summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta/classes/patch.bbclass7
-rw-r--r--meta/classes/reproducible_build.bbclass40
-rw-r--r--meta/files/toolchain-shar-extract.sh2
-rw-r--r--meta/lib/oe/sstatesig.py8
-rw-r--r--meta/lib/oeqa/selftest/cases/reproducible.py9
-rw-r--r--meta/lib/oeqa/utils/qemurunner.py5
-rw-r--r--meta/recipes-bsp/u-boot/u-boot.inc2
-rw-r--r--meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch46
-rw-r--r--meta/recipes-connectivity/openssh/openssh_8.0p1.bb1
-rw-r--r--meta/recipes-connectivity/openssl/openssl/reproducible.patch32
-rw-r--r--meta/recipes-connectivity/openssl/openssl_1.1.1d.bb1
-rw-r--r--meta/recipes-core/glibc/glibc-testsuite_2.30.bb3
-rw-r--r--meta/recipes-core/images/build-appliance-image_15.0.0.bb2
-rw-r--r--meta/recipes-core/kbd/kbd/0001-configure.ac-Fix-logic-of-vlock-configure-switch.patch31
-rw-r--r--meta/recipes-core/kbd/kbd_2.0.4.bb4
-rw-r--r--meta/recipes-core/libxml/libxml2/Fix-CVE-2019-19956.patch40
-rw-r--r--meta/recipes-core/libxml/libxml2_2.9.9.bb1
-rw-r--r--meta/recipes-core/meta/buildtools-tarball.bb1
-rw-r--r--meta/recipes-core/ncurses/ncurses.inc1
-rw-r--r--meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb1
-rw-r--r--meta/recipes-devtools/gcc/gcc-9.2.inc1
-rw-r--r--meta/recipes-devtools/gcc/gcc-9.2/re-PR-target-91102-aarch64-ICE-on-Linux-kernel-with-.patch95
-rw-r--r--meta/recipes-devtools/opkg-utils/opkg-utils/0001-Switch-all-scripts-to-use-Python-3.x.patch113
-rw-r--r--meta/recipes-devtools/opkg-utils/opkg-utils/0001-opkg-build-clamp-mtimes-to-SOURCE_DATE_EPOCH.patch44
-rw-r--r--meta/recipes-devtools/opkg-utils/opkg-utils/fix-reproducibility.patch32
-rw-r--r--meta/recipes-devtools/opkg-utils/opkg-utils/pipefail.patch31
-rw-r--r--meta/recipes-devtools/opkg-utils/opkg-utils_0.4.2.bb (renamed from meta/recipes-devtools/opkg-utils/opkg-utils_0.4.1.bb)13
-rw-r--r--meta/recipes-devtools/patch/patch_2.7.6.bb3
-rw-r--r--meta/recipes-devtools/perl/files/0001-tests-adjust-to-correctly-exclude-unbuilt-extensions.patch27
-rw-r--r--meta/recipes-devtools/perl/files/determinism.patch81
-rw-r--r--meta/recipes-devtools/perl/files/encodefix.patch20
-rw-r--r--meta/recipes-devtools/perl/files/fix-setgroup.patch49
-rw-r--r--meta/recipes-devtools/perl/files/perl-configpm-switch.patch4
-rw-r--r--meta/recipes-devtools/perl/files/racefix.patch24
-rw-r--r--meta/recipes-devtools/perl/liberror-perl_0.17029.bb (renamed from meta/recipes-devtools/perl/liberror-perl_0.17028.bb)4
-rw-r--r--meta/recipes-devtools/perl/libmodule-build-perl/run-ptest2
-rw-r--r--meta/recipes-devtools/perl/libmodule-build-perl_0.4229.bb3
-rw-r--r--meta/recipes-devtools/perl/perl-ptest.inc3
-rw-r--r--meta/recipes-devtools/perl/perl_5.30.1.bb (renamed from meta/recipes-devtools/perl/perl_5.30.0.bb)35
-rw-r--r--meta/recipes-devtools/python/python/python2-manifest.json1
-rw-r--r--meta/recipes-devtools/qemu/qemu.inc3
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2020-1711.patch64
-rw-r--r--meta/recipes-devtools/rsync/rsync_3.1.3.bb3
-rw-r--r--meta/recipes-extended/cpio/cpio-2.12/CVE-2019-14866.patch316
-rw-r--r--meta/recipes-extended/cpio/cpio_2.12.bb1
-rw-r--r--meta/recipes-extended/iputils/iputils_s20190709.bb3
-rw-r--r--meta/recipes-extended/libidn/libidn2_2.2.0.bb3
-rw-r--r--meta/recipes-extended/man-db/man-db_2.8.7.bb2
-rw-r--r--meta/recipes-extended/mc/files/0001-Add-option-to-control-configure-args.patch99
-rw-r--r--meta/recipes-extended/mc/files/nomandate.patch21
-rw-r--r--meta/recipes-extended/mc/mc_4.8.23.bb7
-rw-r--r--meta/recipes-extended/psmisc/psmisc.inc2
-rw-r--r--meta/recipes-extended/sudo/sudo.inc2
-rw-r--r--meta/recipes-extended/sudo/sudo_1.8.27.bb10
-rw-r--r--meta/recipes-extended/tar/tar_1.32.bb2
-rw-r--r--meta/recipes-gnome/gtk+/gtk+3/sort-resources.patch19
-rw-r--r--meta/recipes-gnome/gtk+/gtk+3_3.24.8.bb1
-rw-r--r--meta/recipes-graