corrupted:
+- free(dir->dirs);
+- free(dir);
++ squashfs_closedir(dir);
+ return NULL;
+ }
+
+diff --git a/squashfs-tools/unsquash-3.c b/squashfs-tools/unsquash-3.c
+index 094caaa..c04aa9e 100644
+--- a/squashfs-tools/unsquash-3.c
++++ b/squashfs-tools/unsquash-3.c
+@@ -499,8 +499,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
+ return dir;
+
+ corrupted:
+- free(dir->dirs);
+- free(dir);
++ squashfs_closedir(dir);
+ return NULL;
+ }
+
+diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c
+index 3a1b9e1..ff62dcc 100644
+--- a/squashfs-tools/unsquash-4.c
++++ b/squashfs-tools/unsquash-4.c
+@@ -436,8 +436,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
+ return dir;
+
+ corrupted:
+- free(dir->dirs);
+- free(dir);
++ squashfs_closedir(dir);
+ return NULL;
+ }
+
+diff --git a/squashfs-tools/unsquashfs.c b/squashfs-tools/unsquashfs.c
+index 7b590bd..04be53c 100644
+--- a/squashfs-tools/unsquashfs.c
++++ b/squashfs-tools/unsquashfs.c
+@@ -1350,13 +1350,6 @@ unsigned int *offset, unsigned int *type)
+ }
+
+
+-void squashfs_closedir(struct dir *dir)
+-{
+- free(dir->dirs);
+- free(dir);
+-}
+-
+-
+ char *get_component(char *target, char **targname)
+ {
+ char *start;
+diff --git a/squashfs-tools/unsquashfs.h b/squashfs-tools/unsquashfs.h
+index 2e9201c..5ecb2ab 100644
+--- a/squashfs-tools/unsquashfs.h
++++ b/squashfs-tools/unsquashfs.h
+@@ -291,4 +291,5 @@ extern long long *alloc_index_table(int);
+
+ /* unsquash-1234.c */
+ extern int check_name(char *, int);
++extern void squashfs_closedir(struct dir *);
+ #endif
+--
+2.17.1
+
diff --git a/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-2.patch b/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-2.patch
new file mode 100644
index 0000000000..6b230b35c6
--- /dev/null
+++ b/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-2.patch
@@ -0,0 +1,108 @@
+The commit is required by the fix for CVE-2021-41072.
+
+Upstream-Status: Backport [https://github.com/plougher/squashfs-tools/commit/1993a4e]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From 1993a4e7aeda04962bf26e84c15fba8b58837e10 Mon Sep 17 00:00:00 2001
+From: Phillip Lougher <phillip@squashfs.org.uk>
+Date: Sun, 12 Sep 2021 20:09:13 +0100
+Subject: [PATCH] unsquashfs: dynamically allocate name
+
+Dynamically allocate name rather than store it
+directly in structure.
+
+Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
+---
+ squashfs-tools/unsquash-1.c | 2 +-
+ squashfs-tools/unsquash-1234.c | 5 +++++
+ squashfs-tools/unsquash-2.c | 2 +-
+ squashfs-tools/unsquash-3.c | 2 +-
+ squashfs-tools/unsquash-4.c | 2 +-
+ squashfs-tools/unsquashfs.h | 2 +-
+ 6 files changed, 10 insertions(+), 5 deletions(-)
+
+diff --git a/squashfs-tools/unsquash-1.c b/squashfs-tools/unsquash-1.c
+index 7598499..d0121c6 100644
+--- a/squashfs-tools/unsquash-1.c
++++ b/squashfs-tools/unsquash-1.c
+@@ -360,7 +360,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
+ dir->dirs = new_dir;
+ }
+
+- strcpy(dir->dirs[dir->dir_count].name, dire->name);
++ dir->dirs[dir->dir_count].name = strdup(dire->name);
+ dir->dirs[dir->dir_count].start_block =
+ dirh.start_block;
+ dir->dirs[dir->dir_count].offset = dire->offset;
+diff --git a/squashfs-tools/unsquash-1234.c b/squashfs-tools/unsquash-1234.c
+index 0c8dfbb..ac46d9d 100644
+--- a/squashfs-tools/unsquash-1234.c
++++ b/squashfs-tools/unsquash-1234.c
+@@ -60,6 +60,11 @@ int check_name(char *name, int size)
+
+ void squashfs_closedir(struct dir *dir)
+ {
++ int i;
++
++ for(i = 0; i < dir->dir_count; i++)
++ free(dir->dirs[i].name);
++
+ free(dir->dirs);
+ free(dir);
+ }
+diff --git a/squashfs-tools/unsquash-2.c b/squashfs-tools/unsquash-2.c
+index 86f62ba..e847980 100644
+--- a/squashfs-tools/unsquash-2.c
++++ b/squashfs-tools/unsquash-2.c
+@@ -452,7 +452,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
+ dir->dirs = new_dir;
+ }
+
+- strcpy(dir->dirs[dir->dir_count].name, dire->name);
++ dir->dirs[dir->dir_count].name = strdup(dire->name);
+ dir->dirs[dir->dir_count].start_block =
+ dirh.start_block;
+ dir->dirs[dir->dir_count].offset = dire->offset;
+diff --git a/squashfs-tools/unsquash-3.c b/squashfs-tools/unsquash-3.c
+index c04aa9e..8223f27 100644
+--- a/squashfs-tools/unsquash-3.c
++++ b/squashfs-tools/unsquash-3.c
+@@ -486,7 +486,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
+ dir->dirs = new_dir;
+ }
+
+- strcpy(dir->dirs[dir->dir_count].name, dire->name);
++ dir->dirs[dir->dir_count].name = strdup(dire->name);
+ dir->dirs[dir->dir_count].start_block =
+ dirh.start_block;
+ dir->dirs[dir->dir_count].offset = dire->offset;
+diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c
+index ff62dcc..1e199a7 100644
+--- a/squashfs-tools/unsquash-4.c
++++ b/squashfs-tools/unsquash-4.c
+@@ -423,7 +423,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
+ dir->dirs = new_dir;
+ }
+
+- strcpy(dir->dirs[dir->dir_count].name, dire->name);
++ dir->dirs[dir->dir_count].name = strdup(dire->name);
+ dir->dirs[dir->dir_count].start_block =
+ dirh.start_block;
+ dir->dirs[dir->dir_count].offset = dire->offset;
+diff --git a/squashfs-tools/unsquashfs.h b/squashfs-tools/unsquashfs.h
+index 5ecb2ab..583fbe4 100644
+--- a/squashfs-tools/unsquashfs.h
++++ b/squashfs-tools/unsquashfs.h
+@@ -164,7 +164,7 @@ struct queue {
+ #define DIR_ENT_SIZE 16
+
+ struct dir_ent {
+- char name[SQUASHFS_NAME_LEN + 1];
++ char *name;
+ unsigned int start_block;
+ unsigned int offset;
+ unsigned int type;
+--
+2.17.1
+
diff --git a/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-3.patch b/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-3.patch
new file mode 100644
index 0000000000..5d5df6f15b
--- /dev/null
+++ b/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-3.patch
@@ -0,0 +1,326 @@
+The commit is required by the fix for CVE-2021-41072.
+
+Upstream-Status: Backport [https://github.com/plougher/squashfs-tools/commit/9938154]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From 9938154174756ee48a94ea0b076397a2944b028d Mon Sep 17 00:00:00 2001
+From: Phillip Lougher <phillip@squashfs.org.uk>
+Date: Sun, 12 Sep 2021 22:58:11 +0100
+Subject: [PATCH] unsquashfs: use linked list to store directory names
+
+This should bring higher performance, and it allows sorting
+if necessary (1.x and 2.0 filesystems).
+
+Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
+---
+ squashfs-tools/unsquash-1.c | 30 +++++++++++++++---------------
+ squashfs-tools/unsquash-1234.c | 12 ++++++++----
+ squashfs-tools/unsquash-2.c | 29 +++++++++++++++--------------
+ squashfs-tools/unsquash-3.c | 29 +++++++++++++++--------------
+ squashfs-tools/unsquash-4.c | 29 +++++++++++++++--------------
+ squashfs-tools/unsquashfs.c | 16 ++++++++++------
+ squashfs-tools/unsquashfs.h | 3 ++-
+ 7 files changed, 80 insertions(+), 68 deletions(-)
+
+diff --git a/squashfs-tools/unsquash-1.c b/squashfs-tools/unsquash-1.c
+index d0121c6..b604434 100644
+--- a/squashfs-tools/unsquash-1.c
++++ b/squashfs-tools/unsquash-1.c
+@@ -254,7 +254,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
+ long long start;
+ int bytes = 0;
+ int dir_count, size, res;
+- struct dir_ent *new_dir;
++ struct dir_ent *ent, *cur_ent = NULL;
+ struct dir *dir;
+
+ TRACE("squashfs_opendir: inode start block %d, offset %d\n",
+@@ -267,7 +267,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
+ MEM_ERROR();
+
+ dir->dir_count = 0;
+- dir->cur_entry = 0;
++ dir->cur_entry = NULL;
+ dir->mode = (*i)->mode;
+ dir->uid = (*i)->uid;
+ dir->guid = (*i)->gid;
+@@ -351,20 +351,20 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
+ "%d:%d, type %d\n", dire->name,
+ dirh.start_block, dire->offset, dire->type);
+
+- if((dir->dir_count % DIR_ENT_SIZE) == 0) {
+- new_dir = realloc(dir->dirs, (dir->dir_count +
+- DIR_ENT_SIZE) * sizeof(struct dir_ent));
+- if(new_dir == NULL)
+- MEM_ERROR();
+-
+- dir->dirs = new_dir;
+- }
++ ent = malloc(sizeof(struct dir_ent));
++ if(ent == NULL)
++ MEM_ERROR();
+
+- dir->dirs[dir->dir_count].name = strdup(dire->name);
+- dir->dirs[dir->dir_count].start_block =
+- dirh.start_block;
+- dir->dirs[dir->dir_count].offset = dire->offset;
+- dir->dirs[dir->dir_count].type = dire->type;
++ ent->name = strdup(dire->name);
++ ent->start_block = dirh.start_block;
++ ent->offset = dire->offset;
++ ent->type = dire->type;
++ ent->next = NULL;
++ if(cur_ent == NULL)
++ dir->dirs = ent;
++ else
++ cur_ent->next = ent;
++ cur_ent = ent;
+ dir->dir_count ++;
+ bytes += dire->size + 1;
+ }
+diff --git a/squashfs-tools/unsquash-1234.c b/squashfs-tools/unsquash-1234.c
+index ac46d9d..e389f8d 100644
+--- a/squashfs-tools/unsquash-1234.c
++++ b/squashfs-tools/unsquash-1234.c
+@@ -60,11 +60,15 @@ int check_name(char *name, int size)
+
+ void squashfs_closedir(struct dir *dir)
+ {
+- int i;
++ struct dir_ent *ent = dir->dirs;
+
+- for(i = 0; i < dir->dir_count; i++)
+- free(dir->dirs[i].name);
++ while(ent) {
++ struct dir_ent *tmp = ent;
++
++ ent = ent->next;
++ free(tmp->name);
++ free(tmp);
++ }
+
+- free(dir->dirs);
+ free(dir);
+ }
+diff --git a/squashfs-tools/unsquash-2.c b/squashfs-tools/unsquash-2.c
+index e847980..956f96f 100644
+--- a/squashfs-tools/unsquash-2.c
++++ b/squashfs-tools/unsquash-2.c
+@@ -347,7 +347,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
+ long long start;
+ int bytes = 0;
+ int dir_count, size, res;
+- struct dir_ent *new_dir;
++ struct dir_ent *ent, *cur_ent = NULL;
+ struct dir *dir;
+
+ TRACE("squashfs_opendir: inode start block %d, offset %d\n",
+@@ -360,7 +360,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
+ MEM_ERROR();
+
+ dir->dir_count = 0;
+- dir->cur_entry = 0;
++ dir->cur_entry = NULL;
+ dir->mode = (*i)->mode;
+ dir->uid = (*i)->uid;
+ dir->guid = (*i)->gid;
+@@ -444,19 +444,20 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
+ "%d:%d, type %d\n", dire->name,
+ dirh.start_block, dire->offset, dire->type);
+
+- if((dir->dir_count % DIR_ENT_SIZE) == 0) {
+- new_dir = realloc(dir->dirs, (dir->dir_count +
+- DIR_ENT_SIZE) * sizeof(struct dir_ent));
+- if(new_dir == NULL)
+- MEM_ERROR();
+- dir->dirs = new_dir;
+- }
++ ent = malloc(sizeof(struct dir_ent));
++ if(ent == NULL)
++ MEM_ERROR();
+
+- dir->dirs[dir->dir_count].name = strdup(dire->name);
+- dir->dirs[dir->dir_count].start_block =
+- dirh.start_block;
+- dir->dirs[dir->dir_count].offset = dire->offset;
+- dir->dirs[dir->dir_count].type = dire->type;
++ ent->name = strdup(dire->name);
++ ent->start_block = dirh.start_block;
++ ent->offset = dire->offset;
++ ent->type = dire->type;
++ ent->next = NULL;
++ if(cur_ent == NULL)
++ dir->dirs = ent;
++ else
++ cur_ent->next = ent;
++ cur_ent = ent;
+ dir->dir_count ++;
+ bytes += dire->size + 1;
+ }
+diff --git a/squashfs-tools/unsquash-3.c b/squashfs-tools/unsquash-3.c
+index 8223f27..835a574 100644
+--- a/squashfs-tools/unsquash-3.c
++++ b/squashfs-tools/unsquash-3.c
+@@ -381,7 +381,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
+ long long start;
+ int bytes = 0;
+ int dir_count, size, res;
+- struct dir_ent *new_dir;
++ struct dir_ent *ent, *cur_ent = NULL;
+ struct dir *dir;
+
+ TRACE("squashfs_opendir: inode start block %d, offset %d\n",
+@@ -394,7 +394,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
+ MEM_ERROR();
+
+ dir->dir_count = 0;
+- dir->cur_entry = 0;
++ dir->cur_entry = NULL;
+ dir->mode = (*i)->mode;
+ dir->uid = (*i)->uid;
+ dir->guid = (*i)->gid;
+@@ -478,19 +478,20 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
+ "%d:%d, type %d\n", dire->name,
+ dirh.start_block, dire->offset, dire->type);
+
+- if((dir->dir_count % DIR_ENT_SIZE) == 0) {
+- new_dir = realloc(dir->dirs, (dir->dir_count +
+- DIR_ENT_SIZE) * sizeof(struct dir_ent));
+- if(new_dir == NULL)
+- MEM_ERROR();
+- dir->dirs = new_dir;
+- }
++ ent = malloc(sizeof(struct dir_ent));
++ if(ent == NULL)
++ MEM_ERROR();
+
+- dir->dirs[dir->dir_count].name = strdup(dire->name);
+- dir->dirs[dir->dir_count].start_block =
+- dirh.start_block;
+- dir->dirs[dir->dir_count].offset = dire->offset;
+- dir->dirs[dir->dir_count].type = dire->type;
++ ent->name = strdup(dire->name);
++ ent->start_block = dirh.start_block;
++ ent->offset = dire->offset;
++ ent->type = dire->type;
++ ent->next = NULL;
++ if(cur_ent == NULL)
++ dir->dirs = ent;
++ else
++ cur_ent->next = ent;
++ cur_ent = ent;
+ dir->dir_count ++;
+ bytes += dire->size + 1;
+ }
+diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c
+index 1e199a7..694783d 100644
+--- a/squashfs-tools/unsquash-4.c
++++ b/squashfs-tools/unsquash-4.c
+@@ -331,7 +331,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
+ struct squashfs_dir_entry *dire = (struct squashfs_dir_entry *) buffer;
+ long long start;
+ int bytes = 0, dir_count, size, res;
+- struct dir_ent *new_dir;
++ struct dir_ent *ent, *cur_ent = NULL;
+ struct dir *dir;
+
+ TRACE("squashfs_opendir: inode start block %d, offset %d\n",
+@@ -344,7 +344,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
+ MEM_ERROR();
+
+ dir->dir_count = 0;
+- dir->cur_entry = 0;
++ dir->cur_entry = NULL;
+ dir->mode = (*i)->mode;
+ dir->uid = (*i)->uid;
+ dir->guid = (*i)->gid;
+@@ -415,19 +415,20 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
+ "%d:%d, type %d\n", dire->name,
+ dirh.start_block, dire->offset, dire->type);
+
+- if((dir->dir_count % DIR_ENT_SIZE) == 0) {
+- new_dir = realloc(dir->dirs, (dir->dir_count +
+- DIR_ENT_SIZE) * sizeof(struct dir_ent));
+- if(new_dir == NULL)
+- MEM_ERROR();
+- dir->dirs = new_dir;
+- }
++ ent = malloc(sizeof(struct dir_ent));
++ if(ent == NULL)
++ MEM_ERROR();
+
+- dir->dirs[dir->dir_count].name = strdup(dire->name);
+- dir->dirs[dir->dir_count].start_block =
+- dirh.start_block;
+- dir->dirs[dir->dir_count].offset = dire->offset;
+- dir->dirs[dir->dir_count].type = dire->type;
++ ent->name = strdup(dire->name);
++ ent->start_block = dirh.start_block;
++ ent->offset = dire->offset;
++ ent->type = dire->type;
++ ent->next = NULL;
++ if(cur_ent == NULL)
++ dir->dirs = ent;
++ else
++ cur_ent->next = ent;
++ cur_ent = ent;
+ dir->dir_count ++;
+ bytes += dire->size + 1;
+ }
+diff --git a/squashfs-tools/unsquashfs.c b/squashfs-tools/unsquashfs.c
+index 04be53c..fee28ec 100644
+--- a/squashfs-tools/unsquashfs.c
++++ b/squashfs-tools/unsquashfs.c
+@@ -1337,14 +1337,18 @@ failed:
+ int squashfs_readdir(struct dir *dir, char **name, unsigned int *start_block,
+ unsigned int *offset, unsigned int *type)
+ {
+- if(dir->cur_entry == dir->dir_count)
++ if(dir->cur_entry == NULL)
++ dir->cur_entry = dir->dirs;
++ else
++ dir->cur_entry = dir->cur_entry->next;
++
++ if(dir->cur_entry == NULL)
+ return FALSE;
+
+- *name = dir->dirs[dir->cur_entry].name;
+- *start_block = dir->dirs[dir->cur_entry].start_block;
+- *offset = dir->dirs[dir->cur_entry].offset;
+- *type = dir->dirs[dir->cur_entry].type;
+- dir->cur_entry ++;
++ *name = dir->cur_entry->name;
++ *start_block = dir->cur_entry->start_block;
++ *offset = dir->cur_entry->offset;
++ *type = dir->cur_entry->type;
+
+ return TRUE;
+ }
+diff --git a/squashfs-tools/unsquashfs.h b/squashfs-tools/unsquashfs.h
+index 583fbe4..f8cf78c 100644
+--- a/squashfs-tools/unsquashfs.h
++++ b/squashfs-tools/unsquashfs.h
+@@ -168,17 +168,18 @@ struct dir_ent {
+ unsigned int start_block;
+ unsigned int offset;
+ unsigned int type;
++ struct dir_ent *next;
+ };
+
+ struct dir {
+ int dir_count;
+- int cur_entry;
+ unsigned int mode;
+ uid_t uid;
+ gid_t guid;
+ unsigned int mtime;
+ unsigned int xattr;
+ struct dir_ent *dirs;
++ struct dir_ent *cur_entry;
+ };
+
+ struct file_entry {
+--
+2.17.1
+
diff --git a/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072.patch b/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072.patch
new file mode 100644
index 0000000000..f807af60bc
--- /dev/null
+++ b/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072.patch
@@ -0,0 +1,329 @@
+CVE: CVE-2021-41072
+Upstream-Status: Backport [https://github.com/plougher/squashfs-tools/commit/e048580]
+
+Update on 20211109:
+Squash a follow-up fix for CVE-2021-41072 from upstream:
+https://github.com/plougher/squashfs-tools/commit/19fcc93
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From e0485802ec72996c20026da320650d8362f555bd Mon Sep 17 00:00:00 2001
+From: Phillip Lougher <phillip@squashfs.org.uk>
+Date: Sun, 12 Sep 2021 23:50:06 +0100
+Subject: [PATCH] Unsquashfs: additional write outside destination directory
+ exploit fix
+
+An issue on github (https://github.com/plougher/squashfs-tools/issues/72)
+showed how some specially crafted Squashfs filesystems containing
+invalid file names (with '/' and '..') can cause Unsquashfs to write
+files outside of the destination directory.
+
+Since then it has been shown that specially crafted Squashfs filesystems
+that contain a symbolic link pointing outside of the destination directory,
+coupled with an identically named file within the same directory, can
+cause Unsquashfs to write files outside of the destination directory.
+
+Specifically the symbolic link produces a pathname pointing outside
+of the destination directory, which is then followed when writing the
+duplicate identically named file within the directory.
+
+This commit fixes this exploit by explictly checking for duplicate
+filenames within a directory. As directories in v2.1, v3.x, and v4.0
+filesystems are sorted, this is achieved by checking for consecutively
+identical filenames. Additionally directories are checked to
+ensure they are sorted, to avoid attempts to evade the duplicate
+check.
+
+Version 1.x and 2.0 filesystems (where the directories were unsorted)
+are sorted and then the above duplicate filename check is applied.
+
+Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
+---
+ squashfs-tools/Makefile | 6 +-
+ squashfs-tools/unsquash-1.c | 6 ++
+ squashfs-tools/unsquash-12.c | 110 +++++++++++++++++++++++++++++++++
+ squashfs-tools/unsquash-1234.c | 21 +++++++
+ squashfs-tools/unsquash-2.c | 16 +++++
+ squashfs-tools/unsquash-3.c | 6 ++
+ squashfs-tools/unsquash-4.c | 6 ++
+ squashfs-tools/unsquashfs.h | 4 ++
+ 8 files changed, 173 insertions(+), 2 deletions(-)
+ create mode 100644 squashfs-tools/unsquash-12.c
+
+diff --git a/squashfs-tools/Makefile b/squashfs-tools/Makefile
+index 7262a2e..1b544ed 100755
+--- a/squashfs-tools/Makefile
++++ b/squashfs-tools/Makefile
+@@ -160,8 +160,8 @@ MKSQUASHFS_OBJS = mksquashfs.o read_fs.o action.o swap.o pseudo.o compressor.o \
+ caches-queues-lists.o reader.o tar.o
+
+ UNSQUASHFS_OBJS = unsquashfs.o unsquash-1.o unsquash-2.o unsquash-3.o \
+- unsquash-4.o unsquash-123.o unsquash-34.o unsquash-1234.o swap.o \
+- compressor.o unsquashfs_info.o
++ unsquash-4.o unsquash-123.o unsquash-34.o unsquash-1234.o unsquash-12.o \
++ swap.o compressor.o unsquashfs_info.o
+
+ CFLAGS ?= -O2
+ CFLAGS += $(EXTRA_CFLAGS) $(INCLUDEDIR) -D_FILE_OFFSET_BITS=64 \
+@@ -393,6 +393,8 @@ unsquash-34.o: unsquashfs.h unsquash-34.c unsquashfs_error.h
+
+ unsquash-1234.o: unsquash-1234.c unsquashfs_error.h
+
++unsquash-12.o: unsquash-12.c unsquashfs.h
++
+ unsquashfs_xattr.o: unsquashfs_xattr.c unsquashfs.h squashfs_fs.h xattr.h unsquashfs_error.h
+
+ unsquashfs_info.o: unsquashfs.h squashfs_fs.h unsquashfs_error.h
+diff --git a/squashfs-tools/unsquash-1.c b/squashfs-tools/unsquash-1.c
+index b604434..88866fc 100644
+--- a/squashfs-tools/unsquash-1.c
++++ b/squashfs-tools/unsquash-1.c
+@@ -370,6 +370,12 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
+ }
+ }
+
++ /* check directory for duplicate names. Need to sort directory first */
++ sort_directory(dir);
++ if(check_directory(dir) == FALSE) {
++ ERROR("File system corrupted: directory has duplicate names\n");
++ goto corrupted;
++ }
+ return dir;
+
+ corrupted:
+diff --git a/squashfs-tools/unsquash-12.c b/squashfs-tools/unsquash-12.c
+new file mode 100644
+index 0000000..61bf128
+--- /dev/null
++++ b/squashfs-tools/unsquash-12.c
+@@ -0,0 +1,110 @@
++/*
++ * Unsquash a squashfs filesystem. This is a highly compressed read only
++ * filesystem.
++ *
++ * Copyright (c) 2021
++ * Phillip Lougher <phillip@squashfs.org.uk>
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License
++ * as published by the Free Software Foundation; either version 2,
++ * or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
++ *
++ * unsquash-12.c
++ *
++ * Helper functions used by unsquash-1 and unsquash-2.
++ */
++
++#include "unsquashfs.h"
++
++/*
++ * Bottom up linked list merge sort.
++ *
++ */
++void sort_directory(struct dir *dir)
++{
++ struct dir_ent *cur, *l1, *l2, *next;
++ int len1, len2, stride = 1;
++
++ if(dir->dir_count < 2)
++ return;
++
++ /*
++ * We can consider our linked-list to be made up of stride length
++ * sublists. Eacn iteration around this loop merges adjacent
++ * stride length sublists into larger 2*stride sublists. We stop
++ * when stride becomes equal to the entire list.
++ *
++ * Initially stride = 1 (by definition a sublist of 1 is sorted), and
++ * these 1 element sublists are merged into 2 element sublists, which
++ * are then merged into 4 element sublists and so on.
++ */
++ do {
++ l2 = dir->dirs; /* head of current linked list */
++ cur = NULL; /* empty output list */
++
++ /*
++ * Iterate through the linked list, merging adjacent sublists.
++ * On each interation l2 points to the next sublist pair to be
++ * merged (if there's only one sublist left this is simply added
++ * to the output list)
++ */
++ while(l2) {
++ l1 = l2;
++ for(len1 = 0; l2 && len1 < stride; len1 ++, l2 = l2->next);
++ len2 = stride;
++
++ /*
++ * l1 points to first sublist.
++ * l2 points to second sublist.
++ * Merge them onto the output list
++ */
++ while(len1 && l2 && len2) {
++ if(strcmp(l1->name, l2->name) <= 0) {
++ next = l1;
++ l1 = l1->next;
++ len1 --;
++ } else {
++ next = l2;
++ l2 = l2->next;
++ len2 --;
++ }
++
++ if(cur) {
++ cur->next = next;
++ cur = next;
++ } else
++ dir->dirs = cur = next;
++ }
++ /*
++ * One sublist is now empty, copy the other one onto the
++ * output list
++ */
++ for(; len1; len1 --, l1 = l1->next) {
++ if(cur) {
++ cur->next = l1;
++ cur = l1;
++ } else
++ dir->dirs = cur = l1;
++ }
++ for(; l2 && len2; len2 --, l2 = l2->next) {
++ if(cur) {
++ cur->next = l2;
++ cur = l2;
++ } else
++ dir->dirs = cur = l2;
++ }
++ }
++ cur->next = NULL;
++ stride = stride << 1;
++ } while(stride < dir->dir_count);
++}
+diff --git a/squashfs-tools/unsquash-1234.c b/squashfs-tools/unsquash-1234.c
+index e389f8d..98a81ed 100644
+--- a/squashfs-tools/unsquash-1234.c
++++ b/squashfs-tools/unsquash-1234.c
+@@ -72,3 +72,24 @@ void squashfs_closedir(struct dir *dir)
+
+ free(dir);
+ }
++
++
++/*
++ * Check directory for duplicate names. As the directory should be sorted,
++ * duplicates will be consecutive. Obviously we also need to check if the
++ * directory has been deliberately unsorted, to evade this check.
++ */
++int check_directory(struct dir *dir)
++{
++ int i;
++ struct dir_ent *ent;
++
++ if(dir->dir_count < 2)
++ return TRUE;
++
++ for(ent = dir->dirs, i = 0; i < dir->dir_count - 1; ent = ent->next, i++)
++ if(strcmp(ent->name, ent->next->name) >= 0)
++ return FALSE;
++
++ return TRUE;
++}
+diff --git a/squashfs-tools/unsquash-2.c b/squashfs-tools/unsquash-2.c
+index 956f96f..0e36f7d 100644
+--- a/squashfs-tools/unsquash-2.c
++++ b/squashfs-tools/unsquash-2.c
+@@ -29,6 +29,7 @@
+ static squashfs_fragment_entry_2 *fragment_table;
+ static unsigned int *uid_table, *guid_table;
+ static squashfs_operations ops;
++static int needs_sorting = FALSE;
+
+
+ static void read_block_list(unsigned int *block_list, long long start,
+@@ -463,6 +464,17 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
+ }
+ }
+
++ if(needs_sorting)
++ sort_directory(dir);
++
++ /* check directory for duplicate names and sorting */
++ if(check_directory(dir) == FALSE) {
++ if(needs_sorting)
++ ERROR("File system corrupted: directory has duplicate names\n");
++ else
++ ERROR("File system corrupted: directory has duplicate names or is unsorted\n");
++ goto corrupted;
++ }
+ return dir;
+
+ corrupted:
+@@ -596,6 +608,10 @@ int read_super_2(squashfs_operations **s_ops, void *s)
+ * 2.x filesystems use gzip compression.
+ */
+ comp = lookup_compressor("gzip");
++
++ if(sBlk_3->s_minor == 0)
++ needs_sorting = TRUE;
++
+ return TRUE;
+ }
+
+diff --git a/squashfs-tools/unsquash-3.c b/squashfs-tools/unsquash-3.c
+index 835a574..0123562 100644
+--- a/squashfs-tools/unsquash-3.c
++++ b/squashfs-tools/unsquash-3.c
+@@ -497,6 +497,12 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
+ }
+ }
+
++ /* check directory for duplicate names and sorting */
++ if(check_directory(dir) == FALSE) {
++ ERROR("File system corrupted: directory has duplicate names or is unsorted\n");
++ goto corrupted;
++ }
++
+ return dir;
+
+ corrupted:
+diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c
+index 694783d..c615bb8 100644
+--- a/squashfs-tools/unsquash-4.c
++++ b/squashfs-tools/unsquash-4.c
+@@ -434,6 +434,12 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
+ }
+ }
+
++ /* check directory for duplicate names and sorting */
++ if(check_directory(dir) == FALSE) {
++ ERROR("File system corrupted: directory has duplicate names or is unsorted\n");
++ goto corrupted;
++ }
++
+ return dir;
+
+ corrupted:
+diff --git a/squashfs-tools/unsquashfs.h b/squashfs-tools/unsquashfs.h
+index f8cf78c..bf2a80d 100644
+--- a/squashfs-tools/unsquashfs.h
++++ b/squashfs-tools/unsquashfs.h
+@@ -293,4 +293,8 @@ extern long long *alloc_index_table(int);
+ /* unsquash-1234.c */
+ extern int check_name(char *, int);
+ extern void squashfs_closedir(struct dir *);
++extern int check_directory(struct dir *);
++
++/* unsquash-12.c */
++extern void sort_directory(struct dir *);
+ #endif
+--
+2.17.1
+
diff --git a/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb b/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb
index c78f446711..6a19cba8f7 100644
--- a/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb
+++ b/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb
@@ -9,8 +9,12 @@ LIC_FILES_CHKSUM = "file://../COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
PV = "4.5"
SRCREV = "0496d7c3de3e09da37ba492081c86159806ebb07"
-SRC_URI = "git://github.com/plougher/squashfs-tools.git;protocol=https \
+SRC_URI = "git://github.com/plougher/squashfs-tools.git;protocol=https;branch=master \
file://0001-Avoid-use-of-INSTALL_DIR-for-symlink-targets.patch \
+ file://CVE-2021-41072-requisite-1.patch;striplevel=2 \
+ file://CVE-2021-41072-requisite-2.patch;striplevel=2 \
+ file://CVE-2021-41072-requisite-3.patch;striplevel=2 \
+ file://CVE-2021-41072.patch;striplevel=2 \
"
S = "${WORKDIR}/git/squashfs-tools"
diff --git a/meta/recipes-devtools/strace/strace/0001-Avoid-relying-on-presence-of-ipx.h.patch b/meta/recipes-devtools/strace/strace/0001-Avoid-relying-on-presence-of-ipx.h.patch
new file mode 100644
index 0000000000..6df673fa95
--- /dev/null
+++ b/meta/recipes-devtools/strace/strace/0001-Avoid-relying-on-presence-of-ipx.h.patch
@@ -0,0 +1,151 @@
+From 197f712ea96c12dcabc9fe98889a425d61ad6a60 Mon Sep 17 00:00:00 2001
+From: Eugene Syromyatnikov <evgsyr@gmail.com>
+Date: Wed, 3 Nov 2021 00:48:59 +0100
+Subject: [PATCH] Avoid relying on presence of ipx.h
+
+After Linux has broken UAPI in commit v5.15-rc1~157^2~207, it is well
+possible that neither kernel nor libc (such as musl, for example)
+provide IPX-related header. Avoid relying on its presence
+in the strace's code and conditionalise the relevant checks in the tests.
+
+* configure.ac (AC_CHECK_HEADERS): Add linux/ipx.h.
+* src/net.c: Remove <netipx/ipx.h>/<linux/ipx.h> includes.
+* src/sockaddr.c: Likewise.
+(IPX_NODE_LEN): New macro constant.
+(struct sockaddr_ipx): New type definition.
+* src/xlat/sock_ipx_options.in (IPX_TYPE): Provide a fallback value.
+* tests/net-sockaddr.c [!HAVE_LINUX_IPX_H]: Do not include
+<linux/ipx.h>.
+[!HAVE_LINUX_IPX_H && HAVE_NETIPX_IPX_H]: Include <netipx/ipx.h>.
+[!(HAVE_LINUX_IPX_H || defined HAVE_NETIPX_IPX_H)]: Do not define
+check_ipx.
+[!(HAVE_LINUX_IPX_H || defined HAVE_NETIPX_IPX_H)] (main): Do not call
+check_ipx.
+
+Closes: https://github.com/strace/strace/issues/201
+
+Upstream-Status: backport [commit cca828197c0e1 branch esyr/5.15]
+
+[bva: changed context to apply to a released strace 5.14 tarball]
+Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
+
+---
+ configure.ac | 1 +
+ src/net.c | 5 -----
+ src/sockaddr.c | 16 ++++++++++------
+ src/xlat/sock_ipx_options.in | 2 +-
+ tests/net-sockaddr.c | 10 +++++++++-
+ 5 files changed, 21 insertions(+), 13 deletions(-)
+
+Index: strace-5.14/configure.ac
+===================================================================
+--- strace-5.14.orig/configure.ac
++++ strace-5.14/configure.ac
+@@ -423,6 +423,7 @@
+ elf.h
+ gcov.h
+ iconv.h
++ linux/ipx.h
+ mqueue.h
+ netinet/sctp.h
+ netipx/ipx.h
+Index: strace-5.14/src/net.c
+===================================================================
+--- strace-5.14.orig/src/net.c
++++ strace-5.14/src/net.c
+@@ -28,11 +28,6 @@
+ #include <arpa/inet.h>
+ #include <net/if.h>
+ #include <asm/types.h>
+-#ifdef HAVE_NETIPX_IPX_H
+-# include <netipx/ipx.h>
+-#else
+-# include <linux/ipx.h>
+-#endif
+
+ #include <linux/ip_vs.h>
+ #include "netlink.h"
+Index: strace-5.14/src/sockaddr.c
+===================================================================
+--- strace-5.14.orig/src/sockaddr.c
++++ strace-5.14/src/sockaddr.c
+@@ -24,12 +24,6 @@
+ #include <linux/if_ether.h>
+ #include <linux/x25.h>
+
+-#ifdef HAVE_NETIPX_IPX_H
+-# include <netipx/ipx.h>
+-#else
+-# include <linux/ipx.h>
+-#endif
+-
+ #include "xlat/addrfams.h"
+ #include "xlat/arp_hardware_types.h"
+ #include "xlat/ethernet_protocols.h"
+@@ -45,6 +39,16 @@
+ const size_t arp_hardware_types_size = ARRAY_SIZE(arp_hardware_types) - 1;
+ const size_t ethernet_protocols_size = ARRAY_SIZE(ethernet_protocols) - 1;
+
++#define IPX_NODE_LEN 6
++struct sockaddr_ipx {
++ uint16_t sipx_family;
++ uint16_t sipx_port;
++ uint32_t sipx_network;
++ unsigned char sipx_node[IPX_NODE_LEN];
++ uint8_t sipx_type;
++ unsigned char sipx_zero;
++};
++
+ static void
+ print_sockaddr_data_un(struct tcb *tcp, const void *const buf, const int addrlen)
+ {
+Index: strace-5.14/src/xlat/sock_ipx_options.in
+===================================================================
+--- strace-5.14.orig/src/xlat/sock_ipx_options.in
++++ strace-5.14/src/xlat/sock_ipx_options.in
+@@ -1 +1 @@
+-IPX_TYPE
++IPX_TYPE 1
+Index: strace-5.14/tests/net-sockaddr.c
+===================================================================
+--- strace-5.14.orig/tests/net-sockaddr.c
++++ strace-5.14/tests/net-sockaddr.c
+@@ -24,7 +24,11 @@
+ #include <linux/if_ether.h>
+ #include <linux/if_packet.h>
+ #include <linux/x25.h>
+-#include <linux/ipx.h>
++#if defined HAVE_LINUX_IPX_H
++# include <linux/ipx.h>
++#elif defined HAVE_NETIPX_IPX_H
++# include <netipx/ipx.h>
++#endif
+ #ifdef HAVE_BLUETOOTH_BLUETOOTH_H
+ # include <bluetooth/bluetooth.h>
+ # include <bluetooth/hci.h>
+@@ -269,6 +273,7 @@
+ printf("connect(-1, %p, %u) = %d EBADF (%m)\n", in6, len, ret);
+ }
+
++#if defined HAVE_LINUX_IPX_H || defined HAVE_NETIPX_IPX_H
+ static void
+ check_ipx(void)
+ {
+@@ -295,6 +300,7 @@
+ c_ipx.sipx_node[4], c_ipx.sipx_node[5],
+ c_ipx.sipx_type, len, ret);
+ }
++#endif /* HAVE_LINUX_IPX_H || defined HAVE_NETIPX_IPX_H */
+
+ /* for a bit more compact AX.25 address definitions */
+ #define AX25_ADDR(c_, s_) \
+@@ -773,7 +779,9 @@
+ check_un();
+ check_in();
+ check_in6();
++#if defined HAVE_LINUX_IPX_H || defined HAVE_NETIPX_IPX_H
+ check_ipx();
++#endif
+ check_ax25();
+ check_x25();
+ check_nl();
diff --git a/meta/recipes-devtools/strace/strace/run-ptest b/meta/recipes-devtools/strace/strace/run-ptest
index 3a51fb0be9..02bb91e07f 100755
--- a/meta/recipes-devtools/strace/strace/run-ptest
+++ b/meta/recipes-devtools/strace/strace/run-ptest
@@ -1,6 +1,15 @@
#!/bin/sh
+
+set -u
+
export TIMEOUT_DURATION=240
chown nobody tests
chown nobody tests/*
chown nobody ../ptest
+
su nobody -c "make -B -C tests -k test-suite.log"
+res=$?
+if [ $res -ne 0 ]; then
+ cat tests/test-suite.log
+fi
+exit $res
diff --git a/meta/recipes-devtools/strace/strace_5.14.bb b/meta/recipes-devtools/strace/strace_5.14.bb
index 02a4843edf..3229954b3f 100644
--- a/meta/recipes-devtools/strace/strace_5.14.bb
+++ b/meta/recipes-devtools/strace/strace_5.14.bb
@@ -14,6 +14,7 @@ SRC_URI = "https://strace.io/files/${PV}/strace-${PV}.tar.xz \
file://ptest-spacesave.patch \
file://uintptr_t.patch \
file://0001-strace-fix-reproducibilty-issues.patch \
+ file://0001-Avoid-relying-on-presence-of-ipx.h.patch \
"
SRC_URI[sha256sum] = "901bee6db5e17debad4530dd9ffb4dc9a96c4a656edbe1c3141b7cb307b11e73"
diff --git a/meta/recipes-devtools/systemd-bootchart/systemd-bootchart_234.bb b/meta/recipes-devtools/systemd-bootchart/systemd-bootchart_234.bb
index 30dbbcc05c..71c2ba6d7c 100644
--- a/meta/recipes-devtools/systemd-bootchart/systemd-bootchart_234.bb
+++ b/meta/recipes-devtools/systemd-bootchart/systemd-bootchart_234.bb
@@ -8,7 +8,7 @@ LICENSE = "LGPLv2.1 & GPLv2"
LIC_FILES_CHKSUM = "file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c \
file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe"
-SRC_URI = "git://github.com/systemd/systemd-bootchart.git;protocol=https \
+SRC_URI = "git://github.com/systemd/systemd-bootchart.git;protocol=https;branch=master \
file://0001-architecture-Recognise-RISCV-32-RISCV-64.patch \
file://mips64.patch \
file://no_lto.patch \
diff --git a/meta/recipes-devtools/tcf-agent/tcf-agent_git.bb b/meta/recipes-devtools/tcf-agent/tcf-agent_git.bb
index e67eccc75c..d6d563d8e7 100644
--- a/meta/recipes-devtools/tcf-agent/tcf-agent_git.bb
+++ b/meta/recipes-devtools/tcf-agent/tcf-agent_git.bb
@@ -10,7 +10,7 @@ SRCREV = "2735e3d6b7eccb05ab232825c618c837d27a5010"
PV = "1.7.0+git${SRCPV}"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+)+))"
-SRC_URI = "git://git.eclipse.org/r/tcf/org.eclipse.tcf.agent.git;protocol=https \
+SRC_URI = "git://git.eclipse.org/r/tcf/org.eclipse.tcf.agent.git;protocol=https;branch=master \
file://fix_ranlib.patch \
file://ldflags.patch \
file://tcf-agent.init \
diff --git a/meta/recipes-devtools/unfs3/unfs3_git.bb b/meta/recipes-devtools/unfs3/unfs3_git.bb
index 2bc7a9230b..7a5d273851 100644
--- a/meta/recipes-devtools/unfs3/unfs3_git.bb
+++ b/meta/recipes-devtools/unfs3/unfs3_git.bb
@@ -14,7 +14,7 @@ DEPENDS:append:class-nativesdk = " flex-nativesdk"
ASNEEDED = ""
S = "${WORKDIR}/git"
-SRC_URI = "git://github.com/unfs3/unfs3.git;protocol=https \
+SRC_URI = "git://github.com/unfs3/unfs3.git;protocol=https;branch=master \
file://unfs3_parallel_build.patch \
file://alternate_rpc_ports.patch \
file://fix_pid_race_parent_writes_child_pid.patch \
diff --git a/meta/recipes-example/rust-hello-world/rust-hello-world_git.bb b/meta/recipes-example/rust-hello-world/rust-hello-world_git.bb
index 3ebd9cc661..1d91109b51 100644
--- a/meta/recipes-example/rust-hello-world/rust-hello-world_git.bb
+++ b/meta/recipes-example/rust-hello-world/rust-hello-world_git.bb
@@ -1,6 +1,6 @@
inherit cargo
-SRC_URI = "git://github.com/meta-rust/rust-hello-world.git;protocol=https"
+SRC_URI = "git://github.com/meta-rust/rust-hello-world.git;protocol=https;branch=master"
SRCREV="e0fa23f1a3cb1eb1407165bd2fc36d2f6e6ad728"
LIC_FILES_CHKSUM="file://COPYRIGHT;md5=e6b2207ac3740d2d01141c49208c2147"
diff --git a/meta/recipes-extended/asciidoc/asciidoc_9.1.0.bb b/meta/recipes-extended/asciidoc/asciidoc_9.1.0.bb
index dd9f8e32c4..6d52b5ba04 100644
--- a/meta/recipes-extended/asciidoc/asciidoc_9.1.0.bb
+++ b/meta/recipes-extended/asciidoc/asciidoc_9.1.0.bb
@@ -8,7 +8,7 @@ LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=4e5d1baf6f20559e3bec172226a47e4e \
file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263 "
-SRC_URI = "git://github.com/asciidoc/asciidoc-py3;protocol=https;branch=9.x"
+SRC_URI = "git://github.com/asciidoc/asciidoc-py;protocol=https;branch=9.x"
SRCREV = "9705d428439530104ce55d0ba12e8ef9d1b57ad1"
DEPENDS = "libxml2-native libxslt-native docbook-xml-dtd4-native docbook-xsl-stylesheets-native"
diff --git a/meta/recipes-extended/bzip2/bzip2_1.0.8.bb b/meta/recipes-extended/bzip2/bzip2_1.0.8.bb
index 296bc68d41..ab63012922 100644
--- a/meta/recipes-extended/bzip2/bzip2_1.0.8.bb
+++ b/meta/recipes-extended/bzip2/bzip2_1.0.8.bb
@@ -22,7 +22,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;beginline=4;endline=37;md5=600af43c50f1fcb82e
"
SRC_URI = "https://sourceware.org/pub/${BPN}/${BPN}-${PV}.tar.gz \
- git://sourceware.org/git/bzip2-tests.git;name=bzip2-tests \
+ git://sourceware.org/git/bzip2-tests.git;name=bzip2-tests;branch=master \
file://configure.ac;subdir=${BP} \
file://Makefile.am;subdir=${BP} \
file://run-ptest \
diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc
index f6f8637a43..a8e790bd8f 100644
--- a/meta/recipes-extended/cups/cups.inc
+++ b/meta/recipes-extended/cups/cups.inc
@@ -44,11 +44,12 @@ PACKAGECONFIG[avahi] = "--enable-avahi,--disable-avahi,avahi"
PACKAGECONFIG[acl] = "--enable-acl,--disable-acl,acl"
PACKAGECONFIG[gnutls] = "--enable-gnutls,--disable-gnutls,gnutls"
PACKAGECONFIG[pam] = "--enable-pam --with-pam-module=unix, --disable-pam, libpam"
-PACKAGECONFIG[systemd] = "--with-systemd=${systemd_system_unitdir},--without-systemd,systemd"
+PACKAGECONFIG[systemd] = "--with-systemd=${systemd_system_unitdir},--disable-systemd,systemd"
PACKAGECONFIG[xinetd] = "--with-xinetd=${sysconfdir}/xinetd.d,--without-xinetd,xinetd"
EXTRA_OECONF = " \
--enable-dbus \
+ --with-dbusdir=${sysconfdir}/dbus-1 \
--enable-browsing \
--disable-gssapi \
--enable-debug \
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781.patch
new file mode 100644
index 0000000000..27ef83bb85
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781.patch
@@ -0,0 +1,236 @@
+From a9bd3dec9fde03327a4a2c69dad1036bf9632e20 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Tue, 7 Sep 2021 20:36:12 +0100
+Subject: [PATCH] Bug 704342: Include device specifier strings in access
+ validation
+
+for the "%pipe%", %handle%" and %printer% io devices.
+
+We previously validated only the part after the "%pipe%" Postscript device
+specifier, but this proved insufficient.
+
+This rebuilds the original file name string, and validates it complete. The
+slight complication for "%pipe%" is it can be reached implicitly using
+"|" so we have to check both prefixes.
+
+Addresses CVE-2021-3781
+
+Upstream-Status: Backport[https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=a9bd3dec9fde03327a4a2c69dad1036bf9632e20]
+CVE: CVE-2021-3781
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ base/gdevpipe.c | 22 +++++++++++++++-
+ base/gp_mshdl.c | 11 +++++++-
+ base/gp_msprn.c | 10 ++++++-
+ base/gp_os2pr.c | 13 +++++++++-
+ base/gslibctx.c | 69 ++++++++++---------------------------------------
+ 5 files changed, 65 insertions(+), 60 deletions(-)
+
+diff --git a/base/gdevpipe.c b/base/gdevpipe.c
+index 96d71f5d8..5bdc485be 100644
+--- a/base/gdevpipe.c
++++ b/base/gdevpipe.c
+@@ -72,8 +72,28 @@ pipe_fopen(gx_io_device * iodev, const char *fname, const char *access,
+ #else
+ gs_lib_ctx_t *ctx = mem->gs_lib_ctx;
+ gs_fs_list_t *fs = ctx->core->fs;
++ /* The pipe device can be reached in two ways, explicltly with %pipe%
++ or implicitly with "|", so we have to check for both
++ */
++ char f[gp_file_name_sizeof];
++ const char *pipestr = "|";
++ const size_t pipestrlen = strlen(pipestr);
++ const size_t preflen = strlen(iodev->dname);
++ const size_t nlen = strlen(fname);
++ int code1;
++
++ if (preflen + nlen >= gp_file_name_sizeof)
++ return_error(gs_error_invalidaccess);
++
++ memcpy(f, iodev->dname, preflen);
++ memcpy(f + preflen, fname, nlen + 1);
++
++ code1 = gp_validate_path(mem, f, access);
++
++ memcpy(f, pipestr, pipestrlen);
++ memcpy(f + pipestrlen, fname, nlen + 1);
+
+- if (gp_validate_path(mem, fname, access) != 0)
++ if (code1 != 0 && gp_validate_path(mem, f, access) != 0 )
+ return gs_error_invalidfileaccess;
+
+ /*
+diff --git a/base/gp_mshdl.c b/base/gp_mshdl.c
+index 2b964ed74..8d87ceadc 100644
+--- a/base/gp_mshdl.c
++++ b/base/gp_mshdl.c
+@@ -95,8 +95,17 @@ mswin_handle_fopen(gx_io_device * iodev, const char *fname, const char *access,
+ long hfile; /* Correct for Win32, may be wrong for Win64 */
+ gs_lib_ctx_t *ctx = mem->gs_lib_ctx;
+ gs_fs_list_t *fs = ctx->core->fs;
++ char f[gp_file_name_sizeof];
++ const size_t preflen = strlen(iodev->dname);
++ const size_t nlen = strlen(fname);
+
+- if (gp_validate_path(mem, fname, access) != 0)
++ if (preflen + nlen >= gp_file_name_sizeof)
++ return_error(gs_error_invalidaccess);
++
++ memcpy(f, iodev->dname, preflen);
++ memcpy(f + preflen, fname, nlen + 1);
++
++ if (gp_validate_path(mem, f, access) != 0)
+ return gs_error_invalidfileaccess;
+
+ /* First we try the open_handle method. */
+diff --git a/base/gp_msprn.c b/base/gp_msprn.c
+index ed4827968..746a974f7 100644
+--- a/base/gp_msprn.c
++++ b/base/gp_msprn.c
+@@ -168,8 +168,16 @@ mswin_printer_fopen(gx_io_device * iodev, const char *fname, const char *access,
+ uintptr_t *ptid = &((tid_t *)(iodev->state))->tid;
+ gs_lib_ctx_t *ctx = mem->gs_lib_ctx;
+ gs_fs_list_t *fs = ctx->core->fs;
++ const size_t preflen = strlen(iodev->dname);
++ const size_t nlen = strlen(fname);
+
+- if (gp_validate_path(mem, fname, access) != 0)
++ if (preflen + nlen >= gp_file_name_sizeof)
++ return_error(gs_error_invalidaccess);
++
++ memcpy(pname, iodev->dname, preflen);
++ memcpy(pname + preflen, fname, nlen + 1);
++
++ if (gp_validate_path(mem, pname, access) != 0)
+ return gs_error_invalidfileaccess;
+
+ /* First we try the open_printer method. */
+diff --git a/base/gp_os2pr.c b/base/gp_os2pr.c
+index f852c71fc..ba54cde66 100644
+--- a/base/gp_os2pr.c
++++ b/base/gp_os2pr.c
+@@ -107,9 +107,20 @@ os2_printer_fopen(gx_io_device * iodev, const char *fname, const char *access,
+ FILE ** pfile, char *rfname, uint rnamelen)
+ {
+ os2_printer_t *pr = (os2_printer_t *)iodev->state;
+- char driver_name[256];
++ char driver_name[gp_file_name_sizeof];
+ gs_lib_ctx_t *ctx = mem->gs_lib_ctx;
+ gs_fs_list_t *fs = ctx->core->fs;
++ const size_t preflen = strlen(iodev->dname);
++ const int size_t = strlen(fname);
++
++ if (preflen + nlen >= gp_file_name_sizeof)
++ return_error(gs_error_invalidaccess);
++
++ memcpy(driver_name, iodev->dname, preflen);
++ memcpy(driver_name + preflen, fname, nlen + 1);
++
++ if (gp_validate_path(mem, driver_name, access) != 0)
++ return gs_error_invalidfileaccess;
+
+ /* First we try the open_printer method. */
+ /* Note that the loop condition here ensures we don't
+diff --git a/base/gslibctx.c b/base/gslibctx.c
+index 6dfed6cd5..318039fad 100644
+--- a/base/gslibctx.c
++++ b/base/gslibctx.c
+@@ -655,82 +655,39 @@ rewrite_percent_specifiers(char *s)
+ int
+ gs_add_outputfile_control_path(gs_memory_t *mem, const char *fname)
+ {
+- char *fp, f[gp_file_name_sizeof];
+- const int pipe = 124; /* ASCII code for '|' */
+- const int len = strlen(fname);
+- int i, code;
++ char f[gp_file_name_sizeof];
++ int code;
+
+ /* Be sure the string copy will fit */
+- if (len >= gp_file_name_sizeof)
++ if (strlen(fname) >= gp_file_name_sizeof)
+ return gs_error_rangecheck;
+ strcpy(f, fname);
+- fp = f;
+ /* Try to rewrite any %d (or similar) in the string */
+ rewrite_percent_specifiers(f);
+- for (i = 0; i < len; i++) {
+- if (f[i] == pipe) {
+- fp = &f[i + 1];
+- /* Because we potentially have to check file permissions at two levels
+- for the output file (gx_device_open_output_file and the low level
+- fopen API, if we're using a pipe, we have to add both the full string,
+- (including the '|', and just the command to which we pipe - since at
+- the pipe_fopen(), the leading '|' has been stripped.
+- */
+- code = gs_add_control_path(mem, gs_permit_file_writing, f);
+- if (code < 0)
+- return code;
+- code = gs_add_control_path(mem, gs_permit_file_control, f);
+- if (code < 0)
+- return code;
+- break;
+- }
+- if (!IS_WHITESPACE(f[i]))
+- break;
+- }
+- code = gs_add_control_path(mem, gs_permit_file_control, fp);
++
++ code = gs_add_control_path(mem, gs_permit_file_control, f);
+ if (code < 0)
+ return code;
+- return gs_add_control_path(mem, gs_permit_file_writing, fp);
++ return gs_add_control_path(mem, gs_permit_file_writing, f);
+ }
+
+ int
+ gs_remove_outputfile_control_path(gs_memory_t *mem, const char *fname)
+ {
+- char *fp, f[gp_file_name_sizeof];
+- const int pipe = 124; /* ASCII code for '|' */
+- const int len = strlen(fname);
+- int i, code;
++ char f[gp_file_name_sizeof];
++ int code;
+
+ /* Be sure the string copy will fit */
+- if (len >= gp_file_name_sizeof)
++ if (strlen(fname) >= gp_file_name_sizeof)
+ return gs_error_rangecheck;
+ strcpy(f, fname);
+- fp = f;
+ /* Try to rewrite any %d (or similar) in the string */
+- for (i = 0; i < len; i++) {
+- if (f[i] == pipe) {
+- fp = &f[i + 1];
+- /* Because we potentially have to check file permissions at two levels
+- for the output file (gx_device_open_output_file and the low level
+- fopen API, if we're using a pipe, we have to add both the full string,
+- (including the '|', and just the command to which we pipe - since at
+- the pipe_fopen(), the leading '|' has been stripped.
+- */
+- code = gs_remove_control_path(mem, gs_permit_file_writing, f);
+- if (code < 0)
+- return code;
+- code = gs_remove_control_path(mem, gs_permit_file_control, f);
+- if (code < 0)
+- return code;
+- break;
+- }
+- if (!IS_WHITESPACE(f[i]))
+- break;
+- }
+- code = gs_remove_control_path(mem, gs_permit_file_control, fp);
++ rewrite_percent_specifiers(f);
++
++ code = gs_remove_control_path(mem, gs_permit_file_control, f);
+ if (code < 0)
+ return code;
+- return gs_remove_control_path(mem, gs_permit_file_writing, fp);
++ return gs_remove_control_path(mem, gs_permit_file_writing, f);
+ }
+
+ int
+--
+2.25.1
+
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-45949.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-45949.patch
new file mode 100644
index 0000000000..8e4fd40932
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-45949.patch
@@ -0,0 +1,68 @@
+From 2a3129365d3bc0d4a41f107ef175920d1505d1f7 Mon Sep 17 00:00:00 2001
+From: Chris Liddell <chris.liddell@artifex.com>
+Date: Tue, 1 Jun 2021 19:57:16 +0100
+Subject: [PATCH] Bug 703902: Fix op stack management in
+ sampled_data_continue()
+
+Replace pop() (which does no checking, and doesn't handle stack extension
+blocks) with ref_stack_pop() which does do all that.
+
+We still use pop() in one case (it's faster), but we have to later use
+ref_stack_pop() before calling sampled_data_sample() which also accesses the
+op stack.
+
+Fixes:
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34675
+
+Upstream-Status: Backported [https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7]
+CVE: CVE-2021-45949
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+---
+ psi/zfsample.c | 16 ++++++++++------
+ 1 file changed, 10 insertions(+), 6 deletions(-)
+
+diff --git a/psi/zfsample.c b/psi/zfsample.c
+index 0e8e4bc8d..00cd0cfdd 100644
+--- a/psi/zfsample.c
++++ b/psi/zfsample.c
+@@ -533,15 +533,19 @@ sampled_data_continue(i_ctx_t *i_ctx_p)
+ for (j = 0; j < bps; j++)
+ data_ptr[bps * i + j] = (byte)(cv >> ((bps - 1 - j) * 8)); /* MSB first */
+ }
+- pop(num_out); /* Move op to base of result values */
+
+- /* Check if we are done collecting data. */
++ pop(num_out); /* Move op to base of result values */
+
++ /* From here on, we have to use ref_stack_pop() rather than pop()
++ so that it handles stack extension blocks properly, before calling
++ sampled_data_sample() which also uses the op stack.
++ */
++ /* Check if we are done collecting data. */
+ if (increment_cube_indexes(params, penum->indexes)) {
+ if (stack_depth_adjust == 0)
+- pop(O_STACK_PAD); /* Remove spare stack space */
++ ref_stack_pop(&o_stack, O_STACK_PAD); /* Remove spare stack space */
+ else
+- pop(stack_depth_adjust - num_out);
++ ref_stack_pop(&o_stack, stack_depth_adjust - num_out);
+ /* Execute the closing procedure, if given */
+ code = 0;
+ if (esp_finish_proc != 0)
+@@ -554,11 +558,11 @@ sampled_data_continue(i_ctx_t *i_ctx_p)
+ if ((O_STACK_PAD - stack_depth_adjust) < 0) {
+ stack_depth_adjust = -(O_STACK_PAD - stack_depth_adjust);
+ check_op(stack_depth_adjust);
+- pop(stack_depth_adjust);
++ ref_stack_pop(&o_stack, stack_depth_adjust);
+ }
+ else {
+ check_ostack(O_STACK_PAD - stack_depth_adjust);
+- push(O_STACK_PAD - stack_depth_adjust);
++ ref_stack_push(&o_stack, O_STACK_PAD - stack_depth_adjust);
+ for (i=0;i<O_STACK_PAD - stack_depth_adjust;i++)
+ make_null(op - i);
+ }
+--
+2.25.1
+
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.54.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.54.0.bb
index 59cc560cf8..28d064a1a8 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.54.0.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.54.0.bb
@@ -33,6 +33,8 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
file://do-not-check-local-libpng-source.patch \
file://avoid-host-contamination.patch \
file://mkdir-p.patch \
+ file://CVE-2021-45949.patch \
+ file://CVE-2021-3781.patch \
"
SRC_URI = "${SRC_URI_BASE} \
diff --git a/meta/recipes-extended/go-examples/go-helloworld_0.1.bb b/meta/recipes-extended/go-examples/go-helloworld_0.1.bb
index aeff482f3b..4e582edcf1 100644
--- a/meta/recipes-extended/go-examples/go-helloworld_0.1.bb
+++ b/meta/recipes-extended/go-examples/go-helloworld_0.1.bb
@@ -5,7 +5,7 @@ HOMEPAGE = "https://golang.org/"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
-SRC_URI = "git://${GO_IMPORT}"
+SRC_URI = "git://${GO_IMPORT};branch=master;protocol=https"
SRCREV = "46695d81d1fae905a270fb7db8a4d11a334562fe"
UPSTREAM_CHECK_COMMITS = "1"
diff --git a/meta/recipes-extended/iputils/iputils_20210722.bb b/meta/recipes-extended/iputils/iputils_20210722.bb
index e1940b77b5..d81f787dd8 100644
--- a/meta/recipes-extended/iputils/iputils_20210722.bb
+++ b/meta/recipes-extended/iputils/iputils_20210722.bb
@@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=55aa8c9fcad0691cef0ecd420361e390"
DEPENDS = "gnutls"
-SRC_URI = "git://github.com/iputils/iputils \
+SRC_URI = "git://github.com/iputils/iputils;branch=master;protocol=https \
file://0001-rarpd-rdisc-Drop-PrivateUsers.patch \
file://0001-meson-Make-tests-optional.patch \
"
diff --git a/meta/recipes-extended/libaio/libaio_0.3.112.bb b/meta/recipes-extended/libaio/libaio_0.3.112.bb
index b3606474a5..3892f3244e 100644
--- a/meta/recipes-extended/libaio/libaio_0.3.112.bb
+++ b/meta/recipes-extended/libaio/libaio_0.3.112.bb
@@ -5,7 +5,7 @@ HOMEPAGE = "http://lse.sourceforge.net/io/aio.html"
LICENSE = "LGPLv2.1+"
LIC_FILES_CHKSUM = "file://COPYING;md5=d8045f3b8f929c1cb29a1e3fd737b499"
-SRC_URI = "git://pagure.io/libaio.git;protocol=https \
+SRC_URI = "git://pagure.io/libaio.git;protocol=https;branch=master \
file://00_arches.patch \
file://libaio_fix_for_mips_syscalls.patch \
file://system-linkage.patch \
diff --git a/meta/recipes-extended/libarchive/libarchive_3.5.1.bb b/meta/recipes-extended/libarchive/libarchive_3.5.3.bb
index 7d98e573b8..dd607aca0a 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.5.1.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.5.3.bb
@@ -34,7 +34,7 @@ EXTRA_OECONF += "--enable-largefile"
SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz"
-SRC_URI[sha256sum] = "9015d109ec00bb9ae1a384b172bf2fc1dff41e2c66e5a9eeddf933af9db37f5a"
+SRC_URI[sha256sum] = "72788e5f58d16febddfa262a5215e05fc9c79f2670f641ac039e6df44330ef51"
inherit autotools update-alternatives pkgconfig
diff --git a/meta/recipes-extended/libnsl/libnsl2_git.bb b/meta/recipes-extended/libnsl/libnsl2_git.bb
index 53be67fe85..3f6ccbad70 100644
--- a/meta/recipes-extended/libnsl/libnsl2_git.bb
+++ b/meta/recipes-extended/libnsl/libnsl2_git.bb
@@ -14,7 +14,7 @@ PV = "2.0.0"
SRCREV = "82245c0c58add79a8e34ab0917358217a70e5100"
-SRC_URI = "git://github.com/thkukuk/libnsl \
+SRC_URI = "git://github.com/thkukuk/libnsl;branch=master;protocol=https \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-extended/libnss-nis/libnss-nis.bb b/meta/recipes-extended/libnss-nis/libnss-nis.bb
index 34103428e9..478e9e2be3 100644
--- a/meta/recipes-extended/libnss-nis/libnss-nis.bb
+++ b/meta/recipes-extended/libnss-nis/libnss-nis.bb
@@ -17,7 +17,7 @@ PV = "3.1+git${SRCPV}"
SRCREV = "062f31999b35393abf7595cb89dfc9590d5a42ad"
-SRC_URI = "git://github.com/thkukuk/libnss_nis \
+SRC_URI = "git://github.com/thkukuk/libnss_nis;branch=master;protocol=https \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-extended/libsolv/libsolv_0.7.19.bb b/meta/recipes-extended/libsolv/libsolv_0.7.19.bb
index bb925073ed..a3a4fc7896 100644
--- a/meta/recipes-extended/libsolv/libsolv_0.7.19.bb
+++ b/meta/recipes-extended/libsolv/libsolv_0.7.19.bb
@@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.BSD;md5=62272bd11c97396d4aaf1c41bc11f7d8"
DEPENDS = "expat zlib"
-SRC_URI = "git://github.com/openSUSE/libsolv.git \
+SRC_URI = "git://github.com/openSUSE/libsolv.git;branch=master;protocol=https \
"
SRCREV = "c773294be6b0a2425f344a8999f173fb00cfd16f"
diff --git a/meta/recipes-extended/lighttpd/lighttpd/0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch b/meta/recipes-extended/lighttpd/lighttpd/0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch
new file mode 100644
index 0000000000..f4e93d1065
--- /dev/null
+++ b/meta/recipes-extended/lighttpd/lighttpd/0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch
@@ -0,0 +1,97 @@
+Upstream-Status: Backport
+CVE: CVE-2022-22707
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 27103f3f8b1a2857aa45b889e775435f7daf141f Mon Sep 17 00:00:00 2001
+From: povcfe <povcfe@qq.com>
+Date: Wed, 5 Jan 2022 11:11:09 +0000
+Subject: [PATCH] [mod_extforward] fix out-of-bounds (OOB) write (fixes #3134)
+
+(thx povcfe)
+
+(edited: gstrauss)
+
+There is a potential remote denial of service in lighttpd mod_extforward
+under specific, non-default and uncommon 32-bit lighttpd mod_extforward
+configurations.
+
+Under specific, non-default and uncommon lighttpd mod_extforward
+configurations, a remote attacker can trigger a 4-byte out-of-bounds
+write of value '-1' to the stack. This is not believed to be exploitable
+in any way beyond triggering a crash of the lighttpd server on systems
+where the lighttpd server has been built 32-bit and with compiler flags
+which enable a stack canary -- gcc/clang -fstack-protector-strong or
+-fstack-protector-all, but bug not visible with only -fstack-protector.
+
+With standard lighttpd builds using -O2 optimization on 64-bit x86_64,
+this bug has not been observed to cause adverse behavior, even with
+gcc/clang -fstack-protector-strong.
+
+For the bug to be reachable, the user must be using a non-default
+lighttpd configuration which enables mod_extforward and configures
+mod_extforward to accept and parse the "Forwarded" header from a trusted
+proxy. At this time, support for RFC7239 Forwarded is not common in CDN
+providers or popular web server reverse proxies. It bears repeating that
+for the user to desire to configure lighttpd mod_extforward to accept
+"Forwarded", the user must also be using a trusted proxy (in front of
+lighttpd) which understands and actively modifies the "Forwarded" header
+sent to lighttpd.
+
+lighttpd natively supports RFC7239 "Forwarded"
+hiawatha natively supports RFC7239 "Forwarded"
+
+nginx can be manually configured to add a "Forwarded" header
+https://www.nginx.com/resources/wiki/start/topics/examples/forwarded/
+
+A 64-bit build of lighttpd on x86_64 (not known to be affected by bug)
+in front of another 32-bit lighttpd will detect and reject a malicious
+"Forwarded" request header, thereby thwarting an attempt to trigger
+this bug in an upstream 32-bit lighttpd.
+
+The following servers currently do not natively support RFC7239 Forwarded:
+nginx
+apache2
+caddy
+node.js
+haproxy
+squid
+varnish-cache
+litespeed
+
+Given the general dearth of support for RFC7239 Forwarded in popular
+CDNs and web server reverse proxies, and given the prerequisites in
+lighttpd mod_extforward needed to reach this bug, the number of lighttpd
+servers vulnerable to this bug is estimated to be vanishingly small.
+Large systems using reverse proxies are likely running 64-bit lighttpd,
+which is not known to be adversely affected by this bug.
+
+In the future, it is desirable for more servers to implement RFC7239
+Forwarded. lighttpd developers would like to thank povcfe for reporting
+this bug so that it can be fixed before more CDNs and web servers
+implement RFC7239 Forwarded.
+
+x-ref:
+ "mod_extforward plugin has out-of-bounds (OOB) write of 4-byte -1"
+ https://redmine.lighttpd.net/issues/3134
+ (not yet written or published)
+ CVE-2022-22707
+---
+ src/mod_extforward.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/mod_extforward.c b/src/mod_extforward.c
+index ba957e04..fdaef7f6 100644
+--- a/src/mod_extforward.c
++++ b/src/mod_extforward.c
+@@ -715,7 +715,7 @@ static handler_t mod_extforward_Forwarded (request_st * const r, plugin_data * c
+ while (s[i] == ' ' || s[i] == '\t') ++i;
+ if (s[i] == ';') { ++i; continue; }
+ if (s[i] == ',') {
+- if (j >= (int)(sizeof(offsets)/sizeof(int))) break;
++ if (j >= (int)(sizeof(offsets)/sizeof(int))-1) break;
+ offsets[++j] = -1; /*("offset" separating params from next proxy)*/
+ ++i;
+ continue;
+--
+2.25.1
+
diff --git a/meta/recipes-extended/lighttpd/lighttpd_1.4.59.bb b/meta/recipes-extended/lighttpd/lighttpd_1.4.59.bb
index 8cb3a9a18c..12d3db937d 100644
--- a/meta/recipes-extended/lighttpd/lighttpd_1.4.59.bb
+++ b/meta/recipes-extended/lighttpd/lighttpd_1.4.59.bb
@@ -14,6 +14,7 @@ RRECOMMENDS:${PN} = "lighttpd-module-access \
lighttpd-module-accesslog"
SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.tar.xz \
+ file://0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch \
file://index.html.lighttpd \
file://lighttpd.conf \
file://lighttpd \
diff --git a/meta/recipes-extended/ltp/ltp_20210524.bb b/meta/recipes-extended/ltp/ltp_20210524.bb
index 20e2deffa5..0636cb92cb 100644
--- a/meta/recipes-extended/ltp/ltp_20210524.bb
+++ b/meta/recipes-extended/ltp/ltp_20210524.bb
@@ -29,7 +29,7 @@ CFLAGS:append:powerpc64 = " -D__SANE_USERSPACE_TYPES__"
CFLAGS:append:mipsarchn64 = " -D__SANE_USERSPACE_TYPES__"
SRCREV = "0fb171f2beddaf64bd27597577c206c0f892b3cd"
-SRC_URI = "git://github.com/linux-test-project/ltp.git \
+SRC_URI = "git://github.com/linux-test-project/ltp.git;branch=master;protocol=https \
file://0001-Remove-OOM-tests-from-runtest-mm.patch \
file://0001-syscalls-ioctl_ns05.c-ioctl_ns06.c-Fix-too-small-buf.patch \
"
diff --git a/meta/recipes-extended/mc/files/0001-Ticket-4200-fix-FTBFS-with-ncurses-build-with-disabl.patch b/meta/recipes-extended/mc/files/0001-Ticket-4200-fix-FTBFS-with-ncurses-build-with-disabl.patch
new file mode 100644
index 0000000000..408473664f
--- /dev/null
+++ b/meta/recipes-extended/mc/files/0001-Ticket-4200-fix-FTBFS-with-ncurses-build-with-disabl.patch
@@ -0,0 +1,87 @@
+From e7bbf72544ab62db9c92bfe7bd1155227e78c621 Mon Sep 17 00:00:00 2001
+From: Andrew Borodin <aborodin@vmail.ru>
+Date: Sat, 28 Aug 2021 11:46:53 +0300
+Subject: [PATCH] Ticket #4200: fix FTBFS with ncurses build with
+ --disable-widec.
+
+Upstream-Status: Accepted [https://github.com/MidnightCommander/mc/commit/e7bbf72544]
+Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
+---
+ lib/tty/tty-ncurses.c | 8 ++++++++
+ lib/tty/tty-ncurses.h | 5 +++++
+ lib/tty/tty-slang.h | 2 ++
+ src/filemanager/boxes.c | 2 ++
+ 4 files changed, 17 insertions(+)
+
+diff --git a/lib/tty/tty-ncurses.c b/lib/tty/tty-ncurses.c
+index f619c0a7bf31..13058a624208 100644
+--- a/lib/tty/tty-ncurses.c
++++ b/lib/tty/tty-ncurses.c
+@@ -560,6 +560,7 @@ tty_fill_region (int y, int x, int rows, int cols, unsigned char ch)
+ void
+ tty_colorize_area (int y, int x, int rows, int cols, int color)
+ {
++#ifdef ENABLE_SHADOWS
+ cchar_t *ctext;
+ wchar_t wch[10]; /* TODO not sure if the length is correct */
+ attr_t attrs;
+@@ -585,6 +586,13 @@ tty_colorize_area (int y, int x, int rows, int cols, int color)
+ }
+
+ g_free (ctext);
++#else
++ (void) y;
++ (void) x;
++ (void) rows;
++ (void) cols;
++ (void) color;
++#endif /* ENABLE_SHADOWS */
+ }
+
+ /* --------------------------------------------------------------------------------------------- */
+diff --git a/lib/tty/tty-ncurses.h b/lib/tty/tty-ncurses.h
+index d75df9533ab9..8feb17ccd045 100644
+--- a/lib/tty/tty-ncurses.h
++++ b/lib/tty/tty-ncurses.h
+@@ -30,6 +30,11 @@
+ #define NCURSES_CONST const
+ #endif
+
++/* do not draw shadows if NCurses is built with --disable-widec */
++#if defined(NCURSES_WIDECHAR) && NCURSES_WIDECHAR
++#define ENABLE_SHADOWS 1
++#endif
++
+ /*** typedefs(not structures) and defined constants **********************************************/
+
+ /*** enums ***************************************************************************************/
+diff --git a/lib/tty/tty-slang.h b/lib/tty/tty-slang.h
+index 5b12c6512853..eeaade388af4 100644
+--- a/lib/tty/tty-slang.h
++++ b/lib/tty/tty-slang.h
+@@ -23,6 +23,8 @@
+ #define COLS SLtt_Screen_Cols
+ #define LINES SLtt_Screen_Rows
+
++#define ENABLE_SHADOWS 1
++
+ /*** enums ***************************************************************************************/
+
+ enum
+diff --git a/src/filemanager/boxes.c b/src/filemanager/boxes.c
+index 3eb525be4a9b..98df5ff2ed9a 100644
+--- a/src/filemanager/boxes.c
++++ b/src/filemanager/boxes.c
+@@ -280,7 +280,9 @@ appearance_box_callback (Widget * w, Widget * sender, widget_msg_t msg, int parm
+ switch (msg)
+ {
+ case MSG_INIT:
++#ifdef ENABLE_SHADOWS
+ if (!tty_use_colors ())
++#endif
+ {
+ Widget *shadow;
+
+--
+2.34.1
+
diff --git a/meta/recipes-extended/mc/mc_4.8.27.bb b/meta/recipes-extended/mc/mc_4.8.27.bb
index 546e615d1d..e877780ea0 100644
--- a/meta/recipes-extended/mc/mc_4.8.27.bb
+++ b/meta/recipes-extended/mc/mc_4.8.27.bb
@@ -11,6 +11,7 @@ RRECOMMENDS:${PN} = "ncurses-terminfo"
SRC_URI = "http://www.midnight-commander.org/downloads/${BPN}-${PV}.tar.bz2 \
file://0001-mc-replace-perl-w-with-use-warnings.patch \
file://nomandate.patch \
+ file://0001-Ticket-4200-fix-FTBFS-with-ncurses-build-with-disabl.patch \
"
SRC_URI[sha256sum] = "2f52dd9c75c20d8eac7701bd3a8c6c125aaf8cdd9cf12b78ca50a0102b543407"
@@ -27,7 +28,9 @@ PACKAGECONFIG ??= ""
PACKAGECONFIG[smb] = "--enable-vfs-smb,--disable-vfs-smb,samba,"
PACKAGECONFIG[sftp] = "--enable-vfs-sftp,--disable-vfs-sftp,libssh2,"
-CFLAGS:append:libc-musl = ' -DNCURSES_WIDECHAR=1 '
+# enable NCURSES_WIDECHAR=1 only if ENABLE_WIDEC has not been explicitly disabled (e.g. by the distro config).
+# When compiling against the ncurses library, NCURSES_WIDECHAR needs to explicitly set to 0 in this case.
+CFLAGS:append:libc-musl = "${@' -DNCURSES_WIDECHAR=1' if bb.utils.to_boolean((d.getVar('ENABLE_WIDEC') or 'True')) else ' -DNCURSES_WIDECHAR=0'}"
EXTRA_OECONF = "--with-screen=ncurses --without-gpm-mouse --without-x --disable-configure-args"
EXTRANATIVEPATH += "file-native"
diff --git a/meta/recipes-extended/net-tools/net-tools_2.10.bb b/meta/recipes-extended/net-tools/net-tools_2.10.bb
index 00caccd4b8..eb5881356c 100644
--- a/meta/recipes-extended/net-tools/net-tools_2.10.bb
+++ b/meta/recipes-extended/net-tools/net-tools_2.10.bb
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
file://ifconfig.c;beginline=11;endline=15;md5=d1ca372080ad5401e23ca0afc35cf9ba"
SRCREV = "80d7b95067f1f22fece9537dea6dff53081f4886"
-SRC_URI = "git://git.code.sf.net/p/net-tools/code;protocol=https \
+SRC_URI = "git://git.code.sf.net/p/net-tools/code;protocol=https;branch=master \
file://net-tools-config.h \
file://net-tools-config.make \
file://Add_missing_headers.patch \
diff --git a/meta/recipes-extended/newt/libnewt_0.52.21.bb b/meta/recipes-extended/newt/libnewt_0.52.21.bb
index 84d327ca88..86301b95eb 100644
--- a/meta/recipes-extended/newt/libnewt_0.52.21.bb
+++ b/meta/recipes-extended/newt/libnewt_0.52.21.bb
@@ -29,7 +29,7 @@ SRC_URI[sha256sum] = "265eb46b55d7eaeb887fca7a1d51fe115658882dfe148164b6c49fccac
S = "${WORKDIR}/newt-${PV}"
-inherit autotools-brokensep python3native python3-dir
+inherit autotools-brokensep python3native python3-dir python3targetconfig
EXTRA_OECONF = "--without-tcl --with-python"
diff --git a/meta/recipes-extended/pigz/files/0001-Fix-bug-when-combining-l-with-d.patch b/meta/recipes-extended/pigz/files/0001-Fix-bug-when-combining-l-with-d.patch
new file mode 100644
index 0000000000..9c301f2054
--- /dev/null
+++ b/meta/recipes-extended/pigz/files/0001-Fix-bug-when-combining-l-with-d.patch
@@ -0,0 +1,50 @@
+From 65986f3d12d434b9bc428ceb6fcb1f6eeeb2c47d Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Mon, 17 Jan 2022 15:36:56 +0800
+Subject: [PATCH] Fix bug when combining -l with -d.
+
+Though it makes no sense to do pigz -ld, that is implicit when
+doing unpigz -l. This commit fixes a bug for that combination.
+
+Upstream-Status: Backport [https://github.com/madler/pigz/commit/326bba44aa102c707dd6ebcd2fc3f413b3119db0]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ pigz.c | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/pigz.c b/pigz.c
+index f90157f..d648216 100644
+--- a/pigz.c
++++ b/pigz.c
+@@ -4007,6 +4007,13 @@ local void process(char *path) {
+ }
+ SET_BINARY_MODE(g.ind);
+
++ // if requested, just list information about the input file
++ if (g.list && g.decode != 2) {
++ list_info();
++ load_end();
++ return;
++ }
++
+ // if decoding or testing, try to read gzip header
+ if (g.decode) {
+ in_init();
+@@ -4048,13 +4055,6 @@ local void process(char *path) {
+ }
+ }
+
+- // if requested, just list information about input file
+- if (g.list) {
+- list_info();
+- load_end();
+- return;
+- }
+-
+ // create output file out, descriptor outd
+ if (path == NULL || g.pipeout) {
+ // write to stdout
+--
+2.17.1
+
diff --git a/meta/recipes-extended/pigz/pigz_2.6.bb b/meta/recipes-extended/pigz/pigz_2.6.bb
index 3566e18b7e..d490a6a722 100644
--- a/meta/recipes-extended/pigz/pigz_2.6.bb
+++ b/meta/recipes-extended/pigz/pigz_2.6.bb
@@ -8,7 +8,8 @@ SECTION = "console/utils"
LICENSE = "Zlib & Apache-2.0"
LIC_FILES_CHKSUM = "file://pigz.c;md5=9ae6dee8ceba9610596ed0ada493d142;beginline=7;endline=21"
-SRC_URI = "http://zlib.net/${BPN}/fossils/${BP}.tar.gz"
+SRC_URI = "http://zlib.net/${BPN}/fossils/${BP}.tar.gz \
+ file://0001-Fix-bug-when-combining-l-with-d.patch"
SRC_URI[sha256sum] = "2eed7b0d7449d1d70903f2a62cd6005d262eb3a8c9e98687bc8cbb5809db2a7d"
PROVIDES:class-native += "gzip-native"
diff --git a/meta/recipes-extended/procps/procps_3.3.17.bb b/meta/recipes-extended/procps/procps_3.3.17.bb
index 64a2d154b6..9366ec99aa 100644
--- a/meta/recipes-extended/procps/procps_3.3.17.bb
+++ b/meta/recipes-extended/procps/procps_3.3.17.bb
@@ -12,7 +12,7 @@ DEPENDS = "ncurses"
inherit autotools gettext pkgconfig update-alternatives
-SRC_URI = "git://gitlab.com/procps-ng/procps.git;protocol=https \
+SRC_URI = "git://gitlab.com/procps-ng/procps.git;protocol=https;branch=master \
file://sysctl.conf \
file://0001-w.c-correct-musl-builds.patch \
file://0002-proc-escape.c-add-missing-include.patch \
diff --git a/meta/recipes-extended/psmisc/psmisc_23.4.bb b/meta/recipes-extended/psmisc/psmisc_23.4.bb
index 894443f4ef..89fe8a709c 100644
--- a/meta/recipes-extended/psmisc/psmisc_23.4.bb
+++ b/meta/recipes-extended/psmisc/psmisc_23.4.bb
@@ -2,7 +2,7 @@ require psmisc.inc
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3"
-SRC_URI = "git://gitlab.com/psmisc/psmisc.git;protocol=https \
+SRC_URI = "git://gitlab.com/psmisc/psmisc.git;protocol=https;branch=master \
file://0001-Use-UINTPTR_MAX-instead-of-__WORDSIZE.patch \
"
SRCREV = "5fab6b7ab385080f1db725d6803136ec1841a15f"
diff --git a/meta/recipes-extended/rpcsvc-proto/rpcsvc-proto.bb b/meta/recipes-extended/rpcsvc-proto/rpcsvc-proto.bb
index 678632a814..c08e9d52c3 100644
--- a/meta/recipes-extended/rpcsvc-proto/rpcsvc-proto.bb
+++ b/meta/recipes-extended/rpcsvc-proto/rpcsvc-proto.bb
@@ -19,7 +19,7 @@ PV = "1.4.2"
SRCREV = "6f54e54455c073d08a56ea627c6cd2355a40eb53"
-SRC_URI = "git://github.com/thkukuk/${BPN} \
+SRC_URI = "git://github.com/thkukuk/${BPN};branch=master;protocol=https \
file://0001-Use-cross-compiled-rpcgen.patch \
"
diff --git a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch
index 95728bcd3f..628db42136 100644
--- a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch
+++ b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch
@@ -1,124 +1,52 @@
-From 30a3906a0a21120fa6bbc918b6258ab9303fbeaa Mon Sep 17 00:00:00 2001
-From: Scott Garman <scott.a.garman@intel.com>
-Date: Thu, 14 Apr 2016 12:28:57 +0200
-Subject: [PATCH] Disable use of syslog for sysroot
+From 8b845fff891798a03bdf21354b52e4487c2c0200 Mon Sep 17 00:00:00 2001
+From: Richard Purdie <richard.purdie@linuxfoundation.org>
+Date: Thu, 14 Apr 2022 23:11:53 +0000
+Subject: [PATCH] Disable use of syslog for shadow-native tools
Disable use of syslog to prevent sysroot user and group additions from
writing entries to the host's syslog. This patch should only be used
with the shadow-native recipe.
-Upstream-Status: Inappropriate [disable feature]
-
-Signed-off-by: Scott Garman <scott.a.garman@intel.com>
+Upstream-Status: Inappropriate [OE specific configuration]
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
- src/groupadd.c | 3 +++
- src/groupdel.c | 3 +++
- src/groupmems.c | 3 +++
- src/groupmod.c | 3 +++
- src/useradd.c | 3 +++
- src/userdel.c | 4 ++++
- src/usermod.c | 3 +++
- 7 files changed, 22 insertions(+)
+ configure.ac | 2 +-
+ src/login_nopam.c | 3 ++-
+ 2 files changed, 3 insertions(+), 2 deletions(-)
-diff --git a/src/groupadd.c b/src/groupadd.c
-index d7f68b1..5fe5f43 100644
---- a/src/groupadd.c
-+++ b/src/groupadd.c
-@@ -34,6 +34,9 @@
-
- #ident "$Id$"
-
-+/* Disable use of syslog since we're running this command against a sysroot */
-+#undef USE_SYSLOG
-+
- #include <ctype.h>
- #include <fcntl.h>
- #include <getopt.h>
-diff --git a/src/groupdel.c b/src/groupdel.c
-index 5c89312..2aefc5a 100644
---- a/src/groupdel.c
-+++ b/src/groupdel.c
-@@ -34,6 +34,9 @@
-
+diff --git a/configure.ac b/configure.ac
+index 5dcae19..b2c58f5 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -204,7 +204,7 @@ AC_DEFINE_UNQUOTED(PASSWD_PROGRAM, "$shadow_cv_passwd_dir/passwd",
+ [Path to passwd program.])
+
+ dnl XXX - quick hack, should disappear before anyone notices :).
+-AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().])
++#AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().])
+ if test "$ac_cv_func_ruserok" = "yes"; then
+ AC_DEFINE(RLOGIN, 1, [Define if login should support the -r flag for rlogind.])
+ AC_DEFINE(RUSEROK, 0, [Define to the ruserok() "success" return value (0 or 1).])
+diff --git a/src/login_nopam.c b/src/login_nopam.c
+index df6ba88..fc24e13 100644
+--- a/src/login_nopam.c
++++ b/src/login_nopam.c
+@@ -29,7 +29,6 @@
+ #ifndef USE_PAM
#ident "$Id$"
-+/* Disable use of syslog since we're running this command against a sysroot */
-+#undef USE_SYSLOG
-+
- #include <ctype.h>
- #include <fcntl.h>
- #include <grp.h>
-diff --git a/src/groupmems.c b/src/groupmems.c
-index 654a8f3..6b2026b 100644
---- a/src/groupmems.c
-+++ b/src/groupmems.c
-@@ -32,6 +32,9 @@
-
- #include <config.h>
-
-+/* Disable use of syslog since we're running this command against a sysroot */
-+#undef USE_SYSLOG
-+
- #include <fcntl.h>
- #include <getopt.h>
- #include <grp.h>
-diff --git a/src/groupmod.c b/src/groupmod.c
-index acd6f35..a2c5247 100644
---- a/src/groupmod.c
-+++ b/src/groupmod.c
-@@ -34,6 +34,9 @@
-
- #ident "$Id$"
-
-+/* Disable use of syslog since we're running this command against a sysroot */
-+#undef USE_SYSLOG
-+
- #include <ctype.h>
- #include <fcntl.h>
- #include <getopt.h>
-diff --git a/src/useradd.c b/src/useradd.c
-index 127177e..b80e505 100644
---- a/src/useradd.c
-+++ b/src/useradd.c
-@@ -34,6 +34,9 @@
-
- #ident "$Id$"
-
-+/* Disable use of syslog since we're running this command against a sysroot */
-+#undef USE_SYSLOG
-+
- #include <assert.h>
- #include <ctype.h>
- #include <errno.h>
-diff --git a/src/userdel.c b/src/userdel.c
-index 79a7c89..c1e010a 100644
---- a/src/userdel.c
-+++ b/src/userdel.c
-@@ -31,6 +31,10 @@
- */
-
- #include <config.h>
-+
-+/* Disable use of syslog since we're running this command against a sysroot */
-+#undef USE_SYSLOG
-+
- #include <assert.h>
- #include <dirent.h>
- #include <errno.h>
-diff --git a/src/usermod.c b/src/usermod.c
-index 03bb9b9..e15fdd4 100644
---- a/src/usermod.c
-+++ b/src/usermod.c
-@@ -34,6 +34,9 @@
-
- #ident "$Id$"
+-#include "prototypes.h"
+ /*
+ * This module implements a simple but effective form of login access
+ * control based on login names and on host (or domain) names, internet
+@@ -57,6 +56,8 @@
+ #include <netinet/in.h>
+ #include <arpa/inet.h> /* for inet_ntoa() */
-+/* Disable use of syslog since we're running this command against a sysroot */
-+#undef USE_SYSLOG
++#include "prototypes.h"
+
- #include <assert.h>
- #include <ctype.h>
- #include <errno.h>
+ #if !defined(MAXHOSTNAMELEN) || (MAXHOSTNAMELEN < 64)
+ #undef MAXHOSTNAMELEN
+ #define MAXHOSTNAMELEN 256
diff --git a/meta/recipes-extended/stress-ng/stress-ng/0001-Makefile-do-not-write-the-timestamp-into-compressed-.patch b/meta/recipes-extended/stress-ng/stress-ng/0001-Makefile-do-not-write-the-timestamp-into-compressed-.patch
new file mode 100644
index 0000000000..21a410f605
--- /dev/null
+++ b/meta/recipes-extended/stress-ng/stress-ng/0001-Makefile-do-not-write-the-timestamp-into-compressed-.patch
@@ -0,0 +1,26 @@
+From 2386cd8f907b379ae5cc1ce2888abef7d30e709a Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex@linutronix.de>
+Date: Sat, 23 Oct 2021 20:20:59 +0200
+Subject: [PATCH] Makefile: do not write the timestamp into compressed manpage.
+
+This helps reproducibility.
+
+Upstream-Status: Submitted [https://github.com/ColinIanKing/stress-ng/pull/156]
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index 886018f9..f4290f9c 100644
+--- a/Makefile
++++ b/Makefile
+@@ -468,7 +468,7 @@ git-commit-id.h:
+ $(OBJS): stress-ng.h Makefile
+
+ stress-ng.1.gz: stress-ng.1
+- $(V)gzip -c $< > $@
++ $(V)gzip -n -c $< > $@
+
+ .PHONY: dist
+ dist:
diff --git a/meta/recipes-extended/stress-ng/stress-ng_0.13.00.bb b/meta/recipes-extended/stress-ng/stress-ng_0.13.00.bb
index 198f7e87c7..f01e7b2433 100644
--- a/meta/recipes-extended/stress-ng/stress-ng_0.13.00.bb
+++ b/meta/recipes-extended/stress-ng/stress-ng_0.13.00.bb
@@ -1,14 +1,16 @@
SUMMARY = "System load testing utility"
DESCRIPTION = "Deliberately simple workload generator for POSIX systems. It \
imposes a configurable amount of CPU, memory, I/O, and disk stress on the system."
-HOMEPAGE = "https://kernel.ubuntu.com/~cking/stress-ng/"
+HOMEPAGE = "https://github.com/ColinIanKing/stress-ng#readme"
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
-SRC_URI = "https://kernel.ubuntu.com/~cking/tarballs/${BPN}/${BP}.tar.xz \
+SRC_URI = "git://github.com/ColinIanKing/stress-ng.git;protocol=https;branch=master \
file://0001-Do-not-preserve-ownership-when-installing-example-jo.patch \
+ file://0001-Makefile-do-not-write-the-timestamp-into-compressed-.patch \
"
-SRC_URI[sha256sum] = "1cefe4a3057c1522b146e62f61b80ce6e2e99da2d85ebe25bc03fc45228e58cd"
+SRCREV = "61b454b4a3a9d052e63c78a9574ccf8a650575dc"
+S = "${WORKDIR}/git"
DEPENDS = "coreutils-native"
diff --git a/meta/recipes-extended/sysklogd/sysklogd_2.2.3.bb b/meta/recipes-extended/sysklogd/sysklogd_2.2.3.bb
index eca531d05d..f4ecb7d459 100644
--- a/meta/recipes-extended/sysklogd/sysklogd_2.2.3.bb
+++ b/meta/recipes-extended/sysklogd/sysklogd_2.2.3.bb
@@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5b4be4b2549338526758ef479c040943 \
inherit update-rc.d update-alternatives systemd autotools
-SRC_URI = "git://github.com/troglobit/sysklogd.git;nobranch=1 \
+SRC_URI = "git://github.com/troglobit/sysklogd.git;nobranch=1;protocol=https \
file://sysklogd \
"
diff --git a/meta/recipes-extended/tar/tar_1.34.bb b/meta/recipes-extended/tar/tar_1.34.bb
index 3488a6c955..5a415c775a 100644
--- a/meta/recipes-extended/tar/tar_1.34.bb
+++ b/meta/recipes-extended/tar/tar_1.34.bb
@@ -63,6 +63,6 @@ NATIVE_PACKAGE_PATH_SUFFIX = "/${PN}"
BBCLASSEXTEND = "native nativesdk"
-# These are both specific to the NPM package node-tar
-CVE_CHECK_WHITELIST += "CVE-2021-32803 CVE-2021-32804"
-CVE_CHECK_WHITELIST += "CVE-2021-37701 CVE-2021-37712 CVE-2021-37713"
+# Avoid false positives from CVEs in node-tar package
+# For example CVE-2021-{32803,32804,37701,37712,37713}
+CVE_PRODUCT = "gnu:tar"
diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc
index c7d4965cb8..43d14d7f12 100644
--- a/meta/recipes-extended/timezone/timezone.inc
+++ b/meta/recipes-extended/timezone/timezone.inc
@@ -6,7 +6,7 @@ SECTION = "base"
LICENSE = "PD & BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba"
-PV = "2021a"
+PV = "2021e"
SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode \
http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata \
@@ -14,5 +14,6 @@ SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz
UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones"
-SRC_URI[tzcode.sha256sum] = "eb46bfa124b5b6bd13d61a609bfde8351bd192894708d33aa06e5c1e255802d0"
-SRC_URI[tzdata.sha256sum] = "39e7d2ba08c68cbaefc8de3227aab0dec2521be8042cf56855f7dc3a9fb14e08"
+SRC_URI[tzcode.sha256sum] = "584666393a5424d13d27ec01183da17703273664742e049d4f62f62dab631775"
+SRC_URI[tzdata.sha256sum] = "07ec42b737d0d3c6be9c337f8abb5f00554a0f9cc4fcf01a703d69403b6bb2b1"
+
diff --git a/meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch b/meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch
new file mode 100644
index 0000000000..6ba2b879a3
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch
@@ -0,0 +1,67 @@
+From 731d698377dbd1f5b1b90efeb8094602ed59fc40 Mon Sep 17 00:00:00 2001
+From: Nils Bars <nils.bars@t-online.de>
+Date: Mon, 17 Jan 2022 16:53:16 +0000
+Subject: [PATCH] Fix null pointer dereference and use of uninitialized data
+
+This fixes a bug that causes use of uninitialized heap data if `readbuf` fails
+to read as many bytes as indicated by the extra field length attribute.
+Furthermore, this fixes a null pointer dereference if an archive contains an
+`EF_UNIPATH` extra field but does not have a filename set.
+---
+ fileio.c | 5 ++++-
+ process.c | 6 +++++-
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+---
+
+Patch from:
+https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077
+https://launchpadlibrarian.net/580782282/0001-Fix-null-pointer-dereference-and-use-of-uninitialized-data.patch
+Regenerated to apply without offsets.
+
+CVE: CVE-2021-4217
+
+Upstream-Status: Pending [infozip upstream inactive]
+
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+
+
+diff --git a/fileio.c b/fileio.c
+index 14460f3..1dc319e 100644
+--- a/fileio.c
++++ b/fileio.c
+@@ -2301,8 +2301,11 @@ int do_string(__G__ length, option) /* return PK-type error code */
+ seek_zipf(__G__ G.cur_zipfile_bufstart - G.extra_bytes +
+ (G.inptr-G.inbuf) + length);
+ } else {
+- if (readbuf(__G__ (char *)G.extra_field, length) == 0)
++ unsigned bytes_read = readbuf(__G__ (char *)G.extra_field, length);
++ if (bytes_read == 0)
+ return PK_EOF;
++ if (bytes_read != length)
++ return PK_ERR;
+ /* Looks like here is where extra fields are read */
+ if (getZip64Data(__G__ G.extra_field, length) != PK_COOL)
+ {
+diff --git a/process.c b/process.c
+index 5f8f6c6..de843a5 100644
+--- a/process.c
++++ b/process.c
+@@ -2058,10 +2058,14 @@ int getUnicodeData(__G__ ef_buf, ef_len)
+ G.unipath_checksum = makelong(offset + ef_buf);
+ offset += 4;
+
++ if (!G.filename_full) {
++ /* Check if we have a unicode extra section but no filename set */
++ return PK_ERR;
++ }
++
+ /*
+ * Compute 32-bit crc
+ */
+-
+ chksum = crc32(chksum, (uch *)(G.filename_full),
+ strlen(G.filename_full));
+
+--
+2.32.0
+
diff --git a/meta/recipes-extended/unzip/unzip_6.0.bb b/meta/recipes-extended/unzip/unzip_6.0.bb
index 0bc6abcd4b..d074db37b4 100644
--- a/meta/recipes-extended/unzip/unzip_6.0.bb
+++ b/meta/recipes-extended/unzip/unzip_6.0.bb
@@ -27,6 +27,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/infozip/UnZip%206.x%20%28latest%29/UnZip%206.0/
file://CVE-2019-13232_p2.patch \
file://CVE-2019-13232_p3.patch \
file://unzip_optimization.patch \
+ file://CVE-2021-4217.patch \
"
UPSTREAM_VERSION_UNKNOWN = "1"
diff --git a/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb b/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb
index da051c119f..e64494e54e 100644
--- a/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb
+++ b/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=55c5fdf02cfcca3fc9621b6f2ceae10f"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)"
-SRC_URI = "git://github.com/openSUSE/xinetd.git;protocol=https \
+SRC_URI = "git://github.com/openSUSE/xinetd.git;protocol=https;branch=master \
file://xinetd.init \
file://xinetd.default \
file://xinetd.service \
diff --git a/meta/recipes-extended/xz/xz/CVE-2022-1271.patch b/meta/recipes-extended/xz/xz/CVE-2022-1271.patch
new file mode 100644
index 0000000000..e43e73cf12
--- /dev/null
+++ b/meta/recipes-extended/xz/xz/CVE-2022-1271.patch
@@ -0,0 +1,96 @@
+From dc932a1e9c0d9f1db71be11a9b82496e3a72f112 Mon Sep 17 00:00:00 2001
+From: Lasse Collin <lasse.collin@tukaani.org>
+Date: Tue, 29 Mar 2022 19:19:12 +0300
+Subject: [PATCH] xzgrep: Fix escaping of malicious filenames (ZDI-CAN-16587).
+
+Malicious filenames can make xzgrep to write to arbitrary files
+or (with a GNU sed extension) lead to arbitrary code execution.
+
+xzgrep from XZ Utils versions up to and including 5.2.5 are
+affected. 5.3.1alpha and 5.3.2alpha are affected as well.
+This patch works for all of them.
+
+This bug was inherited from gzip's zgrep. gzip 1.12 includes
+a fix for zgrep.
+
+The issue with the old sed script is that with multiple newlines,
+the N-command will read the second line of input, then the
+s-commands will be skipped because it's not the end of the
+file yet, then a new sed cycle starts and the pattern space
+is printed and emptied. So only the last line or two get escaped.
+
+One way to fix this would be to read all lines into the pattern
+space first. However, the included fix is even simpler: All lines
+except the last line get a backslash appended at the end. To ensure
+that shell command substitution doesn't eat a possible trailing
+newline, a colon is appended to the filename before escaping.
+The colon is later used to separate the filename from the grep
+output so it is fine to add it here instead of a few lines later.
+
+The old code also wasn't POSIX compliant as it used \n in the
+replacement section of the s-command. Using \<newline> is the
+POSIX compatible method.
+
+LC_ALL=C was added to the two critical sed commands. POSIX sed
+manual recommends it when using sed to manipulate pathnames
+because in other locales invalid multibyte sequences might
+cause issues with some sed implementations. In case of GNU sed,
+these particular sed scripts wouldn't have such problems but some
+other scripts could have, see:
+
+ info '(sed)Locale Considerations'
+
+This vulnerability was discovered by:
+cleemy desu wayo working with Trend Micro Zero Day Initiative
+
+Thanks to Jim Meyering and Paul Eggert discussing the different
+ways to fix this and for coordinating the patch release schedule
+with gzip.
+
+Upstream-Status: Backport [https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch]
+CVE: CVE-2022-1271
+
+Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
+---
+ src/scripts/xzgrep.in | 20 ++++++++++++--------
+ 1 file changed, 12 insertions(+), 8 deletions(-)
+
+diff --git a/src/scripts/xzgrep.in b/src/scripts/xzgrep.in
+index 9db5c3a..f64dddb 100644
+--- a/src/scripts/xzgrep.in
++++ b/src/scripts/xzgrep.in
+@@ -179,22 +179,26 @@ for i; do
+ { test $# -eq 1 || test $no_filename -eq 1; }; then
+ eval "$grep"
+ else
++ # Append a colon so that the last character will never be a newline
++ # which would otherwise get lost in shell command substitution.
++ i="$i:"
++
++ # Escape & \ | and newlines only if such characters are present
++ # (speed optimization).
+ case $i in
+ (*'
+ '* | *'&'* | *'\'* | *'|'*)
+- i=$(printf '%s\n' "$i" |
+- sed '
+- $!N
+- $s/[&\|]/\\&/g
+- $s/\n/\\n/g
+- ');;
++ i=$(printf '%s\n' "$i" | LC_ALL=C sed 's/[&\|]/\\&/g; $!s/$/\\/');;
+ esac
+- sed_script="s|^|$i:|"
++
++ # $i already ends with a colon so don't add it here.
++ sed_script="s|^|$i|"
+
+ # Fail if grep or sed fails.
+ r=$(
+ exec 4>&1
+- (eval "$grep" 4>&-; echo $? >&4) 3>&- | sed "$sed_script" >&3 4>&-
++ (eval "$grep" 4>&-; echo $? >&4) 3>&- |
++ LC_ALL=C sed "$sed_script" >&3 4>&-
+ ) || r=2
+ exit $r
+ fi >&3 5>&-
diff --git a/meta/recipes-extended/xz/xz_5.2.5.bb b/meta/recipes-extended/xz/xz_5.2.5.bb
index 8021ebd9bc..200af0e672 100644
--- a/meta/recipes-extended/xz/xz_5.2.5.bb
+++ b/meta/recipes-extended/xz/xz_5.2.5.bb
@@ -23,7 +23,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=97d554a32881fee0aa283d96e47cb24a \
file://lib/getopt.c;endline=23;md5=2069b0ee710572c03bb3114e4532cd84 \
"
-SRC_URI = "https://tukaani.org/xz/xz-${PV}.tar.gz"
+SRC_URI = "https://tukaani.org/xz/xz-${PV}.tar.gz \
+ file://CVE-2022-1271.patch \
+ "
SRC_URI[md5sum] = "0d270c997aff29708c74d53f599ef717"
SRC_URI[sha256sum] = "f6f4910fd033078738bd82bfba4f49219d03b17eb0794eb91efbae419f4aba10"
UPSTREAM_CHECK_REGEX = "xz-(?P<pver>\d+(\.\d+)+)\.tar"
diff --git a/meta/recipes-extended/zip/zip-3.0/0001-configure-use-correct-CPP.patch b/meta/recipes-extended/zip/zip-3.0/0001-configure-use-correct-CPP.patch
new file mode 100644
index 0000000000..02253f968c
--- /dev/null
+++ b/meta/recipes-extended/zip/zip-3.0/0001-configure-use-correct-CPP.patch
@@ -0,0 +1,47 @@
+From 7a2729ee7f5d9b9d4a0d9b83fe641a2ab03c4ee0 Mon Sep 17 00:00:00 2001
+From: Joe Slater <joe.slater@windriver.com>
+Date: Thu, 24 Feb 2022 17:36:59 -0800
+Subject: [PATCH 1/2] configure: use correct CPP
+
+configure uses CPP to test that two assembler routines
+can be built. Unfortunately, it will use /usr/bin/cpp
+if it exists, invalidating the tests. We use the $CC
+passed to configure.
+
+Upstream-Status: Inappropriate [openembedded specific]
+
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+---
+ unix/configure | 15 +++++++++------
+ 1 file changed, 9 insertions(+), 6 deletions(-)
+
+diff --git a/unix/configure b/unix/configure
+index 73ba803..7e21070 100644
+--- a/unix/configure
++++ b/unix/configure
+@@ -220,13 +220,16 @@ fi
+ echo Check for the C preprocessor
+ # on SVR4, cc -E does not produce correct assembler files. Need /lib/cpp.
+ CPP="${CC} -E"
++
++# We should not change CPP for yocto builds.
++#
+ # solaris as(1) needs -P, maybe others as well ?
+-[ -f /usr/ccs/lib/cpp ] && CPP="/usr/ccs/lib/cpp -P"
+-[ -f /usr/lib/cpp ] && CPP=/usr/lib/cpp
+-[ -f /lib/cpp ] && CPP=/lib/cpp
+-[ -f /usr/bin/cpp ] && CPP=/usr/bin/cpp
+-[ -f /xenix ] && CPP="${CC} -E"
+-[ -f /lynx.os ] && CPP="${CC} -E"
++# [ -f /usr/ccs/lib/cpp ] && CPP="/usr/ccs/lib/cpp -P"
++# [ -f /usr/lib/cpp ] && CPP=/usr/lib/cpp
++# [ -f /lib/cpp ] && CPP=/lib/cpp
++# [ -f /usr/bin/cpp ] && CPP=/usr/bin/cpp
++# [ -f /xenix ] && CPP="${CC} -E"
++# [ -f /lynx.os ] && CPP="${CC} -E"
+
+ echo "#include <stdio.h>" > conftest.c
+ $CPP conftest.c >/dev/null 2>/dev/null || CPP="${CC} -E"
+--
+2.24.1
+
diff --git a/meta/recipes-extended/zip/zip-3.0/0002-configure-support-PIC-code-build.patch b/meta/recipes-extended/zip/zip-3.0/0002-configure-support-PIC-code-build.patch
new file mode 100644
index 0000000000..6e0879616a
--- /dev/null
+++ b/meta/recipes-extended/zip/zip-3.0/0002-configure-support-PIC-code-build.patch
@@ -0,0 +1,34 @@
+From b0492506d2c28581193906e9d260d4f0451e2c39 Mon Sep 17 00:00:00 2001
+From: Joe Slater <joe.slater@windriver.com>
+Date: Thu, 24 Feb 2022 17:46:03 -0800
+Subject: [PATCH 2/2] configure: support PIC code build
+
+Disable building match.S. The code requires
+relocation in .text.
+
+Upstream-Status: Inappropriate [openembedded specific]
+
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+---
+ unix/configure | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/unix/configure b/unix/configure
+index 7e21070..1bc698b 100644
+--- a/unix/configure
++++ b/unix/configure
+@@ -242,8 +242,9 @@ if eval "$CPP match.S > _match.s 2>/dev/null"; then
+ if test ! -s _match.s || grep error < _match.s > /dev/null; then
+ :
+ elif eval "$CC -c _match.s >/dev/null 2>/dev/null" && [ -f _match.o ]; then
+- CFLAGS="${CFLAGS} -DASMV"
+- OBJA="match.o"
++ # disable match.S for PIC code
++ # CFLAGS="${CFLAGS} -DASMV"
++ # OBJA="match.o"
+ echo "int foo() { return 0;}" > conftest.c
+ $CC -c conftest.c >/dev/null 2>/dev/null
+ echo Check if compiler generates underlines
+--
+2.24.1
+
diff --git a/meta/recipes-extended/zip/zip_3.0.bb b/meta/recipes-extended/zip/zip_3.0.bb
index 18b5d8648e..f8e0b6e259 100644
--- a/meta/recipes-extended/zip/zip_3.0.bb
+++ b/meta/recipes-extended/zip/zip_3.0.bb
@@ -14,6 +14,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/infozip/Zip%203.x%20%28latest%29/3.0/zip30.tar.
file://fix-security-format.patch \
file://10-remove-build-date.patch \
file://zipnote-crashes-with-segfault.patch \
+ file://0001-configure-use-correct-CPP.patch \
+ file://0002-configure-support-PIC-code-build.patch \
"
UPSTREAM_VERSION_UNKNOWN = "1"
diff --git a/meta/recipes-extended/zstd/zstd_1.5.0.bb b/meta/recipes-extended/zstd/zstd_1.5.0.bb
index 978812fddb..51305d0562 100644
--- a/meta/recipes-extended/zstd/zstd_1.5.0.bb
+++ b/meta/recipes-extended/zstd/zstd_1.5.0.bb
@@ -9,7 +9,7 @@ LICENSE = "BSD-3-Clause & GPLv2"
LIC_FILES_CHKSUM = "file://LICENSE;md5=c7f0b161edbe52f5f345a3d1311d0b32 \
file://COPYING;md5=39bba7d2cf0ba1036f2a6e2be52fe3f0"
-SRC_URI = "git://github.com/facebook/zstd.git;branch=release \
+SRC_URI = "git://github.com/facebook/zstd.git;branch=release;protocol=https \
file://0001-Makefile-sort-all-wildcard-file-list-expansions.patch \
file://0001-MinGW-Build-Fixes.patch \
"
diff --git a/meta/recipes-gnome/epiphany/epiphany_40.3.bb b/meta/recipes-gnome/epiphany/epiphany_40.6.bb
index c5dc0baefa..1f3fab3c4a 100644
--- a/meta/recipes-gnome/epiphany/epiphany_40.3.bb
+++ b/meta/recipes-gnome/epiphany/epiphany_40.6.bb
@@ -20,7 +20,7 @@ SRC_URI = "${GNOME_MIRROR}/${GNOMEBN}/${@oe.utils.trim_version("${PV}", 1)}/${GN
file://migrator.patch \
file://distributor.patch \
"
-SRC_URI[archive.sha256sum] = "dad138b9f2d55de271128fca38b61f53fd980c587d29e1ba6b508fff3b19f564"
+SRC_URI[archive.sha256sum] = "a2abf71b165b4302643147d637808847d64df6a97ce460703542dec75e81b5f7"
# Developer mode enables debugging
PACKAGECONFIG[developer-mode] = "-Ddeveloper_mode=true,-Ddeveloper_mode=false"
diff --git a/meta/recipes-gnome/libportal/libportal_0.4.bb b/meta/recipes-gnome/libportal/libportal_0.4.bb
index 03e681f58c..5817302688 100644
--- a/meta/recipes-gnome/libportal/libportal_0.4.bb
+++ b/meta/recipes-gnome/libportal/libportal_0.4.bb
@@ -6,7 +6,7 @@ BUGTRACKER = "https://github.com/flatpak/libportal/issues"
LICENSE = "LGPLv2.1"
LIC_FILES_CHKSUM = "file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2"
-SRC_URI = "git://github.com/flatpak/${BPN}.git;protocol=https"
+SRC_URI = "git://github.com/flatpak/${BPN}.git;protocol=https;branch=master"
SRCREV = "f68764e288ede516d902b131cc4fadded3804059"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-graphics/drm/libdrm_2.4.107.bb b/meta/recipes-graphics/drm/libdrm_2.4.109.bb
index b645898481..fb5ddd82c0 100644
--- a/meta/recipes-graphics/drm/libdrm_2.4.107.bb
+++ b/meta/recipes-graphics/drm/libdrm_2.4.109.bb
@@ -13,7 +13,7 @@ DEPENDS = "libpthread-stubs"
SRC_URI = "http://dri.freedesktop.org/libdrm/${BP}.tar.xz \
"
-SRC_URI[sha256sum] = "c554cef03b033636a975543eab363cc19081cb464595d3da1ec129f87370f888"
+SRC_URI[sha256sum] = "629352e08c1fe84862ca046598d8a08ce14d26ab25ee1f4704f993d074cb7f26"
inherit meson pkgconfig manpages
diff --git a/meta/recipes-graphics/glslang/glslang_11.5.0.bb b/meta/recipes-graphics/glslang/glslang_11.5.0.bb
index 2f076e5684..4c33744e71 100644
--- a/meta/recipes-graphics/glslang/glslang_11.5.0.bb
+++ b/meta/recipes-graphics/glslang/glslang_11.5.0.bb
@@ -9,7 +9,7 @@ LICENSE = "BSD-3-Clause & BSD-2-Clause & MIT & Apache-2.0 & GPL-3-with-bison-exc
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c5ce49c0456e9b413b98a4368c378229"
SRCREV = "ae2a562936cc8504c9ef2757cceaff163147834f"
-SRC_URI = "git://github.com/KhronosGroup/glslang.git;protocol=https \
+SRC_URI = "git://github.com/KhronosGroup/glslang.git;protocol=https;branch=master \
file://0001-generate-glslang-pkg-config.patch"
UPSTREAM_CHECK_GITTAGREGEX = "^(?P<pver>\d+(\.\d+)+)$"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-graphics/harfbuzz/harfbuzz_2.9.0.bb b/meta/recipes-graphics/harfbuzz/harfbuzz_2.9.1.bb
index bc91a8c03c..694553beef 100644
--- a/meta/recipes-graphics/harfbuzz/harfbuzz_2.9.0.bb
+++ b/meta/recipes-graphics/harfbuzz/harfbuzz_2.9.1.bb
@@ -12,7 +12,7 @@ UPSTREAM_CHECK_URI = "https://github.com/${BPN}/${BPN}/releases"
UPSTREAM_CHECK_REGEX = "harfbuzz-(?P<pver>\d+(\.\d+)+).tar"
SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "3e1c2e1d2c65d56364fd16d1c41a06b2a35795496f78dfff635c2b7414b54c5a"
+SRC_URI[sha256sum] = "0edcc980f526a338452180e701d6aba6323aef457b6686976a7d17ccbddc51cf"
inherit meson pkgconfig lib_package gtk-doc gobject-introspection
diff --git a/meta/recipes-graphics/igt-gpu-tools/igt-gpu-tools_git.bb b/meta/recipes-graphics/igt-gpu-tools/igt-gpu-tools_git.bb
index 1a00eca7d3..680561cac9 100644
--- a/meta/recipes-graphics/igt-gpu-tools/igt-gpu-tools_git.bb
+++ b/meta/recipes-graphics/igt-gpu-tools/igt-gpu-tools_git.bb
@@ -12,7 +12,7 @@ inherit meson pkgconfig
SRCREV = "203def046b466fb2da67f9f15552d84e1c0b41f2"
PV = "1.26"
-SRC_URI = "git://gitlab.freedesktop.org/drm/igt-gpu-tools.git;protocol=https"
+SRC_URI = "git://gitlab.freedesktop.org/drm/igt-gpu-tools.git;protocol=https;branch=master"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-graphics/libfakekey/libfakekey_git.bb b/meta/recipes-graphics/libfakekey/libfakekey_git.bb
index ab6f5ac9ed..33ea6fe5a9 100644
--- a/meta/recipes-graphics/libfakekey/libfakekey_git.bb
+++ b/meta/recipes-graphics/libfakekey/libfakekey_git.bb
@@ -13,7 +13,7 @@ SECTION = "x11/wm"
SRCREV = "7ad885912efb2131e80914e964d5e635b0d07b40"
PV = "0.3+git${SRCPV}"
-SRC_URI = "git://git.yoctoproject.org/${BPN}"
+SRC_URI = "git://git.yoctoproject.org/${BPN};branch=master"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-graphics/libmatchbox/libmatchbox_1.12.bb b/meta/recipes-graphics/libmatchbox/libmatchbox_1.12.bb
index 1a31677978..06bd682823 100644
--- a/meta/recipes-graphics/libmatchbox/libmatchbox_1.12.bb
+++ b/meta/recipes-graphics/libmatchbox/libmatchbox_1.12.bb
@@ -17,7 +17,7 @@ DEPENDS = "virtual/libx11 libxext"
#SRCREV for 1.12
SRCREV = "e846ee434f8e23d9db38af13c523f791495e0e87"
-SRC_URI = "git://git.yoctoproject.org/${BPN}"
+SRC_URI = "git://git.yoctoproject.org/${BPN};branch=master"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-graphics/libva/libva-utils_2.12.0.bb b/meta/recipes-graphics/libva/libva-utils_2.12.0.bb
index 096d80b68d..3550ad0c59 100644
--- a/meta/recipes-graphics/libva/libva-utils_2.12.0.bb
+++ b/meta/recipes-graphics/libva/libva-utils_2.12.0.bb
@@ -14,7 +14,7 @@ SECTION = "x11"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://COPYING;md5=b148fc8adf19dc9aec17cf9cd29a9a5e"
-SRC_URI = "git://github.com/intel/libva-utils.git;branch=v2.11-branch"
+SRC_URI = "git://github.com/intel/libva-utils.git;branch=v2.11-branch;protocol=https"
SRCREV = "c0145a895ebe9b24cde5c441733f90482f1e3d71"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-graphics/matchbox-wm/matchbox-wm_1.2.2.bb b/meta/recipes-graphics/matchbox-wm/matchbox-wm_1.2.2.bb
index 95a0604aee..f452ea032a 100644
--- a/meta/recipes-graphics/matchbox-wm/matchbox-wm_1.2.2.bb
+++ b/meta/recipes-graphics/matchbox-wm/matchbox-wm_1.2.2.bb
@@ -12,7 +12,7 @@ DEPENDS = "libmatchbox virtual/libx11 libxext libxrender startup-notification ex
# SRCREV tagged 1.2.2
SRCREV = "27da947e7fbdf9659f7e5bd1e92af92af6c03970"
-SRC_URI = "git://git.yoctoproject.org/matchbox-window-manager \
+SRC_URI = "git://git.yoctoproject.org/matchbox-window-manager;branch=master \
file://0001-Fix-build-with-gcc-10.patch \
file://kbdconfig"
diff --git a/meta/recipes-graphics/mesa/files/without-neon.patch b/meta/recipes-graphics/mesa/files/without-neon.patch
deleted file mode 100644
index 56e4aa7769..0000000000
--- a/meta/recipes-graphics/mesa/files/without-neon.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-Since 80923e8d ("util/format: Add some NEON intrinsics-based u_format_unpack.")
-upstream the build fails on Arm platforms which use the soft-float ABI, such as
-qemuarmv5:
-
- arm_neon.h:31:2: error: #error "NEON intrinsics not available with the
- soft-float ABI. Please use -mfloat-abi=softfp or -mfloat-abi=hard"
-
-Take a patch from upstream to check the ABI being used before trying to
-use NEON instructions.
-
-Upstream-Status: Backport [https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/12569]
-Signed-off-by: Ross Burton <ross.burton@arm.com>
-
-From 5dcce985a6dd3b7856d65e21db753e2c7a0f5dd5 Mon Sep 17 00:00:00 2001
-From: Adrian Bunk <bunk@debian.org>
-Date: Thu, 26 Aug 2021 22:35:49 +0300
-Subject: [PATCH] util/format: NEON is not available with the soft-float ABI
-
-Fixes: 80923e8d58cc ("util/format: Add some NEON intrinsics-based u_format_unpack.")
----
- src/util/format/u_format.c | 2 +-
- src/util/format/u_format_unpack_neon.c | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/util/format/u_format.c b/src/util/format/u_format.c
-index c49b3788c82..31f1f240efc 100644
---- a/src/util/format/u_format.c
-+++ b/src/util/format/u_format.c
-@@ -1138,7 +1138,7 @@ static void
- util_format_unpack_table_init(void)
- {
- for (enum pipe_format format = PIPE_FORMAT_NONE; format < PIPE_FORMAT_COUNT; format++) {
--#if (defined(PIPE_ARCH_AARCH64) || defined(PIPE_ARCH_ARM)) && !defined NO_FORMAT_ASM
-+#if (defined(PIPE_ARCH_AARCH64) || defined(PIPE_ARCH_ARM)) && !defined(NO_FORMAT_ASM) && !defined(__SOFTFP__)
- const struct util_format_unpack_description *unpack = util_format_unpack_description_neon(format);
- if (unpack) {
- util_format_unpack_table[format] = unpack;
-diff --git a/src/util/format/u_format_unpack_neon.c b/src/util/format/u_format_unpack_neon.c
-index 7456d7aaa88..a4a5cb1f723 100644
---- a/src/util/format/u_format_unpack_neon.c
-+++ b/src/util/format/u_format_unpack_neon.c
-@@ -23,7 +23,7 @@
-
- #include <u_format.h>
-
--#if (defined(PIPE_ARCH_AARCH64) || defined(PIPE_ARCH_ARM)) && !defined NO_FORMAT_ASM
-+#if (defined(PIPE_ARCH_AARCH64) || defined(PIPE_ARCH_ARM)) && !defined(NO_FORMAT_ASM) && !defined(__SOFTFP__)
-
- /* armhf builds default to vfp, not neon, and refuses to compile neon intrinsics
- * unless you tell it "no really".
---
-GitLab
-
diff --git a/meta/recipes-graphics/mesa/mesa-gl_21.2.1.bb b/meta/recipes-graphics/mesa/mesa-gl_21.2.4.bb
index 142bb743b1..142bb743b1 100644
--- a/meta/recipes-graphics/mesa/mesa-gl_21.2.1.bb
+++ b/meta/recipes-graphics/mesa/mesa-gl_21.2.4.bb
diff --git a/meta/recipes-graphics/mesa/mesa.inc b/meta/recipes-graphics/mesa/mesa.inc
index 282671d30f..f1a1e57062 100644
--- a/meta/recipes-graphics/mesa/mesa.inc
+++ b/meta/recipes-graphics/mesa/mesa.inc
@@ -19,10 +19,9 @@ SRC_URI = "https://mesa.freedesktop.org/archive/mesa-${PV}.tar.xz \
file://0002-meson.build-make-TLS-ELF-optional.patch \
file://0001-meson-misdetects-64bit-atomics-on-mips-clang.patch \
file://0001-futex.h-Define-__NR_futex-if-it-does-not-exist.patch \
- file://without-neon.patch \
"
-SRC_URI[sha256sum] = "2c65e6710b419b67456a48beefd0be827b32db416772e0e363d5f7d54dc01787"
+SRC_URI[sha256sum] = "fe6ede82d1ac02339da3c2ec1820a379641902fd351a52cc01153f76eff85b44"
UPSTREAM_CHECK_GITTAGREGEX = "mesa-(?P<pver>\d+(\.\d+)+)"
@@ -143,7 +142,9 @@ GALLIUMDRIVERS:append ="${@bb.utils.contains('PACKAGECONFIG', 'v3d', ',v3d', '',
# radeonsi requires LLVM
GALLIUMDRIVERS_RADEONSI = "${@bb.utils.contains('PACKAGECONFIG', 'r600', ',radeonsi', '', d)}"
-GALLIUMDRIVERS_LLVM = "r300,svga,nouveau${GALLIUMDRIVERS_RADEONSI}"
+GALLIUMDRIVERS_LLVM = "r300,nouveau${GALLIUMDRIVERS_RADEONSI}"
+GALLIUMDRIVERS_LLVM:append:x86:class-target = ",svga"
+GALLIUMDRIVERS_LLVM:append:x86-64:class-target = ",svga"
PACKAGECONFIG[r600] = ""
PACKAGECONFIG[virgl] = ""
diff --git a/meta/recipes-graphics/mesa/mesa_21.2.1.bb b/meta/recipes-graphics/mesa/mesa_21.2.4.bb
index 4cb7e80eb5..4cb7e80eb5 100644
--- a/meta/recipes-graphics/mesa/mesa_21.2.1.bb
+++ b/meta/recipes-graphics/mesa/mesa_21.2.4.bb
diff --git a/meta/recipes-graphics/spir/spirv-headers_1.5.4.bb b/meta/recipes-graphics/spir/spirv-headers_1.5.4.bb
index 7a43af5e6b..ea7e17305e 100644
--- a/meta/recipes-graphics/spir/spirv-headers_1.5.4.bb
+++ b/meta/recipes-graphics/spir/spirv-headers_1.5.4.bb
@@ -8,7 +8,7 @@ LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE;md5=c938b85bceb8fb26c1a807f28a52ae2d"
SRCREV = "bcf55210f13a4fa3c3d0963b509ff1070e434c79"
-SRC_URI = "git://github.com/KhronosGroup/SPIRV-Headers;protocol=https"
+SRC_URI = "git://github.com/KhronosGroup/SPIRV-Headers;protocol=https;branch=master"
UPSTREAM_CHECK_GITTAGREGEX = "^(?P<pver>\d+(\.\d+)+)$"
S = "${WORKDIR}/git"
PV .= "+git${SRCPV}"
diff --git a/meta/recipes-graphics/spir/spirv-tools_2021.2.bb b/meta/recipes-graphics/spir/spirv-tools_2021.2.bb
index f55bd5194a..314ab0c1a1 100644
--- a/meta/recipes-graphics/spir/spirv-tools_2021.2.bb
+++ b/meta/recipes-graphics/spir/spirv-tools_2021.2.bb
@@ -8,7 +8,7 @@ LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
SRCREV = "e198c6a785d388db68eb9166b43ac5e5208fd5cc"
-SRC_URI = "git://github.com/KhronosGroup/SPIRV-Tools.git \
+SRC_URI = "git://github.com/KhronosGroup/SPIRV-Tools.git;branch=master;protocol=https \
file://0001-fix-strncpy-bound-error.patch \
"
UPSTREAM_CHECK_GITTAGREGEX = "^v(?P<pver>\d+(\.\d+)+)$"
diff --git a/meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0135.patch b/meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0135.patch
new file mode 100644
index 0000000000..ae42dc8f6c
--- /dev/null
+++ b/meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0135.patch
@@ -0,0 +1,117 @@
+From 63aee871365f9c9e7fa9125672302a0fb250d34d Mon Sep 17 00:00:00 2001
+From: Gert Wollny <gert.wollny@collabora.com>
+Date: Tue, 30 Nov 2021 09:16:24 +0100
+Subject: [PATCH 2/2] vrend: propperly check whether the shader image range is
+ correct
+
+Also add a test to check the integer underflow.
+
+Closes: #251
+Signed-off-by: Gert Wollny <gert.wollny@collabora.com>
+Reviewed-by: Chia-I Wu <olvaffe@gmail.com>
+
+cherry-pick from anongit.freedesktop.org/virglrenderer
+commit 2aed5d4...
+
+CVE: CVE-2022-0135
+Upstream-Status: Backport
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+
+---
+ src/vrend_decode.c | 3 +-
+ tests/test_fuzzer_formats.c | 57 +++++++++++++++++++++++++++++++++++++
+ 2 files changed, 59 insertions(+), 1 deletion(-)
+
+diff --git a/src/vrend_decode.c b/src/vrend_decode.c
+index 91f5f24..6771b10 100644
+--- a/src/vrend_decode.c
++++ b/src/vrend_decode.c
+@@ -1249,8 +1249,9 @@ static int vrend_decode_set_shader_images(struct vrend_context *ctx, const uint3
+ if (num_images < 1) {
+ return 0;
+ }
++
+ if (start_slot > PIPE_MAX_SHADER_IMAGES ||
+- start_slot > PIPE_MAX_SHADER_IMAGES - num_images)
++ start_slot + num_images > PIPE_MAX_SHADER_IMAGES)
+ return EINVAL;
+
+ for (uint32_t i = 0; i < num_images; i++) {
+diff --git a/tests/test_fuzzer_formats.c b/tests/test_fuzzer_formats.c
+index 154a2e5..e32caf0 100644
+--- a/tests/test_fuzzer_formats.c
++++ b/tests/test_fuzzer_formats.c
+@@ -958,6 +958,61 @@ static void test_vrend_set_signle_abo_heap_overflow() {
+ virgl_renderer_submit_cmd((void *) cmd, ctx_id, 0xde);
+ }
+
++static void test_vrend_set_shader_images_overflow()
++{
++ uint32_t num_shaders = PIPE_MAX_SHADER_IMAGES + 1;
++ uint32_t size = num_shaders * VIRGL_SET_SHADER_IMAGE_ELEMENT_SIZE + 3;
++ uint32_t cmd[size];
++ int i = 0;
++ cmd[i++] = ((size - 1)<< 16) | 0 << 8 | VIRGL_CCMD_SET_SHADER_IMAGES;
++ cmd[i++] = PIPE_SHADER_FRAGMENT;
++ memset(&cmd[i], 0, size - i);
++
++ virgl_renderer_submit_cmd((void *) cmd, ctx_id, size);
++}
++
++/* Test adapted from yaojun8558363@gmail.com:
++ * https://gitlab.freedesktop.org/virgl/virglrenderer/-/issues/250
++*/
++static void test_vrend_3d_resource_overflow() {
++
++ struct virgl_renderer_resource_create_args resource;
++ resource.handle = 0x4c474572;
++ resource.target = PIPE_TEXTURE_2D_ARRAY;
++ resource.format = VIRGL_FORMAT_Z24X8_UNORM;
++ resource.nr_samples = 2;
++ resource.last_level = 0;
++ resource.array_size = 3;
++ resource.bind = VIRGL_BIND_SAMPLER_VIEW;
++ resource.depth = 1;
++ resource.width = 8;
++ resource.height = 4;
++ resource.flags = 0;
++
++ virgl_renderer_resource_create(&resource, NULL, 0);
++ virgl_renderer_ctx_attach_resource(ctx_id, resource.handle);
++
++ uint32_t size = 0x400;
++ uint32_t cmd[size];
++ int i = 0;
++ cmd[i++] = (size - 1) << 16 | 0 << 8 | VIRGL_CCMD_RESOURCE_INLINE_WRITE;
++ cmd[i++] = resource.handle;
++ cmd[i++] = 0; // level
++ cmd[i++] = 0; // usage
++ cmd[i++] = 0; // stride
++ cmd[i++] = 0; // layer_stride
++ cmd[i++] = 0; // x
++ cmd[i++] = 0; // y
++ cmd[i++] = 0; // z
++ cmd[i++] = 8; // w
++ cmd[i++] = 4; // h
++ cmd[i++] = 3; // d
++ memset(&cmd[i], 0, size - i);
++
++ virgl_renderer_submit_cmd((void *) cmd, ctx_id, size);
++}
++
++
+ int main()
+ {
+ initialize_environment();
+@@ -980,6 +1035,8 @@ int main()
+ test_cs_nullpointer_deference();
+ test_vrend_set_signle_abo_heap_overflow();
+
++ test_vrend_set_shader_images_overflow();
++ test_vrend_3d_resource_overflow();
+
+ virgl_renderer_context_destroy(ctx_id);
+ virgl_renderer_cleanup(&cookie);
+--
+2.25.1
+
diff --git a/meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0175.patch b/meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0175.patch
new file mode 100644
index 0000000000..7fbab75091
--- /dev/null
+++ b/meta/recipes-graphics/virglrenderer/virglrenderer/cve-2022-0175.patch
@@ -0,0 +1,107 @@
+From 5ca7aca001092c557f0b6fc1ba3db7dcdab860b7 Mon Sep 17 00:00:00 2001
+From: Gert Wollny <gert.wollny@collabora.com>
+Date: Tue, 30 Nov 2021 09:29:42 +0100
+Subject: [PATCH 1/2] vrend: clear memory when allocating a host-backed memory
+ resource
+
+Closes: #249
+Signed-off-by: Gert Wollny <gert.wollny@collabora.com>
+Reviewed-by: Chia-I Wu <olvaffe@gmail.com>
+
+cherry-pick from anongit.freedesktop.org/virglrenderer
+commit b05bb61...
+
+CVE: CVE-2022-0175
+Upstream-Status: Backport
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+
+---
+ src/vrend_renderer.c | 2 +-
+ tests/test_virgl_transfer.c | 51 +++++++++++++++++++++++++++++++++++++
+ 2 files changed, 52 insertions(+), 1 deletion(-)
+
+diff --git a/src/vrend_renderer.c b/src/vrend_renderer.c
+index b8b2a36..2650cf2 100644
+--- a/src/vrend_renderer.c
++++ b/src/vrend_renderer.c
+@@ -6788,7 +6788,7 @@ vrend_resource_alloc_buffer(struct vrend_resource *gr, uint32_t flags)
+ if (bind == VIRGL_BIND_CUSTOM) {
+ /* use iovec directly when attached */
+ gr->storage_bits |= VREND_STORAGE_HOST_SYSTEM_MEMORY;
+- gr->ptr = malloc(size);
++ gr->ptr = calloc(1, size);
+ if (!gr->ptr)
+ return -ENOMEM;
+ } else if (bind == VIRGL_BIND_STAGING) {
+diff --git a/tests/test_virgl_transfer.c b/tests/test_virgl_transfer.c
+index bf7f438..3c53c3d 100644
+--- a/tests/test_virgl_transfer.c
++++ b/tests/test_virgl_transfer.c
+@@ -952,6 +952,56 @@ START_TEST(virgl_test_transfer_near_res_bounds_with_stride_succeeds)
+ }
+ END_TEST
+
++START_TEST(test_vrend_host_backed_memory_no_data_leak)
++{
++ struct iovec iovs[1];
++ int niovs = 1;
++
++ struct virgl_context ctx = {0};
++
++ int ret = testvirgl_init_ctx_cmdbuf(&ctx);
++
++ struct virgl_renderer_resource_create_args res;
++ res.handle = 0x400;
++ res.target = PIPE_BUFFER;
++ res.format = VIRGL_FORMAT_R8_UNORM;
++ res.nr_samples = 0;
++ res.last_level = 0;
++ res.array_size = 1;
++ res.bind = VIRGL_BIND_CUSTOM;
++ res.depth = 1;
++ res.width = 32;
++ res.height = 1;
++ res.flags = 0;
++
++ uint32_t size = 32;
++ uint8_t* data = calloc(1, size);
++ memset(data, 1, 32);
++ iovs[0].iov_base = data;
++ iovs[0].iov_len = size;
++
++ struct pipe_box box = {0,0,0, size, 1,1};
++
++ virgl_renderer_resource_create(&res, NULL, 0);
++ virgl_renderer_ctx_attach_resource(ctx.ctx_id, res.handle);
++
++ ret = virgl_renderer_transfer_read_iov(res.handle, ctx.ctx_id, 0, 0, 0,
++ (struct virgl_box *)&box, 0, iovs, niovs);
++
++ ck_assert_int_eq(ret, 0);
++
++ for (int i = 0; i < 32; ++i)
++ ck_assert_int_eq(data[i], 0);
++
++ virgl_renderer_ctx_detach_resource(1, res.handle);
++
++ virgl_renderer_resource_unref(res.handle);
++ free(data);
++
++}
++END_TEST
++
++
+ static Suite *virgl_init_suite(void)
+ {
+ Suite *s;
+@@ -981,6 +1031,7 @@ static Suite *virgl_init_suite(void)
+ tcase_add_test(tc_core, virgl_test_transfer_buffer_bad_strides);
+ tcase_add_test(tc_core, virgl_test_transfer_2d_array_bad_layer_stride);
+ tcase_add_test(tc_core, virgl_test_transfer_2d_bad_level);
++ tcase_add_test(tc_core, test_vrend_host_backed_memory_no_data_leak);
+
+ tcase_add_loop_test(tc_core, virgl_test_transfer_res_read_valid, 0, PIPE_MAX_TEXTURE_TYPES);
+ tcase_add_loop_test(tc_core, virgl_test_transfer_res_write_valid, 0, PIPE_MAX_TEXTURE_TYPES);
+--
+2.25.1
+
diff --git a/meta/recipes-graphics/virglrenderer/virglrenderer_0.9.1.bb b/meta/recipes-graphics/virglrenderer/virglrenderer_0.9.1.bb
index 65bd1af942..14e39fdb20 100644
--- a/meta/recipes-graphics/virglrenderer/virglrenderer_0.9.1.bb
+++ b/meta/recipes-graphics/virglrenderer/virglrenderer_0.9.1.bb
@@ -10,8 +10,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=c81c08eeefd9418fca8f88309a76db10"
DEPENDS = "libdrm virtual/libgl virtual/libgbm libepoxy"
SRCREV = "363915595e05fb252e70d6514be2f0c0b5ca312b"
-SRC_URI = "git://anongit.freedesktop.org/virglrenderer;branch=branch-0.9.1 \
+SRC_URI = "git://anongit.freedesktop.org/git/virglrenderer;branch=branch-0.9.1 \
file://0001-meson.build-use-python3-directly-for-python.patch \
+ file://cve-2022-0135.patch \
+ file://cve-2022-0175.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-graphics/vulkan/vulkan-headers_1.2.182.0.bb b/meta/recipes-graphics/vulkan/vulkan-headers_1.2.182.0.bb
index 5ae56ec076..26f4f58b26 100644
--- a/meta/recipes-graphics/vulkan/vulkan-headers_1.2.182.0.bb
+++ b/meta/recipes-graphics/vulkan/vulkan-headers_1.2.182.0.bb
@@ -9,7 +9,7 @@ SECTION = "libs"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=3b83ef96387f14655fc854ddc3c6bd57"
-SRC_URI = "git://github.com/KhronosGroup/Vulkan-Headers.git;branch=master"
+SRC_URI = "git://github.com/KhronosGroup/Vulkan-Headers.git;branch=main;protocol=https"
SRCREV = "37164a5726f7e6113810f9557903a117498421cf"
diff --git a/meta/recipes-graphics/vulkan/vulkan-loader_1.2.182.0.bb b/meta/recipes-graphics/vulkan/vulkan-loader_1.2.182.0.bb
index a36fa1f844..984dc1253f 100644
--- a/meta/recipes-graphics/vulkan/vulkan-loader_1.2.182.0.bb
+++ b/meta/recipes-graphics/vulkan/vulkan-loader_1.2.182.0.bb
@@ -9,7 +9,7 @@ SECTION = "libs"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=7dbefed23242760aa3475ee42801c5ac"
-SRC_URI = "git://github.com/KhronosGroup/Vulkan-Loader.git \
+SRC_URI = "git://github.com/KhronosGroup/Vulkan-Loader.git;branch=master;protocol=https \
"
SRCREV = "1896143df69d439b0933c1bb485f5a4587bdf2dc"
@@ -17,7 +17,7 @@ S = "${WORKDIR}/git"
REQUIRED_DISTRO_FEATURES = "vulkan"
-inherit cmake features_check
+inherit cmake features_check pkgconfig
ANY_OF_DISTRO_FEATURES = "x11 wayland"
DEPENDS += "vulkan-headers"
diff --git a/meta/recipes-graphics/vulkan/vulkan-samples_git.bb b/meta/recipes-graphics/vulkan/vulkan-samples_git.bb
index c5ead19482..c1ffc7ecde 100644
--- a/meta/recipes-graphics/vulkan/vulkan-samples_git.bb
+++ b/meta/recipes-graphics/vulkan/vulkan-samples_git.bb
@@ -5,7 +5,7 @@ LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=48aa35cefb768436223a6e7f18dc2a2a"
-SRC_URI = "gitsm://github.com/KhronosGroup/Vulkan-Samples.git \
+SRC_URI = "gitsm://github.com/KhronosGroup/Vulkan-Samples.git;branch=master;protocol=https \
file://0001-CMakeLists.txt-do-not-hardcode-lib-as-installation-t.patch \
file://debugfix.patch \
"
diff --git a/meta/recipes-graphics/vulkan/vulkan-tools_1.2.182.0.bb b/meta/recipes-graphics/vulkan/vulkan-tools_1.2.182.0.bb
index d0a298ecfc..b7966f6333 100644
--- a/meta/recipes-graphics/vulkan/vulkan-tools_1.2.182.0.bb
+++ b/meta/recipes-graphics/vulkan/vulkan-tools_1.2.182.0.bb
@@ -6,7 +6,7 @@ SECTION = "libs"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=3b83ef96387f14655fc854ddc3c6bd57"
-SRC_URI = "git://github.com/KhronosGroup/Vulkan-Tools.git;branch=sdk-1.2.182"
+SRC_URI = "git://github.com/KhronosGroup/Vulkan-Tools.git;branch=sdk-1.2.182;protocol=https"
SRCREV = "9d3305731c3be8de05c9f223a79959d448506a37"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-graphics/waffle/waffle_1.6.1.bb b/meta/recipes-graphics/waffle/waffle_1.6.1.bb
index 395494018a..161bbb0d26 100644
--- a/meta/recipes-graphics/waffle/waffle_1.6.1.bb
+++ b/meta/recipes-graphics/waffle/waffle_1.6.1.bb
@@ -3,17 +3,15 @@ DESCRIPTION = "A cross-platform C library that allows one to defer selection \
of an OpenGL API and window system until runtime. For example, on Linux, Waffle \
enables an application to select X11/EGL with an OpenGL 3.3 core profile, \
Wayland with OpenGL ES2, and other window system / API combinations."
-HOMEPAGE = "http://www.waffle-gl.org/"
+HOMEPAGE = "https://gitlab.freedesktop.org/mesa/waffle"
BUGTRACKER = "https://gitlab.freedesktop.org/mesa/waffle"
LICENSE = "BSD-2-Clause"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=4c5154407c2490750dd461c50ad94797 \
file://include/waffle/waffle.h;endline=24;md5=61dbf8697f61c78645e75a93c585b1bf"
-SRC_URI = "http://waffle-gl.org/files/release/${BPN}-${PV}/${BPN}-${PV}.tar.xz"
-SRC_URI[md5sum] = "c91529e579483f44fb330052872b9c73"
-SRC_URI[sha256sum] = "31565649ff0e2d8dff1b8f7f2264ab7a78452063c7e04adfc4ce03e64b655080"
-
-UPSTREAM_CHECK_URI = "http://www.waffle-gl.org/releases.html"
+SRC_URI = "git://gitlab.freedesktop.org/mesa/waffle.git;protocol=https;branch=maint-1.6"
+SRCREV = "d7e8c4759704b3c571fa3697c716279c26fd05eb"
+S = "${WORKDIR}/git"
inherit meson features_check lib_package bash-completion pkgconfig
diff --git a/meta/recipes-graphics/wayland/wayland_1.19.0.bb b/meta/recipes-graphics/wayland/wayland_1.19.0.bb
index d6e468497d..5f8b972f76 100644
--- a/meta/recipes-graphics/wayland/wayland_1.19.0.bb
+++ b/meta/recipes-graphics/wayland/wayland_1.19.0.bb
@@ -52,10 +52,10 @@ sysroot_stage_all:append:class-target () {
cp ${STAGING_DATADIR_NATIVE}/aclocal/wayland-scanner.m4 ${SYSROOT_DESTDIR}/${datadir}/aclocal/
}
-PACKAGES += "${PN}-tools"
+PACKAGES =+ "${PN}-tools"
-FILES:${PN} = "${libdir}/*${SOLIBS}"
-FILES:${PN}-tools += "${bindir} ${datadir}/wayland"
+FILES:${PN}-tools = "${bindir}/wayland-scanner"
+FILES:${PN}-dev += "${datadir}/${BPN}/wayland-scanner.mk"
BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-graphics/xinput-calibrator/xinput-calibrator_git.bb b/meta/recipes-graphics/xinput-calibrator/xinput-calibrator_git.bb
index 2553d89529..49c42bd68a 100644
--- a/meta/recipes-graphics/xinput-calibrator/xinput-calibrator_git.bb
+++ b/meta/recipes-graphics/xinput-calibrator/xinput-calibrator_git.bb
@@ -12,7 +12,7 @@ inherit autotools pkgconfig features_check
REQUIRED_DISTRO_FEATURES = "x11"
SRCREV = "18ec53f1cada39f905614ebfaffed5c7754ecf46"
-SRC_URI = "git://github.com/kreijack/xinput_calibrator.git;branch=libinput \
+SRC_URI = "git://github.com/kreijack/xinput_calibrator.git;branch=libinput;protocol=https \
file://30xinput_calibrate.sh \
file://Allow-xinput_calibrator_pointercal.sh-to-be-run-as-n.patch \
file://0001-calibrator.hh-Include-string-to-get-std-string.patch \
diff --git a/meta/recipes-graphics/xorg-driver/xf86-video-intel_git.bb b/meta/recipes-graphics/xorg-driver/xf86-video-intel_git.bb
index 1d8077a600..21dc8880ec 100644
--- a/meta/recipes-graphics/xorg-driver/xf86-video-intel_git.bb
+++ b/meta/recipes-graphics/xorg-driver/xf86-video-intel_git.bb
@@ -13,7 +13,7 @@ SRCREV = "f66d39544bb8339130c96d282a80f87ca1606caf"
PV = "2.99.917+git${SRCPV}"
S = "${WORKDIR}/git"
-SRC_URI = "git://anongit.freedesktop.org/xorg/driver/xf86-video-intel \
+SRC_URI = "git://anongit.freedesktop.org/xorg/driver/xf86-video-intel;branch=master \
file://0001-Sync-i915_pciids-upto-8717c6b7414f.patch \
file://0001-i810-Avoid-duplicate-definition-of-I810PatternROP.patch \
"
diff --git a/meta/recipes-graphics/xorg-lib/libx11-compose-data_1.6.8.bb b/meta/recipes-graphics/xorg-lib/libx11-compose-data_1.6.8.bb
index e53ccc6aea..796980b7ca 100644
--- a/meta/recipes-graphics/xorg-lib/libx11-compose-data_1.6.8.bb
+++ b/meta/recipes-graphics/xorg-lib/libx11-compose-data_1.6.8.bb
@@ -8,7 +8,7 @@ python () {
require xorg-lib-common.inc
-LICENSE = "MIT & MIT-style & BSD-4-Clause & BSD-2-Clause"
+LICENSE = "MIT & MIT-style & BSD-1-Clause & HPND & HPND-sell-variant"
LIC_FILES_CHKSUM = "file://COPYING;md5=172255dee66bb0151435b2d5d709fcf7"
SRC_URI[md5sum] = "c5fa5a86a20e3591bed6c046498d4b8f"
diff --git a/meta/recipes-graphics/xorg-lib/libx11_1.7.2.bb b/meta/recipes-graphics/xorg-lib/libx11_1.7.2.bb
index 7ee2a9c16a..f429daaf47 100644
--- a/meta/recipes-graphics/xorg-lib/libx11_1.7.2.bb
+++ b/meta/recipes-graphics/xorg-lib/libx11_1.7.2.bb
@@ -20,7 +20,7 @@ SRC_URI[sha256sum] = "1cfa35e37aaabbe4792e9bb690468efefbfbf6b147d9c69d6f90d13c30
PROVIDES = "virtual/libx11"
XORG_PN = "libX11"
-LICENSE = "MIT & MIT-style & BSD-4-Clause & BSD-2-Clause"
+LICENSE = "MIT & MIT-style & BSD-1-Clause & HPND & HPND-sell-variant"
LIC_FILES_CHKSUM = "file://COPYING;md5=172255dee66bb0151435b2d5d709fcf7"
DEPENDS += "xorgproto xtrans libxcb"
diff --git a/meta/recipes-graphics/xorg-lib/libxshmfence_1.3.bb b/meta/recipes-graphics/xorg-lib/libxshmfence_1.3.bb
index d153c7a603..b0b6cb6b56 100644
--- a/meta/recipes-graphics/xorg-lib/libxshmfence_1.3.bb
+++ b/meta/recipes-graphics/xorg-lib/libxshmfence_1.3.bb
@@ -6,7 +6,7 @@ using file descriptor passing."
require xorg-lib-common.inc
-LICENSE = "MIT-style"
+LICENSE = "HPND"
LIC_FILES_CHKSUM = "file://COPYING;md5=47e508ca280fde97906eacb77892c3ac"
DEPENDS += "virtual/libx11"
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
index e1fc0a06dc..8864564b3e 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
@@ -19,7 +19,15 @@ SRC_URI = "${XORG_MIRROR}/individual/xserver/${XORG_PN}-${PV}.tar.xz"
UPSTREAM_CHECK_REGEX = "xorg-server-(?P<pver>\d+(\.(?!99)\d+)+)\.tar"
-CVE_PRODUCT = "xorg-server"
+CVE_PRODUCT = "xorg-server x_server"
+# This is specific to Debian's xserver-wrapper.c
+CVE_CHECK_WHITELIST += "CVE-2011-4613"
+# As per upstream, exploiting this flaw is non-trivial and it requires exact
+# timing on the behalf of the attacker. Many graphical applications exit if their
+# connection to the X server is lost, so a typical desktop session is either
+# impossible or difficult to exploit. There is currently no upstream patch
+# available for this flaw.
+CVE_CHECK_WHITELIST += "CVE-2020-25697"
S = "${WORKDIR}/${XORG_PN}-${PV}"
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.13.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb
index 01a54070c7..71367c247e 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.13.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb
@@ -8,7 +8,7 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \
file://0001-Fix-segfault-on-probing-a-non-PCI-platform-device-on.patch \
"
-SRC_URI[sha256sum] = "40aa4e96a56a81a301f15a9b10e06a22700f12b42d9e0e453c7f11d354386300"
+SRC_URI[sha256sum] = "5cc5b70b9be89443e2594b93656c60bd5e82cd7f01deb4ce4faf81dcf546a16b"
# These extensions are now integrated into the server, so declare the migration
# path for in-place upgrades.
diff --git a/meta/recipes-kernel/blktrace/blktrace_git.bb b/meta/recipes-kernel/blktrace/blktrace_git.bb
index d00b1bd0be..b108676df4 100644
--- a/meta/recipes-kernel/blktrace/blktrace_git.bb
+++ b/meta/recipes-kernel/blktrace/blktrace_git.bb
@@ -14,7 +14,7 @@ SRCREV = "366d30b9cdb20345c5d064af850d686da79b89eb"
PV = "1.3.0+git${SRCPV}"
-SRC_URI = "git://git.kernel.dk/blktrace.git"
+SRC_URI = "git://git.kernel.dk/blktrace.git;branch=master"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-kernel/cryptodev/cryptodev.inc b/meta/recipes-kernel/cryptodev/cryptodev.inc
index ae2c308911..6ada0b0295 100644
--- a/meta/recipes-kernel/cryptodev/cryptodev.inc
+++ b/meta/recipes-kernel/cryptodev/cryptodev.inc
@@ -8,7 +8,7 @@ API is compatible with OpenBSD's cryptodev userspace API (/dev/crypto)."
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
-SRC_URI = "git://github.com/cryptodev-linux/cryptodev-linux \
+SRC_URI = "git://github.com/cryptodev-linux/cryptodev-linux;branch=master;protocol=https \
"
SRCREV = "e0c25e289d6baf1d83c2b9cb523d3bc237d0c0c9"
diff --git a/meta/recipes-kernel/dtc/dtc.inc b/meta/recipes-kernel/dtc/dtc.inc
index bfdc9f8639..b8a6b34f0c 100644
--- a/meta/recipes-kernel/dtc/dtc.inc
+++ b/meta/recipes-kernel/dtc/dtc.inc
@@ -5,7 +5,7 @@ SECTION = "bootloader"
LICENSE = "GPLv2 | BSD-2-Clause"
DEPENDS = "flex-native bison-native"
-SRC_URI = "git://git.kernel.org/pub/scm/utils/dtc/dtc.git \
+SRC_URI = "git://git.kernel.org/pub/scm/utils/dtc/dtc.git;branch=master \
file://make_install.patch \
file://0001-dtc-Fix-Makefile-to-add-CFLAGS-not-override.patch \
"
diff --git a/meta/recipes-kernel/dtc/python3-dtschema-wrapper/dt-doc-validate b/meta/recipes-kernel/dtc/python3-dtschema-wrapper/dt-doc-validate
new file mode 100644
index 0000000000..2aa57851c7
--- /dev/null
+++ b/meta/recipes-kernel/dtc/python3-dtschema-wrapper/dt-doc-validate
@@ -0,0 +1,20 @@
+#!/bin/sh
+# dt-doc-validate wrapper to allow kernel dt-validation to pass
+#
+# Copyright (C) 2021 Bruce Ashfield <bruce.ashfield@gmail.com>
+# License: MIT (see COPYING.MIT at the root of the repository for terms)
+
+for arg; do
+ case "$arg" in
+ --version)
+ echo "v2021.10"
+ ;;
+ esac
+done
+
+# TBD: left for future consideration
+# exec dt-doc-validate.real "$@"
+
+# we always succeed
+exit 0
+
diff --git a/meta/recipes-kernel/dtc/python3-dtschema-wrapper/dt-mk-schema b/meta/recipes-kernel/dtc/python3-dtschema-wrapper/dt-mk-schema
new file mode 100644
index 0000000000..24b89d8619
--- /dev/null
+++ b/meta/recipes-kernel/dtc/python3-dtschema-wrapper/dt-mk-schema
@@ -0,0 +1,20 @@
+#!/bin/sh
+# dt-mk-schema wrapper to allow kernel dt-validation to pass
+#
+# Copyright (C) 2021 Bruce Ashfield <bruce.ashfield@gmail.com>
+# License: MIT (see COPYING.MIT at the root of the repository for terms)
+
+for arg; do
+ case "$arg" in
+ --version)
+ echo "v2021.10"
+ ;;
+ esac
+done
+
+# TBD: left for future consideration
+# exec dt-mk-schema.real "$@"
+
+# we always succeed
+exit 0
+
diff --git a/meta/recipes-kernel/dtc/python3-dtschema-wrapper/dt-validate b/meta/recipes-kernel/dtc/python3-dtschema-wrapper/dt-validate
new file mode 100644
index 0000000000..8a4710a7ed
--- /dev/null
+++ b/meta/recipes-kernel/dtc/python3-dtschema-wrapper/dt-validate
@@ -0,0 +1,20 @@
+#!/bin/sh
+# dt-validate wrapper to allow kernel dt-validation to pass
+#
+# Copyright (C) 2021 Bruce Ashfield <bruce.ashfield@gmail.com>
+# License: MIT (see COPYING.MIT at the root of the repository for terms)
+
+for arg; do
+ case "$arg" in
+ --version)
+ echo "v2021.10"
+ ;;
+ esac
+done
+
+# TBD: left for future consideration
+# exec dt-validate.real "$@"
+
+# we always succeed
+exit 0
+
diff --git a/meta/recipes-kernel/dtc/python3-dtschema-wrapper_2021.10.bb b/meta/recipes-kernel/dtc/python3-dtschema-wrapper_2021.10.bb
new file mode 100644
index 0000000000..c869274d09
--- /dev/null
+++ b/meta/recipes-kernel/dtc/python3-dtschema-wrapper_2021.10.bb
@@ -0,0 +1,17 @@
+DESCRIPTION = "Wrapper for tooling for devicetree validation using YAML and jsonschema"
+HOMEPAGE = "https://yoctoproject.org"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+
+SRC_URI = "file://dt-doc-validate \
+ file://dt-mk-schema \
+ file://dt-validate"
+
+do_install() {
+ install -d ${D}${bindir}/
+ install -m 755 ${WORKDIR}/dt-doc-validate ${D}${bindir}/
+ install -m 755 ${WORKDIR}/dt-mk-schema ${D}${bindir}/
+ install -m 755 ${WORKDIR}/dt-validate ${D}${bindir}/
+}
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb b/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb
index e967f485c1..95983fe69b 100644
--- a/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb
+++ b/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb
@@ -8,13 +8,12 @@ LIC_FILES_CHKSUM = "file://tools/kgit;beginline=5;endline=9;md5=9c30e971d435e249
DEPENDS = "git-native"
-SRCREV = "d220b063852245fdd16b9731a395ace525f932d6"
-PR = "r12"
-PV = "0.2+git${SRCPV}"
+SRCREV = "90598a5fae1172e3f7782a1b02f7b7518efd32c8"
+PV = "0.3+git${SRCPV}"
inherit native
-SRC_URI = "git://git.yoctoproject.org/yocto-kernel-tools.git"
+SRC_URI = "git://git.yoctoproject.org/yocto-kernel-tools.git;branch=master"
S = "${WORKDIR}/git"
UPSTREAM_CHECK_COMMITS = "1"
diff --git a/meta/recipes-kernel/kmod/depmodwrapper-cross_1.0.bb b/meta/recipes-kernel/kmod/depmodwrapper-cross_1.0.bb
index 9a172675af..04fc14a6d2 100644
--- a/meta/recipes-kernel/kmod/depmodwrapper-cross_1.0.bb
+++ b/meta/recipes-kernel/kmod/depmodwrapper-cross_1.0.bb
@@ -32,9 +32,9 @@ fi
if [ ! -r ${PKGDATA_DIR}/kernel-depmod/System.map-\$4 ] || [ "\$kernelabi" != "\$4" ]; then
echo "Unable to read: ${PKGDATA_DIR}/kernel-depmod/System.map-\$4" >&2
- exec env depmod "\$1" "\$2" "\$3" "\$4"
+ exec env depmod -C "\$3${sysconfdir}/depmod.d" "\$1" "\$2" "\$3" "\$4"
else
- exec env depmod "\$1" "\$2" "\$3" -F "${PKGDATA_DIR}/kernel-depmod/System.map-\$4" "\$4"
+ exec env depmod -C "\$3${sysconfdir}/depmod.d" "\$1" "\$2" "\$3" -F "${PKGDATA_DIR}/kernel-depmod/System.map-\$4" "\$4"
fi
EOF
chmod +x ${D}${bindir_crossscripts}/depmodwrapper
diff --git a/meta/recipes-kernel/kmod/kmod.inc b/meta/recipes-kernel/kmod/kmod.inc
index c2d550acaf..d527887b78 100644
--- a/meta/recipes-kernel/kmod/kmod.inc
+++ b/meta/recipes-kernel/kmod/kmod.inc
@@ -19,7 +19,7 @@ SRCREV = "b6ecfc916a17eab8f93be5b09f4e4f845aabd3d1"
# Lookout for PV bump too when SRCREV is changed
PV = "29"
-SRC_URI = "git://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git \
+SRC_URI = "git://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git;branch=master \
file://depmod-search.conf \
file://avoid_parallel_tests.patch \
"
diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20210818.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20220509.bb
index 0249332fca..ed6cdb5c16 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20210818.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20220509.bb
@@ -72,7 +72,7 @@ LICENSE = "\
LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
file://LICENCE.adsp_sst;md5=615c45b91a5a4a9fe046d6ab9a2df728 \
file://LICENCE.agere;md5=af0133de6b4a9b2522defd5f188afd31 \
- file://LICENSE.amdgpu;md5=d357524f5099e2a3db3c1838921c593f \
+ file://LICENSE.amdgpu;md5=44c1166d052226cb2d6c8d7400090203 \
file://LICENSE.amd-ucode;md5=3c5399dc9148d7f0e1f41e34b69cf14f \
file://LICENSE.amlogic_vdec;md5=dc44f59bf64a81643e500ad3f39a468a \
file://LICENCE.atheros_firmware;md5=30a14c7823beedac9fa39c64fdd01a13 \
@@ -132,7 +132,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
file://LICENCE.xc4000;md5=0ff51d2dc49fce04814c9155081092f0 \
file://LICENCE.xc5000;md5=1e170c13175323c32c7f4d0998d53f66 \
file://LICENCE.xc5000c;md5=12b02efa3049db65d524aeb418dd87ca \
- file://WHENCE;md5=15ad289bf2359e8ecf613f3b04f72fab \
+ file://WHENCE;md5=d3eb82686904888f8bbbe8d865371404 \
"
# These are not common licenses, set NO_GENERIC_LICENSE for them
@@ -205,7 +205,7 @@ PE = "1"
SRC_URI = "${KERNELORG_MIRROR}/linux/kernel/firmware/${BPN}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "bef3d317c348d962b3a1b95cb4e19ea4f282e18112b2c669cff74f9267ce3893"
+SRC_URI[sha256sum] = "376e0b3d7b4f8aaa2abf7f5ab74803dcf14b06b94e3d841b1467cd9a2848255e"
inherit allarch
@@ -352,7 +352,7 @@ FILES:${PN}-carl9170 = " \
RDEPENDS:${PN}-carl9170 += "${PN}-gplv2-license"
# For QualCommAthos
-LICENSE:${PN}-ar3k = "Firmware-qualcommAthos_ar3k"
+LICENSE:${PN}-ar3k = "Firmware-qualcommAthos_ar3k & Firmware-atheros_firmware"
LICENSE:${PN}-ar3k-license = "Firmware-qualcommAthos_ar3k"
LICENSE:${PN}-ath10k = "Firmware-qualcommAthos_ath10k"
LICENSE:${PN}-ath10k-license = "Firmware-qualcommAthos_ath10k"
@@ -376,7 +376,7 @@ FILES:${PN}-qca = " \
${nonarch_base_libdir}/firmware/qca \
"
-RDEPENDS:${PN}-ar3k += "${PN}-ar3k-license"
+RDEPENDS:${PN}-ar3k += "${PN}-ar3k-license ${PN}-atheros-license"
RDEPENDS:${PN}-ath10k += "${PN}-ath10k-license"
RDEPENDS:${PN}-ath11k += "${PN}-ath10k-license"
RDEPENDS:${PN}-qca += "${PN}-ath10k-license"
@@ -751,6 +751,7 @@ FILES:${PN}-bcm4356-pcie = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4356-pc
FILES:${PN}-bcm4373 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4373-sdio.bin \
${nonarch_base_libdir}/firmware/brcm/brcmfmac4373.bin \
${nonarch_base_libdir}/firmware/cypress/cyfmac4373-sdio.bin \
+ ${nonarch_base_libdir}/firmware/brcm/brcmfmac4373-sdio.clm_blob \
"
LICENSE:${PN}-bcm-0bb4-0306 = "Firmware-cypress"
diff --git a/meta/recipes-kernel/linux/kernel-devsrc.bb b/meta/recipes-kernel/linux/kernel-devsrc.bb
index d39573965f..264726d08c 100644
--- a/meta/recipes-kernel/linux/kernel-devsrc.bb
+++ b/meta/recipes-kernel/linux/kernel-devsrc.bb
@@ -72,7 +72,9 @@ do_install() {
(
cd ${B}
- cp Module.symvers $kerneldir/build
+ if [ -s Module.symvers ]; then
+ cp Module.symvers $kerneldir/build
+ fi
cp System.map* $kerneldir/build
if [ -s Module.markers ]; then
cp Module.markers $kerneldir/build
@@ -109,8 +111,8 @@ do_install() {
fi
fi
- if [ "${ARCH}" = "arm64" ]; then
- cp -a --parents arch/arm64/kernel/vdso/vdso.lds $kerneldir/build/
+ if [ "${ARCH}" = "arm64" -o "${ARCH}" = "riscv" ]; then
+ cp -a --parents arch/${ARCH}/kernel/vdso/vdso.lds $kerneldir/build/
fi
if [ "${ARCH}" = "powerpc" ]; then
cp -a --parents arch/powerpc/kernel/vdso32/vdso32.lds $kerneldir/build 2>/dev/null || :
@@ -185,6 +187,12 @@ do_install() {
cp -a --parents arch/${ARCH}/kernel/vdso32/* $kerneldir/build/ 2>/dev/null || :
cp -a --parents arch/${ARCH}/kernel/vdso64/* $kerneldir/build/ 2>/dev/null || :
fi
+ if [ "${ARCH}" = "riscv" ]; then
+ cp -a --parents arch/riscv/kernel/vdso/*gettimeofday.* $kerneldir/build/
+ cp -a --parents arch/riscv/kernel/vdso/note.S $kerneldir/build/
+ cp -a --parents arch/riscv/kernel/vdso/gen_vdso_offsets.sh $kerneldir/build/
+ cp -a --parents arch/riscv/kernel/vdso/* $kerneldir/build/ 2>/dev/null || :
+ fi
# include the machine specific headers for ARM variants, if available.
if [ "${ARCH}" = "arm" ]; then
diff --git a/meta/recipes-kernel/linux/linux-yocto-dev.bb b/meta/recipes-kernel/linux/linux-yocto-dev.bb
index f58b5ab0b8..005b688778 100644
--- a/meta/recipes-kernel/linux/linux-yocto-dev.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-dev.bb
@@ -38,6 +38,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
+DEPENDS += "gmp-native libmpc-native"
COMPATIBLE_MACHINE = "(qemuarm|qemux86|qemuppc|qemumips|qemumips64|qemux86-64|qemuriscv64)"
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
index e35a91d254..62d7494b88 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.10.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "42d1c4e85643d634bddd98e5c4d8a9bcc61b3e18"
-SRCREV_meta ?= "f8afd84b117f336477846b9e22178ebefb26c08d"
+SRCREV_machine ?= "88b754b80392e1f1ac7df46595f9712edc8aec02"
+SRCREV_meta ?= "7767ab05bd3e525a287a7f9bfd780005b5eb25a3"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.10.70"
+LINUX_VERSION ?= "5.10.113"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.14.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.14.bb
index 0baffe6f2f..6f22173b1e 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.14.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.14.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "ca5b19aa3996eb1907f546fce7a7fa55053fbead"
-SRCREV_meta ?= "884dfea956ec6b166d1f99a295c47338573a974c"
+SRCREV_machine ?= "b18aaa90f5ce15336aacf4cc24c7a086aeb4bc84"
+SRCREV_meta ?= "f9e349e174542980f72dcd087445d0106b7a5e75"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.14;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.14.9"
+LINUX_VERSION ?= "5.14.21"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
index c92a149d85..e0c693fed2 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.10.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.10.70"
+LINUX_VERSION ?= "5.10.113"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine:qemuarm ?= "71ff272be9e9436f27088fbd494da2de613121ea"
-SRCREV_machine ?= "4d1eeccd06dd8d310b238d6350cb0f7d937f4427"
-SRCREV_meta ?= "f8afd84b117f336477846b9e22178ebefb26c08d"
+SRCREV_machine:qemuarm ?= "7dacc8332b0bc5600d97583f45b841c9724f2191"
+SRCREV_machine ?= "8dc46fa883d7b9a3412791f6731096e2e516d949"
+SRCREV_meta ?= "7767ab05bd3e525a287a7f9bfd780005b5eb25a3"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.14.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.14.bb
index 5ca45ad894..d44fac6094 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.14.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.14.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.14.9"
+LINUX_VERSION ?= "5.14.21"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine:qemuarm ?= "66b3eb63900447948655628e141b54ce0dc3a009"
-SRCREV_machine ?= "c4def465fc44a7f5311d9b942d6cdd33cb4804ca"
-SRCREV_meta ?= "884dfea956ec6b166d1f99a295c47338573a974c"
+SRCREV_machine:qemuarm ?= "159f57f8e022351d5193e51c02c951f2e255db1a"
+SRCREV_machine ?= "9d5572038eacda2e2a86e3f743f35ec415319fb4"
+SRCREV_meta ?= "f9e349e174542980f72dcd087445d0106b7a5e75"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
index b4ccdb26dc..e05a4769d1 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
@@ -13,17 +13,17 @@ KBRANCH:qemux86 ?= "v5.10/standard/base"
KBRANCH:qemux86-64 ?= "v5.10/standard/base"
KBRANCH:qemumips64 ?= "v5.10/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "011882741f10bd0c725139baa383eb5a4d833bca"
-SRCREV_machine:qemuarm64 ?= "098464b7c0c3d6f2a5b9226aab3245c3fcfb4797"
-SRCREV_machine:qemumips ?= "88494c005ab76864e706097056557b5616da65c6"
-SRCREV_machine:qemuppc ?= "a2b9c27f431a20ebfcd4146971c9422f4216aa90"
-SRCREV_machine:qemuriscv64 ?= "7dda2a9f69de7f80e572d38236896e97be79f39d"
-SRCREV_machine:qemuriscv32 ?= "7dda2a9f69de7f80e572d38236896e97be79f39d"
-SRCREV_machine:qemux86 ?= "7dda2a9f69de7f80e572d38236896e97be79f39d"
-SRCREV_machine:qemux86-64 ?= "7dda2a9f69de7f80e572d38236896e97be79f39d"
-SRCREV_machine:qemumips64 ?= "80da62cff32617711767cd6b01f64f1dc14f94d8"
-SRCREV_machine ?= "7dda2a9f69de7f80e572d38236896e97be79f39d"
-SRCREV_meta ?= "f8afd84b117f336477846b9e22178ebefb26c08d"
+SRCREV_machine:qemuarm ?= "6092497574895b1179a3c7a9e07c7f40c2d4c136"
+SRCREV_machine:qemuarm64 ?= "97ad6c5f9ffdb6b108cbbf99d9061dd0fe03e4e8"
+SRCREV_machine:qemumips ?= "e53b2d1867f7bdc2c0cc904a15992178688c3ad4"
+SRCREV_machine:qemuppc ?= "b12ed76165bfc9fe2b99fcc224b5e0134b7b533f"
+SRCREV_machine:qemuriscv64 ?= "a8b4c628f382412e5e7df5750f2be711df95fa06"
+SRCREV_machine:qemuriscv32 ?= "a8b4c628f382412e5e7df5750f2be711df95fa06"
+SRCREV_machine:qemux86 ?= "a8b4c628f382412e5e7df5750f2be711df95fa06"
+SRCREV_machine:qemux86-64 ?= "a8b4c628f382412e5e7df5750f2be711df95fa06"
+SRCREV_machine:qemumips64 ?= "07580586b738406b4dec9bf91d4eecdb933f2a07"
+SRCREV_machine ?= "a8b4c628f382412e5e7df5750f2be711df95fa06"
+SRCREV_meta ?= "7767ab05bd3e525a287a7f9bfd780005b5eb25a3"
# remap qemuarm to qemuarma15 for the 5.8 kernel
# KMACHINE:qemuarm ?= "qemuarma15"
@@ -32,11 +32,11 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.10;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.10.70"
+LINUX_VERSION ?= "5.10.113"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
-DEPENDS += "gmp-native"
+DEPENDS += "gmp-native libmpc-native"
PV = "${LINUX_VERSION}+git${SRCPV}"
@@ -53,6 +53,9 @@ KERNEL_FEATURES:append = " ${KERNEL_EXTRA_FEATURES}"
KERNEL_FEATURES:append:qemuall=" cfg/virtio.scc features/drm-bochs/drm-bochs.scc"
KERNEL_FEATURES:append:qemux86=" cfg/sound.scc cfg/paravirt_kvm.scc"
KERNEL_FEATURES:append:qemux86-64=" cfg/sound.scc cfg/paravirt_kvm.scc"
+KERNEL_FEATURES:append:powerpc =" arch/powerpc/powerpc-debug.scc"
+KERNEL_FEATURES:append:powerpc64 =" arch/powerpc/powerpc-debug.scc"
+KERNEL_FEATURES:append:powerpc64le =" arch/powerpc/powerpc-debug.scc"
KERNEL_FEATURES:append = " ${@bb.utils.contains("TUNE_FEATURES", "mx32", " cfg/x32.scc", "", d)}"
KERNEL_FEATURES:append = " ${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/scsi/scsi-debug.scc", "", d)}"
KERNEL_FEATURES:append = " ${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/gpio/mockup.scc", "", d)}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.14.bb b/meta/recipes-kernel/linux/linux-yocto_5.14.bb
index f1d353072c..b5be96b7c9 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.14.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.14.bb
@@ -13,17 +13,17 @@ KBRANCH:qemux86 ?= "v5.14/standard/base"
KBRANCH:qemux86-64 ?= "v5.14/standard/base"
KBRANCH:qemumips64 ?= "v5.14/standard/mti-malta64"
-SRCREV_machine:qemuarm ?= "c3a887f62f231d6b31f0209712014f9cbc7fd77e"
-SRCREV_machine:qemuarm64 ?= "c4def465fc44a7f5311d9b942d6cdd33cb4804ca"
-SRCREV_machine:qemumips ?= "77174bdf6581bdb93f0f458601364800670f8531"
-SRCREV_machine:qemuppc ?= "c4def465fc44a7f5311d9b942d6cdd33cb4804ca"
-SRCREV_machine:qemuriscv64 ?= "c4def465fc44a7f5311d9b942d6cdd33cb4804ca"
-SRCREV_machine:qemuriscv32 ?= "c4def465fc44a7f5311d9b942d6cdd33cb4804ca"
-SRCREV_machine:qemux86 ?= "c4def465fc44a7f5311d9b942d6cdd33cb4804ca"
-SRCREV_machine:qemux86-64 ?= "c4def465fc44a7f5311d9b942d6cdd33cb4804ca"
-SRCREV_machine:qemumips64 ?= "e86c3a6ad2fde78ad03e0b899286bf603756207d"
-SRCREV_machine ?= "c4def465fc44a7f5311d9b942d6cdd33cb4804ca"
-SRCREV_meta ?= "884dfea956ec6b166d1f99a295c47338573a974c"
+SRCREV_machine:qemuarm ?= "5ca7fd91b258a07ed1b6f38593ff8c48cc574b1c"
+SRCREV_machine:qemuarm64 ?= "9d5572038eacda2e2a86e3f743f35ec415319fb4"
+SRCREV_machine:qemumips ?= "1e7a6d0d29015bf1f383cf5f52fc451c1969561d"
+SRCREV_machine:qemuppc ?= "9d5572038eacda2e2a86e3f743f35ec415319fb4"
+SRCREV_machine:qemuriscv64 ?= "9d5572038eacda2e2a86e3f743f35ec415319fb4"
+SRCREV_machine:qemuriscv32 ?= "9d5572038eacda2e2a86e3f743f35ec415319fb4"
+SRCREV_machine:qemux86 ?= "9d5572038eacda2e2a86e3f743f35ec415319fb4"
+SRCREV_machine:qemux86-64 ?= "9d5572038eacda2e2a86e3f743f35ec415319fb4"
+SRCREV_machine:qemumips64 ?= "f6646a344afbf6cacc91cbeaaec4240b372dd192"
+SRCREV_machine ?= "9d5572038eacda2e2a86e3f743f35ec415319fb4"
+SRCREV_meta ?= "f9e349e174542980f72dcd087445d0106b7a5e75"
# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
# get the <version>/base branch, which is pure upstream -stable, and the same
@@ -31,7 +31,7 @@ SRCREV_meta ?= "884dfea956ec6b166d1f99a295c47338573a974c"
# normal PREFERRED_VERSION settings.
BBCLASSEXTEND = "devupstream:target"
DEFAULT_PREFERENCE:class-devupstream = "-1"
-SRCREV_machine:class-devupstream ?= "70248e7b378b96f208d5544ee25b808a8ef2ddc2"
+SRCREV_machine:class-devupstream ?= "545728d9e08593767dd55192b0324dd4f9b71151"
PN:class-devupstream = "linux-yocto-upstream"
KBRANCH:class-devupstream = "v5.14/base"
@@ -42,11 +42,11 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.14;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "5.14.9"
+LINUX_VERSION ?= "5.14.21"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
-DEPENDS += "gmp-native"
+DEPENDS += "gmp-native libmpc-native"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/lttng/lttng-modules/0001-Fix-compaction-migratepages-event-name.patch b/meta/recipes-kernel/lttng/lttng-modules/0001-Fix-compaction-migratepages-event-name.patch
new file mode 100644
index 0000000000..e988f7a3d5
--- /dev/null
+++ b/meta/recipes-kernel/lttng/lttng-modules/0001-Fix-compaction-migratepages-event-name.patch
@@ -0,0 +1,37 @@
+From c312bda00d2dc10ce5f6c1189acbefee5c6c8c6c Mon Sep 17 00:00:00 2001
+From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+Date: Tue, 29 Mar 2022 16:34:07 -0400
+Subject: [PATCH 01/10] Fix: compaction migratepages event name
+
+The commit "fix: mm: compaction: fix the migration stats in trace_mm_compaction_migratepages() (v5.17)"
+
+Triggers this warning:
+
+ LTTng: event provider mismatch: The event name needs to start with provider name + _ + one or more letter, provider: compaction, event name: mm_compaction_migratepages
+
+Upstream-Status: Backport
+
+Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+Change-Id: I01c7485af765084dafb33bf33ae392e60bfbf1e7
+---
+ include/instrumentation/events/compaction.h | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/include/instrumentation/events/compaction.h b/include/instrumentation/events/compaction.h
+index 340e41f5..15964537 100644
+--- a/include/instrumentation/events/compaction.h
++++ b/include/instrumentation/events/compaction.h
+@@ -98,7 +98,9 @@ LTTNG_TRACEPOINT_EVENT_INSTANCE_MAP(compaction_isolate_template,
+ #endif /* #else #if LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(4,0,0) */
+
+ #if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,17,0))
+-LTTNG_TRACEPOINT_EVENT(mm_compaction_migratepages,
++LTTNG_TRACEPOINT_EVENT_MAP(mm_compaction_migratepages,
++
++ compaction_migratepages,
+
+ TP_PROTO(unsigned long nr_all,
+ unsigned int nr_succeeded),
+--
+2.19.1
+
diff --git a/meta/recipes-kernel/lttng/lttng-modules/0001-fix-cpu-hotplug-Remove-deprecated-CPU-hotplug-functi.patch b/meta/recipes-kernel/lttng/lttng-modules/0001-fix-cpu-hotplug-Remove-deprecated-CPU-hotplug-functi.patch
deleted file mode 100644
index 4e52e5f122..0000000000
--- a/meta/recipes-kernel/lttng/lttng-modules/0001-fix-cpu-hotplug-Remove-deprecated-CPU-hotplug-functi.patch
+++ /dev/null
@@ -1,394 +0,0 @@
-From 8be4c8a38ee1e297578e094a6e4c143ec5259aba Mon Sep 17 00:00:00 2001
-From: Michael Jeanson <mjeanson@efficios.com>
-Date: Mon, 13 Sep 2021 12:00:38 -0400
-Subject: [PATCH 1/2] fix: cpu/hotplug: Remove deprecated CPU-hotplug
- functions. (v5.15)
-
-The CPU-hotplug functions get|put_online_cpus() were deprecated in v4.13
-and removed in v5.15.
-
-See upstream commits :
-
-commit 8c854303ce0e38e5bbedd725ff39da7e235865d8
-Author: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
-Date: Tue Aug 3 16:16:21 2021 +0200
-
- cpu/hotplug: Remove deprecated CPU-hotplug functions.
-
- No users in tree use the deprecated CPU-hotplug functions anymore.
-
- Remove them.
-
-Introduced in v4.13 :
-
- commit 8f553c498e1772cccb39a114da4a498d22992758
- Author: Thomas Gleixner <tglx@linutronix.de>
- Date: Wed May 24 10:15:12 2017 +0200
-
- cpu/hotplug: Provide cpus_read|write_[un]lock()
-
- The counting 'rwsem' hackery of get|put_online_cpus() is going to be
- replaced by percpu rwsem.
-
- Rename the functions to make it clear that it's locking and not some
- refcount style interface. These new functions will be used for the
- preparatory patches which make the code ready for the percpu rwsem
- conversion.
-
- Rename all instances in the cpu hotplug code while at it.
-
-Upstream-Status: backport [https://git.lttng.org/?p=lttng-modules.git;a=commit;h=ffcc873470121ef1ebb110df3d9038a38d9cb7cb]
-
-Change-Id: I5a37cf5afc075a402b7347989fac637dfa60a1ed
-Signed-off-by: Michael Jeanson <mjeanson@efficios.com>
-Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
----
- include/wrapper/cpu.h | 44 +++++++++++++++++++++++
- src/lib/ringbuffer/ring_buffer_backend.c | 8 ++---
- src/lib/ringbuffer/ring_buffer_frontend.c | 17 ++++-----
- src/lib/ringbuffer/ring_buffer_iterator.c | 15 ++++----
- src/lttng-context-perf-counters.c | 11 +++---
- src/lttng-statedump-impl.c | 6 ++--
- 6 files changed, 74 insertions(+), 27 deletions(-)
- create mode 100644 include/wrapper/cpu.h
-
-diff --git a/include/wrapper/cpu.h b/include/wrapper/cpu.h
-new file mode 100644
-index 00000000..cbee1962
---- /dev/null
-+++ b/include/wrapper/cpu.h
-@@ -0,0 +1,44 @@
-+/* SPDX-License-Identifier: (GPL-2.0-only or LGPL-2.1-only)
-+ *
-+ * wrapper/cpu.h
-+ *
-+ * Copyright (C) 2021 Michael Jeanson <mjeanson@efficios.com>
-+ */
-+
-+#ifndef _LTTNG_WRAPPER_CPU_H
-+#define _LTTNG_WRAPPER_CPU_H
-+
-+#include <linux/cpu.h>
-+#include <lttng/kernel-version.h>
-+
-+#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(4,13,0))
-+
-+static inline
-+void lttng_cpus_read_lock(void)
-+{
-+ cpus_read_lock();
-+}
-+
-+static inline
-+void lttng_cpus_read_unlock(void)
-+{
-+ cpus_read_unlock();
-+}
-+
-+#else /* LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(4,13,0) */
-+
-+static inline
-+void lttng_cpus_read_lock(void)
-+{
-+ get_online_cpus();
-+}
-+
-+static inline
-+void lttng_cpus_read_unlock(void)
-+{
-+ put_online_cpus();
-+}
-+
-+#endif /* LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(4,13,0) */
-+
-+#endif /* _LTTNG_WRAPPER_CPU_H */
-diff --git a/src/lib/ringbuffer/ring_buffer_backend.c b/src/lib/ringbuffer/ring_buffer_backend.c
-index 26efb2bc..9a339be0 100644
---- a/src/lib/ringbuffer/ring_buffer_backend.c
-+++ b/src/lib/ringbuffer/ring_buffer_backend.c
-@@ -12,10 +12,10 @@
- #include <linux/delay.h>
- #include <linux/errno.h>
- #include <linux/slab.h>
--#include <linux/cpu.h>
- #include <linux/mm.h>
- #include <linux/vmalloc.h>
-
-+#include <wrapper/cpu.h>
- #include <wrapper/mm.h>
- #include <wrapper/vmalloc.h> /* for wrapper_vmalloc_sync_mappings() */
- #include <ringbuffer/config.h>
-@@ -445,14 +445,14 @@ int channel_backend_init(struct channel_backend *chanb,
- chanb->cpu_hp_notifier.priority = 5;
- register_hotcpu_notifier(&chanb->cpu_hp_notifier);
-
-- get_online_cpus();
-+ lttng_cpus_read_lock();
- for_each_online_cpu(i) {
- ret = lib_ring_buffer_create(per_cpu_ptr(chanb->buf, i),
- chanb, i);
- if (ret)
- goto free_bufs; /* cpu hotplug locked */
- }
-- put_online_cpus();
-+ lttng_cpus_read_unlock();
- #else
- for_each_possible_cpu(i) {
- ret = lib_ring_buffer_create(per_cpu_ptr(chanb->buf, i),
-@@ -485,7 +485,7 @@ free_bufs:
- */
- #else /* #if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(4,10,0)) */
- #ifdef CONFIG_HOTPLUG_CPU
-- put_online_cpus();
-+ lttng_cpus_read_unlock();
- unregister_hotcpu_notifier(&chanb->cpu_hp_notifier);
- #endif
- #endif /* #else #if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(4,10,0)) */
-diff --git a/src/lib/ringbuffer/ring_buffer_frontend.c b/src/lib/ringbuffer/ring_buffer_frontend.c
-index e9056118..87a575d0 100644
---- a/src/lib/ringbuffer/ring_buffer_frontend.c
-+++ b/src/lib/ringbuffer/ring_buffer_frontend.c
-@@ -48,6 +48,7 @@
- #include <ringbuffer/iterator.h>
- #include <ringbuffer/nohz.h>
- #include <wrapper/atomic.h>
-+#include <wrapper/cpu.h>
- #include <wrapper/kref.h>
- #include <wrapper/percpu-defs.h>
- #include <wrapper/timer.h>
-@@ -724,7 +725,7 @@ static void channel_unregister_notifiers(struct lttng_kernel_ring_buffer_channel
- int cpu;
-
- #ifdef CONFIG_HOTPLUG_CPU
-- get_online_cpus();
-+ lttng_cpus_read_lock();
- chan->cpu_hp_enable = 0;
- for_each_online_cpu(cpu) {
- struct lttng_kernel_ring_buffer *buf = per_cpu_ptr(chan->backend.buf,
-@@ -732,7 +733,7 @@ static void channel_unregister_notifiers(struct lttng_kernel_ring_buffer_channel
- lib_ring_buffer_stop_switch_timer(buf);
- lib_ring_buffer_stop_read_timer(buf);
- }
-- put_online_cpus();
-+ lttng_cpus_read_unlock();
- unregister_cpu_notifier(&chan->cpu_hp_notifier);
- #else
- for_each_possible_cpu(cpu) {
-@@ -772,14 +773,14 @@ void lib_ring_buffer_set_quiescent_channel(struct lttng_kernel_ring_buffer_chann
- const struct lttng_kernel_ring_buffer_config *config = &chan->backend.config;
-
- if (config->alloc == RING_BUFFER_ALLOC_PER_CPU) {
-- get_online_cpus();
-+ lttng_cpus_read_lock();
- for_each_channel_cpu(cpu, chan) {
- struct lttng_kernel_ring_buffer *buf = per_cpu_ptr(chan->backend.buf,
- cpu);
-
- lib_ring_buffer_set_quiescent(buf);
- }
-- put_online_cpus();
-+ lttng_cpus_read_unlock();
- } else {
- struct lttng_kernel_ring_buffer *buf = chan->backend.buf;
-
-@@ -794,14 +795,14 @@ void lib_ring_buffer_clear_quiescent_channel(struct lttng_kernel_ring_buffer_cha
- const struct lttng_kernel_ring_buffer_config *config = &chan->backend.config;
-
- if (config->alloc == RING_BUFFER_ALLOC_PER_CPU) {
-- get_online_cpus();
-+ lttng_cpus_read_lock();
- for_each_channel_cpu(cpu, chan) {
- struct lttng_kernel_ring_buffer *buf = per_cpu_ptr(chan->backend.buf,
- cpu);
-
- lib_ring_buffer_clear_quiescent(buf);
- }
-- put_online_cpus();
-+ lttng_cpus_read_unlock();
- } else {
- struct lttng_kernel_ring_buffer *buf = chan->backend.buf;
-
-@@ -899,7 +900,7 @@ struct lttng_kernel_ring_buffer_channel *channel_create(const struct lttng_kerne
- chan->cpu_hp_notifier.priority = 6;
- register_cpu_notifier(&chan->cpu_hp_notifier);
-
-- get_online_cpus();
-+ lttng_cpus_read_lock();
- for_each_online_cpu(cpu) {
- struct lttng_kernel_ring_buffer *buf = per_cpu_ptr(chan->backend.buf,
- cpu);
-@@ -909,7 +910,7 @@ struct lttng_kernel_ring_buffer_channel *channel_create(const struct lttng_kerne
- spin_unlock(&per_cpu(ring_buffer_nohz_lock, cpu));
- }
- chan->cpu_hp_enable = 1;
-- put_online_cpus();
-+ lttng_cpus_read_unlock();
- #else
- for_each_possible_cpu(cpu) {
- struct lttng_kernel_ring_buffer *buf = per_cpu_ptr(chan->backend.buf,
-diff --git a/src/lib/ringbuffer/ring_buffer_iterator.c b/src/lib/ringbuffer/ring_buffer_iterator.c
-index 25839af6..60c95ca6 100644
---- a/src/lib/ringbuffer/ring_buffer_iterator.c
-+++ b/src/lib/ringbuffer/ring_buffer_iterator.c
-@@ -10,6 +10,7 @@
- */
-
- #include <ringbuffer/iterator.h>
-+#include <wrapper/cpu.h>
- #include <wrapper/file.h>
- #include <wrapper/uaccess.h>
- #include <linux/jiffies.h>
-@@ -440,13 +441,13 @@ int channel_iterator_init(struct lttng_kernel_ring_buffer_channel *chan)
- chan->hp_iter_notifier.priority = 10;
- register_cpu_notifier(&chan->hp_iter_notifier);
-
-- get_online_cpus();
-+ lttng_cpus_read_lock();
- for_each_online_cpu(cpu) {
- buf = per_cpu_ptr(chan->backend.buf, cpu);
- lib_ring_buffer_iterator_init(chan, buf);
- }
- chan->hp_iter_enable = 1;
-- put_online_cpus();
-+ lttng_cpus_read_unlock();
- #else
- for_each_possible_cpu(cpu) {
- buf = per_cpu_ptr(chan->backend.buf, cpu);
-@@ -519,7 +520,7 @@ int channel_iterator_open(struct lttng_kernel_ring_buffer_channel *chan)
- CHAN_WARN_ON(chan, config->output != RING_BUFFER_ITERATOR);
-
- if (config->alloc == RING_BUFFER_ALLOC_PER_CPU) {
-- get_online_cpus();
-+ lttng_cpus_read_lock();
- /* Allow CPU hotplug to keep track of opened reader */
- chan->iter.read_open = 1;
- for_each_channel_cpu(cpu, chan) {
-@@ -529,7 +530,7 @@ int channel_iterator_open(struct lttng_kernel_ring_buffer_channel *chan)
- goto error;
- buf->iter.read_open = 1;
- }
-- put_online_cpus();
-+ lttng_cpus_read_unlock();
- } else {
- buf = channel_get_ring_buffer(config, chan, 0);
- ret = lib_ring_buffer_iterator_open(buf);
-@@ -538,7 +539,7 @@ int channel_iterator_open(struct lttng_kernel_ring_buffer_channel *chan)
- error:
- /* Error should always happen on CPU 0, hence no close is required. */
- CHAN_WARN_ON(chan, cpu != 0);
-- put_online_cpus();
-+ lttng_cpus_read_unlock();
- return ret;
- }
- EXPORT_SYMBOL_GPL(channel_iterator_open);
-@@ -550,7 +551,7 @@ void channel_iterator_release(struct lttng_kernel_ring_buffer_channel *chan)
- int cpu;
-
- if (config->alloc == RING_BUFFER_ALLOC_PER_CPU) {
-- get_online_cpus();
-+ lttng_cpus_read_lock();
- for_each_channel_cpu(cpu, chan) {
- buf = channel_get_ring_buffer(config, chan, cpu);
- if (buf->iter.read_open) {
-@@ -559,7 +560,7 @@ void channel_iterator_release(struct lttng_kernel_ring_buffer_channel *chan)
- }
- }
- chan->iter.read_open = 0;
-- put_online_cpus();
-+ lttng_cpus_read_unlock();
- } else {
- buf = channel_get_ring_buffer(config, chan, 0);
- lib_ring_buffer_iterator_release(buf);
-diff --git a/src/lttng-context-perf-counters.c b/src/lttng-context-perf-counters.c
-index b0227d47..372f05e0 100644
---- a/src/lttng-context-perf-counters.c
-+++ b/src/lttng-context-perf-counters.c
-@@ -16,6 +16,7 @@
- #include <lttng/events.h>
- #include <lttng/events-internal.h>
- #include <ringbuffer/frontend_types.h>
-+#include <wrapper/cpu.h>
- #include <wrapper/vmalloc.h>
- #include <wrapper/perf.h>
- #include <lttng/tracer.h>
-@@ -97,10 +98,10 @@ void lttng_destroy_perf_counter_ctx_field(void *priv)
- {
- int cpu;
-
-- get_online_cpus();
-+ lttng_cpus_read_lock();
- for_each_online_cpu(cpu)
- perf_event_release_kernel(events[cpu]);
-- put_online_cpus();
-+ lttng_cpus_read_unlock();
- #ifdef CONFIG_HOTPLUG_CPU
- unregister_cpu_notifier(&perf_field->nb);
- #endif
-@@ -304,7 +305,7 @@ int lttng_add_perf_counter_to_ctx(uint32_t type,
- perf_field->nb.priority = 0;
- register_cpu_notifier(&perf_field->nb);
- #endif
-- get_online_cpus();
-+ lttng_cpus_read_lock();
- for_each_online_cpu(cpu) {
- events[cpu] = wrapper_perf_event_create_kernel_counter(attr,
- cpu, NULL, overflow_callback);
-@@ -317,7 +318,7 @@ int lttng_add_perf_counter_to_ctx(uint32_t type,
- goto counter_busy;
- }
- }
-- put_online_cpus();
-+ lttng_cpus_read_unlock();
- perf_field->hp_enable = 1;
- }
- #endif /* #else #if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(4,10,0)) */
-@@ -351,7 +352,7 @@ counter_error:
- if (events[cpu] && !IS_ERR(events[cpu]))
- perf_event_release_kernel(events[cpu]);
- }
-- put_online_cpus();
-+ lttng_cpus_read_unlock();
- #ifdef CONFIG_HOTPLUG_CPU
- unregister_cpu_notifier(&perf_field->nb);
- #endif
-diff --git a/src/lttng-statedump-impl.c b/src/lttng-statedump-impl.c
-index 4dfbca0b..2b42783a 100644
---- a/src/lttng-statedump-impl.c
-+++ b/src/lttng-statedump-impl.c
-@@ -23,7 +23,6 @@
- #include <linux/file.h>
- #include <linux/interrupt.h>
- #include <linux/irqnr.h>
--#include <linux/cpu.h>
- #include <linux/netdevice.h>
- #include <linux/inetdevice.h>
- #include <linux/mm.h>
-@@ -34,6 +33,7 @@
-
- #include <lttng/events.h>
- #include <lttng/tracer.h>
-+#include <wrapper/cpu.h>
- #include <wrapper/irqdesc.h>
- #include <wrapper/fdtable.h>
- #include <wrapper/namespace.h>
-@@ -770,7 +770,7 @@ int do_lttng_statedump(struct lttng_kernel_session *session)
- * is to guarantee that each CPU has been in a state where is was in
- * syscall mode (i.e. not in a trap, an IRQ or a soft IRQ).
- */
-- get_online_cpus();
-+ lttng_cpus_read_lock();
- atomic_set(&kernel_threads_to_run, num_online_cpus());
- for_each_online_cpu(cpu) {
- INIT_DELAYED_WORK(&cpu_work[cpu], lttng_statedump_work_func);
-@@ -778,7 +778,7 @@ int do_lttng_statedump(struct lttng_kernel_session *session)
- }
- /* Wait for all threads to run */
- __wait_event(statedump_wq, (atomic_read(&kernel_threads_to_run) == 0));
-- put_online_cpus();
-+ lttng_cpus_read_unlock();
- /* Our work is done */
- trace_lttng_statedump_end(session);
- return 0;
---
-2.19.1
-
diff --git a/meta/recipes-kernel/lttng/lttng-modules/0002-Fix-tracepoint-event-allow-same-provider-and-event-n.patch b/meta/recipes-kernel/lttng/lttng-modules/0002-Fix-tracepoint-event-allow-same-provider-and-event-n.patch
new file mode 100644
index 0000000000..00367eebf8
--- /dev/null
+++ b/meta/recipes-kernel/lttng/lttng-modules/0002-Fix-tracepoint-event-allow-same-provider-and-event-n.patch
@@ -0,0 +1,48 @@
+From a7eb2e3d0a4beb1ee80b132927641dd05ef2d542 Mon Sep 17 00:00:00 2001
+From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+Date: Mon, 4 Apr 2022 15:49:32 -0400
+Subject: [PATCH 02/10] Fix: tracepoint event: allow same provider and event
+ name
+
+Using the same name for the provider (TRACE_SYSTEM) and event name
+causes a compilation error because the same identifiers are emitted
+twice.
+
+Fix this by prefixing the provider identifier with
+"__provider_event_desc___".
+
+Upstream-Status: Backport
+
+Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+Change-Id: I8cdf8f859e35b8bd5c19737860d12f1ed546dfc2
+---
+ include/lttng/tracepoint-event-impl.h | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/include/lttng/tracepoint-event-impl.h b/include/lttng/tracepoint-event-impl.h
+index 38b1dc43..dcb22247 100644
+--- a/include/lttng/tracepoint-event-impl.h
++++ b/include/lttng/tracepoint-event-impl.h
+@@ -1255,7 +1255,7 @@ static const struct lttng_kernel_event_desc __event_desc___##_map = { \
+ #define TP_ID1(_token, _system) _token##_system
+ #define TP_ID(_token, _system) TP_ID1(_token, _system)
+
+-static const struct lttng_kernel_event_desc * const TP_ID(__event_desc___, TRACE_SYSTEM)[] = {
++static const struct lttng_kernel_event_desc * const TP_ID(__provider_event_desc___, TRACE_SYSTEM)[] = {
+ #include TRACE_INCLUDE(TRACE_INCLUDE_FILE)
+ };
+
+@@ -1274,8 +1274,8 @@ static const struct lttng_kernel_event_desc * const TP_ID(__event_desc___, TRACE
+ /* non-const because list head will be modified when registered. */
+ static __used struct lttng_kernel_probe_desc TP_ID(__probe_desc___, TRACE_SYSTEM) = {
+ .provider_name = __stringify(TRACE_SYSTEM),
+- .event_desc = TP_ID(__event_desc___, TRACE_SYSTEM),
+- .nr_events = ARRAY_SIZE(TP_ID(__event_desc___, TRACE_SYSTEM)),
++ .event_desc = TP_ID(__provider_event_desc___, TRACE_SYSTEM),
++ .nr_events = ARRAY_SIZE(TP_ID(__provider_event_desc___, TRACE_SYSTEM)),
+ .head = { NULL, NULL },
+ .lazy_init_head = { NULL, NULL },
+ .lazy = 0,
+--
+2.19.1
+
diff --git a/meta/recipes-kernel/lttng/lttng-modules/0002-fix-Revert-Makefile-Enable-Wimplicit-fallthrough-for.patch b/meta/recipes-kernel/lttng/lttng-modules/0002-fix-Revert-Makefile-Enable-Wimplicit-fallthrough-for.patch
deleted file mode 100644
index 5b5edc5319..0000000000
--- a/meta/recipes-kernel/lttng/lttng-modules/0002-fix-Revert-Makefile-Enable-Wimplicit-fallthrough-for.patch
+++ /dev/null
@@ -1,829 +0,0 @@
-From c570be0da77e963d77bac099d468bc0cd5f1bd63 Mon Sep 17 00:00:00 2001
-From: Michael Jeanson <mjeanson@efficios.com>
-Date: Mon, 13 Sep 2021 14:16:22 -0400
-Subject: [PATCH 2/2] fix: Revert "Makefile: Enable -Wimplicit-fallthrough for
- Clang" (v5.15)
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Starting with v5.15, "-Wimplicit-fallthrough=5" was added to the build
-flags which requires the use of "__attribute__((__fallthrough__))" to
-annotate fallthrough case statements.
-
-See upstream commit by the man himself:
-
- commit d936eb23874433caa3e3d841cfa16f5434b85dcf
- Author: Linus Torvalds <torvalds@linux-foundation.org>
- Date: Thu Jul 15 18:05:31 2021 -0700
-
- Revert "Makefile: Enable -Wimplicit-fallthrough for Clang"
-
- This reverts commit b7eb335e26a9c7f258c96b3962c283c379d3ede0.
-
- It turns out that the problem with the clang -Wimplicit-fallthrough
- warning is not about the kernel source code, but about clang itself, and
- that the warning is unusable until clang fixes its broken ways.
-
- In particular, when you enable this warning for clang, you not only get
- warnings about implicit fallthroughs. You also get this:
-
- warning: fallthrough annotation in unreachable code [-Wimplicit-fallthrough]
-
- which is completely broken becasue it
-
- (a) doesn't even tell you where the problem is (seriously: no line
- numbers, no filename, no nothing).
-
- (b) is fundamentally broken anyway, because there are perfectly valid
- reasons to have a fallthrough statement even if it turns out that
- it can perhaps not be reached.
-
- In the kernel, an example of that second case is code in the scheduler:
-
- switch (state) {
- case cpuset:
- if (IS_ENABLED(CONFIG_CPUSETS)) {
- cpuset_cpus_allowed_fallback(p);
- state = possible;
- break;
- }
- fallthrough;
- case possible:
-
- where if CONFIG_CPUSETS is enabled you actually never hit the
- fallthrough case at all. But that in no way makes the fallthrough
- wrong.
-
- So the warning is completely broken, and enabling it for clang is a very
- bad idea.
-
- In the meantime, we can keep the gcc option enabled, and make the gcc
- build use
-
- -Wimplicit-fallthrough=5
-
- which means that we will at least continue to require a proper
- fallthrough statement, and that gcc won't silently accept the magic
- comment versions. Because gcc does this all correctly, and while the odd
- "=5" part is kind of obscure, it's documented in [1]:
-
- "-Wimplicit-fallthrough=5 doesn’t recognize any comments as
- fallthrough comments, only attributes disable the warning"
-
- so if clang ever fixes its bad behavior we can try enabling it there again.
-
-Upstream-Status: backport [https://git.lttng.org/?p=lttng-modules.git;a=commit;h=c190d76e8c7b44d62b3651ab845b765c1b1f8104]
-
-Change-Id: Iea69849592fb69ac04fb9bb28efcd6b8dce8ba88
-Signed-off-by: Michael Jeanson <mjeanson@efficios.com>
-Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
----
- include/counter/counter-api.h | 4 +-
- include/lttng/events-internal.h | 11 ++-
- include/wrapper/compiler_attributes.h | 34 +++++++
- src/lib/counter/counter.c | 13 ++-
- src/lttng-abi.c | 91 ++++++++++++------
- src/lttng-bytecode-interpreter.c | 4 +-
- src/lttng-bytecode-specialize.c | 5 +-
- src/lttng-events.c | 129 +++++++++++++++++---------
- src/lttng-string-utils.c | 3 +-
- src/probes/lttng-kretprobes.c | 7 +-
- 10 files changed, 215 insertions(+), 86 deletions(-)
- create mode 100644 include/wrapper/compiler_attributes.h
-
-diff --git a/include/counter/counter-api.h b/include/counter/counter-api.h
-index fbc65818..c9f2b141 100644
---- a/include/counter/counter-api.h
-+++ b/include/counter/counter-api.h
-@@ -15,6 +15,7 @@
- #include <linux/bitops.h>
- #include <counter/counter.h>
- #include <counter/counter-internal.h>
-+#include <wrapper/compiler_attributes.h>
- #include <wrapper/limits.h>
-
- /*
-@@ -256,7 +257,8 @@ static __always_inline int lttng_counter_add(const struct lib_counter_config *co
- const size_t *dimension_indexes, int64_t v)
- {
- switch (config->alloc) {
-- case COUNTER_ALLOC_PER_CPU: /* Fallthrough */
-+ case COUNTER_ALLOC_PER_CPU:
-+ lttng_fallthrough;
- case COUNTER_ALLOC_PER_CPU | COUNTER_ALLOC_GLOBAL:
- return __lttng_counter_add_percpu(config, counter, dimension_indexes, v);
- case COUNTER_ALLOC_GLOBAL:
-diff --git a/include/lttng/events-internal.h b/include/lttng/events-internal.h
-index cd560de8..ca2190c4 100644
---- a/include/lttng/events-internal.h
-+++ b/include/lttng/events-internal.h
-@@ -8,6 +8,8 @@
- #ifndef _LTTNG_EVENTS_INTERNAL_H
- #define _LTTNG_EVENTS_INTERNAL_H
-
-+#include <wrapper/compiler_attributes.h>
-+
- #include <lttng/events.h>
-
- struct lttng_syscall_filter;
-@@ -561,9 +563,12 @@ static inline bool lttng_kernel_type_is_bytewise_integer(const struct lttng_kern
- if (!type_integer)
- return false;
- switch (type_integer->size) {
-- case 8: /* Fall-through. */
-- case 16: /* Fall-through. */
-- case 32: /* Fall-through. */
-+ case 8:
-+ lttng_fallthrough;
-+ case 16:
-+ lttng_fallthrough;
-+ case 32:
-+ lttng_fallthrough;
- case 64:
- break;
- default:
-diff --git a/include/wrapper/compiler_attributes.h b/include/wrapper/compiler_attributes.h
-new file mode 100644
-index 00000000..c2c96e76
---- /dev/null
-+++ b/include/wrapper/compiler_attributes.h
-@@ -0,0 +1,34 @@
-+/* SPDX-License-Identifier: (GPL-2.0-only or LGPL-2.1-only)
-+ *
-+ * wrapper/compiler_attributes.h
-+ *
-+ * Copyright (C) 2021 Michael Jeanson <mjeanson@efficios.com>
-+ */
-+
-+#ifndef _LTTNG_WRAPPER_COMPILER_ATTRIBUTES_H
-+#define _LTTNG_WRAPPER_COMPILER_ATTRIBUTES_H
-+
-+#include <lttng/kernel-version.h>
-+
-+#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(4,20,0))
-+#include <linux/compiler_attributes.h>
-+#endif
-+
-+#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,4,0))
-+
-+/*
-+ * Use the kernel provided fallthrough attribute macro.
-+ */
-+#define lttng_fallthrough fallthrough
-+
-+#else /* LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,4,0) */
-+
-+/*
-+ * Fallback to the comment for kernels pre 5.15 that don't build with
-+ * '-Wimplicit-fallthrough=5'.
-+ */
-+#define lttng_fallthrough do {} while (0) /* fallthrough */
-+
-+#endif /* LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,4,0) */
-+
-+#endif /* _LTTNG_WRAPPER_COMPILER_ATTRIBUTES_H */
-diff --git a/src/lib/counter/counter.c b/src/lib/counter/counter.c
-index a4500a0e..bf038aac 100644
---- a/src/lib/counter/counter.c
-+++ b/src/lib/counter/counter.c
-@@ -11,6 +11,7 @@
- #include <linux/cpumask.h>
- #include <counter/counter.h>
- #include <counter/counter-internal.h>
-+#include <wrapper/compiler_attributes.h>
- #include <wrapper/vmalloc.h>
- #include <wrapper/limits.h>
-
-@@ -324,7 +325,8 @@ int lttng_counter_aggregate(const struct lib_counter_config *config,
- *underflow = false;
-
- switch (config->alloc) {
-- case COUNTER_ALLOC_GLOBAL: /* Fallthrough */
-+ case COUNTER_ALLOC_GLOBAL:
-+ lttng_fallthrough;
- case COUNTER_ALLOC_PER_CPU | COUNTER_ALLOC_GLOBAL:
- /* Read global counter. */
- ret = lttng_counter_read(config, counter, dimension_indexes,
-@@ -342,7 +344,8 @@ int lttng_counter_aggregate(const struct lib_counter_config *config,
- switch (config->alloc) {
- case COUNTER_ALLOC_GLOBAL:
- break;
-- case COUNTER_ALLOC_PER_CPU | COUNTER_ALLOC_GLOBAL: /* Fallthrough */
-+ case COUNTER_ALLOC_PER_CPU | COUNTER_ALLOC_GLOBAL:
-+ lttng_fallthrough;
- case COUNTER_ALLOC_PER_CPU:
- //TODO: integrate with CPU hotplug and online cpus
- for (cpu = 0; cpu < num_possible_cpus(); cpu++) {
-@@ -448,7 +451,8 @@ int lttng_counter_clear(const struct lib_counter_config *config,
- int cpu, ret;
-
- switch (config->alloc) {
-- case COUNTER_ALLOC_GLOBAL: /* Fallthrough */
-+ case COUNTER_ALLOC_GLOBAL:
-+ lttng_fallthrough;
- case COUNTER_ALLOC_PER_CPU | COUNTER_ALLOC_GLOBAL:
- /* Clear global counter. */
- ret = lttng_counter_clear_cpu(config, counter, dimension_indexes, -1);
-@@ -462,7 +466,8 @@ int lttng_counter_clear(const struct lib_counter_config *config,
- switch (config->alloc) {
- case COUNTER_ALLOC_GLOBAL:
- break;
-- case COUNTER_ALLOC_PER_CPU | COUNTER_ALLOC_GLOBAL: /* Fallthrough */
-+ case COUNTER_ALLOC_PER_CPU | COUNTER_ALLOC_GLOBAL:
-+ lttng_fallthrough;
- case COUNTER_ALLOC_PER_CPU:
- //TODO: integrate with CPU hotplug and online cpus
- for (cpu = 0; cpu < num_possible_cpus(); cpu++) {
-diff --git a/src/lttng-abi.c b/src/lttng-abi.c
-index cc453894..eac1afd1 100644
---- a/src/lttng-abi.c
-+++ b/src/lttng-abi.c
-@@ -34,6 +34,7 @@
- #include <ringbuffer/vfs.h>
- #include <ringbuffer/backend.h>
- #include <ringbuffer/frontend.h>
-+#include <wrapper/compiler_attributes.h>
- #include <wrapper/poll.h>
- #include <wrapper/file.h>
- #include <wrapper/kref.h>
-@@ -1332,7 +1333,8 @@ long lttng_metadata_ring_buffer_ioctl(struct file *filp,
- */
- return -ENOSYS;
- }
-- case LTTNG_KERNEL_ABI_RING_BUFFER_FLUSH_EMPTY: /* Fall-through. */
-+ case LTTNG_KERNEL_ABI_RING_BUFFER_FLUSH_EMPTY:
-+ lttng_fallthrough;
- case LTTNG_KERNEL_ABI_RING_BUFFER_FLUSH:
- {
- struct lttng_metadata_stream *stream = filp->private_data;
-@@ -1441,7 +1443,8 @@ long lttng_metadata_ring_buffer_compat_ioctl(struct file *filp,
- */
- return -ENOSYS;
- }
-- case LTTNG_KERNEL_ABI_RING_BUFFER_FLUSH_EMPTY: /* Fall-through. */
-+ case LTTNG_KERNEL_ABI_RING_BUFFER_FLUSH_EMPTY:
-+ lttng_fallthrough;
- case LTTNG_KERNEL_ABI_RING_BUFFER_FLUSH:
- {
- struct lttng_metadata_stream *stream = filp->private_data;
-@@ -1758,8 +1761,10 @@ int lttng_abi_validate_event_param(struct lttng_kernel_abi_event *event_param)
- switch (event_param->instrumentation) {
- case LTTNG_KERNEL_ABI_SYSCALL:
- switch (event_param->u.syscall.entryexit) {
-- case LTTNG_KERNEL_ABI_SYSCALL_ENTRY: /* Fall-through */
-- case LTTNG_KERNEL_ABI_SYSCALL_EXIT: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_SYSCALL_ENTRY:
-+ lttng_fallthrough;
-+ case LTTNG_KERNEL_ABI_SYSCALL_EXIT:
-+ lttng_fallthrough;
- case LTTNG_KERNEL_ABI_SYSCALL_ENTRYEXIT:
- break;
- default:
-@@ -1783,20 +1788,26 @@ int lttng_abi_validate_event_param(struct lttng_kernel_abi_event *event_param)
- switch (event_param->u.kretprobe.entryexit) {
- case LTTNG_KERNEL_ABI_SYSCALL_ENTRYEXIT:
- break;
-- case LTTNG_KERNEL_ABI_SYSCALL_ENTRY: /* Fall-through */
-- case LTTNG_KERNEL_ABI_SYSCALL_EXIT: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_SYSCALL_ENTRY:
-+ lttng_fallthrough;
-+ case LTTNG_KERNEL_ABI_SYSCALL_EXIT:
-+ lttng_fallthrough;
- default:
- return -EINVAL;
- }
- break;
-
-- case LTTNG_KERNEL_ABI_TRACEPOINT: /* Fall-through */
-- case LTTNG_KERNEL_ABI_KPROBE: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_TRACEPOINT:
-+ lttng_fallthrough;
-+ case LTTNG_KERNEL_ABI_KPROBE:
-+ lttng_fallthrough;
- case LTTNG_KERNEL_ABI_UPROBE:
- break;
-
-- case LTTNG_KERNEL_ABI_FUNCTION: /* Fall-through */
-- case LTTNG_KERNEL_ABI_NOOP: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_FUNCTION:
-+ lttng_fallthrough;
-+ case LTTNG_KERNEL_ABI_NOOP:
-+ lttng_fallthrough;
- default:
- return -EINVAL;
- }
-@@ -1830,18 +1841,23 @@ int lttng_abi_create_event(struct file *channel_file,
- }
-
- switch (event_param->instrumentation) {
-- case LTTNG_KERNEL_ABI_TRACEPOINT: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_TRACEPOINT:
-+ lttng_fallthrough;
- case LTTNG_KERNEL_ABI_SYSCALL:
- fops = &lttng_event_recorder_enabler_fops;
- break;
-- case LTTNG_KERNEL_ABI_KPROBE: /* Fall-through */
-- case LTTNG_KERNEL_ABI_KRETPROBE: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_KPROBE:
-+ lttng_fallthrough;
-+ case LTTNG_KERNEL_ABI_KRETPROBE:
-+ lttng_fallthrough;
- case LTTNG_KERNEL_ABI_UPROBE:
- fops = &lttng_event_recorder_event_fops;
- break;
-
-- case LTTNG_KERNEL_ABI_FUNCTION: /* Fall-through */
-- case LTTNG_KERNEL_ABI_NOOP: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_FUNCTION:
-+ lttng_fallthrough;
-+ case LTTNG_KERNEL_ABI_NOOP:
-+ lttng_fallthrough;
- default:
- return -EINVAL;
- }
-@@ -1867,7 +1883,8 @@ int lttng_abi_create_event(struct file *channel_file,
- goto event_error;
-
- switch (event_param->instrumentation) {
-- case LTTNG_KERNEL_ABI_TRACEPOINT: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_TRACEPOINT:
-+ lttng_fallthrough;
- case LTTNG_KERNEL_ABI_SYSCALL:
- {
- struct lttng_event_enabler *event_enabler;
-@@ -1887,8 +1904,10 @@ int lttng_abi_create_event(struct file *channel_file,
- break;
- }
-
-- case LTTNG_KERNEL_ABI_KPROBE: /* Fall-through */
-- case LTTNG_KERNEL_ABI_KRETPROBE: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_KPROBE:
-+ lttng_fallthrough;
-+ case LTTNG_KERNEL_ABI_KRETPROBE:
-+ lttng_fallthrough;
- case LTTNG_KERNEL_ABI_UPROBE:
- {
- struct lttng_kernel_event_recorder *event;
-@@ -1908,8 +1927,10 @@ int lttng_abi_create_event(struct file *channel_file,
- break;
- }
-
-- case LTTNG_KERNEL_ABI_FUNCTION: /* Fall-through */
-- case LTTNG_KERNEL_ABI_NOOP: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_FUNCTION:
-+ lttng_fallthrough;
-+ case LTTNG_KERNEL_ABI_NOOP:
-+ lttng_fallthrough;
- default:
- ret = -EINVAL;
- goto event_error;
-@@ -2043,18 +2064,23 @@ int lttng_abi_create_event_notifier(struct file *event_notifier_group_file,
- }
-
- switch (event_notifier_param->event.instrumentation) {
-- case LTTNG_KERNEL_ABI_TRACEPOINT: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_TRACEPOINT:
-+ lttng_fallthrough;
- case LTTNG_KERNEL_ABI_SYSCALL:
- fops = &lttng_event_notifier_enabler_fops;
- break;
-- case LTTNG_KERNEL_ABI_KPROBE: /* Fall-through */
-- case LTTNG_KERNEL_ABI_KRETPROBE: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_KPROBE:
-+ lttng_fallthrough;
-+ case LTTNG_KERNEL_ABI_KRETPROBE:
-+ lttng_fallthrough;
- case LTTNG_KERNEL_ABI_UPROBE:
- fops = &lttng_event_notifier_event_fops;
- break;
-
-- case LTTNG_KERNEL_ABI_FUNCTION: /* Fall-through */
-- case LTTNG_KERNEL_ABI_NOOP: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_FUNCTION:
-+ lttng_fallthrough;
-+ case LTTNG_KERNEL_ABI_NOOP:
-+ lttng_fallthrough;
- default:
- ret = -EINVAL;
- goto inval_instr;
-@@ -2086,7 +2112,8 @@ int lttng_abi_create_event_notifier(struct file *event_notifier_group_file,
- goto event_notifier_error;
-
- switch (event_notifier_param->event.instrumentation) {
-- case LTTNG_KERNEL_ABI_TRACEPOINT: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_TRACEPOINT:
-+ lttng_fallthrough;
- case LTTNG_KERNEL_ABI_SYSCALL:
- {
- struct lttng_event_notifier_enabler *enabler;
-@@ -2110,8 +2137,10 @@ int lttng_abi_create_event_notifier(struct file *event_notifier_group_file,
- break;
- }
-
-- case LTTNG_KERNEL_ABI_KPROBE: /* Fall-through */
-- case LTTNG_KERNEL_ABI_KRETPROBE: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_KPROBE:
-+ lttng_fallthrough;
-+ case LTTNG_KERNEL_ABI_KRETPROBE:
-+ lttng_fallthrough;
- case LTTNG_KERNEL_ABI_UPROBE:
- {
- struct lttng_kernel_event_notifier *event_notifier;
-@@ -2135,8 +2164,10 @@ int lttng_abi_create_event_notifier(struct file *event_notifier_group_file,
- break;
- }
-
-- case LTTNG_KERNEL_ABI_FUNCTION: /* Fall-through */
-- case LTTNG_KERNEL_ABI_NOOP: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_FUNCTION:
-+ lttng_fallthrough;
-+ case LTTNG_KERNEL_ABI_NOOP:
-+ lttng_fallthrough;
- default:
- ret = -EINVAL;
- goto event_notifier_error;
-diff --git a/src/lttng-bytecode-interpreter.c b/src/lttng-bytecode-interpreter.c
-index b46a23b7..a2a932c6 100644
---- a/src/lttng-bytecode-interpreter.c
-+++ b/src/lttng-bytecode-interpreter.c
-@@ -7,6 +7,7 @@
- * Copyright (C) 2010-2016 Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
- */
-
-+#include <wrapper/compiler_attributes.h>
- #include <wrapper/uaccess.h>
- #include <wrapper/objtool.h>
- #include <wrapper/types.h>
-@@ -421,7 +422,8 @@ static int dynamic_get_index(struct lttng_kernel_probe_ctx *lttng_probe_ctx,
- }
- break;
- case LOAD_ROOT_CONTEXT:
-- case LOAD_ROOT_APP_CONTEXT: /* Fall-through */
-+ lttng_fallthrough;
-+ case LOAD_ROOT_APP_CONTEXT:
- {
- ret = context_get_index(lttng_probe_ctx,
- &stack_top->u.ptr,
-diff --git a/src/lttng-bytecode-specialize.c b/src/lttng-bytecode-specialize.c
-index c4b9d04b..f8b5f19d 100644
---- a/src/lttng-bytecode-specialize.c
-+++ b/src/lttng-bytecode-specialize.c
-@@ -8,6 +8,8 @@
- */
-
- #include <linux/slab.h>
-+#include <wrapper/compiler_attributes.h>
-+
- #include <lttng/lttng-bytecode.h>
- #include <lttng/align.h>
- #include <lttng/events-internal.h>
-@@ -271,7 +273,8 @@ static int specialize_get_index(struct bytecode_runtime *runtime,
- }
- case OBJECT_TYPE_STRUCT:
- /* Only generated by the specialize phase. */
-- case OBJECT_TYPE_VARIANT: /* Fall-through */
-+ case OBJECT_TYPE_VARIANT:
-+ lttng_fallthrough;
- default:
- printk(KERN_WARNING "LTTng: bytecode: Unexpected get index type %d",
- (int) stack_top->load.object_type);
-diff --git a/src/lttng-events.c b/src/lttng-events.c
-index e785fe4d..230e3934 100644
---- a/src/lttng-events.c
-+++ b/src/lttng-events.c
-@@ -28,6 +28,7 @@
- #include <linux/vmalloc.h>
- #include <linux/dmi.h>
-
-+#include <wrapper/compiler_attributes.h>
- #include <wrapper/uuid.h>
- #include <wrapper/vmalloc.h> /* for wrapper_vmalloc_sync_mappings() */
- #include <wrapper/random.h>
-@@ -659,12 +660,14 @@ int lttng_event_enable(struct lttng_kernel_event_common *event)
- goto end;
- }
- switch (event->priv->instrumentation) {
-- case LTTNG_KERNEL_ABI_TRACEPOINT: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_TRACEPOINT:
-+ lttng_fallthrough;
- case LTTNG_KERNEL_ABI_SYSCALL:
- ret = -EINVAL;
- break;
-
-- case LTTNG_KERNEL_ABI_KPROBE: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_KPROBE:
-+ lttng_fallthrough;
- case LTTNG_KERNEL_ABI_UPROBE:
- WRITE_ONCE(event->enabled, 1);
- break;
-@@ -673,8 +676,10 @@ int lttng_event_enable(struct lttng_kernel_event_common *event)
- ret = lttng_kretprobes_event_enable_state(event, 1);
- break;
-
-- case LTTNG_KERNEL_ABI_FUNCTION: /* Fall-through */
-- case LTTNG_KERNEL_ABI_NOOP: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_FUNCTION:
-+ lttng_fallthrough;
-+ case LTTNG_KERNEL_ABI_NOOP:
-+ lttng_fallthrough;
- default:
- WARN_ON_ONCE(1);
- ret = -EINVAL;
-@@ -719,12 +724,14 @@ int lttng_event_disable(struct lttng_kernel_event_common *event)
- goto end;
- }
- switch (event->priv->instrumentation) {
-- case LTTNG_KERNEL_ABI_TRACEPOINT: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_TRACEPOINT:
-+ lttng_fallthrough;
- case LTTNG_KERNEL_ABI_SYSCALL:
- ret = -EINVAL;
- break;
-
-- case LTTNG_KERNEL_ABI_KPROBE: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_KPROBE:
-+ lttng_fallthrough;
- case LTTNG_KERNEL_ABI_UPROBE:
- WRITE_ONCE(event->enabled, 0);
- break;
-@@ -733,8 +740,10 @@ int lttng_event_disable(struct lttng_kernel_event_common *event)
- ret = lttng_kretprobes_event_enable_state(event, 0);
- break;
-
-- case LTTNG_KERNEL_ABI_FUNCTION: /* Fall-through */
-- case LTTNG_KERNEL_ABI_NOOP: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_FUNCTION:
-+ lttng_fallthrough;
-+ case LTTNG_KERNEL_ABI_NOOP:
-+ lttng_fallthrough;
- default:
- WARN_ON_ONCE(1);
- ret = -EINVAL;
-@@ -873,15 +882,20 @@ struct lttng_kernel_event_recorder *_lttng_kernel_event_recorder_create(struct l
- event_name = event_desc->event_name;
- break;
-
-- case LTTNG_KERNEL_ABI_KPROBE: /* Fall-through */
-- case LTTNG_KERNEL_ABI_UPROBE: /* Fall-through */
-- case LTTNG_KERNEL_ABI_KRETPROBE: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_KPROBE:
-+ lttng_fallthrough;
-+ case LTTNG_KERNEL_ABI_UPROBE:
-+ lttng_fallthrough;
-+ case LTTNG_KERNEL_ABI_KRETPROBE:
-+ lttng_fallthrough;
- case LTTNG_KERNEL_ABI_SYSCALL:
- event_name = event_param->name;
- break;
-
-- case LTTNG_KERNEL_ABI_FUNCTION: /* Fall-through */
-- case LTTNG_KERNEL_ABI_NOOP: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_FUNCTION:
-+ lttng_fallthrough;
-+ case LTTNG_KERNEL_ABI_NOOP:
-+ lttng_fallthrough;
- default:
- WARN_ON_ONCE(1);
- ret = -EINVAL;
-@@ -1093,8 +1107,10 @@ struct lttng_kernel_event_recorder *_lttng_kernel_event_recorder_create(struct l
- WARN_ON_ONCE(!ret);
- break;
-
-- case LTTNG_KERNEL_ABI_FUNCTION: /* Fall-through */
-- case LTTNG_KERNEL_ABI_NOOP: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_FUNCTION:
-+ lttng_fallthrough;
-+ case LTTNG_KERNEL_ABI_NOOP:
-+ lttng_fallthrough;
- default:
- WARN_ON_ONCE(1);
- ret = -EINVAL;
-@@ -1141,15 +1157,20 @@ struct lttng_kernel_event_notifier *_lttng_event_notifier_create(
- event_name = event_desc->event_name;
- break;
-
-- case LTTNG_KERNEL_ABI_KPROBE: /* Fall-through */
-- case LTTNG_KERNEL_ABI_UPROBE: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_KPROBE:
-+ lttng_fallthrough;
-+ case LTTNG_KERNEL_ABI_UPROBE:
-+ lttng_fallthrough;
- case LTTNG_KERNEL_ABI_SYSCALL:
- event_name = event_notifier_param->event.name;
- break;
-
-- case LTTNG_KERNEL_ABI_KRETPROBE: /* Fall-through */
-- case LTTNG_KERNEL_ABI_FUNCTION: /* Fall-through */
-- case LTTNG_KERNEL_ABI_NOOP: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_KRETPROBE:
-+ lttng_fallthrough;
-+ case LTTNG_KERNEL_ABI_FUNCTION:
-+ lttng_fallthrough;
-+ case LTTNG_KERNEL_ABI_NOOP:
-+ lttng_fallthrough;
- default:
- WARN_ON_ONCE(1);
- ret = -EINVAL;
-@@ -1296,9 +1317,12 @@ struct lttng_kernel_event_notifier *_lttng_event_notifier_create(
- WARN_ON_ONCE(!ret);
- break;
-
-- case LTTNG_KERNEL_ABI_KRETPROBE: /* Fall-through */
-- case LTTNG_KERNEL_ABI_FUNCTION: /* Fall-through */
-- case LTTNG_KERNEL_ABI_NOOP: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_KRETPROBE:
-+ lttng_fallthrough;
-+ case LTTNG_KERNEL_ABI_FUNCTION:
-+ lttng_fallthrough;
-+ case LTTNG_KERNEL_ABI_NOOP:
-+ lttng_fallthrough;
- default:
- WARN_ON_ONCE(1);
- ret = -EINVAL;
-@@ -1423,14 +1447,18 @@ void register_event(struct lttng_kernel_event_recorder *event_recorder)
- ret = lttng_syscall_filter_enable_event(event_recorder->chan, event_recorder);
- break;
-
-- case LTTNG_KERNEL_ABI_KPROBE: /* Fall-through */
-- case LTTNG_KERNEL_ABI_UPROBE: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_KPROBE:
-+ lttng_fallthrough;
-+ case LTTNG_KERNEL_ABI_UPROBE:
-+ lttng_fallthrough;
- case LTTNG_KERNEL_ABI_KRETPROBE:
- ret = 0;
- break;
-
-- case LTTNG_KERNEL_ABI_FUNCTION: /* Fall-through */
-- case LTTNG_KERNEL_ABI_NOOP: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_FUNCTION:
-+ lttng_fallthrough;
-+ case LTTNG_KERNEL_ABI_NOOP:
-+ lttng_fallthrough;
- default:
- WARN_ON_ONCE(1);
- }
-@@ -1481,7 +1509,8 @@ int _lttng_event_unregister(struct lttng_kernel_event_recorder *event_recorder)
- ret = 0;
- break;
-
-- case LTTNG_KERNEL_ABI_FUNCTION: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_FUNCTION:
-+ lttng_fallthrough;
- default:
- WARN_ON_ONCE(1);
- }
-@@ -1512,14 +1541,18 @@ void register_event_notifier(struct lttng_kernel_event_notifier *event_notifier)
- ret = lttng_syscall_filter_enable_event_notifier(event_notifier);
- break;
-
-- case LTTNG_KERNEL_ABI_KPROBE: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_KPROBE:
-+ lttng_fallthrough;
- case LTTNG_KERNEL_ABI_UPROBE:
- ret = 0;
- break;
-
-- case LTTNG_KERNEL_ABI_KRETPROBE: /* Fall-through */
-- case LTTNG_KERNEL_ABI_FUNCTION: /* Fall-through */
-- case LTTNG_KERNEL_ABI_NOOP: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_KRETPROBE:
-+ lttng_fallthrough;
-+ case LTTNG_KERNEL_ABI_FUNCTION:
-+ lttng_fallthrough;
-+ case LTTNG_KERNEL_ABI_NOOP:
-+ lttng_fallthrough;
- default:
- WARN_ON_ONCE(1);
- }
-@@ -1559,9 +1592,12 @@ int _lttng_event_notifier_unregister(
- ret = lttng_syscall_filter_disable_event_notifier(event_notifier);
- break;
-
-- case LTTNG_KERNEL_ABI_KRETPROBE: /* Fall-through */
-- case LTTNG_KERNEL_ABI_FUNCTION: /* Fall-through */
-- case LTTNG_KERNEL_ABI_NOOP: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_KRETPROBE:
-+ lttng_fallthrough;
-+ case LTTNG_KERNEL_ABI_FUNCTION:
-+ lttng_fallthrough;
-+ case LTTNG_KERNEL_ABI_NOOP:
-+ lttng_fallthrough;
- default:
- WARN_ON_ONCE(1);
- }
-@@ -1614,8 +1650,10 @@ void _lttng_event_destroy(struct lttng_kernel_event_common *event)
- lttng_uprobes_destroy_event_private(event_recorder);
- break;
-
-- case LTTNG_KERNEL_ABI_FUNCTION: /* Fall-through */
-- case LTTNG_KERNEL_ABI_NOOP: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_FUNCTION:
-+ lttng_fallthrough;
-+ case LTTNG_KERNEL_ABI_NOOP:
-+ lttng_fallthrough;
- default:
- WARN_ON_ONCE(1);
- }
-@@ -1647,9 +1685,12 @@ void _lttng_event_destroy(struct lttng_kernel_event_common *event)
- lttng_uprobes_destroy_event_notifier_private(event_notifier);
- break;
-
-- case LTTNG_KERNEL_ABI_KRETPROBE: /* Fall-through */
-- case LTTNG_KERNEL_ABI_FUNCTION: /* Fall-through */
-- case LTTNG_KERNEL_ABI_NOOP: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_KRETPROBE:
-+ lttng_fallthrough;
-+ case LTTNG_KERNEL_ABI_FUNCTION:
-+ lttng_fallthrough;
-+ case LTTNG_KERNEL_ABI_NOOP:
-+ lttng_fallthrough;
- default:
- WARN_ON_ONCE(1);
- }
-@@ -2713,7 +2754,8 @@ void lttng_session_sync_event_enablers(struct lttng_kernel_session *session)
- int nr_filters = 0;
-
- switch (event_recorder_priv->parent.instrumentation) {
-- case LTTNG_KERNEL_ABI_TRACEPOINT: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_TRACEPOINT:
-+ lttng_fallthrough;
- case LTTNG_KERNEL_ABI_SYSCALL:
- /* Enable events */
- list_for_each_entry(enabler_ref,
-@@ -2807,7 +2849,8 @@ void lttng_event_notifier_group_sync_enablers(struct lttng_event_notifier_group
- int nr_filters = 0, nr_captures = 0;
-
- switch (event_notifier_priv->parent.instrumentation) {
-- case LTTNG_KERNEL_ABI_TRACEPOINT: /* Fall-through */
-+ case LTTNG_KERNEL_ABI_TRACEPOINT:
-+ lttng_fallthrough;
- case LTTNG_KERNEL_ABI_SYSCALL:
- /* Enable event_notifiers */
- list_for_each_entry(enabler_ref,
-@@ -3877,7 +3920,7 @@ int print_escaped_ctf_string(struct lttng_kernel_session *session, const char *s
- if (ret)
- goto error;
- /* We still print the current char */
-- /* Fallthrough */
-+ lttng_fallthrough;
- default:
- ret = lttng_metadata_printf(session, "%c", cur);
- break;
-diff --git a/src/lttng-string-utils.c b/src/lttng-string-utils.c
-index d9447903..65946193 100644
---- a/src/lttng-string-utils.c
-+++ b/src/lttng-string-utils.c
-@@ -4,6 +4,7 @@
- */
-
- #include <linux/types.h>
-+#include <wrapper/compiler_attributes.h>
-
- #include <lttng/string-utils.h>
-
-@@ -302,7 +303,7 @@ retry:
- p = pattern_get_char_at_cb(p_at,
- pattern_get_char_at_cb_data);
-
-- /* Fall-through. */
-+ lttng_fallthrough;
- default:
- /*
- * Default case which will compare the escaped
-diff --git a/src/probes/lttng-kretprobes.c b/src/probes/lttng-kretprobes.c
-index 0fa6a1bf..1d0a5ecb 100644
---- a/src/probes/lttng-kretprobes.c
-+++ b/src/probes/lttng-kretprobes.c
-@@ -14,6 +14,7 @@
- #include <lttng/events.h>
- #include <lttng/events-internal.h>
- #include <ringbuffer/frontend_types.h>
-+#include <wrapper/compiler_attributes.h>
- #include <wrapper/vmalloc.h>
- #include <wrapper/irqflags.h>
- #include <lttng/tracer.h>
-@@ -61,7 +62,8 @@ int _lttng_kretprobes_handler(struct kretprobe_instance *krpi,
- return 0;
- break;
- }
-- case LTTNG_KERNEL_EVENT_TYPE_NOTIFIER: /* Fall-through. */
-+ case LTTNG_KERNEL_EVENT_TYPE_NOTIFIER:
-+ lttng_fallthrough;
- default:
- WARN_ON_ONCE(1);
- }
-@@ -90,7 +92,8 @@ int _lttng_kretprobes_handler(struct kretprobe_instance *krpi,
- chan->ops->event_commit(&ctx);
- break;
- }
-- case LTTNG_KERNEL_EVENT_TYPE_NOTIFIER: /* Fall-through. */
-+ case LTTNG_KERNEL_EVENT_TYPE_NOTIFIER:
-+ lttng_fallthrough;
- default:
- WARN_ON_ONCE(1);
- }
---
-2.19.1
-
diff --git a/meta/recipes-kernel/lttng/lttng-modules/0003-fix-sched-tracing-Don-t-re-read-p-state-when-emittin.patch b/meta/recipes-kernel/lttng/lttng-modules/0003-fix-sched-tracing-Don-t-re-read-p-state-when-emittin.patch
new file mode 100644
index 0000000000..afe514de82
--- /dev/null
+++ b/meta/recipes-kernel/lttng/lttng-modules/0003-fix-sched-tracing-Don-t-re-read-p-state-when-emittin.patch
@@ -0,0 +1,183 @@
+From 8e52fd71e693619f7a58de2692e59f0c826e9988 Mon Sep 17 00:00:00 2001
+From: Michael Jeanson <mjeanson@efficios.com>
+Date: Mon, 4 Apr 2022 13:52:57 -0400
+Subject: [PATCH 03/10] fix: sched/tracing: Don't re-read p->state when
+ emitting sched_switch event (v5.18)
+
+See upstream commit :
+
+ commit fa2c3254d7cfff5f7a916ab928a562d1165f17bb
+ Author: Valentin Schneider <valentin.schneider@arm.com>
+ Date: Thu Jan 20 16:25:19 2022 +0000
+
+ sched/tracing: Don't re-read p->state when emitting sched_switch event
+
+ As of commit
+
+ c6e7bd7afaeb ("sched/core: Optimize ttwu() spinning on p->on_cpu")
+
+ the following sequence becomes possible:
+
+ p->__state = TASK_INTERRUPTIBLE;
+ __schedule()
+ deactivate_task(p);
+ ttwu()
+ READ !p->on_rq
+ p->__state=TASK_WAKING
+ trace_sched_switch()
+ __trace_sched_switch_state()
+ task_state_index()
+ return 0;
+
+ TASK_WAKING isn't in TASK_REPORT, so the task appears as TASK_RUNNING in
+ the trace event.
+
+ Prevent this by pushing the value read from __schedule() down the trace
+ event.
+
+Upstream-Status: Backport
+
+Change-Id: I46743cd006be4b4d573cae2d77df7d6d16744d04
+Signed-off-by: Michael Jeanson <mjeanson@efficios.com>
+Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+---
+ include/instrumentation/events/sched.h | 88 +++++++++++++++++++++++---
+ 1 file changed, 78 insertions(+), 10 deletions(-)
+
+diff --git a/include/instrumentation/events/sched.h b/include/instrumentation/events/sched.h
+index 91953a6f..339bec94 100644
+--- a/include/instrumentation/events/sched.h
++++ b/include/instrumentation/events/sched.h
+@@ -20,7 +20,37 @@
+ #ifndef _TRACE_SCHED_DEF_
+ #define _TRACE_SCHED_DEF_
+
+-#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(4,15,0))
++#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,18,0))
++
++static inline long __trace_sched_switch_state(bool preempt,
++ unsigned int prev_state,
++ struct task_struct *p)
++{
++ unsigned int state;
++
++#ifdef CONFIG_SCHED_DEBUG
++ BUG_ON(p != current);
++#endif /* CONFIG_SCHED_DEBUG */
++
++ /*
++ * Preemption ignores task state, therefore preempted tasks are always
++ * RUNNING (we will not have dequeued if state != RUNNING).
++ */
++ if (preempt)
++ return TASK_REPORT_MAX;
++
++ /*
++ * task_state_index() uses fls() and returns a value from 0-8 range.
++ * Decrement it by 1 (except TASK_RUNNING state i.e 0) before using
++ * it for left shift operation to get the correct task->state
++ * mapping.
++ */
++ state = __task_state_index(prev_state, p->exit_state);
++
++ return state ? (1 << (state - 1)) : state;
++}
++
++#elif (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(4,15,0))
+
+ static inline long __trace_sched_switch_state(bool preempt, struct task_struct *p)
+ {
+@@ -321,43 +351,81 @@ LTTNG_TRACEPOINT_EVENT_INSTANCE(sched_wakeup_template, sched_wakeup_new,
+ /*
+ * Tracepoint for task switches, performed by the scheduler:
+ */
++
++#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,18,0))
+ LTTNG_TRACEPOINT_EVENT(sched_switch,
+
+-#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(4,4,0))
+ TP_PROTO(bool preempt,
+- struct task_struct *prev,
+- struct task_struct *next),
++ unsigned int prev_state,
++ struct task_struct *prev,
++ struct task_struct *next),
+
+- TP_ARGS(preempt, prev, next),
++ TP_ARGS(preempt, prev_state, prev, next),
++
++ TP_FIELDS(
++ ctf_array_text(char, prev_comm, prev->comm, TASK_COMM_LEN)
++ ctf_integer(pid_t, prev_tid, prev->pid)
++ ctf_integer(int, prev_prio, prev->prio - MAX_RT_PRIO)
++#ifdef CONFIG_LTTNG_EXPERIMENTAL_BITWISE_ENUM
++ ctf_enum(task_state, long, prev_state, __trace_sched_switch_state(preempt, prev_state, prev))
+ #else
+- TP_PROTO(struct task_struct *prev,
++ ctf_integer(long, prev_state, __trace_sched_switch_state(preempt, prev_state, prev))
++#endif
++ ctf_array_text(char, next_comm, next->comm, TASK_COMM_LEN)
++ ctf_integer(pid_t, next_tid, next->pid)
++ ctf_integer(int, next_prio, next->prio - MAX_RT_PRIO)
++ )
++)
++
++#elif (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(4,4,0))
++
++LTTNG_TRACEPOINT_EVENT(sched_switch,
++
++ TP_PROTO(bool preempt,
++ struct task_struct *prev,
+ struct task_struct *next),
+
+- TP_ARGS(prev, next),
+-#endif /* #if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(4,4,0)) */
++ TP_ARGS(preempt, prev, next),
+
+ TP_FIELDS(
+ ctf_array_text(char, prev_comm, prev->comm, TASK_COMM_LEN)
+ ctf_integer(pid_t, prev_tid, prev->pid)
+ ctf_integer(int, prev_prio, prev->prio - MAX_RT_PRIO)
+-#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(4,4,0))
+ #ifdef CONFIG_LTTNG_EXPERIMENTAL_BITWISE_ENUM
+ ctf_enum(task_state, long, prev_state, __trace_sched_switch_state(preempt, prev))
+ #else
+ ctf_integer(long, prev_state, __trace_sched_switch_state(preempt, prev))
+ #endif
++ ctf_array_text(char, next_comm, next->comm, TASK_COMM_LEN)
++ ctf_integer(pid_t, next_tid, next->pid)
++ ctf_integer(int, next_prio, next->prio - MAX_RT_PRIO)
++ )
++)
++
+ #else
++
++LTTNG_TRACEPOINT_EVENT(sched_switch,
++
++ TP_PROTO(struct task_struct *prev,
++ struct task_struct *next),
++
++ TP_ARGS(prev, next),
++
++ TP_FIELDS(
++ ctf_array_text(char, prev_comm, prev->comm, TASK_COMM_LEN)
++ ctf_integer(pid_t, prev_tid, prev->pid)
++ ctf_integer(int, prev_prio, prev->prio - MAX_RT_PRIO)
+ #ifdef CONFIG_LTTNG_EXPERIMENTAL_BITWISE_ENUM
+ ctf_enum(task_state, long, prev_state, __trace_sched_switch_state(prev))
+ #else
+ ctf_integer(long, prev_state, __trace_sched_switch_state(prev))
+-#endif
+ #endif
+ ctf_array_text(char, next_comm, next->comm, TASK_COMM_LEN)
+ ctf_integer(pid_t, next_tid, next->pid)
+ ctf_integer(int, next_prio, next->prio - MAX_RT_PRIO)
+ )
+ )
++#endif
+
+ /*
+ * Tracepoint for a task being migrated:
+--
+2.19.1
+
diff --git a/meta/recipes-kernel/lttng/lttng-modules/0004-fix-block-remove-genhd.h-v5.18.patch b/meta/recipes-kernel/lttng/lttng-modules/0004-fix-block-remove-genhd.h-v5.18.patch
new file mode 100644
index 0000000000..9248ffe4ff
--- /dev/null
+++ b/meta/recipes-kernel/lttng/lttng-modules/0004-fix-block-remove-genhd.h-v5.18.patch
@@ -0,0 +1,45 @@
+From 868e0b6db59159197c2cec3550fa4ad5e6572bc5 Mon Sep 17 00:00:00 2001
+From: Michael Jeanson <mjeanson@efficios.com>
+Date: Mon, 4 Apr 2022 13:54:59 -0400
+Subject: [PATCH 04/10] fix: block: remove genhd.h (v5.18)
+
+See upstream commit :
+
+ commit 322cbb50de711814c42fb088f6d31901502c711a
+ Author: Christoph Hellwig <hch@lst.de>
+ Date: Mon Jan 24 10:39:13 2022 +0100
+
+ block: remove genhd.h
+
+ There is no good reason to keep genhd.h separate from the main blkdev.h
+ header that includes it. So fold the contents of genhd.h into blkdev.h
+ and remove genhd.h entirely.
+
+Upstream-Status: Backport
+
+Change-Id: I7cf2aaa3a4c133320b95f2edde49f790f9515dbd
+Signed-off-by: Michael Jeanson <mjeanson@efficios.com>
+Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+---
+ include/wrapper/genhd.h | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/include/wrapper/genhd.h b/include/wrapper/genhd.h
+index 3c6dbcbe..4a59b68e 100644
+--- a/include/wrapper/genhd.h
++++ b/include/wrapper/genhd.h
+@@ -12,7 +12,11 @@
+ #ifndef _LTTNG_WRAPPER_GENHD_H
+ #define _LTTNG_WRAPPER_GENHD_H
+
++#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,18,0))
++#include <linux/blkdev.h>
++#else
+ #include <linux/genhd.h>
++#endif
+
+ #if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,17,0))
+ #define LTTNG_GENHD_FL_HIDDEN GENHD_FL_HIDDEN
+--
+2.19.1
+
diff --git a/meta/recipes-kernel/lttng/lttng-modules/0005-fix-scsi-block-Remove-REQ_OP_WRITE_SAME-support-v5.1.patch b/meta/recipes-kernel/lttng/lttng-modules/0005-fix-scsi-block-Remove-REQ_OP_WRITE_SAME-support-v5.1.patch
new file mode 100644
index 0000000000..0751827613
--- /dev/null
+++ b/meta/recipes-kernel/lttng/lttng-modules/0005-fix-scsi-block-Remove-REQ_OP_WRITE_SAME-support-v5.1.patch
@@ -0,0 +1,79 @@
+From 2bc7cb7193124d20aa4e1b5dbad0410bfb97a470 Mon Sep 17 00:00:00 2001
+From: Michael Jeanson <mjeanson@efficios.com>
+Date: Mon, 4 Apr 2022 14:12:13 -0400
+Subject: [PATCH 05/10] fix: scsi: block: Remove REQ_OP_WRITE_SAME support
+ (v5.18)
+
+See upstream commit :
+
+ commit 73bd66d9c834220579c881a3eb020fd8917075d8
+ Author: Christoph Hellwig <hch@lst.de>
+ Date: Wed Feb 9 09:28:28 2022 +0100
+
+ scsi: block: Remove REQ_OP_WRITE_SAME support
+
+ No more users of REQ_OP_WRITE_SAME or drivers implementing it are left,
+ so remove the infrastructure.
+
+Upstream-Status: Backport
+
+Change-Id: Ifbff71f79f8b590436fc7cb79f82d90c6e033d84
+Signed-off-by: Michael Jeanson <mjeanson@efficios.com>
+Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+---
+ include/instrumentation/events/block.h | 32 ++++++++++++++++++++++++++
+ 1 file changed, 32 insertions(+)
+
+diff --git a/include/instrumentation/events/block.h b/include/instrumentation/events/block.h
+index 3e1104d7..050a59a2 100644
+--- a/include/instrumentation/events/block.h
++++ b/include/instrumentation/events/block.h
+@@ -66,6 +66,37 @@ LTTNG_TRACEPOINT_ENUM(block_rq_type,
+ #define lttng_bio_op(bio) bio_op(bio)
+ #define lttng_bio_rw(bio) ((bio)->bi_opf)
+
++#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,18,0))
++#ifdef CONFIG_LTTNG_EXPERIMENTAL_BITWISE_ENUM
++#define blk_rwbs_ctf_integer(type, rwbs, op, rw, bytes) \
++ ctf_enum(block_rq_type, type, rwbs, \
++ ( (op) == REQ_OP_WRITE ? RWBS_FLAG_WRITE : \
++ ( (op) == REQ_OP_DISCARD ? RWBS_FLAG_DISCARD : \
++ ( (op) == REQ_OP_SECURE_ERASE ? (RWBS_FLAG_DISCARD | RWBS_FLAG_SECURE) : \
++ ( (op) == REQ_OP_FLUSH ? RWBS_FLAG_FLUSH : \
++ ( (op) == REQ_OP_READ ? RWBS_FLAG_READ : \
++ ( 0 )))))) \
++ | ((rw) & REQ_RAHEAD ? RWBS_FLAG_RAHEAD : 0) \
++ | ((rw) & REQ_SYNC ? RWBS_FLAG_SYNC : 0) \
++ | ((rw) & REQ_META ? RWBS_FLAG_META : 0) \
++ | ((rw) & REQ_PREFLUSH ? RWBS_FLAG_PREFLUSH : 0) \
++ | ((rw) & REQ_FUA ? RWBS_FLAG_FUA : 0))
++#else
++#define blk_rwbs_ctf_integer(type, rwbs, op, rw, bytes) \
++ ctf_integer(type, rwbs, \
++ ( (op) == REQ_OP_WRITE ? RWBS_FLAG_WRITE : \
++ ( (op) == REQ_OP_DISCARD ? RWBS_FLAG_DISCARD : \
++ ( (op) == REQ_OP_SECURE_ERASE ? (RWBS_FLAG_DISCARD | RWBS_FLAG_SECURE) : \
++ ( (op) == REQ_OP_FLUSH ? RWBS_FLAG_FLUSH : \
++ ( (op) == REQ_OP_READ ? RWBS_FLAG_READ : \
++ ( 0 )))))) \
++ | ((rw) & REQ_RAHEAD ? RWBS_FLAG_RAHEAD : 0) \
++ | ((rw) & REQ_SYNC ? RWBS_FLAG_SYNC : 0) \
++ | ((rw) & REQ_META ? RWBS_FLAG_META : 0) \
++ | ((rw) & REQ_PREFLUSH ? RWBS_FLAG_PREFLUSH : 0) \
++ | ((rw) & REQ_FUA ? RWBS_FLAG_FUA : 0))
++#endif /* CONFIG_LTTNG_EXPERIMENTAL_BITWISE_ENUM */
++#else
+ #ifdef CONFIG_LTTNG_EXPERIMENTAL_BITWISE_ENUM
+ #define blk_rwbs_ctf_integer(type, rwbs, op, rw, bytes) \
+ ctf_enum(block_rq_type, type, rwbs, \
+@@ -95,6 +126,7 @@ LTTNG_TRACEPOINT_ENUM(block_rq_type,
+ | ((rw) & REQ_PREFLUSH ? RWBS_FLAG_PREFLUSH : 0) \
+ | ((rw) & REQ_FUA ? RWBS_FLAG_FUA : 0))
+ #endif /* CONFIG_LTTNG_EXPERIMENTAL_BITWISE_ENUM */
++#endif
+
+ #elif (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(3,1,0))
+
+--
+2.19.1
+
diff --git a/meta/recipes-kernel/lttng/lttng-modules/0006-fix-random-remove-unused-tracepoints-v5.18.patch b/meta/recipes-kernel/lttng/lttng-modules/0006-fix-random-remove-unused-tracepoints-v5.18.patch
new file mode 100644
index 0000000000..9c2f70d4af
--- /dev/null
+++ b/meta/recipes-kernel/lttng/lttng-modules/0006-fix-random-remove-unused-tracepoints-v5.18.patch
@@ -0,0 +1,47 @@
+From 369d82bb1746447514c877088d7c5fd0f39140f8 Mon Sep 17 00:00:00 2001
+From: Michael Jeanson <mjeanson@efficios.com>
+Date: Mon, 4 Apr 2022 14:33:42 -0400
+Subject: [PATCH 06/10] fix: random: remove unused tracepoints (v5.18)
+
+See upstream commit :
+
+ commit 14c174633f349cb41ea90c2c0aaddac157012f74
+ Author: Jason A. Donenfeld <Jason@zx2c4.com>
+ Date: Thu Feb 10 16:40:44 2022 +0100
+
+ random: remove unused tracepoints
+
+ These explicit tracepoints aren't really used and show sign of aging.
+ It's work to keep these up to date, and before I attempted to keep them
+ up to date, they weren't up to date, which indicates that they're not
+ really used. These days there are better ways of introspecting anyway.
+
+Upstream-Status: Backport
+
+Change-Id: I3b8c3e2732e7efdd76ce63204ac53a48784d0df6
+Signed-off-by: Michael Jeanson <mjeanson@efficios.com>
+Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+---
+ src/probes/Kbuild | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/probes/Kbuild b/src/probes/Kbuild
+index e26b4359..8d6ff0f2 100644
+--- a/src/probes/Kbuild
++++ b/src/probes/Kbuild
+@@ -187,8 +187,11 @@ ifneq ($(CONFIG_FRAME_WARN),0)
+ CFLAGS_lttng-probe-printk.o += -Wframe-larger-than=2200
+ endif
+
++# Introduced in v3.6, remove in v5.18
+ obj-$(CONFIG_LTTNG) += $(shell \
+- if [ $(VERSION) -ge 4 \
++ if [ \( ! \( $(VERSION) -ge 6 -o \( $(VERSION) -eq 5 -a $(PATCHLEVEL) -ge 18 \) \) \) \
++ -a \
++ $(VERSION) -ge 4 \
+ -o \( $(VERSION) -eq 3 -a $(PATCHLEVEL) -ge 6 \) \
+ -o \( $(VERSION) -eq 3 -a $(PATCHLEVEL) -eq 5 -a $(SUBLEVEL) -ge 2 \) \
+ -o \( $(VERSION) -eq 3 -a $(PATCHLEVEL) -eq 4 -a $(SUBLEVEL) -ge 9 \) \
+--
+2.19.1
+
diff --git a/meta/recipes-kernel/lttng/lttng-modules/0007-fix-kprobes-Use-rethook-for-kretprobe-if-possible-v5.patch b/meta/recipes-kernel/lttng/lttng-modules/0007-fix-kprobes-Use-rethook-for-kretprobe-if-possible-v5.patch
new file mode 100644
index 0000000000..effd37ffe1
--- /dev/null
+++ b/meta/recipes-kernel/lttng/lttng-modules/0007-fix-kprobes-Use-rethook-for-kretprobe-if-possible-v5.patch
@@ -0,0 +1,72 @@
+From 3c46ddc134621dba65030263aa321dd6bdae3ba3 Mon Sep 17 00:00:00 2001
+From: Michael Jeanson <mjeanson@efficios.com>
+Date: Mon, 4 Apr 2022 15:02:10 -0400
+Subject: [PATCH 07/10] fix: kprobes: Use rethook for kretprobe if possible
+ (v5.18)
+
+See upstream commit :
+
+ commit 73f9b911faa74ac5107879de05c9489c419f41bb
+ Author: Masami Hiramatsu <mhiramat@kernel.org>
+ Date: Sat Mar 26 11:27:05 2022 +0900
+
+ kprobes: Use rethook for kretprobe if possible
+
+ Use rethook for kretprobe function return hooking if the arch sets
+ CONFIG_HAVE_RETHOOK=y. In this case, CONFIG_KRETPROBE_ON_RETHOOK is
+ set to 'y' automatically, and the kretprobe internal data fields
+ switches to use rethook. If not, it continues to use kretprobe
+ specific function return hooks.
+
+Upstream-Status: Backport
+
+Change-Id: I2b7670dc04e4769c1e3c372582ad2f555f6d7a66
+Signed-off-by: Michael Jeanson <mjeanson@efficios.com>
+Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+---
+ include/wrapper/kprobes.h | 17 +++++++++++++++++
+ src/probes/lttng-kretprobes.c | 2 +-
+ 2 files changed, 18 insertions(+), 1 deletion(-)
+
+diff --git a/include/wrapper/kprobes.h b/include/wrapper/kprobes.h
+index b546d615..51d32b7c 100644
+--- a/include/wrapper/kprobes.h
++++ b/include/wrapper/kprobes.h
+@@ -29,4 +29,21 @@ struct kretprobe *lttng_get_kretprobe(struct kretprobe_instance *ri)
+
+ #endif /* LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,11,0) */
+
++
++#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,18,0))
++static inline
++unsigned long lttng_get_kretprobe_retaddr(struct kretprobe_instance *ri)
++{
++ return get_kretprobe_retaddr(ri);
++}
++
++#else
++
++static inline
++unsigned long lttng_get_kretprobe_retaddr(struct kretprobe_instance *ri)
++{
++ return (unsigned long) ri->ret_addr;
++}
++#endif
++
+ #endif /* _LTTNG_WRAPPER_KPROBES_H */
+diff --git a/src/probes/lttng-kretprobes.c b/src/probes/lttng-kretprobes.c
+index 5cb2e953..565df739 100644
+--- a/src/probes/lttng-kretprobes.c
++++ b/src/probes/lttng-kretprobes.c
+@@ -81,7 +81,7 @@ int _lttng_kretprobes_handler(struct kretprobe_instance *krpi,
+ int ret;
+
+ payload.ip = (unsigned long) lttng_get_kretprobe(krpi)->kp.addr;
+- payload.parent_ip = (unsigned long) krpi->ret_addr;
++ payload.parent_ip = lttng_get_kretprobe_retaddr(krpi);
+
+ lib_ring_buffer_ctx_init(&ctx, event_recorder, sizeof(payload),
+ lttng_alignof(payload), &lttng_probe_ctx);
+--
+2.19.1
+
diff --git a/meta/recipes-kernel/lttng/lttng-modules/0008-fix-scsi-core-Remove-scsi-scsi_request.h-v5.18.patch b/meta/recipes-kernel/lttng/lttng-modules/0008-fix-scsi-core-Remove-scsi-scsi_request.h-v5.18.patch
new file mode 100644
index 0000000000..13c504b859
--- /dev/null
+++ b/meta/recipes-kernel/lttng/lttng-modules/0008-fix-scsi-core-Remove-scsi-scsi_request.h-v5.18.patch
@@ -0,0 +1,44 @@
+From e8d2f286b5b208ac8870d0a9c167b170e96169b3 Mon Sep 17 00:00:00 2001
+From: Michael Jeanson <mjeanson@efficios.com>
+Date: Mon, 4 Apr 2022 15:08:48 -0400
+Subject: [PATCH 08/10] fix: scsi: core: Remove <scsi/scsi_request.h> (v5.18)
+
+See upstream commit :
+
+ commit 26440303310591e29121964ede0048583cb3126d
+ Author: Christoph Hellwig <hch@lst.de>
+ Date: Thu Feb 24 18:55:52 2022 +0100
+
+ scsi: core: Remove <scsi/scsi_request.h>
+
+ This header is empty now except for an include of <linux/blk-mq.h>, so
+ remove it.
+
+Upstream-Status: Backport
+
+Change-Id: Ic8ee3352f1e8bddfcd44c31be9b788db82f183aa
+Signed-off-by: Michael Jeanson <mjeanson@efficios.com>
+Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+---
+ include/instrumentation/events/block.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/include/instrumentation/events/block.h b/include/instrumentation/events/block.h
+index 050a59a2..882e6e08 100644
+--- a/include/instrumentation/events/block.h
++++ b/include/instrumentation/events/block.h
+@@ -11,9 +11,9 @@
+ #include <linux/trace_seq.h>
+ #include <lttng/kernel-version.h>
+
+-#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(4,11,0))
++#if LTTNG_KERNEL_RANGE(4,11,0, 5,18,0)
+ #include <scsi/scsi_request.h>
+-#endif /* (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(4,11,0)) */
++#endif /* LTTNG_KERNEL_RANGE(4,11,0, 5,18,0) */
+
+ #ifndef _TRACE_BLOCK_DEF_
+ #define _TRACE_BLOCK_DEF_
+--
+2.19.1
+
diff --git a/meta/recipes-kernel/lttng/lttng-modules/0009-Rename-genhd-wrapper-to-blkdev.patch b/meta/recipes-kernel/lttng/lttng-modules/0009-Rename-genhd-wrapper-to-blkdev.patch
new file mode 100644
index 0000000000..90fec9dc58
--- /dev/null
+++ b/meta/recipes-kernel/lttng/lttng-modules/0009-Rename-genhd-wrapper-to-blkdev.patch
@@ -0,0 +1,76 @@
+From 82fbf9d383ff9069808fb0f5f75c660098dbae52 Mon Sep 17 00:00:00 2001
+From: Michael Jeanson <mjeanson@efficios.com>
+Date: Tue, 5 Apr 2022 14:57:41 -0400
+Subject: [PATCH 09/10] Rename genhd wrapper to blkdev
+
+The genhd.h header was folded into blkdev.h in v5.18, rename our wrapper
+to follow upstream.
+
+Upstream-Status: Backport
+
+Change-Id: I4ec94fb94d11712dd20f0680aea1de77fbfa9d17
+Signed-off-by: Michael Jeanson <mjeanson@efficios.com>
+Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+---
+ include/wrapper/{genhd.h => blkdev.h} | 10 +++++-----
+ src/lttng-statedump-impl.c | 2 +-
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+ rename include/wrapper/{genhd.h => blkdev.h} (93%)
+
+diff --git a/include/wrapper/genhd.h b/include/wrapper/blkdev.h
+similarity index 93%
+rename from include/wrapper/genhd.h
+rename to include/wrapper/blkdev.h
+index 4a59b68e..0d5ad90f 100644
+--- a/include/wrapper/genhd.h
++++ b/include/wrapper/blkdev.h
+@@ -1,6 +1,6 @@
+ /* SPDX-License-Identifier: (GPL-2.0-only or LGPL-2.1-only)
+ *
+- * wrapper/genhd.h
++ * wrapper/blkdev.h
+ *
+ * wrapper around block layer functions and data structures. Using
+ * KALLSYMS to get its address when available, else we need to have a
+@@ -9,8 +9,8 @@
+ * Copyright (C) 2011-2014 Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+ */
+
+-#ifndef _LTTNG_WRAPPER_GENHD_H
+-#define _LTTNG_WRAPPER_GENHD_H
++#ifndef _LTTNG_WRAPPER_BLKDEV_H
++#define _LTTNG_WRAPPER_BLKDEV_H
+
+ #if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,18,0))
+ #include <linux/blkdev.h>
+@@ -45,7 +45,7 @@ struct class *wrapper_get_block_class(void)
+ /*
+ * Canary function to check for 'block_class' at compile time.
+ *
+- * From 'include/linux/genhd.h':
++ * From 'include/linux/blkdev.h':
+ *
+ * extern struct class block_class;
+ */
+@@ -104,4 +104,4 @@ struct device_type *wrapper_get_disk_type(void)
+
+ #endif
+
+-#endif /* _LTTNG_WRAPPER_GENHD_H */
++#endif /* _LTTNG_WRAPPER_BLKDEV_H */
+diff --git a/src/lttng-statedump-impl.c b/src/lttng-statedump-impl.c
+index 4d7b2921..0e753090 100644
+--- a/src/lttng-statedump-impl.c
++++ b/src/lttng-statedump-impl.c
+@@ -41,7 +41,7 @@
+ #include <wrapper/namespace.h>
+ #include <wrapper/irq.h>
+ #include <wrapper/tracepoint.h>
+-#include <wrapper/genhd.h>
++#include <wrapper/blkdev.h>
+ #include <wrapper/file.h>
+ #include <wrapper/fdtable.h>
+ #include <wrapper/sched.h>
+--
+2.19.1
+
diff --git a/meta/recipes-kernel/lttng/lttng-modules/0010-fix-mm-compaction-cleanup-the-compaction-trace-event.patch b/meta/recipes-kernel/lttng/lttng-modules/0010-fix-mm-compaction-cleanup-the-compaction-trace-event.patch
new file mode 100644
index 0000000000..892d3f0d23
--- /dev/null
+++ b/meta/recipes-kernel/lttng/lttng-modules/0010-fix-mm-compaction-cleanup-the-compaction-trace-event.patch
@@ -0,0 +1,106 @@
+From f9208dc00756dfa0a2f191799722030bdf3f793d Mon Sep 17 00:00:00 2001
+From: Michael Jeanson <mjeanson@efficios.com>
+Date: Mon, 4 Apr 2022 15:14:01 -0400
+Subject: [PATCH 10/10] fix: mm: compaction: cleanup the compaction trace
+ events (v5.18)
+
+See upstream commit :
+
+ commit abd4349ff9b8d242376b67711254221f64f447c7
+ Author: Baolin Wang <baolin.wang@linux.alibaba.com>
+ Date: Tue Mar 22 14:45:56 2022 -0700
+
+ mm: compaction: cleanup the compaction trace events
+
+ As Steven suggested [1], we should access the pointers from the trace
+ event to avoid dereferencing them to the tracepoint function when the
+ tracepoint is disabled.
+
+ [1] https://lkml.org/lkml/2021/11/3/409
+
+Upstream-Status: Backport
+
+Change-Id: I6c08250df8596e8dbc76780ae5d95c899c12e6fe
+Signed-off-by: Michael Jeanson <mjeanson@efficios.com>
+Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+---
+ include/instrumentation/events/compaction.h | 17 ++++++++++++++++-
+ src/probes/Kbuild | 17 ++++++++++++++++-
+ src/probes/lttng-probe-compaction.c | 5 +++++
+ 3 files changed, 37 insertions(+), 2 deletions(-)
+
+diff --git a/include/instrumentation/events/compaction.h b/include/instrumentation/events/compaction.h
+index 15964537..ecae39a8 100644
+--- a/include/instrumentation/events/compaction.h
++++ b/include/instrumentation/events/compaction.h
+@@ -97,7 +97,22 @@ LTTNG_TRACEPOINT_EVENT_INSTANCE_MAP(compaction_isolate_template,
+
+ #endif /* #else #if LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(4,0,0) */
+
+-#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,17,0))
++#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,18,0))
++LTTNG_TRACEPOINT_EVENT_MAP(mm_compaction_migratepages,
++
++ compaction_migratepages,
++
++ TP_PROTO(struct compact_control *cc,
++ unsigned int nr_succeeded),
++
++ TP_ARGS(cc, nr_succeeded),
++
++ TP_FIELDS(
++ ctf_integer(unsigned long, nr_migrated, nr_succeeded)
++ ctf_integer(unsigned long, nr_failed, cc->nr_migratepages - nr_succeeded)
++ )
++)
++#elif (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,17,0))
+ LTTNG_TRACEPOINT_EVENT_MAP(mm_compaction_migratepages,
+
+ compaction_migratepages,
+diff --git a/src/probes/Kbuild b/src/probes/Kbuild
+index 8d6ff0f2..54784477 100644
+--- a/src/probes/Kbuild
++++ b/src/probes/Kbuild
+@@ -167,7 +167,22 @@ ifneq ($(CONFIG_BTRFS_FS),)
+ endif # $(wildcard $(btrfs_dep))
+ endif # CONFIG_BTRFS_FS
+
+-obj-$(CONFIG_LTTNG) += lttng-probe-compaction.o
++# A dependency on internal header 'mm/internal.h' was introduced in v5.18
++compaction_dep = $(srctree)/mm/internal.h
++compaction_dep_wildcard = $(wildcard $(compaction_dep))
++compaction_dep_check = $(shell \
++if [ \( $(VERSION) -ge 6 \
++ -o \( $(VERSION) -eq 5 -a $(PATCHLEVEL) -ge 18 \) \) -a \
++ -z "$(compaction_dep_wildcard)" ] ; then \
++ echo "warn" ; \
++else \
++ echo "ok" ; \
++fi ;)
++ifeq ($(compaction_dep_check),ok)
++ obj-$(CONFIG_LTTNG) += lttng-probe-compaction.o
++else
++ $(warning Files $(compaction_dep) not found. Probe "compaction" is disabled. Use full kernel source tree to enable it.)
++endif # $(wildcard $(compaction_dep))
+
+ ifneq ($(CONFIG_EXT4_FS),)
+ ext4_dep = $(srctree)/fs/ext4/*.h
+diff --git a/src/probes/lttng-probe-compaction.c b/src/probes/lttng-probe-compaction.c
+index f8ddf384..ffaf45f0 100644
+--- a/src/probes/lttng-probe-compaction.c
++++ b/src/probes/lttng-probe-compaction.c
+@@ -10,6 +10,11 @@
+
+ #include <linux/module.h>
+ #include <lttng/tracer.h>
++#include <lttng/kernel-version.h>
++
++#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(5,18,0))
++#include "../mm/internal.h"
++#endif
+
+ /*
+ * Create the tracepoint static inlines from the kernel to validate that our
+--
+2.19.1
+
diff --git a/meta/recipes-kernel/lttng/lttng-modules_2.13.0.bb b/meta/recipes-kernel/lttng/lttng-modules_2.13.3.bb
index 6dfde8dcad..c33920e0d0 100644
--- a/meta/recipes-kernel/lttng/lttng-modules_2.13.0.bb
+++ b/meta/recipes-kernel/lttng/lttng-modules_2.13.3.bb
@@ -10,13 +10,22 @@ inherit module
include lttng-platforms.inc
SRC_URI = "https://lttng.org/files/${BPN}/${BPN}-${PV}.tar.bz2 \
- file://0001-fix-cpu-hotplug-Remove-deprecated-CPU-hotplug-functi.patch \
- file://0002-fix-Revert-Makefile-Enable-Wimplicit-fallthrough-for.patch \
+ file://0001-Fix-compaction-migratepages-event-name.patch \
+ file://0002-Fix-tracepoint-event-allow-same-provider-and-event-n.patch \
+ file://0003-fix-sched-tracing-Don-t-re-read-p-state-when-emittin.patch \
+ file://0004-fix-block-remove-genhd.h-v5.18.patch \
+ file://0005-fix-scsi-block-Remove-REQ_OP_WRITE_SAME-support-v5.1.patch \
+ file://0006-fix-random-remove-unused-tracepoints-v5.18.patch \
+ file://0007-fix-kprobes-Use-rethook-for-kretprobe-if-possible-v5.patch \
+ file://0008-fix-scsi-core-Remove-scsi-scsi_request.h-v5.18.patch \
+ file://0009-Rename-genhd-wrapper-to-blkdev.patch \
+ file://0010-fix-mm-compaction-cleanup-the-compaction-trace-event.patch \
"
+
# Use :append here so that the patch is applied also when using devupstream
SRC_URI:append = " file://0001-src-Kbuild-change-missing-CONFIG_TRACEPOINTS-to-warn.patch"
-SRC_URI[sha256sum] = "5ebf2b3cd128b3a1c8afaea1e98d5a6f7f0676fd524fcf72361c34d9dc603356"
+SRC_URI[sha256sum] = "7cf1acbb50b84116acc9b4281b81dcc2643d6018bbd1e8514ad1270239896c4b"
export INSTALL_MOD_DIR="kernel/lttng-modules"
diff --git a/meta/recipes-kernel/lttng/lttng-tools/0001-Fix-Tests-race-condition-in-test_event_tracker.patch b/meta/recipes-kernel/lttng/lttng-tools/0001-Fix-Tests-race-condition-in-test_event_tracker.patch
new file mode 100644
index 0000000000..10020e1ecf
--- /dev/null
+++ b/meta/recipes-kernel/lttng/lttng-tools/0001-Fix-Tests-race-condition-in-test_event_tracker.patch
@@ -0,0 +1,221 @@
+From d3392e4850532c02e53e3c3ff1cc27df7e51c941 Mon Sep 17 00:00:00 2001
+From: Francis Deslauriers <francis.deslauriers@efficios.com>
+Date: Tue, 7 Sep 2021 17:10:31 -0400
+Subject: [PATCH 1/2] Fix: Tests: race condition in test_event_tracker
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Background
+==========
+The `test_event_tracker` file contains test cases when the event
+generating app in executed in two distinct steps. Those two steps are
+preparation and execution.
+ 1. the preparation is the launching the app in the background, and
+ 2. the execution is actually generating the event that should or
+ should not be traced depending on the test case.
+
+This is useful to test the tracker feature since we want to ensure that
+already running apps are notified properly when changing their tracking
+status.
+
+Issue
+=====
+The `test_event_vpid_track_untrack` test case suffers from a race
+condition that is easy to reproduce on Yocto.
+
+The issue is that sometimes events are end up the trace when none is
+expected.
+
+This is due to the absence of synchronization point at the launch of the
+app which leads to the app being scheduled in-between the track-untrack
+calls leading to events being recorded to the trace.
+
+It's easy to reproduce this issue on my machine by adding a `sleep 5`
+between the track and untrack calls and setting the `NR_USEC_WAIT`
+variable to 1.
+
+Fix
+===
+Using the testapp `--sync-before-last-event-touch` flag to make the app
+create a file when all but the last event are executed. We then have the
+app wait until we create a file (`--sync-before-last-event`) to generate
+that last event. This way, we are sure no event will be generated when
+running the track and untrack commands.
+
+Notes
+=====
+- This issue affects other test cases in this file.
+- This commit fixes a typo in the test header.
+- This commit adds `diag` calls to help tracking to what test the output
+ relates to when reading the log.
+
+Signed-off-by: Francis Deslauriers <francis.deslauriers@efficios.com>
+Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
+Change-Id: Ia2b68128dc9a805526f9748f31ec2c2d95566f31
+Upstream-Status: Backport
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+---
+ .../tools/tracker/test_event_tracker | 56 ++++++++++++++-----
+ 1 file changed, 42 insertions(+), 14 deletions(-)
+
+diff --git a/tests/regression/tools/tracker/test_event_tracker b/tests/regression/tools/tracker/test_event_tracker
+index feb3787..cc0f698 100755
+--- a/tests/regression/tools/tracker/test_event_tracker
++++ b/tests/regression/tools/tracker/test_event_tracker
+@@ -5,7 +5,7 @@
+ #
+ # SPDX-License-Identifier: GPL-2.0-only
+
+-TEST_DESC="LTTng - Event traker test"
++TEST_DESC="LTTng - Event tracker test"
+
+ CURDIR=$(dirname "$0")/
+ TESTDIR="$CURDIR/../../.."
+@@ -15,7 +15,7 @@ TESTAPP_KERNEL_NAME="gen-kernel-test-events"
+ TESTAPP_BIN="$TESTAPP_PATH/$TESTAPP_NAME/$TESTAPP_NAME"
+ TESTAPP_KERNEL_BIN="$TESTAPP_PATH/$TESTAPP_KERNEL_NAME/$TESTAPP_KERNEL_NAME"
+ SESSION_NAME="tracker"
+-NR_ITER=100
++NR_ITER=1
+ NUM_GLOBAL_TESTS=2
+ NUM_UST_TESTS=283
+ NUM_KERNEL_TESTS=462
+@@ -30,27 +30,41 @@ SCRIPT_GROUPNAME="$(id -gn)"
+
+ CHILD_PID=-1
+ WAIT_PATH=
+-AFTER_FIRST_PATH=
+-BEFORE_LAST_PATH=
++TOUCH_BEFORE_LAST_PATH=
++SYNC_BEFORE_LAST_PATH=
+
+ source $TESTDIR/utils/utils.sh
+
++# Launch the testapp and execute it up until right before the last event. It is
++# useful to do it in two seperate steps in order to test tracking and
++# untracking on an active app.
+ function prepare_ust_app
+ {
+- AFTER_FIRST_PATH=$(mktemp --tmpdir -u tmp.${FUNCNAME[0]}_sync_after_first.XXXXXX)
+- BEFORE_LAST_PATH=$(mktemp --tmpdir -u tmp.${FUNCNAME[0]}_sync_before_last.XXXXXX)
++ TOUCH_BEFORE_LAST_PATH=$(mktemp --tmpdir -u tmp.${FUNCNAME[0]}_touch_before_last.XXXXXX)
++ SYNC_BEFORE_LAST_PATH=$(mktemp --tmpdir -u tmp.${FUNCNAME[0]}_sync_before_last.XXXXXX)
++
++ $TESTAPP_BIN -i $NR_ITER -w $NR_USEC_WAIT \
++ --sync-before-last-event-touch "$TOUCH_BEFORE_LAST_PATH" \
++ --sync-before-last-event "$SYNC_BEFORE_LAST_PATH" &
+
+- $TESTAPP_BIN -i $NR_ITER -w $NR_USEC_WAIT -a "$AFTER_FIRST_PATH" -b "$BEFORE_LAST_PATH" &
+ CHILD_PID=$!
++
++ # Wait for the app to execute all the way to right before the last
++ # event.
++ while [ ! -f "${TOUCH_BEFORE_LAST_PATH}" ]; do
++ sleep 0.5
++ done
+ }
+
++# Generate the last event.
+ function trace_ust_app
+ {
+- touch "$BEFORE_LAST_PATH"
+- wait
++ # Ask the test app to generate the last event.
++ touch "$SYNC_BEFORE_LAST_PATH"
++ wait "$CHILD_PID"
+ ok $? "Traced application stopped."
+- rm "$BEFORE_LAST_PATH"
+- rm "$AFTER_FIRST_PATH"
++ rm "$SYNC_BEFORE_LAST_PATH"
++ rm "$TOUCH_BEFORE_LAST_PATH"
+ }
+
+ function prepare_kernel_app
+@@ -64,7 +78,7 @@ function prepare_kernel_app
+ function trace_kernel_app
+ {
+ touch "$WAIT_PATH"
+- wait
++ wait "$CHILD_PID"
+ ok $? "Traced application stopped."
+ rm "$WAIT_PATH"
+ }
+@@ -78,6 +92,8 @@ function test_event_tracker()
+ local tracker="$4"
+ local channel=''
+
++ diag "${FUNCNAME[0]} $*"
++
+ trace_path=$(mktemp --tmpdir -d tmp.${FUNCNAME[0]}_trace_path.XXXXXX)
+
+ create_lttng_session_ok $SESSION_NAME "$trace_path"
+@@ -117,6 +133,8 @@ function test_event_vpid_tracker()
+ local wildcard="$3"
+ local channel=''
+
++ diag "${FUNCNAME[0]} $*"
++
+ trace_path=$(mktemp --tmpdir -d tmp.${FUNCNAME[0]}_trace_path.XXXXXX)
+
+ create_lttng_session_ok $SESSION_NAME "$trace_path"
+@@ -160,6 +178,8 @@ function test_event_pid_tracker()
+ local wildcard="$3"
+ local channel=''
+
++ diag "${FUNCNAME[0]} $*"
++
+ trace_path=$(mktemp --tmpdir -d tmp.${FUNCNAME[0]}_trace_path.XXXXXX)
+
+ create_lttng_session_ok $SESSION_NAME "$trace_path"
+@@ -203,6 +223,8 @@ function test_event_tracker_fail()
+ local wildcard="$2"
+ local tracker="$3"
+
++ diag "${FUNCNAME[0]} $*"
++
+ trace_path=$(mktemp --tmpdir -d tmp.${FUNCNAME[0]}_trace_path.XXXXXX)
+
+ create_lttng_session_ok $SESSION_NAME "$trace_path"
+@@ -222,6 +244,8 @@ function test_event_track_untrack()
+ local tracker="$4"
+ local channel=''
+
++ diag "${FUNCNAME[0]} $*"
++
+ trace_path=$(mktemp --tmpdir -d tmp.${FUNCNAME[0]}_trace_path.XXXXXX)
+
+ create_lttng_session_ok $SESSION_NAME "$trace_path"
+@@ -262,6 +286,8 @@ function test_event_vpid_track_untrack()
+ local wildcard="$3"
+ local channel=''
+
++ diag "${FUNCNAME[0]} $*"
++
+ trace_path=$(mktemp --tmpdir -d tmp.${FUNCNAME[0]}_trace_path.XXXXXX)
+
+ create_lttng_session_ok $SESSION_NAME "$trace_path"
+@@ -302,6 +328,8 @@ function test_event_pid_track_untrack()
+ local wildcard="$3"
+ local channel=''
+
++ diag "${FUNCNAME[0]} $*"
++
+ trace_path=$(mktemp --tmpdir -d tmp.${FUNCNAME[0]}_trace_path.XXXXXX)
+
+ create_lttng_session_ok $SESSION_NAME "$trace_path"
+@@ -336,9 +364,9 @@ function test_event_pid_track_untrack()
+
+ function test_event_ust_vpid_untrack_snapshot()
+ {
+- local trace_path=$(mktemp --tmpdir -d tmp.${FUNCNAME[0]}_trace_path.XXXXXX)
++ diag "${FUNCNAME[0]} $*"
+
+- diag "Test_event_ust_vpid_untrack_snapshot"
++ local trace_path=$(mktemp --tmpdir -d tmp.${FUNCNAME[0]}_trace_path.XXXXXX)
+
+ create_lttng_session_ok $SESSION_NAME "$trace_path" "--snapshot"
+
+--
+2.20.1
+
diff --git a/meta/recipes-kernel/lttng/lttng-tools/0001-tests-wait-some-more-before-analysing-traces-or-star.patch b/meta/recipes-kernel/lttng/lttng-tools/0001-tests-wait-some-more-before-analysing-traces-or-star.patch
deleted file mode 100644
index c4cac9cc58..0000000000
--- a/meta/recipes-kernel/lttng/lttng-tools/0001-tests-wait-some-more-before-analysing-traces-or-star.patch
+++ /dev/null
@@ -1,88 +0,0 @@
-From 8d9daede0882d239b0a47b0f7a6db68ba4934a7d Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex@linutronix.de>
-Date: Sat, 4 Sep 2021 13:57:39 +0200
-Subject: [PATCH] tests: wait some more before analysing traces or starting
- tracing
-
-Otherwise, there are sporadic race failures where lttng tracing
-is stopped before all expected events are collected or is started too soon, e.g.:
-
-PASS: tools/tracker/test_event_tracker 205 - Traced application stopped.
-PASS: tools/tracker/test_event_tracker 206 - Stop lttng tracing for session
-PASS: tools/tracker/test_event_tracker 207 - Destroy session tracker
-FAIL: tools/tracker/test_event_tracker 208 - Validate empty trace
-
-PASS: ust/namespaces/test_ns_contexts_change 42 - Stop lttng tracing for session mnt_ns
-PASS: ust/namespaces/test_ns_contexts_change 43 - Destroy session mnt_ns
-PASS: ust/namespaces/test_ns_contexts_change 44 - Wait after kill session daemon
-PASS: ust/namespaces/test_ns_contexts_change 45 - Validate trace for event mnt_ns = 4026531840, 1000 events
-PASS: ust/namespaces/test_ns_contexts_change 46 - Read a total of 1000 events, expected 1000
-PASS: ust/namespaces/test_ns_contexts_change 47 - Validate trace for event mnt_ns = 4026532303, 233 events
-FAIL: ust/namespaces/test_ns_contexts_change 48 - Read a total of 233 events, expected 1000
-
-This is a hack; issue should be fixed upstream with explicit syncs.
-It has been reported here: https://bugs.lttng.org/issues/1217
-
-Upstream-Status: Inappropriate [needs a real fix]
-Signed-off-by: Alexander Kanavin <alex@linutronix.de>
----
- tests/regression/tools/tracker/test_event_tracker | 8 ++++++++
- tests/regression/ust/namespaces/test_ns_contexts_change | 2 ++
- 2 files changed, 10 insertions(+)
-
-diff --git a/tests/regression/tools/tracker/test_event_tracker b/tests/regression/tools/tracker/test_event_tracker
-index feb3787..a0f2257 100755
---- a/tests/regression/tools/tracker/test_event_tracker
-+++ b/tests/regression/tools/tracker/test_event_tracker
-@@ -130,6 +130,8 @@ function test_event_vpid_tracker()
-
- prepare_"$domain"_app
-
-+sleep 5
-+
- start_lttng_tracing_ok
-
- if [ "$expect_event" -eq 1 ]; then
-@@ -173,6 +175,8 @@ function test_event_pid_tracker()
-
- prepare_"$domain"_app
-
-+sleep 5
-+
- start_lttng_tracing_ok
-
- if [ "$expect_event" -eq 1 ]; then
-@@ -275,6 +279,8 @@ function test_event_vpid_track_untrack()
-
- prepare_"$domain"_app
-
-+sleep 5
-+
- start_lttng_tracing_ok
-
- lttng_track_"$domain"_ok "--vpid ${CHILD_PID}"
-@@ -315,6 +321,8 @@ function test_event_pid_track_untrack()
-
- prepare_"$domain"_app
-
-+sleep 5
-+
- start_lttng_tracing_ok
-
- lttng_track_"$domain"_ok "--pid ${CHILD_PID}"
-diff --git a/tests/regression/ust/namespaces/test_ns_contexts_change b/tests/regression/ust/namespaces/test_ns_contexts_change
-index c0af15e..b111bfe 100755
---- a/tests/regression/ust/namespaces/test_ns_contexts_change
-+++ b/tests/regression/ust/namespaces/test_ns_contexts_change
-@@ -79,6 +79,8 @@ function test_ns()
-
- touch "$file_sync_before_last"
-
-+sleep 5
-+
- # stop and destroy
- stop_lttng_tracing_ok "$session_name"
- destroy_lttng_session_ok "$session_name"
---
-2.20.1
-
diff --git a/meta/recipes-kernel/lttng/lttng-tools/0002-Fix-Tests-race-condition-in-test_ns_contexts_change.patch b/meta/recipes-kernel/lttng/lttng-tools/0002-Fix-Tests-race-condition-in-test_ns_contexts_change.patch
new file mode 100644
index 0000000000..a8d983105a
--- /dev/null
+++ b/meta/recipes-kernel/lttng/lttng-tools/0002-Fix-Tests-race-condition-in-test_ns_contexts_change.patch
@@ -0,0 +1,46 @@
+From d284752e616dfc4c9288be3bb21c04ea78cdd967 Mon Sep 17 00:00:00 2001
+From: Francis Deslauriers <francis.deslauriers@efficios.com>
+Date: Wed, 8 Sep 2021 10:16:23 -0400
+Subject: [PATCH 2/2] Fix: Tests: race condition in test_ns_contexts_change
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Issue
+=====
+The test script doesn't wait for the test application to complete before
+stopping the tracing session. The race is that depending on the
+scheduling the application is not always done generating events when the
+session is stopped.
+
+Fix
+===
+Make the test script wait for the termination of the test app before
+stopping the session.
+
+Signed-off-by: Francis Deslauriers <francis.deslauriers@efficios.com>
+Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
+Change-Id: I29d9b41d2a2ed60a6c42020509c2067442ae332c
+Upstream-Status: Backport
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+---
+ tests/regression/ust/namespaces/test_ns_contexts_change | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/tests/regression/ust/namespaces/test_ns_contexts_change b/tests/regression/ust/namespaces/test_ns_contexts_change
+index c0af15e..8a4b62c 100755
+--- a/tests/regression/ust/namespaces/test_ns_contexts_change
++++ b/tests/regression/ust/namespaces/test_ns_contexts_change
+@@ -79,6 +79,9 @@ function test_ns()
+
+ touch "$file_sync_before_last"
+
++ # Wait for the test app to generate all expected events and exit.
++ wait $app_pid
++
+ # stop and destroy
+ stop_lttng_tracing_ok "$session_name"
+ destroy_lttng_session_ok "$session_name"
+--
+2.20.1
+
diff --git a/meta/recipes-kernel/lttng/lttng-tools_2.13.0.bb b/meta/recipes-kernel/lttng/lttng-tools_2.13.0.bb
index 47cab42fcf..1491aff618 100644
--- a/meta/recipes-kernel/lttng/lttng-tools_2.13.0.bb
+++ b/meta/recipes-kernel/lttng/lttng-tools_2.13.0.bb
@@ -37,7 +37,8 @@ SRC_URI = "https://lttng.org/files/lttng-tools/lttng-tools-${PV}.tar.bz2 \
file://lttng-sessiond.service \
file://determinism.patch \
file://0001-src-common-correct-header-location.patch \
- file://0001-tests-wait-some-more-before-analysing-traces-or-star.patch \
+ file://0001-Fix-Tests-race-condition-in-test_event_tracker.patch \
+ file://0002-Fix-Tests-race-condition-in-test_ns_contexts_change.patch \
"
SRC_URI[sha256sum] = "8dc894f9a7a840e943c1c344345c75f001a9529daa9157f1a0e6175c081c29e6"
diff --git a/meta/recipes-kernel/perf/perf/sort-pmuevents.py b/meta/recipes-kernel/perf/perf/sort-pmuevents.py
index 5ddf0f144f..09ba3328a7 100755
--- a/meta/recipes-kernel/perf/perf/sort-pmuevents.py
+++ b/meta/recipes-kernel/perf/perf/sort-pmuevents.py
@@ -33,10 +33,10 @@ if os.path.exists(outfile):
with open(infile, 'r') as file:
data = file.read()
-preamble_regex = re.compile( '^(.*?)^struct', re.MULTILINE | re.DOTALL )
+preamble_regex = re.compile( '^(.*?)^(struct|const struct|static struct|static const struct)', re.MULTILINE | re.DOTALL )
preamble = re.search( preamble_regex, data )
-struct_block_regex = re.compile( '^struct.*?(\w+) (.*?)\[\] = {(.*?)^};', re.MULTILINE | re.DOTALL )
+struct_block_regex = re.compile( '^(struct|const struct|static struct|static const struct).*?(\w+) (.*?)\[\] = {(.*?)^};', re.MULTILINE | re.DOTALL )
field_regex = re.compile( '{.*?},', re.MULTILINE | re.DOTALL )
cpuid_regex = re.compile( '\.cpuid = (.*?),', re.MULTILINE | re.DOTALL )
name_regex = re.compile( '\.name = (.*?),', re.MULTILINE | re.DOTALL )
@@ -45,22 +45,25 @@ name_regex = re.compile( '\.name = (.*?),', re.MULTILINE | re.DOTALL )
# types and then their fields.
entry_dict = {}
for struct in re.findall( struct_block_regex, data ):
- # print( "struct: %s %s" % (struct[0],struct[1]) )
- entry_dict[struct[1]] = {}
- entry_dict[struct[1]]['type'] = struct[0]
- entry_dict[struct[1]]['fields'] = {}
- for entry in re.findall( field_regex, struct[2] ):
+ # print( "struct: %s %s %s" % (struct[0],struct[1],struct[2]) )
+ entry_dict[struct[2]] = {}
+ entry_dict[struct[2]]['type_prefix'] = struct[0]
+ entry_dict[struct[2]]['type'] = struct[1]
+ entry_dict[struct[2]]['fields'] = {}
+ for entry in re.findall( field_regex, struct[3] ):
#print( " entry: %s" % entry )
cpuid = re.search( cpuid_regex, entry )
if cpuid:
#print( " cpuid found: %s" % cpuid.group(1) )
- entry_dict[struct[1]]['fields'][cpuid.group(1)] = entry
-
+ entry_dict[struct[2]]['fields'][cpuid.group(1)] = entry
+
name = re.search( name_regex, entry )
if name:
#print( " name found: %s" % name.group(1) )
- entry_dict[struct[1]]['fields'][name.group(1)] = entry
-
+ entry_dict[struct[2]]['fields'][name.group(1)] = entry
+
+ if not entry_dict[struct[2]]['fields']:
+ entry_dict[struct[2]]['fields']['0'] = entry
# created ordered dictionaries from the captured values. These are ordered by
# a sorted() iteration of the keys. We don't care about the order we read
@@ -72,6 +75,7 @@ for struct in re.findall( struct_block_regex, data ):
entry_dict_sorted = OrderedDict()
for i in sorted(entry_dict.keys()):
entry_dict_sorted[i] = {}
+ entry_dict_sorted[i]['type_prefix'] = entry_dict[i]['type_prefix']
entry_dict_sorted[i]['type'] = entry_dict[i]['type']
entry_dict_sorted[i]['fields'] = {}
for f in sorted(entry_dict[i]['fields'].keys()):
@@ -83,7 +87,7 @@ outf = open( outfile, 'w' )
print( preamble.group(1) )
outf.write( preamble.group(1) )
for d in entry_dict_sorted:
- outf.write( "struct %s %s[] = {\n" % (entry_dict_sorted[d]['type'],d) )
+ outf.write( "%s %s %s[] = {\n" % (entry_dict_sorted[d]['type_prefix'], entry_dict_sorted[d]['type'],d) )
for f in entry_dict_sorted[d]['fields']:
outf.write( entry_dict_sorted[d]['fields'][f] + '\n' )
diff --git a/meta/recipes-kernel/powertop/powertop_2.14.bb b/meta/recipes-kernel/powertop/powertop_2.14.bb
index c176cba388..4ec218d6de 100644
--- a/meta/recipes-kernel/powertop/powertop_2.14.bb
+++ b/meta/recipes-kernel/powertop/powertop_2.14.bb
@@ -6,7 +6,7 @@ DEPENDS = "ncurses libnl pciutils autoconf-archive"
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e"
-SRC_URI = "git://github.com/fenrus75/powertop;protocol=https \
+SRC_URI = "git://github.com/fenrus75/powertop;protocol=https;branch=master \
file://0001-wakeup_xxx.h-include-limits.h.patch \
"
SRCREV = "52f022f9bbe6e060fba11701d657a8d9762702ba"
diff --git a/meta/recipes-kernel/systemtap/systemtap_git.inc b/meta/recipes-kernel/systemtap/systemtap_git.inc
index b6ff98f0f2..25546f7cb2 100644
--- a/meta/recipes-kernel/systemtap/systemtap_git.inc
+++ b/meta/recipes-kernel/systemtap/systemtap_git.inc
@@ -3,7 +3,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
SRCREV = "7f6992539fb22c93c21ac30c94508bf655d496a7"
PV = "4.5"
-SRC_URI = "git://sourceware.org/git/systemtap.git \
+SRC_URI = "git://sourceware.org/git/systemtap.git;branch=master \
file://0001-Do-not-let-configure-write-a-python-location-into-th.patch \
file://0001-Install-python-modules-to-correct-library-dir.patch \
file://0001-staprun-stapbpf-don-t-support-installing-a-non-root.patch \
diff --git a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2021.07.14.bb b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.04.08.bb
index a396f15c55..cd42039680 100644
--- a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2021.07.14.bb
+++ b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2022.04.08.bb
@@ -5,7 +5,7 @@ LICENSE = "ISC"
LIC_FILES_CHKSUM = "file://LICENSE;md5=07c4f6dea3845b02a18dc00c8c87699c"
SRC_URI = "https://www.kernel.org/pub/software/network/${BPN}/${BP}.tar.xz"
-SRC_URI[sha256sum] = "2e2dd216a5f1a310b849774af63e6309d94c2207c34771a534c47ae18b162742"
+SRC_URI[sha256sum] = "884ba2e3c1e8b98762b6dc25ff60b5ec75c8d33a39e019b3ed4aa615491460d3"
inherit bin_package allarch
diff --git a/meta/recipes-multimedia/alsa/alsa-tools_1.2.5.bb b/meta/recipes-multimedia/alsa/alsa-tools_1.2.5.bb
index 540f4f79f4..e6fe83a186 100644
--- a/meta/recipes-multimedia/alsa/alsa-tools_1.2.5.bb
+++ b/meta/recipes-multimedia/alsa/alsa-tools_1.2.5.bb
@@ -71,6 +71,7 @@ python do_compile() {
}
python do_install() {
+ d.delVarFlag("autotools_do_install", "cleandirs")
for subdir in d.getVar("PACKAGECONFIG").split():
subdir = subdir.replace("--", "/")
bb.note("Installing %s" % subdir)
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch
new file mode 100644
index 0000000000..ab3ecfecbb
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch
@@ -0,0 +1,67 @@
+CVE: CVE-2021-38114
+Upstream-Status: Backport
+Signed-off-by: Kiran Surendran <kiran.surendran@windriver.com>
+
+From 463dbe4e78cc560ca5b09f23a07add0eb78ccee8 Mon Sep 17 00:00:00 2001
+From: maryam ebr <me22bee@outlook.com>
+Date: Tue, 3 Aug 2021 01:05:47 -0400
+Subject: [PATCH] avcodec/dnxhddec: check and propagate function return value
+
+Similar to CVE-2013-0868, here return value check for 'init_vlc' is needed.
+crafted DNxHD data can cause unspecified impact.
+
+Reviewed-by: Paul B Mahol <onemda@gmail.com>
+Signed-off-by: James Almer <jamrial@gmail.com>
+---
+ libavcodec/dnxhddec.c | 22 +++++++++++++++-------
+ 1 file changed, 15 insertions(+), 7 deletions(-)
+
+diff --git a/libavcodec/dnxhddec.c b/libavcodec/dnxhddec.c
+index c78d55aee5..9b475a6979 100644
+--- a/libavcodec/dnxhddec.c
++++ b/libavcodec/dnxhddec.c
+@@ -112,6 +112,7 @@ static av_cold int dnxhd_decode_init(AVCodecContext *avctx)
+
+ static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t cid, int bitdepth)
+ {
++ int ret;
+ if (cid != ctx->cid) {
+ const CIDEntry *cid_table = ff_dnxhd_get_cid_table(cid);
+
+@@ -132,19 +133,26 @@ static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t cid, int bitdepth)
+ ff_free_vlc(&ctx->dc_vlc);
+ ff_free_vlc(&ctx->run_vlc);
+
+- init_vlc(&ctx->ac_vlc, DNXHD_VLC_BITS, 257,
++ if ((ret = init_vlc(&ctx->ac_vlc, DNXHD_VLC_BITS, 257,
+ ctx->cid_table->ac_bits, 1, 1,
+- ctx->cid_table->ac_codes, 2, 2, 0);
+- init_vlc(&ctx->dc_vlc, DNXHD_DC_VLC_BITS, bitdepth > 8 ? 14 : 12,
++ ctx->cid_table->ac_codes, 2, 2, 0)) < 0)
++ goto out;
++ if ((ret = init_vlc(&ctx->dc_vlc, DNXHD_DC_VLC_BITS, bitdepth > 8 ? 14 : 12,
+ ctx->cid_table->dc_bits, 1, 1,
+- ctx->cid_table->dc_codes, 1, 1, 0);
+- init_vlc(&ctx->run_vlc, DNXHD_VLC_BITS, 62,
++ ctx->cid_table->dc_codes, 1, 1, 0)) < 0)
++ goto out;
++ if ((ret = init_vlc(&ctx->run_vlc, DNXHD_VLC_BITS, 62,
+ ctx->cid_table->run_bits, 1, 1,
+- ctx->cid_table->run_codes, 2, 2, 0);
++ ctx->cid_table->run_codes, 2, 2, 0)) < 0)
++ goto out;
+
+ ctx->cid = cid;
+ }
+- return 0;
++ ret = 0;
++out:
++ if (ret < 0)
++ av_log(ctx->avctx, AV_LOG_ERROR, "init_vlc failed\n");
++ return ret;
+ }
+
+ static int dnxhd_get_profile(int cid)
+--
+2.31.1
+
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb
index 0c6af6549d..c0318ef01d 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb
@@ -31,7 +31,8 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://fix-CVE-2020-22021.patch \
file://fix-CVE-2020-22033-CVE-2020-22019.patch \
file://fix-CVE-2021-33815.patch \
- file://fix-CVE-2021-38171.patch \
+ file://fix-CVE-2021-38171.patch \
+ file://fix-CVE-2021-38114.patch \
"
SRC_URI[sha256sum] = "06b10a183ce5371f915c6bb15b7b1fffbe046e8275099c96affc29e17645d909"
diff --git a/meta/recipes-multimedia/gstreamer/gst-devtools_1.18.4.bb b/meta/recipes-multimedia/gstreamer/gst-devtools_1.18.6.bb
index be554a6a14..4f4ded8d24 100644
--- a/meta/recipes-multimedia/gstreamer/gst-devtools_1.18.4.bb
+++ b/meta/recipes-multimedia/gstreamer/gst-devtools_1.18.6.bb
@@ -12,7 +12,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-devtools/gst-devtools-${PV}
file://0001-connect-has-a-different-signature-on-musl.patch \
"
-SRC_URI[sha256sum] = "ffbd194c40912cb5e7fca2863648bf9dd8257b7af97d3a60c4fcd4efd8526ccf"
+SRC_URI[sha256sum] = "3725622c740a635452e54b79d065f963ab7706ca2403de6c43072ae7610a0de4"
DEPENDS = "json-glib glib-2.0 glib-2.0-native gstreamer1.0 gstreamer1.0-plugins-base"
RRECOMMENDS:${PN} = "git"
diff --git a/meta/recipes-multimedia/gstreamer/gst-examples_1.18.4.bb b/meta/recipes-multimedia/gstreamer/gst-examples_1.18.6.bb
index 9d8fef86ed..2a7a3c3111 100644
--- a/meta/recipes-multimedia/gstreamer/gst-examples_1.18.4.bb
+++ b/meta/recipes-multimedia/gstreamer/gst-examples_1.18.6.bb
@@ -12,7 +12,7 @@ SRC_URI = "git://gitlab.freedesktop.org/gstreamer/gst-examples.git;protocol=http
file://gst-player.desktop \
"
-SRCREV = "959bb246a5b1f5f9c78557da11c3f22b42ff89c0"
+SRCREV = "70e4fcf4fc8ae19641aa990de5f37d758cdfcea4"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.18.4.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.18.6.bb
index 0c4f50c564..d46342285d 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.18.4.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.18.6.bb
@@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=6762ed442b3822387a51c92d928ead0d \
"
SRC_URI = "https://gstreamer.freedesktop.org/src/gst-libav/gst-libav-${PV}.tar.xz"
-SRC_URI[sha256sum] = "344a463badca216c2cef6ee36f9510c190862bdee48dc4591c0a430df7e8c396"
+SRC_URI[sha256sum] = "e4e50dcd5a29441ae34de60d2221057e8064ed824bb6ca4dc0fd9ee88fbe9b81"
S = "${WORKDIR}/gst-libav-${PV}"
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.18.4.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.18.6.bb
index 7baccfe288..a220d677aa 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.18.4.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.18.6.bb
@@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \
SRC_URI = "https://gstreamer.freedesktop.org/src/gst-omx/gst-omx-${PV}.tar.xz"
-SRC_URI[sha256sum] = "e35051cf891eb2f31d6fcf176ff37d985f97f33874ac31b0b3ad3b5b95035043"
+SRC_URI[sha256sum] = "b5281c938e959fd2418e989cfb6065fdd9fe5f6f87ee86236c9427166e708163"
S = "${WORKDIR}/gst-omx-${PV}"
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.18.4.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.18.6.bb
index 81c8391213..df148c0aff 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.18.4.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.18.6.bb
@@ -11,7 +11,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad
file://0004-opencv-resolve-missing-opencv-data-dir-in-yocto-buil.patch \
file://0005-msdk-fix-includedir-path.patch \
"
-SRC_URI[sha256sum] = "74e806bc5595b18c70e9ca93571e27e79dfb808e5d2e7967afa952b52e99c85f"
+SRC_URI[sha256sum] = "0b1b50ac6311f0c510248b6cd64d6d3c94369344828baa602db85ded5bc70ec9"
S = "${WORKDIR}/gst-plugins-bad-${PV}"
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/4ef5c91697a141fea7317aff7f0f28e5a861db99.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/4ef5c91697a141fea7317aff7f0f28e5a861db99.patch
deleted file mode 100644
index a2f5dff5e9..0000000000
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/4ef5c91697a141fea7317aff7f0f28e5a861db99.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 4ef5c91697a141fea7317aff7f0f28e5a861db99 Mon Sep 17 00:00:00 2001
-From: Xavier Claessens <xavier.claessens@collabora.com>
-Date: Mon, 26 Apr 2021 14:25:03 -0400
-Subject: [PATCH] gstgl: Fix build when Meson >= 0.58.0rc1
-
-"implicit_include_directories: false" now also means that current build
-directory is not added to include paths by default any more. We have to
-add it manually because we have some custom_target() that generate
-headers in current build directory.
-
-See https://github.com/mesonbuild/meson/issues/8700.
-
-Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/merge_requests/1125>
-Upstream-Status: Backport
-Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
----
- gst-libs/gst/gl/meson.build | 15 ++++++++++++---
- 1 file changed, 12 insertions(+), 3 deletions(-)
-
-diff --git a/gst-libs/gst/gl/meson.build b/gst-libs/gst/gl/meson.build
-index 66668644e..53891625a 100644
---- a/gst-libs/gst/gl/meson.build
-+++ b/gst-libs/gst/gl/meson.build
-@@ -1004,11 +1004,20 @@ if build_gstgl
- command : [mkenums, glib_mkenums, '@OUTPUT@', '@INPUT@'])
- gen_sources = [gl_enumtypes_h]
-
-+ common_args = gst_plugins_base_args + gl_cpp_args + ['-DBUILDING_GST_GL']
-+
-+ # We have custom_target() that generate headers in the current build dir,
-+ # but with implicit_include_directories: false, meson >= 0.58.0 won't include
-+ # it by default. We cannot use include_directories('.') here because it would
-+ # also include current source dir which is what we want to avoid because
-+ # case-insensitive FS would include gst-libs/gl/egl/egl.h as EGL/egl.h.
-+ common_args += '-I@0@'.format(meson.current_build_dir())
-+
- gstgl = library('gstgl-' + api_version,
- gl_sources, gl_egl_sources, gl_x11_sources, gl_wayland_sources, gl_priv_sources, gl_enumtypes_c, gl_enumtypes_h,
-- c_args : gst_plugins_base_args + gl_cpp_args + ['-DBUILDING_GST_GL'],
-- cpp_args : gst_plugins_base_args + gl_cpp_args + ['-DBUILDING_GST_GL'],
-- objc_args : gst_plugins_base_args + gl_cpp_args + gl_objc_args + ['-DBUILDING_GST_GL'],
-+ c_args : common_args,
-+ cpp_args : common_args,
-+ objc_args : common_args + gl_objc_args,
- include_directories : [configinc, libsinc, gl_includes],
- version : libversion,
- soversion : soversion,
---
-GitLab
-
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.18.4.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.18.6.bb
index 90a8d7dfbb..e20145ea8d 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.18.4.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.18.6.bb
@@ -11,9 +11,8 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba
file://0003-viv-fb-Make-sure-config.h-is-included.patch \
file://0002-ssaparse-enhance-SSA-text-lines-parsing.patch \
file://0004-glimagesink-Downrank-to-marginal.patch \
- file://4ef5c91697a141fea7317aff7f0f28e5a861db99.patch \
"
-SRC_URI[sha256sum] = "29e53229a84d01d722f6f6db13087231cdf6113dd85c25746b9b58c3d68e8323"
+SRC_URI[sha256sum] = "56a9ff2fe9e6603b9e658cf6897d412a173d2180829fe01e92568549c6bd0f5b"
S = "${WORKDIR}/gst-plugins-base-${PV}"
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0002-rtpjitterbuffer-Fix-parsing-of-the-mediaclk-direct-f.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0002-rtpjitterbuffer-Fix-parsing-of-the-mediaclk-direct-f.patch
deleted file mode 100644
index 14a9fe23aa..0000000000
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0002-rtpjitterbuffer-Fix-parsing-of-the-mediaclk-direct-f.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From ec1949dffd931d0ec7e4f67108a08ab1e2af0cfe Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
-Date: Tue, 16 Mar 2021 19:25:36 +0200
-Subject: [PATCH] rtpjitterbuffer: Fix parsing of the mediaclk:direct= field
-
-Due to an off-by-one when parsing the string, the most significant digit
-or the clock offset was skipped when parsing the offset.
-
-Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/merge_requests/910>
-
-Upstream-Status: Backport [b5bb4ede3a42273fafc1054f9cf106ca527e3c26]
-
-Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
----
- gst/rtpmanager/gstrtpjitterbuffer.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/gst/rtpmanager/gstrtpjitterbuffer.c b/gst/rtpmanager/gstrtpjitterbuffer.c
-index 60d8ad875..02fe15adc 100644
---- a/gst/rtpmanager/gstrtpjitterbuffer.c
-+++ b/gst/rtpmanager/gstrtpjitterbuffer.c
-@@ -1534,7 +1534,7 @@ gst_jitter_buffer_sink_parse_caps (GstRtpJitterBuffer * jitterbuffer,
- GST_DEBUG_OBJECT (jitterbuffer, "Got media clock %s", mediaclk);
-
- if (!g_str_has_prefix (mediaclk, "direct=") ||
-- !g_ascii_string_to_unsigned (&mediaclk[8], 10, 0, G_MAXUINT64,
-+ !g_ascii_string_to_unsigned (&mediaclk[7], 10, 0, G_MAXUINT64,
- &clock_offset, NULL))
- GST_FIXME_OBJECT (jitterbuffer, "Unsupported media clock");
- if (strstr (mediaclk, "rate=") != NULL) {
---
-2.31.0
-
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0003-Remove-volatile-from-static-vars-to-fix-build-with-g.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0003-Remove-volatile-from-static-vars-to-fix-build-with-g.patch
deleted file mode 100644
index 87223826c6..0000000000
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0003-Remove-volatile-from-static-vars-to-fix-build-with-g.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From 07572920319ea86cebb6dd073ab65915ec207eed Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Andreas=20M=C3=BCller?= <schnitzeltony@gmail.com>
-Date: Sat, 8 May 2021 14:08:41 +0200
-Subject: [PATCH] Remove volatile from static vars to fix build with gcc11
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Stolen from [1]
-
-[1] https://src.fedoraproject.org/rpms/gstreamer1-plugins-good/blob/rawhide/f/gstreamer1-plugins-good-gcc11.patch
-
-Upstream-Status: Pending
-
-Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
----
- ext/qt/gstqsgtexture.cc | 2 +-
- ext/qt/gstqtglutility.cc | 2 +-
- ext/qt/qtglrenderer.cc | 2 +-
- ext/qt/qtitem.cc | 2 +-
- ext/qt/qtwindow.cc | 4 ++--
- 5 files changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/ext/qt/gstqsgtexture.cc b/ext/qt/gstqsgtexture.cc
-index 4cc9fc6..50c8d7f 100644
---- a/ext/qt/gstqsgtexture.cc
-+++ b/ext/qt/gstqsgtexture.cc
-@@ -35,7 +35,7 @@ GST_DEBUG_CATEGORY_STATIC (GST_CAT_DEFAULT);
-
- GstQSGTexture::GstQSGTexture ()
- {
-- static volatile gsize _debug;
-+ static gsize _debug;
-
- initializeOpenGLFunctions();
-
-diff --git a/ext/qt/gstqtglutility.cc b/ext/qt/gstqtglutility.cc
-index acb89b6..d2c0922 100644
---- a/ext/qt/gstqtglutility.cc
-+++ b/ext/qt/gstqtglutility.cc
-@@ -66,7 +66,7 @@ gst_qt_get_gl_display ()
- {
- GstGLDisplay *display = NULL;
- QGuiApplication *app = static_cast<QGuiApplication *> (QCoreApplication::instance ());
-- static volatile gsize _debug;
-+ static gsize _debug;
-
- g_assert (app != NULL);
-
-diff --git a/ext/qt/qtglrenderer.cc b/ext/qt/qtglrenderer.cc
-index 2ad5601..bffba8f 100644
---- a/ext/qt/qtglrenderer.cc
-+++ b/ext/qt/qtglrenderer.cc
-@@ -22,7 +22,7 @@ GST_DEBUG_CATEGORY_STATIC (GST_CAT_DEFAULT);
- static void
- init_debug (void)
- {
-- static volatile gsize _debug;
-+ static gsize _debug;
-
- if (g_once_init_enter (&_debug)) {
- GST_DEBUG_CATEGORY_INIT (GST_CAT_DEFAULT, "qtglrenderer", 0,
-diff --git a/ext/qt/qtitem.cc b/ext/qt/qtitem.cc
-index 7659800..bc99639 100644
---- a/ext/qt/qtitem.cc
-+++ b/ext/qt/qtitem.cc
-@@ -104,7 +104,7 @@ void InitializeSceneGraph::run()
-
- QtGLVideoItem::QtGLVideoItem()
- {
-- static volatile gsize _debug;
-+ static gsize _debug;
-
- if (g_once_init_enter (&_debug)) {
- GST_DEBUG_CATEGORY_INIT (GST_CAT_DEFAULT, "qtglwidget", 0, "Qt GL Widget");
-diff --git a/ext/qt/qtwindow.cc b/ext/qt/qtwindow.cc
-index 0dfd3f1..f1bd4ae 100644
---- a/ext/qt/qtwindow.cc
-+++ b/ext/qt/qtwindow.cc
-@@ -103,7 +103,7 @@ QtGLWindow::QtGLWindow ( QWindow * parent, QQuickWindow *src ) :
- QQuickWindow( parent ), source (src)
- {
- QGuiApplication *app = static_cast<QGuiApplication *> (QCoreApplication::instance ());
-- static volatile gsize _debug;
-+ static gsize _debug;
-
- g_assert (app != NULL);
-
-@@ -152,7 +152,7 @@ QtGLWindow::beforeRendering()
-
- g_mutex_lock (&this->priv->lock);
-
-- static volatile gsize once = 0;
-+ static gsize once = 0;
- if (g_once_init_enter(&once)) {
- this->priv->start = QDateTime::currentDateTime().toMSecsSinceEpoch();
- g_once_init_leave(&once,1);
---
-2.30.2
-
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.18.4.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.18.6.bb
index a90594ade5..a43b8095c5 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.18.4.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.18.6.bb
@@ -6,11 +6,9 @@ BUGTRACKER = "https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/issues
SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-good-${PV}.tar.xz \
file://0001-qt-include-ext-qt-gstqtgl.h-instead-of-gst-gl-gstglf.patch \
- file://0002-rtpjitterbuffer-Fix-parsing-of-the-mediaclk-direct-f.patch \
- file://0003-Remove-volatile-from-static-vars-to-fix-build-with-g.patch \
"
-SRC_URI[sha256sum] = "b6e50e3a9bbcd56ee6ec71c33aa8332cc9c926b0c1fae995aac8b3040ebe39b0"
+SRC_URI[sha256sum] = "26723ac01fcb360ade1f41d168c7c322d8af4ceb7e55c8c12ed2690d06a76eed"
S = "${WORKDIR}/gst-plugins-good-${PV}"
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.18.4.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.18.6.bb
index 817dffe839..5b31627141 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.18.4.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.18.6.bb
@@ -13,7 +13,7 @@ LICENSE_FLAGS = "commercial"
SRC_URI = " \
https://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-${PV}.tar.xz \
"
-SRC_URI[sha256sum] = "218df0ce0d31e8ca9cdeb01a3b0c573172cc9c21bb3d41811c7820145623d13c"
+SRC_URI[sha256sum] = "4969c409cb6a88317d2108b8577108e18623b2333d7b587ae3f39459c70e3a7f"
S = "${WORKDIR}/gst-plugins-ugly-${PV}"
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.18.4.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.18.6.bb
index 2fd73cb389..c80c3928eb 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.18.4.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.18.6.bb
@@ -8,7 +8,7 @@ LICENSE = "LGPLv2.1"
LIC_FILES_CHKSUM = "file://COPYING;md5=c34deae4e395ca07e725ab0076a5f740"
SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "cb68e08a7e825e08b83a12a22dcd6e4f1b328a7b02a7ac84f42f68f4ddc7098e"
+SRC_URI[sha256sum] = "bdc0ea22fbd7335ad9decc151561aacc53c51206a9735b81eac700ce5b0bbd4a"
DEPENDS = "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject"
RDEPENDS:${PN} += "gstreamer1.0 gstreamer1.0-plugins-base python3-pygobject"
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.18.4.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.18.6.bb
index f7bfe98985..f105713f33 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.18.4.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.18.6.bb
@@ -10,7 +10,7 @@ PNREAL = "gst-rtsp-server"
SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "a46bb8de40b971a048580279d2660e616796f871ad3ed00c8a95fe4d273a6c94"
+SRC_URI[sha256sum] = "826f32afbcf94b823541efcac4a0dacdb62f6145ef58f363095749f440262be9"
S = "${WORKDIR}/${PNREAL}-${PV}"
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.18.4.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.18.6.bb
index 5c9025fbb6..f3255e5554 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.18.4.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.18.6.bb
@@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=4fbd65380cdd255951079008b364516c"
SRC_URI = "https://gstreamer.freedesktop.org/src/${REALPN}/${REALPN}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "92db98af86f3150d429c9ab17e88d2364f9c07a140c8f445ed739e8f10252aea"
+SRC_URI[sha256sum] = "ab6270f1e5e4546fbe6f5ea246d86ca3d196282eb863d46e6cdcc96f867449e0"
S = "${WORKDIR}/${REALPN}-${PV}"
DEPENDS = "libva gstreamer1.0 gstreamer1.0-plugins-base gstreamer1.0-plugins-bad"
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0/0002-Remove-unused-valgrind-detection.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0/0002-Remove-unused-valgrind-detection.patch
index 96abef17b0..5121044734 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0/0002-Remove-unused-valgrind-detection.patch
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0/0002-Remove-unused-valgrind-detection.patch
@@ -1,4 +1,4 @@
-From 598d108e2c438d8f2ecd3bf948fa3ebbd3681490 Mon Sep 17 00:00:00 2001
+From e275ba2bd854ac15a4b65a8f07d9f042021950da Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim-Philipp=20M=C3=BCller?= <tim@centricular.com>
Date: Fri, 14 Aug 2020 16:38:26 +0100
Subject: [PATCH 2/3] Remove unused valgrind detection
@@ -19,7 +19,7 @@ Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
3 files changed, 42 deletions(-)
diff --git a/gst/gst_private.h b/gst/gst_private.h
-index eefd044d9..8252ede51 100644
+index eefd044..8252ede 100644
--- a/gst/gst_private.h
+++ b/gst/gst_private.h
@@ -116,8 +116,6 @@ G_GNUC_INTERNAL gboolean _priv_plugin_deps_env_vars_changed (GstPlugin * plugin
@@ -32,12 +32,12 @@ index eefd044d9..8252ede51 100644
G_GNUC_INTERNAL void _priv_gst_quarks_initialize (void);
G_GNUC_INTERNAL void _priv_gst_mini_object_initialize (void);
diff --git a/gst/gstinfo.c b/gst/gstinfo.c
-index 5d317877b..097f8b20d 100644
+index eea1a21..d3035d6 100644
--- a/gst/gstinfo.c
+++ b/gst/gstinfo.c
@@ -305,36 +305,6 @@ static gboolean pretty_tags = PRETTY_TAGS_DEFAULT;
- static volatile gint G_GNUC_MAY_ALIAS __default_level = GST_LEVEL_DEFAULT;
- static volatile gint G_GNUC_MAY_ALIAS __use_color = GST_DEBUG_COLOR_MODE_ON;
+ static gint G_GNUC_MAY_ALIAS __default_level = GST_LEVEL_DEFAULT;
+ static gint G_GNUC_MAY_ALIAS __use_color = GST_DEBUG_COLOR_MODE_ON;
-/* FIXME: export this? */
-gboolean
@@ -82,7 +82,7 @@ index 5d317877b..097f8b20d 100644
env = g_getenv ("GST_DEBUG_OPTIONS");
if (env != NULL) {
if (strstr (env, "full_tags") || strstr (env, "full-tags"))
-@@ -2503,12 +2470,6 @@ gst_debug_construct_win_color (guint colorinfo)
+@@ -2505,12 +2472,6 @@ gst_debug_construct_win_color (guint colorinfo)
return 0;
}
@@ -96,7 +96,7 @@ index 5d317877b..097f8b20d 100644
_gst_debug_dump_mem (GstDebugCategory * cat, const gchar * file,
const gchar * func, gint line, GObject * obj, const gchar * msg,
diff --git a/meson.build b/meson.build
-index ce1921aa4..7a84d0981 100644
+index 82a1728..42ae617 100644
--- a/meson.build
+++ b/meson.build
@@ -200,7 +200,6 @@ check_headers = [
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.18.4.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.18.6.bb
index ee418322ad..4bf89ed109 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.18.4.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.18.6.bb
@@ -25,7 +25,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gstreamer/gstreamer-${PV}.tar.x
file://0006-tests-use-a-dictionaries-for-environment.patch \
file://0007-tests-install-the-environment-for-installed_tests.patch \
"
-SRC_URI[sha256sum] = "9aeec99b38e310817012aa2d1d76573b787af47f8a725a65b833880a094dfbc5"
+SRC_URI[sha256sum] = "4ec816010dd4d3a93cf470ad0a6f25315f52b204eb1d71dfa70ab8a1c3bd06e6"
PACKAGECONFIG ??= "${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)} \
check \
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-4156.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-4156.patch
new file mode 100644
index 0000000000..b0ff1a0885
--- /dev/null
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-4156.patch
@@ -0,0 +1,32 @@
+From 5adbc377cd90aa40f0cd56ae325ca70065a8aa19 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Thu, 13 Jan 2022 16:45:59 +0800
+Subject: [PATCH] flac: Fix improper buffer reusing
+
+CVE: CVE-2021-4156.patch
+Upstream-Status: Backport [https://github.com/libsndfile/libsndfile/issues/731]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ src/flac.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/flac.c b/src/flac.c
+index 0be82ac..6548bba 100644
+--- a/src/flac.c
++++ b/src/flac.c
+@@ -952,7 +952,11 @@ flac_read_loop (SF_PRIVATE *psf, unsigned len)
+ /* Decode some more. */
+ while (pflac->pos < pflac->len)
+ { if (FLAC__stream_decoder_process_single (pflac->fsd) == 0)
++ { psf_log_printf (psf, "FLAC__stream_decoder_process_single returned false\n") ;
++ /* Current frame is busted, so NULL the pointer. */
++ pflac->frame = NULL ;
+ break ;
++ }
+ state = FLAC__stream_decoder_get_state (pflac->fsd) ;
+ if (state >= FLAC__STREAM_DECODER_END_OF_STREAM)
+ { psf_log_printf (psf, "FLAC__stream_decoder_get_state returned %s\n", FLAC__StreamDecoderStateString [state]) ;
+--
+2.17.1
+
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
index 443ca95e32..884d680fbe 100644
--- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
@@ -20,6 +20,7 @@ SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz \
file://CVE-2017-12562.patch \
file://CVE-2018-19758.patch \
file://CVE-2019-3832.patch \
+ file://CVE-2021-4156.patch \
"
SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c"
diff --git a/meta/recipes-multimedia/libtiff/tiff/0001-tif_jbig.c-fix-crash-when-reading-a-file-with-multip.patch b/meta/recipes-multimedia/libtiff/tiff/0001-tif_jbig.c-fix-crash-when-reading-a-file-with-multip.patch
new file mode 100644
index 0000000000..f1a4ab4251
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/0001-tif_jbig.c-fix-crash-when-reading-a-file-with-multip.patch
@@ -0,0 +1,38 @@
+CVE: CVE-2022-0865
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 88da11ae3c4db527cb870fb1017456cc8fbac2e7 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Thu, 24 Feb 2022 22:26:02 +0100
+Subject: [PATCH 1/6] tif_jbig.c: fix crash when reading a file with multiple
+ IFD in memory-mapped mode and when bit reversal is needed (fixes #385)
+
+---
+ libtiff/tif_jbig.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/libtiff/tif_jbig.c b/libtiff/tif_jbig.c
+index 74086338..8bfa4cef 100644
+--- a/libtiff/tif_jbig.c
++++ b/libtiff/tif_jbig.c
+@@ -209,6 +209,16 @@ int TIFFInitJBIG(TIFF* tif, int scheme)
+ */
+ tif->tif_flags |= TIFF_NOBITREV;
+ tif->tif_flags &= ~TIFF_MAPPED;
++ /* We may have read from a previous IFD and thus set TIFF_BUFFERMMAP and
++ * cleared TIFF_MYBUFFER. It is necessary to restore them to their initial
++ * value to be consistent with the state of a non-memory mapped file.
++ */
++ if (tif->tif_flags&TIFF_BUFFERMMAP) {
++ tif->tif_rawdata = NULL;
++ tif->tif_rawdatasize = 0;
++ tif->tif_flags &= ~TIFF_BUFFERMMAP;
++ tif->tif_flags |= TIFF_MYBUFFER;
++ }
+
+ /* Setup the function pointers for encode, decode, and cleanup. */
+ tif->tif_setupdecode = JBIGSetupDecode;
+--
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch b/meta/recipes-multimedia/libtiff/tiff/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch
new file mode 100644
index 0000000000..72776f09ba
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch
@@ -0,0 +1,43 @@
+CVE: CVE-2022-22844
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From b12a0326e6064b6e0b051d1184a219877472f69b Mon Sep 17 00:00:00 2001
+From: 4ugustus <wangdw.augustus@qq.com>
+Date: Tue, 25 Jan 2022 16:25:28 +0000
+Subject: [PATCH] tiffset: fix global-buffer-overflow for ASCII tags where
+ count is required (fixes #355)
+
+---
+ tools/tiffset.c | 16 +++++++++++++---
+ 1 file changed, 13 insertions(+), 3 deletions(-)
+
+diff --git a/tools/tiffset.c b/tools/tiffset.c
+index 8c9e23c5..e7a88c09 100644
+--- a/tools/tiffset.c
++++ b/tools/tiffset.c
+@@ -146,9 +146,19 @@ main(int argc, char* argv[])
+
+ arg_index++;
+ if (TIFFFieldDataType(fip) == TIFF_ASCII) {
+- if (TIFFSetField(tiff, TIFFFieldTag(fip), argv[arg_index]) != 1)
+- fprintf( stderr, "Failed to set %s=%s\n",
+- TIFFFieldName(fip), argv[arg_index] );
++ if(TIFFFieldPassCount( fip )) {
++ size_t len;
++ len = strlen(argv[arg_index]) + 1;
++ if (len > UINT16_MAX || TIFFSetField(tiff, TIFFFieldTag(fip),
++ (uint16_t)len, argv[arg_index]) != 1)
++ fprintf( stderr, "Failed to set %s=%s\n",
++ TIFFFieldName(fip), argv[arg_index] );
++ } else {
++ if (TIFFSetField(tiff, TIFFFieldTag(fip),
++ argv[arg_index]) != 1)
++ fprintf( stderr, "Failed to set %s=%s\n",
++ TIFFFieldName(fip), argv[arg_index] );
++ }
+ } else if (TIFFFieldWriteCount(fip) > 0
+ || TIFFFieldWriteCount(fip) == TIFF_VARIABLE) {
+ int ret = 1;
+--
+2.25.1
diff --git a/meta/recipes-multimedia/libtiff/tiff/0002-tiffcrop-fix-issue-380-and-382-heap-buffer-overflow-.patch b/meta/recipes-multimedia/libtiff/tiff/0002-tiffcrop-fix-issue-380-and-382-heap-buffer-overflow-.patch
new file mode 100644
index 0000000000..812ffb232d
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/0002-tiffcrop-fix-issue-380-and-382-heap-buffer-overflow-.patch
@@ -0,0 +1,219 @@
+CVE: CVE-2022-0891
+CVE: CVE-2022-1056
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From e46b49e60fddb2e924302fb1751f79eb9cfb2253 Mon Sep 17 00:00:00 2001
+From: Su Laus <sulau@freenet.de>
+Date: Tue, 8 Mar 2022 17:02:44 +0000
+Subject: [PATCH 2/6] tiffcrop: fix issue #380 and #382 heap buffer overflow in
+ extractImageSection
+
+---
+ tools/tiffcrop.c | 92 +++++++++++++++++++-----------------------------
+ 1 file changed, 36 insertions(+), 56 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index b85c2ce7..302a7e91 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -105,8 +105,8 @@
+ * of messages to monitor progress without enabling dump logs.
+ */
+
+-static char tiffcrop_version_id[] = "2.4";
+-static char tiffcrop_rev_date[] = "12-13-2010";
++static char tiffcrop_version_id[] = "2.4.1";
++static char tiffcrop_rev_date[] = "03-03-2010";
+
+ #include "tif_config.h"
+ #include "libport.h"
+@@ -6710,10 +6710,10 @@ extractImageSection(struct image_data *image, struct pageseg *section,
+ #ifdef DEVELMODE
+ uint32_t img_length;
+ #endif
+- uint32_t j, shift1, shift2, trailing_bits;
++ uint32_t j, shift1, trailing_bits;
+ uint32_t row, first_row, last_row, first_col, last_col;
+ uint32_t src_offset, dst_offset, row_offset, col_offset;
+- uint32_t offset1, offset2, full_bytes;
++ uint32_t offset1, full_bytes;
+ uint32_t sect_width;
+ #ifdef DEVELMODE
+ uint32_t sect_length;
+@@ -6723,7 +6723,6 @@ extractImageSection(struct image_data *image, struct pageseg *section,
+ #ifdef DEVELMODE
+ int k;
+ unsigned char bitset;
+- static char *bitarray = NULL;
+ #endif
+
+ img_width = image->width;
+@@ -6741,17 +6740,12 @@ extractImageSection(struct image_data *image, struct pageseg *section,
+ dst_offset = 0;
+
+ #ifdef DEVELMODE
+- if (bitarray == NULL)
+- {
+- if ((bitarray = (char *)malloc(img_width)) == NULL)
+- {
+- TIFFError ("", "DEBUG: Unable to allocate debugging bitarray");
+- return (-1);
+- }
+- }
++ char bitarray[39];
+ #endif
+
+- /* rows, columns, width, length are expressed in pixels */
++ /* rows, columns, width, length are expressed in pixels
++ * first_row, last_row, .. are index into image array starting at 0 to width-1,
++ * last_col shall be also extracted. */
+ first_row = section->y1;
+ last_row = section->y2;
+ first_col = section->x1;
+@@ -6761,9 +6755,14 @@ extractImageSection(struct image_data *image, struct pageseg *section,
+ #ifdef DEVELMODE
+ sect_length = last_row - first_row + 1;
+ #endif
+- img_rowsize = ((img_width * bps + 7) / 8) * spp;
+- full_bytes = (sect_width * spp * bps) / 8; /* number of COMPLETE bytes per row in section */
+- trailing_bits = (sect_width * bps) % 8;
++ /* The read function loadImage() used copy separate plane data into a buffer as interleaved
++ * samples rather than separate planes so the same logic works to extract regions
++ * regardless of the way the data are organized in the input file.
++ * Furthermore, bytes and bits are arranged in buffer according to COMPRESSION=1 and FILLORDER=1
++ */
++ img_rowsize = (((img_width * spp * bps) + 7) / 8); /* row size in full bytes of source image */
++ full_bytes = (sect_width * spp * bps) / 8; /* number of COMPLETE bytes per row in section */
++ trailing_bits = (sect_width * spp * bps) % 8; /* trailing bits within the last byte of destination buffer */
+
+ #ifdef DEVELMODE
+ TIFFError ("", "First row: %"PRIu32", last row: %"PRIu32", First col: %"PRIu32", last col: %"PRIu32"\n",
+@@ -6776,10 +6775,9 @@ extractImageSection(struct image_data *image, struct pageseg *section,
+
+ if ((bps % 8) == 0)
+ {
+- col_offset = first_col * spp * bps / 8;
++ col_offset = (first_col * spp * bps) / 8;
+ for (row = first_row; row <= last_row; row++)
+ {
+- /* row_offset = row * img_width * spp * bps / 8; */
+ row_offset = row * img_rowsize;
+ src_offset = row_offset + col_offset;
+
+@@ -6792,14 +6790,12 @@ extractImageSection(struct image_data *image, struct pageseg *section,
+ }
+ else
+ { /* bps != 8 */
+- shift1 = spp * ((first_col * bps) % 8);
+- shift2 = spp * ((last_col * bps) % 8);
++ shift1 = ((first_col * spp * bps) % 8); /* shift1 = bits to skip in the first byte of source buffer*/
+ for (row = first_row; row <= last_row; row++)
+ {
+ /* pull out the first byte */
+ row_offset = row * img_rowsize;
+- offset1 = row_offset + (first_col * bps / 8);
+- offset2 = row_offset + (last_col * bps / 8);
++ offset1 = row_offset + ((first_col * spp * bps) / 8); /* offset1 = offset into source of byte with first bits to be extracted */
+
+ #ifdef DEVELMODE
+ for (j = 0, k = 7; j < 8; j++, k--)
+@@ -6811,12 +6807,12 @@ extractImageSection(struct image_data *image, struct pageseg *section,
+ sprintf(&bitarray[9], " ");
+ for (j = 10, k = 7; j < 18; j++, k--)
+ {
+- bitset = *(src_buff + offset2) & (((unsigned char)1 << k)) ? 1 : 0;
++ bitset = *(src_buff + offset1 + full_bytes) & (((unsigned char)1 << k)) ? 1 : 0;
+ sprintf(&bitarray[j], (bitset) ? "1" : "0");
+ }
+ bitarray[18] = '\0';
+- TIFFError ("", "Row: %3d Offset1: %"PRIu32", Shift1: %"PRIu32", Offset2: %"PRIu32", Shift2: %"PRIu32"\n",
+- row, offset1, shift1, offset2, shift2);
++ TIFFError ("", "Row: %3d Offset1: %"PRIu32", Shift1: %"PRIu32", Offset2: %"PRIu32", Trailing_bits: %"PRIu32"\n",
++ row, offset1, shift1, offset1+full_bytes, trailing_bits);
+ #endif
+
+ bytebuff1 = bytebuff2 = 0;
+@@ -6840,11 +6836,12 @@ extractImageSection(struct image_data *image, struct pageseg *section,
+
+ if (trailing_bits != 0)
+ {
+- bytebuff2 = src_buff[offset2] & ((unsigned char)255 << (7 - shift2));
++ /* Only copy higher bits of samples and mask lower bits of not wanted column samples to zero */
++ bytebuff2 = src_buff[offset1 + full_bytes] & ((unsigned char)255 << (8 - trailing_bits));
+ sect_buff[dst_offset] = bytebuff2;
+ #ifdef DEVELMODE
+ TIFFError ("", " Trailing bits src offset: %8"PRIu32", Dst offset: %8"PRIu32"\n",
+- offset2, dst_offset);
++ offset1 + full_bytes, dst_offset);
+ for (j = 30, k = 7; j < 38; j++, k--)
+ {
+ bitset = *(sect_buff + dst_offset) & (((unsigned char)1 << k)) ? 1 : 0;
+@@ -6863,8 +6860,10 @@ extractImageSection(struct image_data *image, struct pageseg *section,
+ #endif
+ for (j = 0; j <= full_bytes; j++)
+ {
+- bytebuff1 = src_buff[offset1 + j] & ((unsigned char)255 >> shift1);
+- bytebuff2 = src_buff[offset1 + j + 1] & ((unsigned char)255 << (7 - shift1));
++ /* Skip the first shift1 bits and shift the source up by shift1 bits before save to destination.*/
++ /* Attention: src_buff size needs to be some bytes larger than image size, because could read behind image here. */
++ bytebuff1 = src_buff[offset1 + j] & ((unsigned char)255 >> shift1);
++ bytebuff2 = src_buff[offset1 + j + 1] & ((unsigned char)255 << (8 - shift1));
+ sect_buff[dst_offset + j] = (bytebuff1 << shift1) | (bytebuff2 >> (8 - shift1));
+ }
+ #ifdef DEVELMODE
+@@ -6880,36 +6879,17 @@ extractImageSection(struct image_data *image, struct pageseg *section,
+ #endif
+ dst_offset += full_bytes;
+
++ /* Copy the trailing_bits for the last byte in the destination buffer.
++ Could come from one ore two bytes of the source buffer. */
+ if (trailing_bits != 0)
+ {
+ #ifdef DEVELMODE
+- TIFFError ("", " Trailing bits src offset: %8"PRIu32", Dst offset: %8"PRIu32"\n", offset1 + full_bytes, dst_offset);
+-#endif
+- if (shift2 > shift1)
+- {
+- bytebuff1 = src_buff[offset1 + full_bytes] & ((unsigned char)255 << (7 - shift2));
+- bytebuff2 = bytebuff1 & ((unsigned char)255 << shift1);
+- sect_buff[dst_offset] = bytebuff2;
+-#ifdef DEVELMODE
+- TIFFError ("", " Shift2 > Shift1\n");
++ TIFFError("", " Trailing bits %4"PRIu32" src offset: %8"PRIu32", Dst offset: %8"PRIu32"\n", trailing_bits, offset1 + full_bytes, dst_offset);
+ #endif
++ /* More than necessary bits are already copied into last destination buffer,
++ * only masking of last byte in destination buffer is necessary.*/
++ sect_buff[dst_offset] &= ((uint8_t)0xFF << (8 - trailing_bits));
+ }
+- else
+- {
+- if (shift2 < shift1)
+- {
+- bytebuff2 = ((unsigned char)255 << (shift1 - shift2 - 1));
+- sect_buff[dst_offset] &= bytebuff2;
+-#ifdef DEVELMODE
+- TIFFError ("", " Shift2 < Shift1\n");
+-#endif
+- }
+-#ifdef DEVELMODE
+- else
+- TIFFError ("", " Shift2 == Shift1\n");
+-#endif
+- }
+- }
+ #ifdef DEVELMODE
+ sprintf(&bitarray[28], " ");
+ sprintf(&bitarray[29], " ");
+@@ -7062,7 +7042,7 @@ writeImageSections(TIFF *in, TIFF *out, struct image_data *image,
+ width = sections[i].x2 - sections[i].x1 + 1;
+ length = sections[i].y2 - sections[i].y1 + 1;
+ sectsize = (uint32_t)
+- ceil((width * image->bps + 7) / (double)8) * image->spp * length;
++ ceil((width * image->bps * image->spp + 7) / (double)8) * length;
+ /* allocate a buffer if we don't have one already */
+ if (createImageSection(sectsize, sect_buff_ptr))
+ {
+--
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff/0003-add-checks-for-return-value-of-limitMalloc-392.patch b/meta/recipes-multimedia/libtiff/tiff/0003-add-checks-for-return-value-of-limitMalloc-392.patch
new file mode 100644
index 0000000000..a0b856b9e1
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/0003-add-checks-for-return-value-of-limitMalloc-392.patch
@@ -0,0 +1,93 @@
+CVE: CVE-2022-0907
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From a139191cc86f4dc44c74a0f22928e0fb38ed2485 Mon Sep 17 00:00:00 2001
+From: Augustus <wangdw.augustus@qq.com>
+Date: Mon, 7 Mar 2022 18:21:49 +0800
+Subject: [PATCH 3/6] add checks for return value of limitMalloc (#392)
+
+---
+ tools/tiffcrop.c | 33 +++++++++++++++++++++------------
+ 1 file changed, 21 insertions(+), 12 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index 302a7e91..e407bf51 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -7357,7 +7357,11 @@ createImageSection(uint32_t sectsize, unsigned char **sect_buff_ptr)
+ if (!sect_buff)
+ {
+ sect_buff = (unsigned char *)limitMalloc(sectsize);
+- *sect_buff_ptr = sect_buff;
++ if (!sect_buff)
++ {
++ TIFFError("createImageSection", "Unable to allocate/reallocate section buffer");
++ return (-1);
++ }
+ _TIFFmemset(sect_buff, 0, sectsize);
+ }
+ else
+@@ -7373,15 +7377,15 @@ createImageSection(uint32_t sectsize, unsigned char **sect_buff_ptr)
+ else
+ sect_buff = new_buff;
+
++ if (!sect_buff)
++ {
++ TIFFError("createImageSection", "Unable to allocate/reallocate section buffer");
++ return (-1);
++ }
+ _TIFFmemset(sect_buff, 0, sectsize);
+ }
+ }
+
+- if (!sect_buff)
+- {
+- TIFFError("createImageSection", "Unable to allocate/reallocate section buffer");
+- return (-1);
+- }
+ prev_sectsize = sectsize;
+ *sect_buff_ptr = sect_buff;
+
+@@ -7648,7 +7652,11 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop,
+ if (!crop_buff)
+ {
+ crop_buff = (unsigned char *)limitMalloc(cropsize);
+- *crop_buff_ptr = crop_buff;
++ if (!crop_buff)
++ {
++ TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer");
++ return (-1);
++ }
+ _TIFFmemset(crop_buff, 0, cropsize);
+ prev_cropsize = cropsize;
+ }
+@@ -7664,15 +7672,15 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop,
+ }
+ else
+ crop_buff = new_buff;
++ if (!crop_buff)
++ {
++ TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer");
++ return (-1);
++ }
+ _TIFFmemset(crop_buff, 0, cropsize);
+ }
+ }
+
+- if (!crop_buff)
+- {
+- TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer");
+- return (-1);
+- }
+ *crop_buff_ptr = crop_buff;
+
+ if (crop->crop_mode & CROP_INVERT)
+@@ -9231,3 +9239,4 @@ invertImage(uint16_t photometric, uint16_t spp, uint16_t bps, uint32_t width, ui
+ * fill-column: 78
+ * End:
+ */
++
+--
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff/0004-TIFFFetchNormalTag-avoid-calling-memcpy-with-a-null-.patch b/meta/recipes-multimedia/libtiff/tiff/0004-TIFFFetchNormalTag-avoid-calling-memcpy-with-a-null-.patch
new file mode 100644
index 0000000000..719dabaecc
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/0004-TIFFFetchNormalTag-avoid-calling-memcpy-with-a-null-.patch
@@ -0,0 +1,33 @@
+CVE: CVE-2022-0908
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From ef5a0bf271823df168642444d051528a68205cb0 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Thu, 17 Feb 2022 15:28:43 +0100
+Subject: [PATCH 4/6] TIFFFetchNormalTag(): avoid calling memcpy() with a null
+ source pointer and size of zero (fixes #383)
+
+---
+ libtiff/tif_dirread.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
+index d84147a0..4e8ce729 100644
+--- a/libtiff/tif_dirread.c
++++ b/libtiff/tif_dirread.c
+@@ -5079,7 +5079,10 @@ TIFFFetchNormalTag(TIFF* tif, TIFFDirEntry* dp, int recover)
+ _TIFFfree(data);
+ return(0);
+ }
+- _TIFFmemcpy(o,data,(uint32_t)dp->tdir_count);
++ if (dp->tdir_count > 0 )
++ {
++ _TIFFmemcpy(o,data,(uint32_t)dp->tdir_count);
++ }
+ o[(uint32_t)dp->tdir_count]=0;
+ if (data!=0)
+ _TIFFfree(data);
+--
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff/0005-fix-the-FPE-in-tiffcrop-393.patch b/meta/recipes-multimedia/libtiff/tiff/0005-fix-the-FPE-in-tiffcrop-393.patch
new file mode 100644
index 0000000000..64dbe9ef92
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/0005-fix-the-FPE-in-tiffcrop-393.patch
@@ -0,0 +1,36 @@
+CVE: CVE-2022-0909
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 4768355a074d562177e0a8b551c561d1af7eb74a Mon Sep 17 00:00:00 2001
+From: 4ugustus <wangdw.augustus@qq.com>
+Date: Tue, 8 Mar 2022 16:22:04 +0000
+Subject: [PATCH 5/6] fix the FPE in tiffcrop (#393)
+
+---
+ libtiff/tif_dir.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
+index a6c254fc..77da6ea4 100644
+--- a/libtiff/tif_dir.c
++++ b/libtiff/tif_dir.c
+@@ -335,13 +335,13 @@ _TIFFVSetField(TIFF* tif, uint32_t tag, va_list ap)
+ break;
+ case TIFFTAG_XRESOLUTION:
+ dblval = va_arg(ap, double);
+- if( dblval < 0 )
++ if( dblval != dblval || dblval < 0 )
+ goto badvaluedouble;
+ td->td_xresolution = _TIFFClampDoubleToFloat( dblval );
+ break;
+ case TIFFTAG_YRESOLUTION:
+ dblval = va_arg(ap, double);
+- if( dblval < 0 )
++ if( dblval != dblval || dblval < 0 )
+ goto badvaluedouble;
+ td->td_yresolution = _TIFFClampDoubleToFloat( dblval );
+ break;
+--
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff/0006-fix-heap-buffer-overflow-in-tiffcp-278.patch b/meta/recipes-multimedia/libtiff/tiff/0006-fix-heap-buffer-overflow-in-tiffcp-278.patch
new file mode 100644
index 0000000000..afd5e59960
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/0006-fix-heap-buffer-overflow-in-tiffcp-278.patch
@@ -0,0 +1,57 @@
+CVE: CVE-2022-0924
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 1074b9691322b1e3671cd8ea0b6b3509d08978fb Mon Sep 17 00:00:00 2001
+From: 4ugustus <wangdw.augustus@qq.com>
+Date: Thu, 10 Mar 2022 08:48:00 +0000
+Subject: [PATCH 6/6] fix heap buffer overflow in tiffcp (#278)
+
+---
+ tools/tiffcp.c | 17 ++++++++++++++++-
+ 1 file changed, 16 insertions(+), 1 deletion(-)
+
+diff --git a/tools/tiffcp.c b/tools/tiffcp.c
+index 1f889516..552d8fad 100644
+--- a/tools/tiffcp.c
++++ b/tools/tiffcp.c
+@@ -1661,12 +1661,27 @@ DECLAREwriteFunc(writeBufferToSeparateStrips)
+ tdata_t obuf;
+ tstrip_t strip = 0;
+ tsample_t s;
++ uint16_t bps = 0, bytes_per_sample;
+
+ obuf = limitMalloc(stripsize);
+ if (obuf == NULL)
+ return (0);
+ _TIFFmemset(obuf, 0, stripsize);
+ (void) TIFFGetFieldDefaulted(out, TIFFTAG_ROWSPERSTRIP, &rowsperstrip);
++ (void) TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps);
++ if( bps == 0 )
++ {
++ TIFFError(TIFFFileName(out), "Error, cannot read BitsPerSample");
++ _TIFFfree(obuf);
++ return 0;
++ }
++ if( (bps % 8) != 0 )
++ {
++ TIFFError(TIFFFileName(out), "Error, cannot handle BitsPerSample that is not a multiple of 8");
++ _TIFFfree(obuf);
++ return 0;
++ }
++ bytes_per_sample = bps/8;
+ for (s = 0; s < spp; s++) {
+ uint32_t row;
+ for (row = 0; row < imagelength; row += rowsperstrip) {
+@@ -1676,7 +1691,7 @@ DECLAREwriteFunc(writeBufferToSeparateStrips)
+
+ cpContigBufToSeparateBuf(
+ obuf, (uint8_t*) buf + row * rowsize + s,
+- nrows, imagewidth, 0, 0, spp, 1);
++ nrows, imagewidth, 0, 0, spp, bytes_per_sample);
+ if (TIFFWriteEncodedStrip(out, strip++, obuf, stripsize) < 0) {
+ TIFFError(TIFFFileName(out),
+ "Error, can't write strip %"PRIu32,
+--
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff/561599c99f987dc32ae110370cfdd7df7975586b.patch b/meta/recipes-multimedia/libtiff/tiff/561599c99f987dc32ae110370cfdd7df7975586b.patch
new file mode 100644
index 0000000000..0b41dde606
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/561599c99f987dc32ae110370cfdd7df7975586b.patch
@@ -0,0 +1,30 @@
+From 561599c99f987dc32ae110370cfdd7df7975586b Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sat, 5 Feb 2022 20:36:41 +0100
+Subject: [PATCH] TIFFReadDirectory(): avoid calling memcpy() with a null
+ source pointer and size of zero (fixes #362)
+
+Upstream-Status: Backport
+CVE: CVE-2022-0562
+
+---
+ libtiff/tif_dirread.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
+index 2bbc4585..23194ced 100644
+--- a/libtiff/tif_dirread.c
++++ b/libtiff/tif_dirread.c
+@@ -4177,7 +4177,8 @@ TIFFReadDirectory(TIFF* tif)
+ goto bad;
+ }
+
+- memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16_t));
++ if (old_extrasamples > 0)
++ memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16_t));
+ _TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples);
+ _TIFFfree(new_sampleinfo);
+ }
+--
+GitLab
+
diff --git a/meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch b/meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch
new file mode 100644
index 0000000000..74f9649fdf
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch
@@ -0,0 +1,32 @@
+From eecb0712f4c3a5b449f70c57988260a667ddbdef Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sun, 6 Feb 2022 13:08:38 +0100
+Subject: [PATCH] TIFFFetchStripThing(): avoid calling memcpy() with a null
+ source pointer and size of zero (fixes #362)
+
+Upstream-Status: Backport
+CVE: CVE-2022-0561
+
+---
+ libtiff/tif_dirread.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
+index 23194ced..50ebf8ac 100644
+--- a/libtiff/tif_dirread.c
++++ b/libtiff/tif_dirread.c
+@@ -5777,8 +5777,9 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32_t nstrips, uint64_t** l
+ _TIFFfree(data);
+ return(0);
+ }
+- _TIFFmemcpy(resizeddata,data, (uint32_t)dir->tdir_count * sizeof(uint64_t));
+- _TIFFmemset(resizeddata+(uint32_t)dir->tdir_count, 0, (nstrips - (uint32_t)dir->tdir_count) * sizeof(uint64_t));
++ if( dir->tdir_count )
++ _TIFFmemcpy(resizeddata,data, (uint32_t)dir->tdir_count * sizeof(uint64_t));
++ _TIFFmemset(resizeddata+(uint32_t)dir->tdir_count, 0, (nstrips - (uint32_t)dir->tdir_count) * sizeof(uint64_t));
+ _TIFFfree(data);
+ data=resizeddata;
+ }
+--
+GitLab
+
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
index 6852758c6a..0a82f0d780 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -9,7 +9,17 @@ LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=34da3db46fab7501992f9615d7e158cf"
CVE_PRODUCT = "libtiff"
SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
- "
+ file://0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch \
+ file://561599c99f987dc32ae110370cfdd7df7975586b.patch \
+ file://eecb0712f4c3a5b449f70c57988260a667ddbdef.patch \
+ file://0001-tif_jbig.c-fix-crash-when-reading-a-file-with-multip.patch \
+ file://0002-tiffcrop-fix-issue-380-and-382-heap-buffer-overflow-.patch \
+ file://0003-add-checks-for-return-value-of-limitMalloc-392.patch \
+ file://0004-TIFFFetchNormalTag-avoid-calling-memcpy-with-a-null-.patch \
+ file://0005-fix-the-FPE-in-tiffcrop-393.patch \
+ file://0006-fix-heap-buffer-overflow-in-tiffcp-278.patch \
+ "
+
SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"
# exclude betas
diff --git a/meta/recipes-multimedia/speex/speex/CVE-2020-23903.patch b/meta/recipes-multimedia/speex/speex/CVE-2020-23903.patch
new file mode 100644
index 0000000000..eb16e95ffc
--- /dev/null
+++ b/meta/recipes-multimedia/speex/speex/CVE-2020-23903.patch
@@ -0,0 +1,30 @@
+Backport patch to fix CVE-2020-23903.
+
+CVE: CVE-2020-23903
+Upstream-Status: Backport [https://github.com/xiph/speex/commit/870ff84]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From 870ff845b32f314aec0036641ffe18aba4916887 Mon Sep 17 00:00:00 2001
+From: Tristan Matthews <tmatth@videolan.org>
+Date: Mon, 13 Jul 2020 23:25:03 -0400
+Subject: [PATCH] wav_io: guard against invalid channel numbers
+
+Fixes #13
+---
+ src/wav_io.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/wav_io.c b/src/wav_io.c
+index b5183015..09d62eb0 100644
+--- a/src/wav_io.c
++++ b/src/wav_io.c
+@@ -111,7 +111,7 @@ int read_wav_header(FILE *file, int *rate, int *channels, int *format, spx_int32
+ stmp = le_short(stmp);
+ *channels = stmp;
+
+- if (stmp>2)
++ if (stmp>2 || stmp<1)
+ {
+ fprintf (stderr, "Only mono and (intensity) stereo supported\n");
+ return -1;
diff --git a/meta/recipes-multimedia/speex/speex_1.2.0.bb b/meta/recipes-multimedia/speex/speex_1.2.0.bb
index 3a0911d6f8..ea475f0f1b 100644
--- a/meta/recipes-multimedia/speex/speex_1.2.0.bb
+++ b/meta/recipes-multimedia/speex/speex_1.2.0.bb
@@ -7,7 +7,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=314649d8ba9dd7045dfb6683f298d0a8 \
file://include/speex/speex.h;beginline=1;endline=34;md5=ef8c8ea4f7198d71cf3509c6ed05ea50"
DEPENDS = "libogg speexdsp"
-SRC_URI = "http://downloads.xiph.org/releases/speex/speex-${PV}.tar.gz"
+SRC_URI = "http://downloads.xiph.org/releases/speex/speex-${PV}.tar.gz \
+ file://CVE-2020-23903.patch \
+ "
UPSTREAM_CHECK_REGEX = "speex-(?P<pver>\d+(\.\d+)+)\.tar"
SRC_URI[md5sum] = "8ab7bb2589110dfaf0ed7fa7757dc49c"
diff --git a/meta/recipes-multimedia/x264/x264_git.bb b/meta/recipes-multimedia/x264/x264_git.bb
index 9f23794df1..c49e935d1c 100644
--- a/meta/recipes-multimedia/x264/x264_git.bb
+++ b/meta/recipes-multimedia/x264/x264_git.bb
@@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
DEPENDS = "nasm-native"
-SRC_URI = "git://github.com/mirror/x264;branch=stable \
+SRC_URI = "git://github.com/mirror/x264;branch=stable;protocol=https \
file://don-t-default-to-cortex-a9-with-neon.patch \
file://Fix-X32-build-by-disabling-asm.patch \
"
diff --git a/meta/recipes-sato/images/core-image-sato-sdk.bb b/meta/recipes-sato/images/core-image-sato-sdk.bb
index b52de0def0..afab473b52 100644
--- a/meta/recipes-sato/images/core-image-sato-sdk.bb
+++ b/meta/recipes-sato/images/core-image-sato-sdk.bb
@@ -10,3 +10,6 @@ IMAGE_FEATURES += "dev-pkgs tools-sdk \
IMAGE_INSTALL += "kernel-devsrc"
+# Compiling stuff, specifically SystemTap probes, can require lots of memory
+# See https://bugzilla.yoctoproject.org/show_bug.cgi?id=14673
+QB_MEM = "-m 768"
diff --git a/meta/recipes-sato/l3afpad/l3afpad_git.bb b/meta/recipes-sato/l3afpad/l3afpad_git.bb
index f19d03896b..50f6da24f3 100644
--- a/meta/recipes-sato/l3afpad/l3afpad_git.bb
+++ b/meta/recipes-sato/l3afpad/l3afpad_git.bb
@@ -16,7 +16,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \
DEPENDS = "gtk+3 intltool-native gettext-native"
PV = "0.8.18.1.11+git${SRCPV}"
-SRC_URI = "git://github.com/stevenhoneyman/l3afpad.git"
+SRC_URI = "git://github.com/stevenhoneyman/l3afpad.git;branch=master;protocol=https"
SRCREV ="3cdccdc9505643e50f8208171d9eee5de11a42ff"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-sato/matchbox-config-gtk/matchbox-config-gtk_0.2.bb b/meta/recipes-sato/matchbox-config-gtk/matchbox-config-gtk_0.2.bb
index d5fe9b5dce..8f3151bfc9 100644
--- a/meta/recipes-sato/matchbox-config-gtk/matchbox-config-gtk_0.2.bb
+++ b/meta/recipes-sato/matchbox-config-gtk/matchbox-config-gtk_0.2.bb
@@ -11,7 +11,7 @@ RDEPENDS:${PN} = "settings-daemon"
# SRCREV tagged 0.2
SRCREV = "ef2192ce98d9374ffdad5f78544c3f8f353c16aa"
-SRC_URI = "git://git.yoctoproject.org/${BPN} \
+SRC_URI = "git://git.yoctoproject.org/${BPN};branch=master \
file://no-handed.patch"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+)+))"
diff --git a/meta/recipes-sato/matchbox-desktop/matchbox-desktop_2.2.bb b/meta/recipes-sato/matchbox-desktop/matchbox-desktop_2.2.bb
index 79ccb0391b..c85f0440b1 100644
--- a/meta/recipes-sato/matchbox-desktop/matchbox-desktop_2.2.bb
+++ b/meta/recipes-sato/matchbox-desktop/matchbox-desktop_2.2.bb
@@ -13,7 +13,7 @@ SECTION = "x11/wm"
# SRCREV tagged 2.2
SRCREV = "6bc67d09da4147e5552fe30011a05a2c59d2f777"
-SRC_URI = "git://git.yoctoproject.org/${BPN}-2 \
+SRC_URI = "git://git.yoctoproject.org/${BPN}-2;branch=master \
file://vfolders/ \
"
diff --git a/meta/recipes-sato/matchbox-panel-2/matchbox-panel-2_2.11.bb b/meta/recipes-sato/matchbox-panel-2/matchbox-panel-2_2.11.bb
index c6de14e34e..49f9fdbb36 100644
--- a/meta/recipes-sato/matchbox-panel-2/matchbox-panel-2_2.11.bb
+++ b/meta/recipes-sato/matchbox-panel-2/matchbox-panel-2_2.11.bb
@@ -23,7 +23,7 @@ RPROVIDES:${PN} = "matchbox-panel"
RREPLACES:${PN} = "matchbox-panel"
RCONFLICTS:${PN} = "matchbox-panel"
-SRC_URI = "git://git.yoctoproject.org/${BPN} \
+SRC_URI = "git://git.yoctoproject.org/${BPN};branch=master \
file://0001-applets-systray-Allow-icons-to-be-smaller.patch \
"
diff --git a/meta/recipes-sato/matchbox-terminal/matchbox-terminal_0.2.bb b/meta/recipes-sato/matchbox-terminal/matchbox-terminal_0.2.bb
index 9f00281dde..e2e81c2905 100644
--- a/meta/recipes-sato/matchbox-terminal/matchbox-terminal_0.2.bb
+++ b/meta/recipes-sato/matchbox-terminal/matchbox-terminal_0.2.bb
@@ -11,7 +11,7 @@ SECTION = "x11/utils"
#SRCREV tagged 0.2
SRCREV = "161276d0f5d1be8187010fd0d9581a6feca70ea5"
-SRC_URI = "git://git.yoctoproject.org/${BPN}"
+SRC_URI = "git://git.yoctoproject.org/${BPN};branch=master"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+)+))"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-sato/matchbox-theme-sato/matchbox-theme-sato_0.2.bb b/meta/recipes-sato/matchbox-theme-sato/matchbox-theme-sato_0.2.bb
index 7a043d3447..bc4024736f 100644
--- a/meta/recipes-sato/matchbox-theme-sato/matchbox-theme-sato_0.2.bb
+++ b/meta/recipes-sato/matchbox-theme-sato/matchbox-theme-sato_0.2.bb
@@ -2,7 +2,7 @@ require matchbox-theme-sato.inc
# SRCREV tagged 0.2
SRCREV = "df085ba9cdaeaf2956890b0e29d7ea1779bf6c78"
-SRC_URI = "git://git.yoctoproject.org/matchbox-sato"
+SRC_URI = "git://git.yoctoproject.org/matchbox-sato;branch=master"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+)+))"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-sato/sato-screenshot/sato-screenshot_0.3.bb b/meta/recipes-sato/sato-screenshot/sato-screenshot_0.3.bb
index b2913b4ed5..7fd9272bf4 100644
--- a/meta/recipes-sato/sato-screenshot/sato-screenshot_0.3.bb
+++ b/meta/recipes-sato/sato-screenshot/sato-screenshot_0.3.bb
@@ -11,7 +11,7 @@ DEPENDS = "matchbox-panel-2 gtk+3"
# SRCREV tagged 0.3
SRCREV = "9250fa5a012d84ff45984e8c4345ee7635227756"
-SRC_URI = "git://git.yoctoproject.org/screenshot"
+SRC_URI = "git://git.yoctoproject.org/screenshot;branch=master"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+)+))"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-sato/settings-daemon/settings-daemon_0.0.2.bb b/meta/recipes-sato/settings-daemon/settings-daemon_0.0.2.bb
index 742364f699..77ecd3fe9f 100644
--- a/meta/recipes-sato/settings-daemon/settings-daemon_0.0.2.bb
+++ b/meta/recipes-sato/settings-daemon/settings-daemon_0.0.2.bb
@@ -9,7 +9,7 @@ SECTION = "x11"
# SRCREV tagged 0.0.2
SRCREV = "b2e5da502f8c5ff75e9e6da771372ef8e40fd9a2"
-SRC_URI = "git://git.yoctoproject.org/xsettings-daemon \
+SRC_URI = "git://git.yoctoproject.org/xsettings-daemon;branch=master \
file://addsoundkeys.patch \
file://70settings-daemon.sh \
"
diff --git a/meta/recipes-sato/webkit/webkitgtk/0001-Enable-THREADS_PREFER_PTHREAD_FLAG.patch b/meta/recipes-sato/webkit/webkitgtk/0001-Enable-THREADS_PREFER_PTHREAD_FLAG.patch
index 6d7d7067e4..5fc7be8d61 100644
--- a/meta/recipes-sato/webkit/webkitgtk/0001-Enable-THREADS_PREFER_PTHREAD_FLAG.patch
+++ b/meta/recipes-sato/webkit/webkitgtk/0001-Enable-THREADS_PREFER_PTHREAD_FLAG.patch
@@ -24,7 +24,7 @@ index f316f49..de81ce0 100644
--- a/Source/cmake/OptionsGTK.cmake
+++ b/Source/cmake/OptionsGTK.cmake
@@ -6,6 +6,7 @@ WEBKIT_OPTION_BEGIN()
- SET_PROJECT_VERSION(2 32 3)
+ SET_PROJECT_VERSION(2 32 4)
set(USER_AGENT_BRANDING "" CACHE STRING "Branding to add to user agent string")
+set(THREADS_PREFER_PTHREAD_FLAG ON)
diff --git a/meta/recipes-sato/webkit/webkitgtk/reproducibility.patch b/meta/recipes-sato/webkit/webkitgtk/reproducibility.patch
new file mode 100644
index 0000000000..e866a1a193
--- /dev/null
+++ b/meta/recipes-sato/webkit/webkitgtk/reproducibility.patch
@@ -0,0 +1,22 @@
+Injection a year based on the current date isn't reproducible. Hack this
+to a specific year for now for reproducibilty and to avoid autobuilder failures.
+
+The correct fix would be to use SOURCE_DATE_EPOCH from the environment and
+then this could be submitted upstream, sadly my ruby isn't up to that.
+
+Upstream-Status: Pending [could be reworked]
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Index: webkitgtk-2.34.2/Source/JavaScriptCore/generator/GeneratedFile.rb
+===================================================================
+--- webkitgtk-2.34.2.orig/Source/JavaScriptCore/generator/GeneratedFile.rb
++++ webkitgtk-2.34.2/Source/JavaScriptCore/generator/GeneratedFile.rb
+@@ -25,7 +25,7 @@ require 'date'
+ require 'digest'
+
+ $LICENSE = <<-EOF
+-Copyright (C) #{Date.today.year} Apple Inc. All rights reserved.
++Copyright (C) 2021 Apple Inc. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
diff --git a/meta/recipes-sato/webkit/webkitgtk_2.32.3.bb b/meta/recipes-sato/webkit/webkitgtk_2.32.4.bb
index 1f3f7a9c00..3e0ecb4611 100644
--- a/meta/recipes-sato/webkit/webkitgtk_2.32.3.bb
+++ b/meta/recipes-sato/webkit/webkitgtk_2.32.4.bb
@@ -19,9 +19,10 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \
file://reduce-memory-overheads.patch \
file://musl-lower-stack-usage.patch \
file://0001-MiniBrowser-Fix-reproduciblity.patch \
+ file://reproducibility.patch \
"
-SRC_URI[sha256sum] = "c1f496f5ac654efe4cef62fbd4f2fbeeef265a07c5e7419e5d2900bfeea52cbc"
+SRC_URI[sha256sum] = "00ce2d3f798d7bc5e9039d9059f0c3c974d51de38c8b716f00e94452a177d3fd"
inherit cmake pkgconfig gobject-introspection perlnative features_check upstream-version-is-even gtk-doc
diff --git a/meta/recipes-support/bmap-tools/bmap-tools_3.6.bb b/meta/recipes-support/bmap-tools/bmap-tools_3.6.bb
index c830a92776..c66ff3a7da 100644
--- a/meta/recipes-support/bmap-tools/bmap-tools_3.6.bb
+++ b/meta/recipes-support/bmap-tools/bmap-tools_3.6.bb
@@ -9,7 +9,7 @@ SECTION = "console/utils"
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
-SRC_URI = "git://github.com/intel/${BPN}"
+SRC_URI = "git://github.com/intel/${BPN};branch=master;protocol=https"
SRCREV = "c0673962a8ec1624b5189dc1d24f33fe4f06785a"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-support/boost/boost-build-native_4.4.1.bb b/meta/recipes-support/boost/boost-build-native_4.4.1.bb
index 2de05369a8..de566eeb82 100644
--- a/meta/recipes-support/boost/boost-build-native_4.4.1.bb
+++ b/meta/recipes-support/boost/boost-build-native_4.4.1.bb
@@ -6,7 +6,7 @@ SECTION = "devel"
LICENSE = "BSL-1.0"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=e4224ccaecb14d942c71d31bef20d78c"
-SRC_URI = "git://github.com/boostorg/build;protocol=https"
+SRC_URI = "git://github.com/boostorg/build;protocol=https;branch=master"
SRCREV = "76da80f33187a3d9e5336157cdfae12ce82e37eb"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(\d+(\.\d+){2,}))"
diff --git a/meta/recipes-support/boost/boost/0001-BoostConfig.cmake-allow-searching-for-python310.patch b/meta/recipes-support/boost/boost/0001-BoostConfig.cmake-allow-searching-for-python310.patch
new file mode 100644
index 0000000000..0a9ee2cc95
--- /dev/null
+++ b/meta/recipes-support/boost/boost/0001-BoostConfig.cmake-allow-searching-for-python310.patch
@@ -0,0 +1,50 @@
+From e193f080c7d209516ac9b712fa0c50bb08026fa2 Mon Sep 17 00:00:00 2001
+From: Martin Jansa <Martin.Jansa@gmail.com>
+Date: Tue, 19 Oct 2021 12:24:31 +0000
+Subject: [PATCH] BoostConfig.cmake: allow searching for python310
+
+* accept double digits in Python3_VERSION_MINOR
+
+* if someone is using e.g.:
+ find_package(Python3 REQUIRED)
+ find_package(Boost REQUIRED python${Python3_VERSION_MAJOR}${Python3_VERSION_MINOR})
+
+ with python-3.10 then it currently fails with:
+
+ -- Found PythonLibs: /usr/lib/libpython3.10.so (found version "3.10.0")
+ -- Found Python3: -native/usr/bin/python3-native/python3 (found version "3.10.0") found components: Interpreter
+ CMake Error at /usr/lib/cmake/Boost-1.77.0/BoostConfig.cmake:141 (find_package):
+ Could not find a package configuration file provided by "boost_python310"
+ (requested version 1.77.0) with any of the following names:
+
+ boost_python310Config.cmake
+ boost_python310-config.cmake
+
+ Add the installation prefix of "boost_python310" to CMAKE_PREFIX_PATH or
+ set "boost_python310_DIR" to a directory containing one of the above files.
+ If "boost_python310" provides a separate development package or SDK, be
+ sure it has been installed.
+ Call Stack (most recent call first):
+ /usr/lib/cmake/Boost-1.77.0/BoostConfig.cmake:258 (boost_find_component)
+ /usr/share/cmake-3.21/Modules/FindBoost.cmake:594 (find_package)
+ CMakeLists.txt:18 (find_package)
+
+Upstream-Status: Submitted [https://github.com/boostorg/boost_install/pull/53]
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+---
+ tools/boost_install/BoostConfig.cmake | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tools/boost_install/BoostConfig.cmake b/tools/boost_install/BoostConfig.cmake
+index fd17821..5dffa58 100644
+--- a/tools/boost_install/BoostConfig.cmake
++++ b/tools/boost_install/BoostConfig.cmake
+@@ -113,7 +113,7 @@ macro(boost_find_component comp required quiet)
+ set(_BOOST_REQUIRED REQUIRED)
+ endif()
+
+- if("${comp}" MATCHES "^(python|numpy|mpi_python)([1-9])([0-9])$")
++ if("${comp}" MATCHES "^(python|numpy|mpi_python)([1-9])([0-9][0-9]?)$")
+
+ # handle pythonXY and numpyXY versioned components for compatibility
+
diff --git a/meta/recipes-support/boost/boost/0002-math-allow-definition-of-boost_math_no_atomic_int-on-the-command-line.patch b/meta/recipes-support/boost/boost/0002-math-allow-definition-of-boost_math_no_atomic_int-on-the-command-line.patch
new file mode 100644
index 0000000000..b05b795084
--- /dev/null
+++ b/meta/recipes-support/boost/boost/0002-math-allow-definition-of-boost_math_no_atomic_int-on-the-command-line.patch
@@ -0,0 +1,53 @@
+From 32bd6197353f6ea8e5bef01f09e25c944141acfc Mon Sep 17 00:00:00 2001
+From: jzmaddock <john@johnmaddock.co.uk>
+Date: Wed, 1 Sep 2021 18:54:54 +0100
+Subject: [PATCH] Allow definition of BOOST_MATH_NO_ATOMIC_INT on the command
+ line. Allows us to test/emulate platforms with no atomic integers.
+
+[buildroot@heine.tech:
+ - backport from boostorg/math 32bd6197353f6ea8e5bef01f09e25c944141acfc
+ - alter path to match boost release
+]
+Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
+---
+Upstream-Status: Backport [https://github.com/boostorg/math/pull/684/commits/32bd6197353f6ea8e5bef01f09e25c944141acfc]
+ boost/math/tools/atomic.hpp | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/boost/math/tools/atomic.hpp b/boost/math/tools/atomic.hpp
+index cc76ed269f..e3cbf5db89 100644
+--- a/boost/math/tools/atomic.hpp
++++ b/boost/math/tools/atomic.hpp
+@@ -16,27 +16,27 @@
+ namespace boost {
+ namespace math {
+ namespace detail {
+-#if ATOMIC_INT_LOCK_FREE == 2
++#if (ATOMIC_INT_LOCK_FREE == 2) && !defined(BOOST_MATH_NO_ATOMIC_INT)
+ typedef std::atomic<int> atomic_counter_type;
+ typedef std::atomic<unsigned> atomic_unsigned_type;
+ typedef int atomic_integer_type;
+ typedef unsigned atomic_unsigned_integer_type;
+-#elif ATOMIC_SHORT_LOCK_FREE == 2
++#elif (ATOMIC_SHORT_LOCK_FREE == 2) && !defined(BOOST_MATH_NO_ATOMIC_INT)
+ typedef std::atomic<short> atomic_counter_type;
+ typedef std::atomic<unsigned short> atomic_unsigned_type;
+ typedef short atomic_integer_type;
+ typedef unsigned short atomic_unsigned_type;
+-#elif ATOMIC_LONG_LOCK_FREE == 2
++#elif (ATOMIC_LONG_LOCK_FREE == 2) && !defined(BOOST_MATH_NO_ATOMIC_INT)
+ typedef std::atomic<long> atomic_unsigned_integer_type;
+ typedef std::atomic<unsigned long> atomic_unsigned_type;
+ typedef unsigned long atomic_unsigned_type;
+ typedef long atomic_integer_type;
+-#elif ATOMIC_LLONG_LOCK_FREE == 2
++#elif (ATOMIC_LLONG_LOCK_FREE == 2) && !defined(BOOST_MATH_NO_ATOMIC_INT)
+ typedef std::atomic<long long> atomic_unsigned_integer_type;
+ typedef std::atomic<unsigned long long> atomic_unsigned_type;
+ typedef long long atomic_integer_type;
+ typedef unsigned long long atomic_unsigned_integer_type;
+-#else
++#elif !defined(BOOST_MATH_NO_ATOMIC_INT)
+ # define BOOST_MATH_NO_ATOMIC_INT
+ #endif
+ } // Namespace detail
diff --git a/meta/recipes-support/boost/boost/0003-math-make-no-atomics-a-soft-failure-in-bernoulli_details_hpp.patch b/meta/recipes-support/boost/boost/0003-math-make-no-atomics-a-soft-failure-in-bernoulli_details_hpp.patch
new file mode 100644
index 0000000000..f69e4f21f3
--- /dev/null
+++ b/meta/recipes-support/boost/boost/0003-math-make-no-atomics-a-soft-failure-in-bernoulli_details_hpp.patch
@@ -0,0 +1,151 @@
+From 7d482f6ebc356e6ec455ccb5f51a23971bf6ce5b Mon Sep 17 00:00:00 2001
+From: jzmaddock <john@johnmaddock.co.uk>
+Date: Wed, 1 Sep 2021 20:31:53 +0100
+Subject: [PATCH] Make no atomics a soft failure in bernoulli_details.hpp.
+ Include an "escape macro" so thread safety can be disabled if certain
+ bernoulli features are to be used in a no-atomics environment. Fixes
+ https://github.com/boostorg/math/issues/673.
+
+[buildroot@heine.tech:
+ - backport from boostorg/math 7d482f6ebc356e6ec455ccb5f51a23971bf6ce5b
+ - alter path to match boost release
+]
+Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
+---
+Upstream-Status: Backport [https://github.com/boostorg/math/pull/684/commits/7d482f6ebc356e6ec455ccb5f51a23971bf6ce5b]
+ .../detail/bernoulli_details.hpp | 10 +++++++---
+ libs/math/test/Jamfile.v2 | 3 +++
+ test/compile_test/bernoulli_no_atomic_d.cpp | 14 ++++++++++++++
+ test/compile_test/bernoulli_no_atomic_fail.cpp | 15 +++++++++++++++
+ test/compile_test/bernoulli_no_atomic_mp.cpp | 16 ++++++++++++++++
+ 5 files changed, 55 insertions(+), 3 deletions(-)
+ create mode 100644 test/compile_test/bernoulli_no_atomic_d.cpp
+ create mode 100644 test/compile_test/bernoulli_no_atomic_fail.cpp
+ create mode 100644 test/compile_test/bernoulli_no_atomic_mp.cpp
+
+diff --git a/boost/math/special_functions/detail/bernoulli_details.hpp b/boost/math/special_functions/detail/bernoulli_details.hpp
+index cf35545264..8519b7c89c 100644
+--- a/boost/math/special_functions/detail/bernoulli_details.hpp
++++ b/boost/math/special_functions/detail/bernoulli_details.hpp
+@@ -360,7 +360,7 @@ class bernoulli_numbers_cache
+ return out;
+ }
+
+- #ifndef BOOST_HAS_THREADS
++ #if !defined(BOOST_HAS_THREADS) || defined(BOOST_MATH_BERNOULLI_UNTHREADED)
+ //
+ // Single threaded code, very simple:
+ //
+@@ -382,6 +382,8 @@ class bernoulli_numbers_cache
+ *out = (i >= m_overflow_limit) ? policies::raise_overflow_error<T>("boost::math::bernoulli_b2n<%1%>(std::size_t)", 0, T(i), pol) : bn[i];
+ ++out;
+ }
++ #elif defined(BOOST_MATH_NO_ATOMIC_INT)
++ static_assert(sizeof(T) == 1, "Unsupported configuration: your platform appears to have no atomic integers. If you are happy with thread-unsafe code, then you may define BOOST_MATH_BERNOULLI_UNTHREADED to suppress this error.");
+ #else
+ //
+ // Double-checked locking pattern, lets us access cached already cached values
+@@ -464,7 +466,7 @@ class bernoulli_numbers_cache
+ return out;
+ }
+
+- #ifndef BOOST_HAS_THREADS
++ #if !defined(BOOST_HAS_THREADS) || defined(BOOST_MATH_BERNOULLI_UNTHREADED)
+ //
+ // Single threaded code, very simple:
+ //
+@@ -494,6 +496,8 @@ class bernoulli_numbers_cache
+ }
+ ++out;
+ }
++ #elif defined(BOOST_MATH_NO_ATOMIC_INT)
++ static_assert(sizeof(T) == 1, "Unsupported configuration: your platform appears to have no atomic integers. If you are happy with thread-unsafe code, then you may define BOOST_MATH_BERNOULLI_UNTHREADED to suppress this error.");
+ #else
+ //
+ // Double-checked locking pattern, lets us access cached already cached values
+@@ -555,7 +559,7 @@ class bernoulli_numbers_cache
+ // The value at which we know overflow has already occurred for the Bn:
+ std::size_t m_overflow_limit;
+
+- #ifdef BOOST_HAS_THREADS
++ #if defined(BOOST_HAS_THREADS) && !defined(BOOST_MATH_NO_ATOMIC_INT)
+ std::mutex m_mutex;
+ atomic_counter_type m_counter, m_current_precision;
+ #else
+diff --git a/libs/math/test/Jamfile.v2 b/libs/math/test/Jamfile.v2
+index 52fb87f5e5..3ac63f9279 100644
+--- a/libs/math/test/Jamfile.v2
++++ b/libs/math/test/Jamfile.v2
+@@ -1137,6 +1137,9 @@ test-suite misc :
+
+ # [ run __temporary_test.cpp test_instances//test_instances : : : <test-info>always_show_run_output <pch>off ]
+ [ compile test_no_long_double_policy.cpp ]
++ [ compile compile_test/bernoulli_no_atomic_d.cpp ]
++ [ compile compile_test/bernoulli_no_atomic_mp.cpp ]
++ [ compile-fail compile_test/bernoulli_no_atomic_fail.cpp ]
+ ;
+
+ test-suite interpolators :
+diff --git a/test/compile_test/bernoulli_no_atomic_d.cpp b/test/compile_test/bernoulli_no_atomic_d.cpp
+new file mode 100644
+index 0000000000..61926f7e1f
+--- /dev/null
++++ b/test/compile_test/bernoulli_no_atomic_d.cpp
+@@ -0,0 +1,14 @@
++// (C) Copyright John Maddock 2021.
++// Use, modification and distribution are subject to the
++// Boost Software License, Version 1.0. (See accompanying file
++// LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
++
++#define BOOST_MATH_NO_ATOMIC_INT
++
++#include <boost/math/special_functions/bernoulli.hpp>
++#include "test_compile_result.hpp"
++
++void compile_and_link_test()
++{
++ check_result<double>(boost::math::bernoulli_b2n<double>(4));
++}
+diff --git a/test/compile_test/bernoulli_no_atomic_fail.cpp b/test/compile_test/bernoulli_no_atomic_fail.cpp
+new file mode 100644
+index 0000000000..bbd7152412
+--- /dev/null
++++ b/test/compile_test/bernoulli_no_atomic_fail.cpp
+@@ -0,0 +1,15 @@
++// (C) Copyright John Maddock 2021.
++// Use, modification and distribution are subject to the
++// Boost Software License, Version 1.0. (See accompanying file
++// LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
++
++#define BOOST_MATH_NO_ATOMIC_INT
++
++#include <boost/math/special_functions/bernoulli.hpp>
++#include <boost/multiprecision/cpp_bin_float.hpp>
++#include "test_compile_result.hpp"
++
++void compile_and_link_test()
++{
++ check_result<boost::multiprecision::cpp_bin_float_50>(boost::math::bernoulli_b2n<boost::multiprecision::cpp_bin_float_50>(4));
++}
+diff --git a/test/compile_test/bernoulli_no_atomic_mp.cpp b/test/compile_test/bernoulli_no_atomic_mp.cpp
+new file mode 100644
+index 0000000000..8d5a6e78e6
+--- /dev/null
++++ b/test/compile_test/bernoulli_no_atomic_mp.cpp
+@@ -0,0 +1,16 @@
++// (C) Copyright John Maddock 2021.
++// Use, modification and distribution are subject to the
++// Boost Software License, Version 1.0. (See accompanying file
++// LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
++
++#define BOOST_MATH_NO_ATOMIC_INT
++#define BOOST_MATH_BERNOULLI_UNTHREADED
++
++#include <boost/math/special_functions/bernoulli.hpp>
++#include <boost/multiprecision/cpp_bin_float.hpp>
++#include "test_compile_result.hpp"
++
++void compile_and_link_test()
++{
++ check_result<boost::multiprecision::cpp_bin_float_50>(boost::math::bernoulli_b2n<boost::multiprecision::cpp_bin_float_50>(4));
++}
diff --git a/meta/recipes-support/boost/boost_1.77.0.bb b/meta/recipes-support/boost/boost_1.77.0.bb
index df8e08ad76..bde6b14a79 100644
--- a/meta/recipes-support/boost/boost_1.77.0.bb
+++ b/meta/recipes-support/boost/boost_1.77.0.bb
@@ -6,4 +6,7 @@ SRC_URI += "file://boost-CVE-2012-2677.patch \
file://0001-Don-t-set-up-arch-instruction-set-flags-we-do-that-o.patch \
file://0001-dont-setup-compiler-flags-m32-m64.patch \
file://0001-fiber-libs-Define-SYS_futex-if-it-does-not-exist.patch \
+ file://0001-BoostConfig.cmake-allow-searching-for-python310.patch \
+ file://0002-math-allow-definition-of-boost_math_no_atomic_int-on-the-command-line.patch \
+ file://0003-math-make-no-atomics-a-soft-failure-in-bernoulli_details_hpp.patch \
"
diff --git a/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch b/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch
new file mode 100644
index 0000000000..5c4a32f526
--- /dev/null
+++ b/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch
@@ -0,0 +1,80 @@
+From cb43ec15b700b25f3c4fe44043a1a021aaf5b768 Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex@linutronix.de>
+Date: Mon, 18 Oct 2021 12:05:49 +0200
+Subject: [PATCH] Revert "mozilla/certdata2pem.py: print a warning for expired
+ certificates."
+
+This avoids a dependency on python3-cryptography, and only checks
+for expired certs (which is upstream concern, but not ours).
+
+Upstream-Status: Inappropriate [oe-core specific]
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ debian/changelog | 1 -
+ debian/control | 2 +-
+ mozilla/certdata2pem.py | 11 -----------
+ 3 files changed, 1 insertion(+), 13 deletions(-)
+
+diff --git a/debian/changelog b/debian/changelog
+index 531e4d0..4006509 100644
+--- a/debian/changelog
++++ b/debian/changelog
+@@ -37,7 +37,6 @@ ca-certificates (20211004) unstable; urgency=low
+ - "Trustis FPS Root CA"
+ - "Staat der Nederlanden Root CA - G3"
+ * Blacklist expired root certificate "DST Root CA X3" (closes: #995432)
+- * mozilla/certdata2pem.py: print a warning for expired certificates.
+
+ -- Julien Cristau <jcristau@debian.org> Thu, 07 Oct 2021 17:12:47 +0200
+
+diff --git a/debian/control b/debian/control
+index 4434b7a..5c6ba24 100644
+--- a/debian/control
++++ b/debian/control
+@@ -3,7 +3,7 @@ Section: misc
+ Priority: optional
+ Maintainer: Julien Cristau <jcristau@debian.org>
+ Build-Depends: debhelper-compat (= 13), po-debconf
+-Build-Depends-Indep: python3, openssl, python3-cryptography
++Build-Depends-Indep: python3, openssl
+ Standards-Version: 4.5.0.2
+ Vcs-Git: https://salsa.debian.org/debian/ca-certificates.git
+ Vcs-Browser: https://salsa.debian.org/debian/ca-certificates
+diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py
+index ede23d4..7d796f1 100644
+--- a/mozilla/certdata2pem.py
++++ b/mozilla/certdata2pem.py
+@@ -21,16 +21,12 @@
+ # USA.
+
+ import base64
+-import datetime
+ import os.path
+ import re
+ import sys
+ import textwrap
+ import io
+
+-from cryptography import x509
+-
+-
+ objects = []
+
+ # Dirty file parser.
+@@ -121,13 +117,6 @@ for obj in objects:
+ if obj['CKA_CLASS'] == 'CKO_CERTIFICATE':
+ if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
+ continue
+-
+- cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
+- if cert.not_valid_after < datetime.datetime.now():
+- print('!'*74)
+- print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
+- print('!'*74)
+-
+ bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\
+ .replace(' ', '_')\
+ .replace('(', '=')\
+--
+2.20.1
+
diff --git a/meta/recipes-support/ca-certificates/ca-certificates/sbindir.patch b/meta/recipes-support/ca-certificates/ca-certificates/sbindir.patch
deleted file mode 100644
index f343ebf16e..0000000000
--- a/meta/recipes-support/ca-certificates/ca-certificates/sbindir.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-sbin/Makefile: Allow the sbin path to be configurable
-
-Some project sharing ca-certificates from Debian allow configuration
-of the installation location. Make the sbin location configurable.
-
-Also ensure the target directory exists
-
-Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-Upstream-Status: Submitted [https://salsa.debian.org/debian/ca-certificates/-/merge_requests/5]
-
---- ca-certificates-20130119.orig/sbin/Makefile
-+++ ca-certificates-20130119/sbin/Makefile
-@@ -3,9 +3,12 @@
- #
- #
-
-+SBINDIR = /usr/sbin
-+
- all:
-
- clean:
-
- install:
-- install -m755 update-ca-certificates $(DESTDIR)/usr/sbin/
-+ install -d $(DESTDIR)$(SBINDIR)
-+ install -m755 update-ca-certificates $(DESTDIR)$(SBINDIR)/
diff --git a/meta/recipes-support/ca-certificates/ca-certificates/update-ca-certificates-support-Toybox.patch b/meta/recipes-support/ca-certificates/ca-certificates/update-ca-certificates-support-Toybox.patch
deleted file mode 100644
index f78790923c..0000000000
--- a/meta/recipes-support/ca-certificates/ca-certificates/update-ca-certificates-support-Toybox.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-update-ca-certificates: Replace deprecated mktemp -t with mktemp --tmpdir
-
-According to coreutils docs, mktemp -t is deprecated, switch to the
---tmpdir option instead.
-
-Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-Upstream-Status: Submitted [https://salsa.debian.org/debian/ca-certificates/-/merge_requests/5]
-
-[This was originally for compatibility with toybox but toybox now
-supports -t]
----
- sbin/update-ca-certificates | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
-index 79c41bb..ae9e3f1 100755
---- a/sbin/update-ca-certificates
-+++ b/sbin/update-ca-certificates
-@@ -113,9 +113,9 @@ trap cleanup 0
-
- # Helper files. (Some of them are not simple arrays because we spawn
- # subshells later on.)
--TEMPBUNDLE="$(mktemp -t "${CERTBUNDLE}.tmp.XXXXXX")"
--ADDED="$(mktemp -t "ca-certificates.tmp.XXXXXX")"
--REMOVED="$(mktemp -t "ca-certificates.tmp.XXXXXX")"
-+TEMPBUNDLE="$(mktemp --tmpdir "${CERTBUNDLE}.tmp.XXXXXX")"
-+ADDED="$(mktemp --tmpdir "ca-certificates.tmp.XXXXXX")"
-+REMOVED="$(mktemp --tmpdir "ca-certificates.tmp.XXXXXX")"
-
- # Adds a certificate to the list of trusted ones. This includes a symlink
- # in /etc/ssl/certs to the certificate file and its inclusion into the
---
-2.1.4
diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb b/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb
index 363203854f..dbee7dc616 100644
--- a/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb
+++ b/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb
@@ -14,15 +14,14 @@ DEPENDS:class-nativesdk = "openssl-native"
# Need rehash from openssl and run-parts from debianutils
PACKAGE_WRITE_DEPS += "openssl-native debianutils-native"
-SRCREV = "181be7ebd169b4a6fb5d90c3e6dc791e90534144"
+SRCREV = "07de54fdcc5806bde549e1edf60738c6bccf50e8"
-SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https \
+SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https;branch=master \
file://0002-update-ca-certificates-use-SYSROOT.patch \
file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \
- file://update-ca-certificates-support-Toybox.patch \
file://default-sysroot.patch \
- file://sbindir.patch \
file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch \
+ file://0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch \
"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+)"
diff --git a/meta/recipes-support/curl/curl/cve-2021-22945.patch b/meta/recipes-support/curl/curl/cve-2021-22945.patch
new file mode 100644
index 0000000000..2cbe110332
--- /dev/null
+++ b/meta/recipes-support/curl/curl/cve-2021-22945.patch
@@ -0,0 +1,34 @@
+CVE: CVE-2021-22945
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 92cb3059dab2f9ef3e6ea614dad5c86917d19807 Mon Sep 17 00:00:00 2001
+From: z2_ on hackerone <>
+Date: Tue, 24 Aug 2021 09:50:33 +0200
+Subject: [PATCH 1/3] mqtt: clear the leftovers pointer when sending succeeds
+
+CVE-2021-22945
+
+Bug: https://curl.se/docs/CVE-2021-22945.html
+---
+ lib/mqtt.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/lib/mqtt.c b/lib/mqtt.c
+index f077e6c3d..fcd40b41e 100644
+--- a/lib/mqtt.c
++++ b/lib/mqtt.c
+@@ -128,6 +128,10 @@ static CURLcode mqtt_send(struct Curl_easy *data,
+ mq->sendleftovers = sendleftovers;
+ mq->nsend = nsend;
+ }
++ else {
++ mq->sendleftovers = NULL;
++ mq->nsend = 0;
++ }
+ return result;
+ }
+
+--
+2.25.1
+
diff --git a/meta/recipes-support/curl/curl/cve-2021-22946.patch b/meta/recipes-support/curl/curl/cve-2021-22946.patch
new file mode 100644
index 0000000000..1a4b3e1144
--- /dev/null
+++ b/meta/recipes-support/curl/curl/cve-2021-22946.patch
@@ -0,0 +1,332 @@
+CVE: CVE-2021-22946
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 089e18aefcee9b5093a96e9e1aa92751dde1f991 Mon Sep 17 00:00:00 2001
+From: Patrick Monnerat <patrick@monnerat.net>
+Date: Wed, 8 Sep 2021 11:56:22 +0200
+Subject: [PATCH 2/3] ftp,imap,pop3: do not ignore --ssl-reqd
+
+In imap and pop3, check if TLS is required even when capabilities
+request has failed.
+
+In ftp, ignore preauthentication (230 status of server greeting) if TLS
+is required.
+
+Bug: https://curl.se/docs/CVE-2021-22946.html
+
+CVE-2021-22946
+---
+ lib/ftp.c | 9 ++++---
+ lib/imap.c | 24 ++++++++----------
+ lib/pop3.c | 33 +++++++++++-------------
+ tests/data/Makefile.inc | 2 ++
+ tests/data/test984 | 56 +++++++++++++++++++++++++++++++++++++++++
+ tests/data/test985 | 54 +++++++++++++++++++++++++++++++++++++++
+ tests/data/test986 | 53 ++++++++++++++++++++++++++++++++++++++
+ 7 files changed, 195 insertions(+), 36 deletions(-)
+ create mode 100644 tests/data/test984
+ create mode 100644 tests/data/test985
+ create mode 100644 tests/data/test986
+
+diff --git a/lib/ftp.c b/lib/ftp.c
+index 1a699de59..08d18ca74 100644
+--- a/lib/ftp.c
++++ b/lib/ftp.c
+@@ -2681,9 +2681,12 @@ static CURLcode ftp_statemachine(struct Curl_easy *data,
+ /* we have now received a full FTP server response */
+ switch(ftpc->state) {
+ case FTP_WAIT220:
+- if(ftpcode == 230)
+- /* 230 User logged in - already! */
+- return ftp_state_user_resp(data, ftpcode, ftpc->state);
++ if(ftpcode == 230) {
++ /* 230 User logged in - already! Take as 220 if TLS required. */
++ if(data->set.use_ssl <= CURLUSESSL_TRY ||
++ conn->bits.ftp_use_control_ssl)
++ return ftp_state_user_resp(data, ftpcode, ftpc->state);
++ }
+ else if(ftpcode != 220) {
+ failf(data, "Got a %03d ftp-server response when 220 was expected",
+ ftpcode);
+diff --git a/lib/imap.c b/lib/imap.c
+index ab4d412ee..efc0420ce 100644
+--- a/lib/imap.c
++++ b/lib/imap.c
+@@ -935,22 +935,18 @@ static CURLcode imap_state_capability_resp(struct Curl_easy *data,
+ line += wordlen;
+ }
+ }
+- else if(imapcode == IMAP_RESP_OK) {
+- if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {
+- /* We don't have a SSL/TLS connection yet, but SSL is requested */
+- if(imapc->tls_supported)
+- /* Switch to TLS connection now */
+- result = imap_perform_starttls(data, conn);
+- else if(data->set.use_ssl == CURLUSESSL_TRY)
+- /* Fallback and carry on with authentication */
+- result = imap_perform_authentication(data, conn);
+- else {
+- failf(data, "STARTTLS not supported.");
+- result = CURLE_USE_SSL_FAILED;
+- }
++ else if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {
++ /* PREAUTH is not compatible with STARTTLS. */
++ if(imapcode == IMAP_RESP_OK && imapc->tls_supported && !imapc->preauth) {
++ /* Switch to TLS connection now */
++ result = imap_perform_starttls(data, conn);
+ }
+- else
++ else if(data->set.use_ssl <= CURLUSESSL_TRY)
+ result = imap_perform_authentication(data, conn);
++ else {
++ failf(data, "STARTTLS not available.");
++ result = CURLE_USE_SSL_FAILED;
++ }
+ }
+ else
+ result = imap_perform_authentication(data, conn);
+diff --git a/lib/pop3.c b/lib/pop3.c
+index 5fdd6f3e0..f97e10eab 100644
+--- a/lib/pop3.c
++++ b/lib/pop3.c
+@@ -741,28 +741,23 @@ static CURLcode pop3_state_capa_resp(struct Curl_easy *data, int pop3code,
+ }
+ }
+ }
+- else if(pop3code == '+') {
+- if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {
+- /* We don't have a SSL/TLS connection yet, but SSL is requested */
+- if(pop3c->tls_supported)
+- /* Switch to TLS connection now */
+- result = pop3_perform_starttls(data, conn);
+- else if(data->set.use_ssl == CURLUSESSL_TRY)
+- /* Fallback and carry on with authentication */
+- result = pop3_perform_authentication(data, conn);
+- else {
+- failf(data, "STLS not supported.");
+- result = CURLE_USE_SSL_FAILED;
+- }
+- }
+- else
+- result = pop3_perform_authentication(data, conn);
+- }
+ else {
+ /* Clear text is supported when CAPA isn't recognised */
+- pop3c->authtypes |= POP3_TYPE_CLEARTEXT;
++ if(pop3code != '+')
++ pop3c->authtypes |= POP3_TYPE_CLEARTEXT;
+
+- result = pop3_perform_authentication(data, conn);
++ if(!data->set.use_ssl || conn->ssl[FIRSTSOCKET].use)
++ result = pop3_perform_authentication(data, conn);
++ else if(pop3code == '+' && pop3c->tls_supported)
++ /* Switch to TLS connection now */
++ result = pop3_perform_starttls(data, conn);
++ else if(data->set.use_ssl <= CURLUSESSL_TRY)
++ /* Fallback and carry on with authentication */
++ result = pop3_perform_authentication(data, conn);
++ else {
++ failf(data, "STLS not supported.");
++ result = CURLE_USE_SSL_FAILED;
++ }
+ }
+
+ return result;
+diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
+index 163696962..5cd092192 100644
+--- a/tests/data/Makefile.inc
++++ b/tests/data/Makefile.inc
+@@ -118,6 +118,8 @@ test954 test955 test956 test957 test958 test959 test960 test961 test962 \
+ test963 test964 test965 test966 test967 test968 test969 test970 test971 \
+ test972 \
+ \
++test984 test985 test986 \
++\
+ test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \
+ test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \
+ test1016 test1017 test1018 test1019 test1020 test1021 test1022 test1023 \
+diff --git a/tests/data/test984 b/tests/data/test984
+new file mode 100644
+index 000000000..e573f23c1
+--- /dev/null
++++ b/tests/data/test984
+@@ -0,0 +1,56 @@
++<testcase>
++<info>
++<keywords>
++IMAP
++STARTTLS
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++<servercmd>
++REPLY CAPABILITY A001 BAD Not implemented
++</servercmd>
++</reply>
++
++#
++# Client-side
++<client>
++<features>
++SSL
++</features>
++<server>
++imap
++</server>
++ <name>
++IMAP require STARTTLS with failing capabilities
++ </name>
++ <command>
++imap://%HOSTIP:%IMAPPORT/%TESTNUMBER -T log/upload%TESTNUMBER -u user:secret --ssl-reqd
++</command>
++<file name="log/upload%TESTNUMBER">
++Date: Mon, 7 Feb 1994 21:52:25 -0800 (PST)
++From: Fred Foobar <foobar@example.COM>
++Subject: afternoon meeting
++To: joe@example.com
++Message-Id: <B27397-0100000@example.COM>
++MIME-Version: 1.0
++Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
++
++Hello Joe, do you think we can meet at 3:30 tomorrow?
++</file>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++# 64 is CURLE_USE_SSL_FAILED
++<errorcode>
++64
++</errorcode>
++<protocol>
++A001 CAPABILITY
++</protocol>
++</verify>
++</testcase>
+diff --git a/tests/data/test985 b/tests/data/test985
+new file mode 100644
+index 000000000..d0db4aadf
+--- /dev/null
++++ b/tests/data/test985
+@@ -0,0 +1,54 @@
++<testcase>
++<info>
++<keywords>
++POP3
++STARTTLS
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++<servercmd>
++REPLY CAPA -ERR Not implemented
++</servercmd>
++<data nocheck="yes">
++From: me@somewhere
++To: fake@nowhere
++
++body
++
++--
++ yours sincerely
++</data>
++</reply>
++
++#
++# Client-side
++<client>
++<features>
++SSL
++</features>
++<server>
++pop3
++</server>
++ <name>
++POP3 require STARTTLS with failing capabilities
++ </name>
++ <command>
++pop3://%HOSTIP:%POP3PORT/%TESTNUMBER -u user:secret --ssl-reqd
++ </command>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++# 64 is CURLE_USE_SSL_FAILED
++<errorcode>
++64
++</errorcode>
++<protocol>
++CAPA
++</protocol>
++</verify>
++</testcase>
+diff --git a/tests/data/test986 b/tests/data/test986
+new file mode 100644
+index 000000000..a709437a4
+--- /dev/null
++++ b/tests/data/test986
+@@ -0,0 +1,53 @@
++<testcase>
++<info>
++<keywords>
++FTP
++STARTTLS
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++<servercmd>
++REPLY welcome 230 Welcome
++REPLY AUTH 500 unknown command
++</servercmd>
++</reply>
++
++# Client-side
++<client>
++<features>
++SSL
++</features>
++<server>
++ftp
++</server>
++ <name>
++FTP require STARTTLS while preauthenticated
++ </name>
++<file name="log/test%TESTNUMBER.txt">
++data
++ to
++ see
++that FTPS
++works
++ so does it?
++</file>
++ <command>
++--ssl-reqd --ftp-ssl-control ftp://%HOSTIP:%FTPPORT/%TESTNUMBER -T log/test%TESTNUMBER.txt -u user:secret
++</command>
++</client>
++
++# Verify data after the test has been "shot"
++<verify>
++# 64 is CURLE_USE_SSL_FAILED
++<errorcode>
++64
++</errorcode>
++<protocol>
++AUTH SSL
++AUTH TLS
++</protocol>
++</verify>
++</testcase>
+--
+2.25.1
+
diff --git a/meta/recipes-support/curl/curl/cve-2021-22947.patch b/meta/recipes-support/curl/curl/cve-2021-22947.patch
new file mode 100644
index 0000000000..8a5031275a
--- /dev/null
+++ b/meta/recipes-support/curl/curl/cve-2021-22947.patch
@@ -0,0 +1,355 @@
+CVE: CVE-2021-22947
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From aefa7370cb02801a571d51287d290d67068998b8 Mon Sep 17 00:00:00 2001
+From: Patrick Monnerat <patrick@monnerat.net>
+Date: Tue, 7 Sep 2021 13:26:42 +0200
+Subject: [PATCH 3/3] ftp,imap,pop3,smtp: reject STARTTLS server response
+ pipelining
+
+If a server pipelines future responses within the STARTTLS response, the
+former are preserved in the pingpong cache across TLS negotiation and
+used as responses to the encrypted commands.
+
+This fix detects pipelined STARTTLS responses and rejects them with an
+error.
+
+CVE-2021-22947
+
+Bug: https://curl.se/docs/CVE-2021-22947.html
+---
+ lib/ftp.c | 3 +++
+ lib/imap.c | 4 +++
+ lib/pop3.c | 4 +++
+ lib/smtp.c | 4 +++
+ tests/data/Makefile.inc | 2 +-
+ tests/data/test980 | 52 ++++++++++++++++++++++++++++++++++++
+ tests/data/test981 | 59 +++++++++++++++++++++++++++++++++++++++++
+ tests/data/test982 | 57 +++++++++++++++++++++++++++++++++++++++
+ tests/data/test983 | 52 ++++++++++++++++++++++++++++++++++++
+ 9 files changed, 236 insertions(+), 1 deletion(-)
+ create mode 100644 tests/data/test980
+ create mode 100644 tests/data/test981
+ create mode 100644 tests/data/test982
+ create mode 100644 tests/data/test983
+
+diff --git a/lib/ftp.c b/lib/ftp.c
+index 08d18ca74..0b9c9b732 100644
+--- a/lib/ftp.c
++++ b/lib/ftp.c
+@@ -2743,6 +2743,9 @@ static CURLcode ftp_statemachine(struct Curl_easy *data,
+ case FTP_AUTH:
+ /* we have gotten the response to a previous AUTH command */
+
++ if(pp->cache_size)
++ return CURLE_WEIRD_SERVER_REPLY; /* Forbid pipelining in response. */
++
+ /* RFC2228 (page 5) says:
+ *
+ * If the server is willing to accept the named security mechanism,
+diff --git a/lib/imap.c b/lib/imap.c
+index efc0420ce..d1a48d7e3 100644
+--- a/lib/imap.c
++++ b/lib/imap.c
+@@ -964,6 +964,10 @@ static CURLcode imap_state_starttls_resp(struct Curl_easy *data,
+
+ (void)instate; /* no use for this yet */
+
++ /* Pipelining in response is forbidden. */
++ if(data->conn->proto.imapc.pp.cache_size)
++ return CURLE_WEIRD_SERVER_REPLY;
++
+ if(imapcode != IMAP_RESP_OK) {
+ if(data->set.use_ssl != CURLUSESSL_TRY) {
+ failf(data, "STARTTLS denied");
+diff --git a/lib/pop3.c b/lib/pop3.c
+index f97e10eab..a06acb7b8 100644
+--- a/lib/pop3.c
++++ b/lib/pop3.c
+@@ -772,6 +772,10 @@ static CURLcode pop3_state_starttls_resp(struct Curl_easy *data,
+ CURLcode result = CURLE_OK;
+ (void)instate; /* no use for this yet */
+
++ /* Pipelining in response is forbidden. */
++ if(data->conn->proto.pop3c.pp.cache_size)
++ return CURLE_WEIRD_SERVER_REPLY;
++
+ if(pop3code != '+') {
+ if(data->set.use_ssl != CURLUSESSL_TRY) {
+ failf(data, "STARTTLS denied");
+diff --git a/lib/smtp.c b/lib/smtp.c
+index 1a3da1559..9b9403b3d 100644
+--- a/lib/smtp.c
++++ b/lib/smtp.c
+@@ -835,6 +835,10 @@ static CURLcode smtp_state_starttls_resp(struct Curl_easy *data,
+ CURLcode result = CURLE_OK;
+ (void)instate; /* no use for this yet */
+
++ /* Pipelining in response is forbidden. */
++ if(data->conn->proto.smtpc.pp.cache_size)
++ return CURLE_WEIRD_SERVER_REPLY;
++
+ if(smtpcode != 220) {
+ if(data->set.use_ssl != CURLUSESSL_TRY) {
+ failf(data, "STARTTLS denied, code %d", smtpcode);
+diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
+index 5cd092192..c524b993e 100644
+--- a/tests/data/Makefile.inc
++++ b/tests/data/Makefile.inc
+@@ -118,7 +118,7 @@ test954 test955 test956 test957 test958 test959 test960 test961 test962 \
+ test963 test964 test965 test966 test967 test968 test969 test970 test971 \
+ test972 \
+ \
+-test984 test985 test986 \
++test980 test981 test982 test983 test984 test985 test986 \
+ \
+ test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \
+ test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \
+diff --git a/tests/data/test980 b/tests/data/test980
+new file mode 100644
+index 000000000..97567f856
+--- /dev/null
++++ b/tests/data/test980
+@@ -0,0 +1,52 @@
++<testcase>
++<info>
++<keywords>
++SMTP
++STARTTLS
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++<servercmd>
++CAPA STARTTLS
++AUTH PLAIN
++REPLY STARTTLS 454 currently unavailable\r\n235 Authenticated\r\n250 2.1.0 Sender ok\r\n250 2.1.5 Recipient ok\r\n354 Enter mail\r\n250 2.0.0 Accepted
++REPLY AUTH 535 5.7.8 Authentication credentials invalid
++</servercmd>
++</reply>
++
++#
++# Client-side
++<client>
++<features>
++SSL
++</features>
++<server>
++smtp
++</server>
++ <name>
++SMTP STARTTLS pipelined server response
++ </name>
++<stdin>
++mail body
++</stdin>
++ <command>
++smtp://%HOSTIP:%SMTPPORT/%TESTNUMBER --mail-rcpt recipient@example.com --mail-from sender@example.com -u user:secret --ssl --sasl-ir -T -
++</command>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++# 8 is CURLE_WEIRD_SERVER_REPLY
++<errorcode>
++8
++</errorcode>
++<protocol>
++EHLO %TESTNUMBER
++STARTTLS
++</protocol>
++</verify>
++</testcase>
+diff --git a/tests/data/test981 b/tests/data/test981
+new file mode 100644
+index 000000000..2b98ce42a
+--- /dev/null
++++ b/tests/data/test981
+@@ -0,0 +1,59 @@
++<testcase>
++<info>
++<keywords>
++IMAP
++STARTTLS
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++<servercmd>
++CAPA STARTTLS
++REPLY STARTTLS A002 BAD currently unavailable\r\nA003 OK Authenticated\r\nA004 OK Accepted
++REPLY LOGIN A003 BAD Authentication credentials invalid
++</servercmd>
++</reply>
++
++#
++# Client-side
++<client>
++<features>
++SSL
++</features>
++<server>
++imap
++</server>
++ <name>
++IMAP STARTTLS pipelined server response
++ </name>
++ <command>
++imap://%HOSTIP:%IMAPPORT/%TESTNUMBER -T log/upload%TESTNUMBER -u user:secret --ssl
++</command>
++<file name="log/upload%TESTNUMBER">
++Date: Mon, 7 Feb 1994 21:52:25 -0800 (PST)
++From: Fred Foobar <foobar@example.COM>
++Subject: afternoon meeting
++To: joe@example.com
++Message-Id: <B27397-0100000@example.COM>
++MIME-Version: 1.0
++Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
++
++Hello Joe, do you think we can meet at 3:30 tomorrow?
++</file>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++# 8 is CURLE_WEIRD_SERVER_REPLY
++<errorcode>
++8
++</errorcode>
++<protocol>
++A001 CAPABILITY
++A002 STARTTLS
++</protocol>
++</verify>
++</testcase>
+diff --git a/tests/data/test982 b/tests/data/test982
+new file mode 100644
+index 000000000..9e07cc0b3
+--- /dev/null
++++ b/tests/data/test982
+@@ -0,0 +1,57 @@
++<testcase>
++<info>
++<keywords>
++POP3
++STARTTLS
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++<servercmd>
++CAPA STLS USER
++REPLY STLS -ERR currently unavailable\r\n+OK user accepted\r\n+OK authenticated
++REPLY PASS -ERR Authentication credentials invalid
++</servercmd>
++<data nocheck="yes">
++From: me@somewhere
++To: fake@nowhere
++
++body
++
++--
++ yours sincerely
++</data>
++</reply>
++
++#
++# Client-side
++<client>
++<features>
++SSL
++</features>
++<server>
++pop3
++</server>
++ <name>
++POP3 STARTTLS pipelined server response
++ </name>
++ <command>
++pop3://%HOSTIP:%POP3PORT/%TESTNUMBER -u user:secret --ssl
++ </command>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++# 8 is CURLE_WEIRD_SERVER_REPLY
++<errorcode>
++8
++</errorcode>
++<protocol>
++CAPA
++STLS
++</protocol>
++</verify>
++</testcase>
+diff --git a/tests/data/test983 b/tests/data/test983
+new file mode 100644
+index 000000000..300ec459c
+--- /dev/null
++++ b/tests/data/test983
+@@ -0,0 +1,52 @@
++<testcase>
++<info>
++<keywords>
++FTP
++STARTTLS
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++<servercmd>
++REPLY AUTH 500 unknown command\r\n500 unknown command\r\n331 give password\r\n230 Authenticated\r\n257 "/"\r\n200 OK\r\n200 OK\r\n200 OK\r\n226 Transfer complete
++REPLY PASS 530 Login incorrect
++</servercmd>
++</reply>
++
++# Client-side
++<client>
++<features>
++SSL
++</features>
++<server>
++ftp
++</server>
++ <name>
++FTP STARTTLS pipelined server response
++ </name>
++<file name="log/test%TESTNUMBER.txt">
++data
++ to
++ see
++that FTPS
++works
++ so does it?
++</file>
++ <command>
++--ssl --ftp-ssl-control ftp://%HOSTIP:%FTPPORT/%TESTNUMBER -T log/test%TESTNUMBER.txt -u user:secret -P %CLIENTIP
++</command>
++</client>
++
++# Verify data after the test has been "shot"
++<verify>
++# 8 is CURLE_WEIRD_SERVER_REPLY
++<errorcode>
++8
++</errorcode>
++<protocol>
++AUTH SSL
++</protocol>
++</verify>
++</testcase>
+--
+2.25.1
+
diff --git a/meta/recipes-support/curl/curl_7.78.0.bb b/meta/recipes-support/curl/curl_7.78.0.bb
index dece0babb2..3f736d8da6 100644
--- a/meta/recipes-support/curl/curl_7.78.0.bb
+++ b/meta/recipes-support/curl/curl_7.78.0.bb
@@ -11,6 +11,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=425f6fdc767cc067518eef9bbdf4ab7b"
SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \
file://0001-replace-krb5-config-with-pkg-config.patch \
+ file://cve-2021-22945.patch \
+ file://cve-2021-22946.patch \
+ file://cve-2021-22947.patch \
"
SRC_URI[sha256sum] = "98530b317dc95ccb324bbe4f834f07bb642fbc393b794ddf3434f246a71ea44a"
diff --git a/meta/recipes-support/dos2unix/dos2unix_7.4.2.bb b/meta/recipes-support/dos2unix/dos2unix_7.4.2.bb
index 15d097ebed..509a0a0ddc 100644
--- a/meta/recipes-support/dos2unix/dos2unix_7.4.2.bb
+++ b/meta/recipes-support/dos2unix/dos2unix_7.4.2.bb
@@ -8,7 +8,7 @@ SECTION = "support"
LICENSE = "BSD-2-Clause"
LIC_FILES_CHKSUM = "file://COPYING.txt;md5=8a7c3499a1142df819e727253cd53a12"
-SRC_URI = "git://git.code.sf.net/p/dos2unix/dos2unix"
+SRC_URI = "git://git.code.sf.net/p/dos2unix/dos2unix;branch=master"
UPSTREAM_CHECK_GITTAGREGEX = "dos2unix-(?P<pver>(\d+(\.\d+)+))"
SRCREV = "72596f0ae21faa25a07a872d4843bc885475115d"
diff --git a/meta/recipes-support/gmp/gmp/cve-2021-43618.patch b/meta/recipes-support/gmp/gmp/cve-2021-43618.patch
new file mode 100644
index 0000000000..095fb21eaa
--- /dev/null
+++ b/meta/recipes-support/gmp/gmp/cve-2021-43618.patch
@@ -0,0 +1,27 @@
+CVE: CVE-2021-43618
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+# HG changeset patch
+# User Marco Bodrato <bodrato@mail.dm.unipi.it>
+# Date 1634836009 -7200
+# Node ID 561a9c25298e17bb01896801ff353546c6923dbd
+# Parent e1fd9db13b475209a864577237ea4b9105b3e96e
+mpz/inp_raw.c: Avoid bit size overflows
+
+diff -r e1fd9db13b47 -r 561a9c25298e mpz/inp_raw.c
+--- a/mpz/inp_raw.c Tue Dec 22 23:49:51 2020 +0100
++++ b/mpz/inp_raw.c Thu Oct 21 19:06:49 2021 +0200
+@@ -88,8 +88,11 @@
+
+ abs_csize = ABS (csize);
+
++ if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8))
++ return 0; /* Bit size overflows */
++
+ /* round up to a multiple of limbs */
+- abs_xsize = BITS_TO_LIMBS (abs_csize*8);
++ abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8);
+
+ if (abs_xsize != 0)
+ {
diff --git a/meta/recipes-support/gmp/gmp_6.2.1.bb b/meta/recipes-support/gmp/gmp_6.2.1.bb
index d5996abd00..091a390511 100644
--- a/meta/recipes-support/gmp/gmp_6.2.1.bb
+++ b/meta/recipes-support/gmp/gmp_6.2.1.bb
@@ -2,9 +2,11 @@ require gmp.inc
LICENSE = "GPLv2+ | LGPLv3+"
-LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \
- file://COPYING.LESSERv3;md5=6a6a8e020838b23406c81b19c1d46df6 \
- file://COPYINGv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
+LIC_FILES_CHKSUM = "\
+ file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \
+ file://COPYING.LESSERv3;md5=6a6a8e020838b23406c81b19c1d46df6 \
+ file://COPYINGv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
+ file://COPYINGv3;md5=11cc2d3ee574f9d6b7ee797bdce4d423 \
"
REVISION = ""
@@ -12,6 +14,7 @@ SRC_URI = "https://gmplib.org/download/${BPN}/${BP}${REVISION}.tar.bz2 \
file://use-includedir.patch \
file://0001-Append-the-user-provided-flags-to-the-auto-detected-.patch \
file://0001-confiure.ac-Believe-the-cflags-from-environment.patch \
+ file://cve-2021-43618.patch \
"
SRC_URI[md5sum] = "28971fc21cf028042d4897f02fd355ea"
SRC_URI[sha256sum] = "eae9326beb4158c386e39a356818031bd28f3124cf915f8c5b1dc4c7a36b4d7c"
diff --git a/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing_2021.1.bb b/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing_2021.1.bb
index 10200f539f..8cd27e9075 100644
--- a/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing_2021.1.bb
+++ b/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing_2021.1.bb
@@ -9,7 +9,7 @@ LICENSE = "LGPLv2+"
LIC_FILES_CHKSUM = "file://COPYING;md5=3bf50002aefd002f49e7bb854063f7e7 \
file://src/gnome-desktop-testing-runner.c;beginline=1;endline=20;md5=7ef3ad9da2ffcf7707dc11151fe007f4"
-SRC_URI = "git://gitlab.gnome.org/GNOME/gnome-desktop-testing.git;protocol=http \
+SRC_URI = "git://gitlab.gnome.org/GNOME/gnome-desktop-testing.git;protocol=http;branch=master \
file://0001-fix-non-literal-format-string-issue-with-clang.patch \
"
SRCREV = "e346cd4ed2e2102c9b195b614f3c642d23f5f6e7"
diff --git a/meta/recipes-support/icu/icu_69.1.bb b/meta/recipes-support/icu/icu_69.1.bb
index 4daf0fe82e..848ae9ab19 100644
--- a/meta/recipes-support/icu/icu_69.1.bb
+++ b/meta/recipes-support/icu/icu_69.1.bb
@@ -147,4 +147,4 @@ do_make_icudata() {
:
}
-addtask make_icudata before do_configure after do_patch
+addtask make_icudata before do_configure after do_patch do_prepare_recipe_sysroot
diff --git a/meta/recipes-support/libgit2/libgit2_1.1.1.bb b/meta/recipes-support/libgit2/libgit2_1.1.1.bb
index ae30a7a100..fcf80e4809 100644
--- a/meta/recipes-support/libgit2/libgit2_1.1.1.bb
+++ b/meta/recipes-support/libgit2/libgit2_1.1.1.bb
@@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=5b002a195fb7ea2d8d583f07eaff3a8e"
DEPENDS = "curl openssl zlib libssh2 libgcrypt libpcre2"
-SRC_URI = "git://github.com/libgit2/libgit2.git;branch=maint/v1.1"
+SRC_URI = "git://github.com/libgit2/libgit2.git;branch=maint/v1.1;protocol=https"
SRCREV = "8a0dc6783c340e61a44c179c48f832165ad2053c"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-support/libjitterentropy/libjitterentropy_3.1.0.bb b/meta/recipes-support/libjitterentropy/libjitterentropy_3.1.0.bb
index d9fbb5e9d6..b5d816f864 100644
--- a/meta/recipes-support/libjitterentropy/libjitterentropy_3.1.0.bb
+++ b/meta/recipes-support/libjitterentropy/libjitterentropy_3.1.0.bb
@@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=1c94a9d191202a5552f381a023551396 \
file://LICENSE.gplv2;md5=eb723b61539feef013de476e68b5c50a \
file://LICENSE.bsd;md5=66a5cedaf62c4b2637025f049f9b826f \
"
-SRC_URI = "git://github.com/smuellerDD/jitterentropy-library.git \
+SRC_URI = "git://github.com/smuellerDD/jitterentropy-library.git;branch=master;protocol=https \
file://0001-Makefile-restore-build-reproducibility.patch \
"
SRCREV = "409828cfccf4b3b07edc40a7840a821ce074e2c3"
diff --git a/meta/recipes-support/libpcre/libpcre2_10.37.bb b/meta/recipes-support/libpcre/libpcre2_10.37.bb
index e0ead59da6..ccedf688d7 100644
--- a/meta/recipes-support/libpcre/libpcre2_10.37.bb
+++ b/meta/recipes-support/libpcre/libpcre2_10.37.bb
@@ -10,7 +10,9 @@ SECTION = "devel"
LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENCE;md5=6b3022283c9a79238d521848ea9dcb4d"
-SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre2-${PV}.tar.bz2"
+SRC_URI = "https://github.com/PhilipHazel/pcre2/releases/download/pcre2-${PV}/pcre2-${PV}.tar.bz2"
+
+UPSTREAM_CHECK_URI = "https://github.com/PhilipHazel/pcre2/releases"
SRC_URI[sha256sum] = "4d95a96e8b80529893b4562be12648d798b957b1ba1aae39606bbc2ab956d270"
diff --git a/meta/recipes-support/libpcre/libpcre_8.45.bb b/meta/recipes-support/libpcre/libpcre_8.45.bb
index 76b20f5f08..46fedbae48 100644
--- a/meta/recipes-support/libpcre/libpcre_8.45.bb
+++ b/meta/recipes-support/libpcre/libpcre_8.45.bb
@@ -7,7 +7,7 @@ HOMEPAGE = "http://www.pcre.org"
SECTION = "devel"
LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENCE;md5=b5d5d1a69a24ea2718263f1ff85a1c58"
-SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre-${PV}.tar.bz2 \
+SRC_URI = "${SOURCEFORGE_MIRROR}/pcre/pcre-${PV}.tar.bz2 \
file://run-ptest \
file://Makefile \
"
diff --git a/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb b/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
index 74bface4a1..27954ca6b1 100644
--- a/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
+++ b/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
@@ -10,7 +10,7 @@ DEPENDS += "gperf-native"
PV .= "+git${SRCPV}"
SRCREV = "5822e50c2920ce597d038077dea4a0eedf193f86"
-SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=main \
+SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=main;protocol=https \
file://0001-configure.ac-Bump-version-to-2.5.99.patch \
file://0001-arch-Add-riscv32-architecture-support.patch \
file://0002-Regenerate-syscall-cvs-file-from-5.13-rc5-kernel.patch \
diff --git a/meta/recipes-support/libunistring/libunistring_0.9.10.bb b/meta/recipes-support/libunistring/libunistring_0.9.10.bb
index 0a7b18ed08..589faacb05 100644
--- a/meta/recipes-support/libunistring/libunistring_0.9.10.bb
+++ b/meta/recipes-support/libunistring/libunistring_0.9.10.bb
@@ -18,6 +18,7 @@ LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=6a6a8e020838b23406c81b19c1d46df6 \
file://README;beginline=45;endline=65;md5=08287d16ba8d839faed8d2dc14d7d6a5 \
file://doc/libunistring.texi;md5=287fa6075f78a3c85c1a52b0a92547cd \
"
+DEPENDS = "gperf-native"
SRC_URI = "${GNU_MIRROR}/libunistring/libunistring-${PV}.tar.gz \
file://0001-Unset-need_charset_alias-when-building-for-musl.patch \
diff --git a/meta/recipes-support/libusb/libusb1_1.0.24.bb b/meta/recipes-support/libusb/libusb1_1.0.24.bb
index 95a20958a1..e70021f4f7 100644
--- a/meta/recipes-support/libusb/libusb1_1.0.24.bb
+++ b/meta/recipes-support/libusb/libusb1_1.0.24.bb
@@ -1,7 +1,7 @@
SUMMARY = "Userspace library to access USB (version 1.0)"
DESCRIPTION = "A cross-platform library to access USB devices from Linux, \
macOS, Windows, OpenBSD/NetBSD, Haiku and Solaris userspace."
-HOMEPAGE = "http://libusb.sf.net"
+HOMEPAGE = "https://libusb.info"
BUGTRACKER = "http://www.libusb.org/report"
SECTION = "libs"
@@ -10,10 +10,12 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24"
BBCLASSEXTEND = "native nativesdk"
-SRC_URI = "${SOURCEFORGE_MIRROR}/libusb/libusb-${PV}.tar.bz2 \
+SRC_URI = "https://github.com/libusb/libusb/releases/download/v${PV}/libusb-${PV}.tar.bz2 \
file://run-ptest \
"
+UPSTREAM_CHECK_URI = "https://github.com/libusb/libusb/releases"
+
SRC_URI[sha256sum] = "7efd2685f7b327326dcfb85cee426d9b871fd70e22caa15bb68d595ce2a2b12a"
S = "${WORKDIR}/libusb-${PV}"
diff --git a/meta/recipes-support/lz4/lz4_1.9.3.bb b/meta/recipes-support/lz4/lz4_1.9.3.bb
index b22eea3156..a3c48bccfb 100644
--- a/meta/recipes-support/lz4/lz4_1.9.3.bb
+++ b/meta/recipes-support/lz4/lz4_1.9.3.bb
@@ -12,7 +12,7 @@ PE = "1"
SRCREV = "d44371841a2f1728a3f36839fd4b7e872d0927d3"
-SRC_URI = "git://github.com/lz4/lz4.git;branch=release \
+SRC_URI = "git://github.com/lz4/lz4.git;branch=release;protocol=https \
file://CVE-2021-3520.patch \
"
UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>.*)"
diff --git a/meta/recipes-support/numactl/numactl_git.bb b/meta/recipes-support/numactl/numactl_git.bb
index 7b1b14d1d5..19f2293a51 100644
--- a/meta/recipes-support/numactl/numactl_git.bb
+++ b/meta/recipes-support/numactl/numactl_git.bb
@@ -13,7 +13,7 @@ LIC_FILES_CHKSUM = "file://README.md;beginline=19;endline=32;md5=f8ff2391624f28e
SRCREV = "dd6de072c92c892a86e18c0fd0dfa1ba57a9a05d"
PV = "2.0.14"
-SRC_URI = "git://github.com/numactl/numactl \
+SRC_URI = "git://github.com/numactl/numactl;branch=master;protocol=https \
file://Fix-the-test-output-format.patch \
file://Makefile \
file://run-ptest \
diff --git a/meta/recipes-support/p11-kit/p11-kit_0.24.0.bb b/meta/recipes-support/p11-kit/p11-kit_0.24.0.bb
index 9cac87ed32..7fe3c37fde 100644
--- a/meta/recipes-support/p11-kit/p11-kit_0.24.0.bb
+++ b/meta/recipes-support/p11-kit/p11-kit_0.24.0.bb
@@ -10,7 +10,7 @@ DEPENDS = "libtasn1 libtasn1-native libffi"
DEPENDS:append = "${@' glib-2.0' if d.getVar('GTKDOC_ENABLED') == 'True' else ''}"
-SRC_URI = "git://github.com/p11-glue/p11-kit"
+SRC_URI = "git://github.com/p11-glue/p11-kit;branch=master;protocol=https"
SRCREV = "34826623f58399b24c21f1788e2cdaea34521b7b"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb b/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb
index 23ab48ba2b..72922d8453 100644
--- a/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb
+++ b/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb
@@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=751419260aa954499f7abaabaa882bbe"
SRCREV = "bcb82804daa8f725b6add259dcef2067e61a75aa"
PV .= "+git${SRCPV}"
-SRC_URI = "git://git.yoctoproject.org/ptest-runner2 \
+SRC_URI = "git://git.yoctoproject.org/ptest-runner2;branch=master \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-support/rng-tools/rng-tools_6.14.bb b/meta/recipes-support/rng-tools/rng-tools_6.14.bb
index 6b79a3b040..222d7cc630 100644
--- a/meta/recipes-support/rng-tools/rng-tools_6.14.bb
+++ b/meta/recipes-support/rng-tools/rng-tools_6.14.bb
@@ -8,7 +8,7 @@ LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
DEPENDS = "sysfsutils openssl"
-SRC_URI = "git://github.com/nhorman/rng-tools.git \
+SRC_URI = "git://github.com/nhorman/rng-tools.git;branch=master;protocol=https \
file://init \
file://default \
file://rngd.service \
diff --git a/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb b/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb
index b2b830cc1f..2dca36a7df 100644
--- a/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb
+++ b/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb
@@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
DEPENDS = "libxml2 itstool-native glib-2.0 shared-mime-info-native xmlto-native"
-SRC_URI = "git://gitlab.freedesktop.org/xdg/shared-mime-info.git;protocol=https"
+SRC_URI = "git://gitlab.freedesktop.org/xdg/shared-mime-info.git;protocol=https;branch=master"
SRCREV = "18e558fa1c8b90b86757ade09a4ba4d6a6cf8f70"
PV = "2.1"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-support/vim/files/0001-src-Makefile-improve-reproducibility.patch b/meta/recipes-support/vim/files/0001-src-Makefile-improve-reproducibility.patch
index 63a7b78f12..2fc11dbdc2 100644
--- a/meta/recipes-support/vim/files/0001-src-Makefile-improve-reproducibility.patch
+++ b/meta/recipes-support/vim/files/0001-src-Makefile-improve-reproducibility.patch
@@ -16,11 +16,11 @@ Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
src/Makefile | 14 ++++----------
1 file changed, 4 insertions(+), 10 deletions(-)
-diff --git a/src/Makefile b/src/Makefile
-index f2fafa4dc..7148d4bd9 100644
---- a/src/Makefile
-+++ b/src/Makefile
-@@ -2845,16 +2845,10 @@ auto/pathdef.c: Makefile auto/config.mk
+Index: git/src/Makefile
+===================================================================
+--- git.orig/src/Makefile
++++ git/src/Makefile
+@@ -3101,16 +3101,10 @@ auto/pathdef.c: Makefile auto/config.mk
-@echo '#include "vim.h"' >> $@
-@echo 'char_u *default_vim_dir = (char_u *)"$(VIMRCLOC)";' | $(QUOTESED) >> $@
-@echo 'char_u *default_vimruntime_dir = (char_u *)"$(VIMRUNTIMEDIR)";' | $(QUOTESED) >> $@
@@ -41,6 +41,3 @@ index f2fafa4dc..7148d4bd9 100644
-@sh $(srcdir)/pathdef.sh
GUI_GTK_RES_INPUTS = \
---
-2.17.1
-
diff --git a/meta/recipes-support/vim/files/CVE-2021-3778.patch b/meta/recipes-support/vim/files/CVE-2021-3778.patch
deleted file mode 100644
index 769a7a07ac..0000000000
--- a/meta/recipes-support/vim/files/CVE-2021-3778.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From eb41373c8c88b0789e5cf04669d6116f9a199264 Mon Sep 17 00:00:00 2001
-From: Minjae Kim <flowergom@gmail.com>
-Date: Sun, 26 Sep 2021 23:48:00 +0000
-Subject: [PATCH] patch 8.2.3409: reading beyond end of line with invalid utf-8
- character
-
-Problem: Reading beyond end of line with invalid utf-8 character.
-Solution: Check for NUL when advancing.
-
-Upstream-Status: Accepted [https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f]
-CVE: CVE-2021-3778
-Signed-off-by: Minjae Kim <flowergom@gmail.com>
----
- src/regexp_nfa.c | 3 ++-
- src/testdir/test_regexp_utf8.vim | 7 +++++++
- 2 files changed, 9 insertions(+), 1 deletion(-)
-
-Index: git/src/regexp_nfa.c
-===================================================================
---- git.orig/src/regexp_nfa.c
-+++ git/src/regexp_nfa.c
-@@ -5455,7 +5455,8 @@ find_match_text(colnr_T startcol, int re
- match = FALSE;
- break;
- }
-- len2 += MB_CHAR2LEN(c2);
-+ len2 += enc_utf8 ? utf_ptr2len(rex.line + col + len2)
-+ : MB_CHAR2LEN(c2);
- }
- if (match
- // check that no composing char follows
-Index: git/src/testdir/test_regexp_utf8.vim
-===================================================================
---- git.orig/src/testdir/test_regexp_utf8.vim
-+++ git/src/testdir/test_regexp_utf8.vim
-@@ -215,3 +215,10 @@ func Test_optmatch_toolong()
- set re=0
- endfunc
-
-+func Test_match_invalid_byte()
-+ call writefile(0z630a.765d30aa0a.2e0a.790a.4030, 'Xinvalid')
-+ new
-+ source Xinvalid
-+ bwipe!
-+ call delete('Xinvalid')
-+endfunc
diff --git a/meta/recipes-support/vim/files/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch b/meta/recipes-support/vim/files/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch
deleted file mode 100644
index 1cee759502..0000000000
--- a/meta/recipes-support/vim/files/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch
+++ /dev/null
@@ -1,207 +0,0 @@
-From b7081e135a16091c93f6f5f7525a5c58fb7ca9f9 Mon Sep 17 00:00:00 2001
-From: Bram Moolenaar <Bram@vim.org>
-Date: Sat, 4 Sep 2021 18:47:28 +0200
-Subject: [PATCH] patch 8.2.3402: invalid memory access when using :retab with
- large value
-
-Problem: Invalid memory access when using :retab with large value.
-Solution: Check the number is positive.
-
-CVE: CVE-2021-3770
-Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-Upstream-Status: Backport [https://github.com/vim/vim/commit/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9]
----
- src/indent.c | 34 +++++++++++++++++++++-------------
- src/option.c | 12 ++++++------
- src/optionstr.c | 4 ++--
- src/testdir/test_retab.vim | 3 +++
- src/version.c | 2 ++
- 5 files changed, 34 insertions(+), 21 deletions(-)
-
-Index: git/src/indent.c
-===================================================================
---- git.orig/src/indent.c
-+++ git/src/indent.c
-@@ -18,18 +18,19 @@
- /*
- * Set the integer values corresponding to the string setting of 'vartabstop'.
- * "array" will be set, caller must free it if needed.
-+ * Return FAIL for an error.
- */
- int
- tabstop_set(char_u *var, int **array)
- {
-- int valcount = 1;
-- int t;
-- char_u *cp;
-+ int valcount = 1;
-+ int t;
-+ char_u *cp;
-
- if (var[0] == NUL || (var[0] == '0' && var[1] == NUL))
- {
- *array = NULL;
-- return TRUE;
-+ return OK;
- }
-
- for (cp = var; *cp != NUL; ++cp)
-@@ -43,8 +44,8 @@ tabstop_set(char_u *var, int **array)
- if (cp != end)
- emsg(_(e_positive));
- else
-- emsg(_(e_invarg));
-- return FALSE;
-+ semsg(_(e_invarg2), cp);
-+ return FAIL;
- }
- }
-
-@@ -55,26 +56,33 @@ tabstop_set(char_u *var, int **array)
- ++valcount;
- continue;
- }
-- emsg(_(e_invarg));
-- return FALSE;
-+ semsg(_(e_invarg2), var);
-+ return FAIL;
- }
-
- *array = ALLOC_MULT(int, valcount + 1);
- if (*array == NULL)
-- return FALSE;
-+ return FAIL;
- (*array)[0] = valcount;
-
- t = 1;
- for (cp = var; *cp != NUL;)
- {
-- (*array)[t++] = atoi((char *)cp);
-- while (*cp != NUL && *cp != ',')
-+ int n = atoi((char *)cp);
-+
-+ if (n < 0 || n > 9999)
-+ {
-+ semsg(_(e_invarg2), cp);
-+ return FAIL;
-+ }
-+ (*array)[t++] = n;
-+ while (*cp != NUL && *cp != ',')
- ++cp;
- if (*cp != NUL)
- ++cp;
- }
-
-- return TRUE;
-+ return OK;
- }
-
- /*
-@@ -1556,7 +1564,7 @@ ex_retab(exarg_T *eap)
-
- #ifdef FEAT_VARTABS
- new_ts_str = eap->arg;
-- if (!tabstop_set(eap->arg, &new_vts_array))
-+ if (tabstop_set(eap->arg, &new_vts_array) == FAIL)
- return;
- while (vim_isdigit(*(eap->arg)) || *(eap->arg) == ',')
- ++(eap->arg);
-Index: git/src/option.c
-===================================================================
---- git.orig/src/option.c
-+++ git/src/option.c
-@@ -2292,9 +2292,9 @@ didset_options2(void)
- #endif
- #ifdef FEAT_VARTABS
- vim_free(curbuf->b_p_vsts_array);
-- tabstop_set(curbuf->b_p_vsts, &curbuf->b_p_vsts_array);
-+ (void)tabstop_set(curbuf->b_p_vsts, &curbuf->b_p_vsts_array);
- vim_free(curbuf->b_p_vts_array);
-- tabstop_set(curbuf->b_p_vts, &curbuf->b_p_vts_array);
-+ (void)tabstop_set(curbuf->b_p_vts, &curbuf->b_p_vts_array);
- #endif
- }
-
-@@ -5756,7 +5756,7 @@ buf_copy_options(buf_T *buf, int flags)
- buf->b_p_vsts = vim_strsave(p_vsts);
- COPY_OPT_SCTX(buf, BV_VSTS);
- if (p_vsts && p_vsts != empty_option)
-- tabstop_set(p_vsts, &buf->b_p_vsts_array);
-+ (void)tabstop_set(p_vsts, &buf->b_p_vsts_array);
- else
- buf->b_p_vsts_array = 0;
- buf->b_p_vsts_nopaste = p_vsts_nopaste
-@@ -5914,7 +5914,7 @@ buf_copy_options(buf_T *buf, int flags)
- buf->b_p_isk = save_p_isk;
- #ifdef FEAT_VARTABS
- if (p_vts && p_vts != empty_option && !buf->b_p_vts_array)
-- tabstop_set(p_vts, &buf->b_p_vts_array);
-+ (void)tabstop_set(p_vts, &buf->b_p_vts_array);
- else
- buf->b_p_vts_array = NULL;
- #endif
-@@ -5929,7 +5929,7 @@ buf_copy_options(buf_T *buf, int flags)
- buf->b_p_vts = vim_strsave(p_vts);
- COPY_OPT_SCTX(buf, BV_VTS);
- if (p_vts && p_vts != empty_option && !buf->b_p_vts_array)
-- tabstop_set(p_vts, &buf->b_p_vts_array);
-+ (void)tabstop_set(p_vts, &buf->b_p_vts_array);
- else
- buf->b_p_vts_array = NULL;
- #endif
-@@ -6634,7 +6634,7 @@ paste_option_changed(void)
- if (buf->b_p_vsts_array)
- vim_free(buf->b_p_vsts_array);
- if (buf->b_p_vsts && buf->b_p_vsts != empty_option)
-- tabstop_set(buf->b_p_vsts, &buf->b_p_vsts_array);
-+ (void)tabstop_set(buf->b_p_vsts, &buf->b_p_vsts_array);
- else
- buf->b_p_vsts_array = 0;
- #endif
-Index: git/src/optionstr.c
-===================================================================
---- git.orig/src/optionstr.c
-+++ git/src/optionstr.c
-@@ -2166,7 +2166,7 @@ did_set_string_option(
- if (errmsg == NULL)
- {
- int *oldarray = curbuf->b_p_vsts_array;
-- if (tabstop_set(*varp, &(curbuf->b_p_vsts_array)))
-+ if (tabstop_set(*varp, &(curbuf->b_p_vsts_array)) == OK)
- {
- if (oldarray)
- vim_free(oldarray);
-@@ -2205,7 +2205,7 @@ did_set_string_option(
- {
- int *oldarray = curbuf->b_p_vts_array;
-
-- if (tabstop_set(*varp, &(curbuf->b_p_vts_array)))
-+ if (tabstop_set(*varp, &(curbuf->b_p_vts_array)) == OK)
- {
- vim_free(oldarray);
- #ifdef FEAT_FOLDING
-Index: git/src/testdir/test_retab.vim
-===================================================================
---- git.orig/src/testdir/test_retab.vim
-+++ git/src/testdir/test_retab.vim
-@@ -74,4 +74,7 @@ endfunc
- func Test_retab_error()
- call assert_fails('retab -1', 'E487:')
- call assert_fails('retab! -1', 'E487:')
-+ call assert_fails('ret -1000', 'E487:')
-+ call assert_fails('ret 10000', 'E475:')
-+ call assert_fails('ret 80000000000000000000', 'E475:')
- endfunc
-Index: git/src/version.c
-===================================================================
---- git.orig/src/version.c
-+++ git/src/version.c
-@@ -743,6 +743,8 @@ static char *(features[]) =
- static int included_patches[] =
- { /* Add new patch number below this line */
- /**/
-+ 3402,
-+/**/
- 0
- };
-
diff --git a/meta/recipes-support/vim/files/disable_acl_header_check.patch b/meta/recipes-support/vim/files/disable_acl_header_check.patch
index 33089162b4..533138245d 100644
--- a/meta/recipes-support/vim/files/disable_acl_header_check.patch
+++ b/meta/recipes-support/vim/files/disable_acl_header_check.patch
@@ -13,11 +13,11 @@ Signed-off-by: Changqing Li <changqing.li@windriver.com>
src/configure.ac | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
-diff --git a/src/configure.ac b/src/configure.ac
-index 2d409b3ca06a..dbcaf6140263 100644
---- a/src/configure.ac
-+++ b/src/configure.ac
-@@ -3257,7 +3257,7 @@ AC_CHECK_HEADERS(stdint.h stdlib.h string.h \
+Index: git/src/configure.ac
+===================================================================
+--- git.orig/src/configure.ac
++++ git/src/configure.ac
+@@ -3292,7 +3292,7 @@ AC_CHECK_HEADERS(stdint.h stdlib.h strin
sys/systeminfo.h locale.h sys/stream.h termios.h \
libc.h sys/statfs.h poll.h sys/poll.h pwd.h \
utime.h sys/param.h sys/ptms.h libintl.h libgen.h \
@@ -26,7 +26,7 @@ index 2d409b3ca06a..dbcaf6140263 100644
sys/access.h sys/sysinfo.h wchar.h wctype.h)
dnl sys/ptem.h depends on sys/stream.h on Solaris
-@@ -3886,6 +3886,7 @@ AC_ARG_ENABLE(acl,
+@@ -3974,6 +3974,7 @@ AC_ARG_ENABLE(acl,
, [enable_acl="yes"])
if test "$enable_acl" = "yes"; then
AC_MSG_RESULT(no)
@@ -34,6 +34,3 @@ index 2d409b3ca06a..dbcaf6140263 100644
AC_CHECK_LIB(posix1e, acl_get_file, [LIBS="$LIBS -lposix1e"],
AC_CHECK_LIB(acl, acl_get_file, [LIBS="$LIBS -lacl"
AC_CHECK_LIB(attr, fgetxattr, LIBS="$LIBS -lattr",,)],,),)
---
-2.7.4
-
diff --git a/meta/recipes-support/vim/files/no-path-adjust.patch b/meta/recipes-support/vim/files/no-path-adjust.patch
index 05c2d803f6..9d6da80913 100644
--- a/meta/recipes-support/vim/files/no-path-adjust.patch
+++ b/meta/recipes-support/vim/files/no-path-adjust.patch
@@ -7,9 +7,11 @@ Upstream-Status: Pending
Signed-off-by: Joe Slater <joe.slater@windriver.com>
---- a/src/Makefile
-+++ b/src/Makefile
-@@ -2507,11 +2507,14 @@ installtools: $(TOOLS) $(DESTDIR)$(exec_
+Index: git/src/Makefile
+===================================================================
+--- git.orig/src/Makefile
++++ git/src/Makefile
+@@ -2565,11 +2565,14 @@ installtools: $(TOOLS) $(DESTDIR)$(exec_
rm -rf $$cvs; \
fi
-chmod $(FILEMOD) $(DEST_TOOLS)/*
diff --git a/meta/recipes-support/vim/files/racefix.patch b/meta/recipes-support/vim/files/racefix.patch
index 48dca44cad..1cb8fb442f 100644
--- a/meta/recipes-support/vim/files/racefix.patch
+++ b/meta/recipes-support/vim/files/racefix.patch
@@ -9,9 +9,9 @@ Index: git/src/po/Makefile
===================================================================
--- git.orig/src/po/Makefile
+++ git/src/po/Makefile
-@@ -165,17 +165,16 @@ $(PACKAGE).pot: ../*.c ../if_perl.xs ../
- po/gvim.desktop.in po/vim.desktop.in
- mv -f ../$(PACKAGE).po $(PACKAGE).pot
+@@ -207,17 +207,16 @@ $(PACKAGE).pot: $(PO_INPUTLIST) $(PO_VIM
+ # Delete the temporary files
+ rm *.js
-vim.desktop: vim.desktop.in $(POFILES)
+LINGUAS:
diff --git a/meta/recipes-support/vim/files/vim-add-knob-whether-elf.h-are-checked.patch b/meta/recipes-support/vim/files/vim-add-knob-whether-elf.h-are-checked.patch
index 37914d4cd9..5284ba45b6 100644
--- a/meta/recipes-support/vim/files/vim-add-knob-whether-elf.h-are-checked.patch
+++ b/meta/recipes-support/vim/files/vim-add-knob-whether-elf.h-are-checked.patch
@@ -14,11 +14,11 @@ Signed-off-by: Changqing Li <changqing.li@windriver.com>
src/configure.ac | 7 +++++++
1 file changed, 7 insertions(+)
-diff --git a/src/configure.ac b/src/configure.ac
-index 0ee86ad..64736f0 100644
---- a/src/configure.ac
-+++ b/src/configure.ac
-@@ -3192,11 +3192,18 @@ AC_TRY_COMPILE([#include <stdio.h>], [int x __attribute__((unused));],
+Index: git/src/configure.ac
+===================================================================
+--- git.orig/src/configure.ac
++++ git/src/configure.ac
+@@ -3264,11 +3264,18 @@ AC_TRY_COMPILE([#include <stdio.h>], [in
AC_MSG_RESULT(no))
dnl Checks for header files.
@@ -37,6 +37,3 @@ index 0ee86ad..64736f0 100644
AC_HEADER_DIRENT
---
-2.7.4
-
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index db1e9caf4d..087153c1d6 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -8,20 +8,21 @@ BUGTRACKER = "https://github.com/vim/vim/issues"
DEPENDS = "ncurses gettext-native"
# vimdiff doesn't like busybox diff
RSUGGESTS:${PN} = "diffutils"
+
LICENSE = "vim"
-LIC_FILES_CHKSUM = "file://runtime/doc/uganda.txt;endline=287;md5=a19edd7ec70d573a005d9e509375a99a"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=6b30ea4fa660c483b619924bc709ef99 \
+ file://runtime/doc/uganda.txt;md5=daf48235bb824c77fe8ae88d5f575f74"
-SRC_URI = "git://github.com/vim/vim.git \
+SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
file://disable_acl_header_check.patch \
file://vim-add-knob-whether-elf.h-are-checked.patch \
file://0001-src-Makefile-improve-reproducibility.patch \
file://no-path-adjust.patch \
file://racefix.patch \
- file://b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch \
- file://CVE-2021-3778.patch \
-"
+ "
-SRCREV = "98056533b96b6b5d8849641de93185dd7bcadc44"
+PV .= ".4912"
+SRCREV = "a7583c42cd6b64fd276a5d7bb0db5ce7bfafa730"
# Do not consider .z in x.y.z, as that is updated with every commit
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+)\.0"
diff --git a/meta/recipes-support/xxhash/xxhash_0.8.0.bb b/meta/recipes-support/xxhash/xxhash_0.8.0.bb
index 4e48365a71..686fbea591 100644
--- a/meta/recipes-support/xxhash/xxhash_0.8.0.bb
+++ b/meta/recipes-support/xxhash/xxhash_0.8.0.bb
@@ -5,7 +5,7 @@ HOMEPAGE = "http://www.xxhash.com/"
LICENSE = "BSD-2-Clause & GPL-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=b335320506abb0505437e39295e799cb"
-SRC_URI = "git://github.com/Cyan4973/xxHash.git;branch=release;protocol=git \
+SRC_URI = "git://github.com/Cyan4973/xxHash.git;branch=release;protocol=https \
file://0001-Makefile-escape-special-regex-characters-in-paths.patch \
"
UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)"
diff --git a/scripts/buildhistory-diff b/scripts/buildhistory-diff
index 3bd40a2a1e..a6e785aa23 100755
--- a/scripts/buildhistory-diff
+++ b/scripts/buildhistory-diff
@@ -11,7 +11,6 @@
import sys
import os
import argparse
-from distutils.version import LooseVersion
# Ensure PythonGit is installed (buildhistory_analysis needs it)
try:
@@ -73,10 +72,6 @@ def main():
parser = get_args_parser()
args = parser.parse_args()
- if LooseVersion(git.__version__) < '0.3.1':
- sys.stderr.write("Version of GitPython is too old, please install GitPython (python-git) 0.3.1 or later in order to use this script\n")
- sys.exit(1)
-
if len(args.revisions) > 2:
sys.stderr.write('Invalid argument(s) specified: %s\n\n' % ' '.join(args.revisions[2:]))
parser.print_help()
diff --git a/scripts/contrib/convert-srcuri.py b/scripts/contrib/convert-srcuri.py
new file mode 100755
index 0000000000..587392334f
--- /dev/null
+++ b/scripts/contrib/convert-srcuri.py
@@ -0,0 +1,77 @@
+#!/usr/bin/env python3
+#
+# Conversion script to update SRC_URI to add branch to git urls
+#
+# Copyright (C) 2021 Richard Purdie
+#
+# SPDX-License-Identifier: GPL-2.0-only
+#
+
+import re
+import os
+import sys
+import tempfile
+import shutil
+import mimetypes
+
+if len(sys.argv) < 2:
+ print("Please specify a directory to run the conversion script against.")
+ sys.exit(1)
+
+def processfile(fn):
+ def matchline(line):
+ if "MIRROR" in line or ".*" in line or "GNOME_GIT" in line:
+ return False
+ return True
+ print("processing file '%s'" % fn)
+ try:
+ if "distro_alias.inc" in fn or "linux-yocto-custom.bb" in fn:
+ return
+ fh, abs_path = tempfile.mkstemp()
+ modified = False
+ with os.fdopen(fh, 'w') as new_file:
+ with open(fn, "r") as old_file:
+ for line in old_file:
+ if ("git://" in line or "gitsm://" in line) and "branch=" not in line and matchline(line):
+ if line.endswith('"\n'):
+ line = line.replace('"\n', ';branch=master"\n')
+ elif re.search('\s*\\\\$', line):
+ line = re.sub('\s*\\\\$', ';branch=master \\\\', line)
+ modified = True
+ if ("git://" in line or "gitsm://" in line) and "github.com" in line and "protocol=https" not in line and matchline(line):
+ if "protocol=git" in line:
+ line = line.replace('protocol=git', 'protocol=https')
+ elif line.endswith('"\n'):
+ line = line.replace('"\n', ';protocol=https"\n')
+ elif re.search('\s*\\\\$', line):
+ line = re.sub('\s*\\\\$', ';protocol=https \\\\', line)
+ modified = True
+ new_file.write(line)
+ if modified:
+ shutil.copymode(fn, abs_path)
+ os.remove(fn)
+ shutil.move(abs_path, fn)
+ except UnicodeDecodeError:
+ pass
+
+ourname = os.path.basename(sys.argv[0])
+ourversion = "0.1"
+
+if os.path.isfile(sys.argv[1]):
+ processfile(sys.argv[1])
+ sys.exit(0)
+
+for targetdir in sys.argv[1:]:
+ print("processing directory '%s'" % targetdir)
+ for root, dirs, files in os.walk(targetdir):
+ for name in files:
+ if name == ourname:
+ continue
+ fn = os.path.join(root, name)
+ if os.path.islink(fn):
+ continue
+ if "/.git/" in fn or fn.endswith(".html") or fn.endswith(".patch") or fn.endswith(".m4") or fn.endswith(".diff"):
+ continue
+ processfile(fn)
+
+print("All files processed with version %s" % ourversion)
diff --git a/scripts/git b/scripts/git
new file mode 100755
index 0000000000..644055e540
--- /dev/null
+++ b/scripts/git
@@ -0,0 +1,26 @@
+#!/usr/bin/env python3
+#
+# Wrapper around 'git' that doesn't think we are root
+
+import os
+import shutil
+import sys
+
+os.environ['PSEUDO_UNLOAD'] = '1'
+
+# calculate path to the real 'git'
+path = os.environ['PATH']
+# we need to remove our path but also any other copy of this script which
+# may be present, e.g. eSDK.
+replacements = [os.path.dirname(sys.argv[0])]
+for p in path.split(":"):
+ if p.endswith("/scripts"):
+ replacements.append(p)
+for r in replacements:
+ path = path.replace(r, '/ignoreme')
+real_git = shutil.which('git', path=path)
+
+if len(sys.argv) == 1:
+ os.execl(real_git, 'git')
+
+os.execv(real_git, sys.argv)
diff --git a/scripts/lib/checklayer/cases/common.py b/scripts/lib/checklayer/cases/common.py
index b82304e361..4495f71b24 100644
--- a/scripts/lib/checklayer/cases/common.py
+++ b/scripts/lib/checklayer/cases/common.py
@@ -14,7 +14,7 @@ class CommonCheckLayer(OECheckLayerTestCase):
# The top-level README file may have a suffix (like README.rst or README.txt).
readme_files = glob.glob(os.path.join(self.tc.layer['path'], '[Rr][Ee][Aa][Dd][Mm][Ee]*'))
self.assertTrue(len(readme_files) > 0,
- msg="Layer doesn't contains README file.")
+ msg="Layer doesn't contain a README file.")
# There might be more than one file matching the file pattern above
# (for example, README.rst and README-COPYING.rst). The one with the shortest
diff --git a/scripts/lib/devtool/deploy.py b/scripts/lib/devtool/deploy.py
index 833322571f..e14a587417 100644
--- a/scripts/lib/devtool/deploy.py
+++ b/scripts/lib/devtool/deploy.py
@@ -170,7 +170,7 @@ def deploy(args, config, basepath, workspace):
srcdir = recipe_outdir
recipe_outdir = os.path.join(rd.getVar('WORKDIR'), 'devtool-deploy-target-stripped')
if os.path.isdir(recipe_outdir):
- bb.utils.remove(recipe_outdir, True)
+ exec_fakeroot(rd, "rm -rf %s" % recipe_outdir, shell=True)
exec_fakeroot(rd, "cp -af %s %s" % (os.path.join(srcdir, '.'), recipe_outdir), shell=True)
os.environ['PATH'] = ':'.join([os.environ['PATH'], rd.getVar('PATH') or ''])
oe.package.strip_execs(args.recipename, recipe_outdir, rd.getVar('STRIP'), rd.getVar('libdir'),
diff --git a/scripts/lib/devtool/upgrade.py b/scripts/lib/devtool/upgrade.py
index 826a3f955f..0357ec07bf 100644
--- a/scripts/lib/devtool/upgrade.py
+++ b/scripts/lib/devtool/upgrade.py
@@ -192,14 +192,15 @@ def _extract_new_source(newpv, srctree, no_patch, srcrev, srcbranch, branch, kee
get_branch = [x.strip() for x in check_branch.splitlines()]
# Remove HEAD reference point and drop remote prefix
get_branch = [x.split('/', 1)[1] for x in get_branch if not x.startswith('origin/HEAD')]
- if 'master' in get_branch:
- # If it is master, we do not need to append 'branch=master' as this is default.
- # Even with the case where get_branch has multiple objects, if 'master' is one
- # of them, we should default take from 'master'
- srcbranch = ''
- elif len(get_branch) == 1:
- # If 'master' isn't in get_branch and get_branch contains only ONE object, then store result into 'srcbranch'
+ if len(get_branch) == 1:
+ # If srcrev is on only ONE branch, then use that branch
srcbranch = get_branch[0]
+ elif 'main' in get_branch:
+ # If srcrev is on multiple branches, then choose 'main' if it is one of them
+ srcbranch = 'main'
+ elif 'master' in get_branch:
+ # Otherwise choose 'master' if it is one of the branches
+ srcbranch = 'master'
else:
# If get_branch contains more than one objects, then display error and exit.
mbrch = '\n ' + '\n '.join(get_branch)
diff --git a/scripts/lib/recipetool/create.py b/scripts/lib/recipetool/create.py
index 5cd72ea0a7..b4b1f817f1 100644
--- a/scripts/lib/recipetool/create.py
+++ b/scripts/lib/recipetool/create.py
@@ -366,7 +366,7 @@ def supports_srcrev(uri):
def reformat_git_uri(uri):
'''Convert any http[s]://....git URI into git://...;protocol=http[s]'''
checkuri = uri.split(';', 1)[0]
- if checkuri.endswith('.git') or '/git/' in checkuri or re.match('https?://github.com/[^/]+/[^/]+/?$', checkuri):
+ if checkuri.endswith('.git') or '/git/' in checkuri or re.match('https?://git(hub|lab).com/[^/]+/[^/]+/?$', checkuri):
# Appends scheme if the scheme is missing
if not '://' in uri:
uri = 'git://' + uri
@@ -435,7 +435,7 @@ def create_recipe(args):
if args.binary:
# Assume the archive contains the directory structure verbatim
# so we need to extract to a subdirectory
- fetchuri += ';subdir=${BP}'
+ fetchuri += ';subdir=${BPN}'
srcuri = fetchuri
rev_re = re.compile(';rev=([^;]+)')
res = rev_re.search(srcuri)
@@ -478,6 +478,9 @@ def create_recipe(args):
storeTagName = params['tag']
params['nobranch'] = '1'
del params['tag']
+ # Assume 'master' branch if not set
+ if scheme in ['git', 'gitsm'] and 'branch' not in params and 'nobranch' not in params:
+ params['branch'] = 'master'
fetchuri = bb.fetch2.encodeurl((scheme, network, path, user, passwd, params))
tmpparent = tinfoil.config_data.getVar('BASE_WORKDIR')
@@ -527,10 +530,9 @@ def create_recipe(args):
# Remove HEAD reference point and drop remote prefix
get_branch = [x.split('/', 1)[1] for x in get_branch if not x.startswith('origin/HEAD')]
if 'master' in get_branch:
- # If it is master, we do not need to append 'branch=master' as this is default.
# Even with the case where get_branch has multiple objects, if 'master' is one
# of them, we should default take from 'master'
- srcbranch = ''
+ srcbranch = 'master'
elif len(get_branch) == 1:
# If 'master' isn't in get_branch and get_branch contains only ONE object, then store result into 'srcbranch'
srcbranch = get_branch[0]
@@ -543,8 +545,8 @@ def create_recipe(args):
# Since we might have a value in srcbranch, we need to
# recontruct the srcuri to include 'branch' in params.
scheme, network, path, user, passwd, params = bb.fetch2.decodeurl(srcuri)
- if srcbranch:
- params['branch'] = srcbranch
+ if scheme in ['git', 'gitsm']:
+ params['branch'] = srcbranch or 'master'
if storeTagName and scheme in ['git', 'gitsm']:
# Check srcrev using tag and check validity of the tag
@@ -603,7 +605,7 @@ def create_recipe(args):
splitline = line.split()
if len(splitline) > 1:
if splitline[0] == 'origin' and scriptutils.is_src_url(splitline[1]):
- srcuri = reformat_git_uri(splitline[1])
+ srcuri = reformat_git_uri(splitline[1]) + ';branch=master'
srcsubdir = 'git'
break
diff --git a/scripts/lib/recipetool/create_buildsys.py b/scripts/lib/recipetool/create_buildsys.py
index 35a97c9345..5015634476 100644
--- a/scripts/lib/recipetool/create_buildsys.py
+++ b/scripts/lib/recipetool/create_buildsys.py
@@ -545,7 +545,7 @@ class AutotoolsRecipeHandler(RecipeHandler):
deps.append('zlib')
elif keyword in ('AX_CHECK_OPENSSL', 'AX_LIB_CRYPTO'):
deps.append('openssl')
- elif keyword == 'AX_LIB_CURL':
+ elif keyword in ('AX_LIB_CURL', 'LIBCURL_CHECK_CONFIG'):
deps.append('curl')
elif keyword == 'AX_LIB_BEECRYPT':
deps.append('beecrypt')
@@ -624,6 +624,7 @@ class AutotoolsRecipeHandler(RecipeHandler):
'AX_CHECK_OPENSSL',
'AX_LIB_CRYPTO',
'AX_LIB_CURL',
+ 'LIBCURL_CHECK_CONFIG',
'AX_LIB_BEECRYPT',
'AX_LIB_EXPAT',
'AX_LIB_GCRYPT',
diff --git a/scripts/lib/scriptutils.py b/scripts/lib/scriptutils.py
index 3164171eb2..47a08194d0 100644
--- a/scripts/lib/scriptutils.py
+++ b/scripts/lib/scriptutils.py
@@ -18,7 +18,8 @@ import sys
import tempfile
import threading
import importlib
-from importlib import machinery
+import importlib.machinery
+import importlib.util
class KeepAliveStreamHandler(logging.StreamHandler):
def __init__(self, keepalive=True, **kwargs):
@@ -82,7 +83,9 @@ def load_plugins(logger, plugins, pluginpath):
logger.debug('Loading plugin %s' % name)
spec = importlib.machinery.PathFinder.find_spec(name, path=[pluginpath] )
if spec:
- return spec.loader.load_module()
+ mod = importlib.util.module_from_spec(spec)
+ spec.loader.exec_module(mod)
+ return mod
def plugin_name(filename):
return os.path.splitext(os.path.basename(filename))[0]
diff --git a/scripts/lib/wic/engine.py b/scripts/lib/wic/engine.py
index 018815b966..674ccfc244 100644
--- a/scripts/lib/wic/engine.py
+++ b/scripts/lib/wic/engine.py
@@ -19,10 +19,10 @@ import os
import tempfile
import json
import subprocess
+import shutil
import re
from collections import namedtuple, OrderedDict
-from distutils.spawn import find_executable
from wic import WicError
from wic.filemap import sparse_copy
@@ -245,7 +245,7 @@ class Disk:
for path in pathlist.split(':'):
self.paths = "%s%s:%s" % (native_sysroot, path, self.paths)
- self.parted = find_executable("parted", self.paths)
+ self.parted = shutil.which("parted", path=self.paths)
if not self.parted:
raise WicError("Can't find executable parted")
@@ -283,7 +283,7 @@ class Disk:
"resize2fs", "mkswap", "mkdosfs", "debugfs","blkid"):
aname = "_%s" % name
if aname not in self.__dict__:
- setattr(self, aname, find_executable(name, self.paths))
+ setattr(self, aname, shutil.which(name, path=self.paths))
if aname not in self.__dict__ or self.__dict__[aname] is None:
raise WicError("Can't find executable '{}'".format(name))
return self.__dict__[aname]
diff --git a/scripts/lib/wic/help.py b/scripts/lib/wic/help.py
index 991907d3f5..4ff7470a6a 100644
--- a/scripts/lib/wic/help.py
+++ b/scripts/lib/wic/help.py
@@ -840,8 +840,8 @@ DESCRIPTION
meanings. The commands are based on the Fedora kickstart
documentation but with modifications to reflect wic capabilities.
- http://fedoraproject.org/wiki/Anaconda/Kickstart#part_or_partition
- http://fedoraproject.org/wiki/Anaconda/Kickstart#bootloader
+ https://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#part-or-partition
+ https://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#bootloader
Commands
diff --git a/scripts/lib/wic/misc.py b/scripts/lib/wic/misc.py
index 57c042c503..3e11822996 100644
--- a/scripts/lib/wic/misc.py
+++ b/scripts/lib/wic/misc.py
@@ -16,9 +16,9 @@ import logging
import os
import re
import subprocess
+import shutil
from collections import defaultdict
-from distutils import spawn
from wic import WicError
@@ -122,7 +122,7 @@ def find_executable(cmd, paths):
if provided and "%s-native" % recipe in provided:
return True
- return spawn.find_executable(cmd, paths)
+ return shutil.which(cmd, path=paths)
def exec_native_cmd(cmd_and_args, native_sysroot, pseudo=""):
"""
diff --git a/scripts/lib/wic/pluginbase.py b/scripts/lib/wic/pluginbase.py
index d9b4e57747..b64568339b 100644
--- a/scripts/lib/wic/pluginbase.py
+++ b/scripts/lib/wic/pluginbase.py
@@ -9,9 +9,11 @@ __all__ = ['ImagerPlugin', 'SourcePlugin']
import os
import logging
+import types
from collections import defaultdict
-from importlib.machinery import SourceFileLoader
+import importlib
+import importlib.util
from wic import WicError
from wic.misc import get_bitbake_var
@@ -54,7 +56,9 @@ class PluginMgr:
mname = fname[:-3]
mpath = os.path.join(ppath, fname)
logger.debug("loading plugin module %s", mpath)
- SourceFileLoader(mname, mpath).load_module()
+ spec = importlib.util.spec_from_file_location(mname, mpath)
+ module = importlib.util.module_from_spec(spec)
+ spec.loader.exec_module(module)
return PLUGINS.get(ptype)
diff --git a/scripts/lib/wic/plugins/imager/direct.py b/scripts/lib/wic/plugins/imager/direct.py
index 495518fac8..e57fba9c12 100644
--- a/scripts/lib/wic/plugins/imager/direct.py
+++ b/scripts/lib/wic/plugins/imager/direct.py
@@ -259,6 +259,8 @@ class DirectPlugin(ImagerPlugin):
if part.mountpoint == "/":
if part.uuid:
return "PARTUUID=%s" % part.uuid
+ elif part.label:
+ return "PARTLABEL=%s" % part.label
else:
suffix = 'p' if part.disk.startswith('mmcblk') else ''
return "/dev/%s%s%-d" % (part.disk, suffix, part.realnum)
diff --git a/scripts/lib/wic/plugins/source/rootfs.py b/scripts/lib/wic/plugins/source/rootfs.py
index 2e34e715ca..25bb41dd70 100644
--- a/scripts/lib/wic/plugins/source/rootfs.py
+++ b/scripts/lib/wic/plugins/source/rootfs.py
@@ -50,7 +50,7 @@ class RootfsPlugin(SourcePlugin):
@staticmethod
def __get_rootfs_dir(rootfs_dir):
- if os.path.isdir(rootfs_dir):
+ if rootfs_dir and os.path.isdir(rootfs_dir):
return os.path.realpath(rootfs_dir)
image_rootfs_dir = get_bitbake_var("IMAGE_ROOTFS", rootfs_dir)
@@ -97,6 +97,9 @@ class RootfsPlugin(SourcePlugin):
part.has_fstab = os.path.exists(os.path.join(part.rootfs_dir, "etc/fstab"))
pseudo_dir = os.path.join(part.rootfs_dir, "../pseudo")
if not os.path.lexists(pseudo_dir):
+ pseudo_dir = os.path.join(cls.__get_rootfs_dir(None), '../pseudo')
+
+ if not os.path.lexists(pseudo_dir):
logger.warn("%s folder does not exist. "
"Usernames and permissions will be invalid " % pseudo_dir)
pseudo_dir = None
diff --git a/scripts/oe-pkgdata-browser b/scripts/oe-pkgdata-browser
index 8d223185a4..a3a381923b 100755
--- a/scripts/oe-pkgdata-browser
+++ b/scripts/oe-pkgdata-browser
@@ -49,11 +49,11 @@ def load(filename, suffix=None):
from configparser import ConfigParser
from itertools import chain
- parser = ConfigParser()
+ parser = ConfigParser(delimiters=('='))
if suffix:
- parser.optionxform = lambda option: option.replace("_" + suffix, "")
+ parser.optionxform = lambda option: option.replace(":" + suffix, "")
with open(filename) as lines:
- lines = chain(("[fake]",), lines)
+ lines = chain(("[fake]",), (line.replace(": ", " = ", 1) for line in lines))
parser.read_file(lines)
# TODO extract the data and put it into a real dict so we can transform some
@@ -236,6 +236,8 @@ class PkgUi():
update_deps("RPROVIDES", "Provides: ", self.provides_label, clickable=False)
def load_recipes(self):
+ if not os.path.exists(pkgdata):
+ sys.exit("Error: Please ensure %s exists by generating packages before using this tool." % pkgdata)
for recipe in sorted(os.listdir(pkgdata)):
if os.path.isfile(os.path.join(pkgdata, recipe)):
self.recipe_iters[recipe] = self.recipe_store.append([recipe])
diff --git a/scripts/oe-pkgdata-util b/scripts/oe-pkgdata-util
index 71656dadce..7412cc1f47 100755
--- a/scripts/oe-pkgdata-util
+++ b/scripts/oe-pkgdata-util
@@ -296,7 +296,7 @@ def package_info(args):
extra = ''
for line in f:
for var in vars:
- m = re.match(var + '(?:_\S+)?:\s*(.+?)\s*$', line)
+ m = re.match(var + '(?::\S+)?:\s*(.+?)\s*$', line)
if m:
vals[var] = m.group(1)
pkg_version = vals['PKGV'] or ''
diff --git a/scripts/runqemu b/scripts/runqemu
index c467b0eb19..1663fd829d 100755
--- a/scripts/runqemu
+++ b/scripts/runqemu
@@ -805,7 +805,7 @@ class BaseConfig(object):
self.set('QB_MEM', qb_mem)
mach = self.get('MACHINE')
- if not mach.startswith('qemumips'):
+ if not mach.startswith(('qemumips', 'qemux86')):
self.kernel_cmdline_script += ' mem=%s' % self.get('QB_MEM').replace('-m','').strip() + 'M'
self.qemu_opt_script += ' %s' % self.get('QB_MEM')
@@ -1580,7 +1580,8 @@ def main():
def sigterm_handler(signum, frame):
logger.info("SIGTERM received")
- os.kill(config.qemupid, signal.SIGTERM)
+ if config.qemupid:
+ os.kill(config.qemupid, signal.SIGTERM)
config.cleanup()
# Deliberately ignore the return code of 'tput smam'.
subprocess.call(["tput", "smam"])
diff --git a/scripts/runqemu-ifdown b/scripts/runqemu-ifdown
index a104c37bf8..e0eb5344c6 100755
--- a/scripts/runqemu-ifdown
+++ b/scripts/runqemu-ifdown
@@ -64,3 +64,4 @@ n=$[ (`echo $TAP | sed 's/tap//'` * 2) + 1 ]
dest=$[ (`echo $TAP | sed 's/tap//'` * 2) + 2 ]
$IPTABLES -D POSTROUTING -t nat -j MASQUERADE -s 192.168.7.$n/32
$IPTABLES -D POSTROUTING -t nat -j MASQUERADE -s 192.168.7.$dest/32
+true
diff --git a/scripts/wic b/scripts/wic
index 57197c2048..aee63a45aa 100755
--- a/scripts/wic
+++ b/scripts/wic
@@ -22,9 +22,9 @@ import sys
import argparse
import logging
import subprocess
+import shutil
from collections import namedtuple
-from distutils import spawn
# External modules
scripts_path = os.path.dirname(os.path.realpath(__file__))
@@ -47,7 +47,7 @@ if os.environ.get('SDKTARGETSYSROOT'):
break
sdkroot = os.path.dirname(sdkroot)
-bitbake_exe = spawn.find_executable('bitbake')
+bitbake_exe = shutil.which('bitbake')
if bitbake_exe:
bitbake_path = scriptpath.add_bitbake_lib_path()
import bb
@@ -159,6 +159,9 @@ def wic_create_subcommand(options, usage_str):
"(Use -e/--image-name to specify it)")
native_sysroot = options.native_sysroot
+ if options.kernel_dir:
+ kernel_dir = options.kernel_dir
+
if not options.vars_dir and (not native_sysroot or not os.path.isdir(native_sysroot)):
logger.info("Building wic-tools...\n")
subprocess.check_call(["bitbake", "wic-tools"])
diff --git a/scripts/yocto-check-layer b/scripts/yocto-check-layer
index 2445ad5e43..f3cf139d8a 100755
--- a/scripts/yocto-check-layer
+++ b/scripts/yocto-check-layer
@@ -41,6 +41,12 @@ def test_layer(td, layer, test_software_layer_signatures):
tc.loadTests(CASES_PATHS)
return tc.runTests()
+def dump_layer_debug(layer):
+ logger.debug("Found layer %s (%s)" % (layer["name"], layer["path"]))
+ collections = layer.get("collections", {})
+ if collections:
+ logger.debug("%s collections: %s" % (layer["name"], ", ".join(collections)))
+
def main():
parser = argparse.ArgumentParser(
description="Yocto Project layer checking tool",
@@ -106,6 +112,13 @@ def main():
else:
dep_layers = layers
+ logger.debug("Found additional layers:")
+ for l in additional_layers:
+ dump_layer_debug(l)
+ logger.debug("Found dependency layers:")
+ for l in dep_layers:
+ dump_layer_debug(l)
+
logger.info("Detected layers:")
for layer in layers:
if layer['type'] == LayerType.ERROR_BSP_DISTRO: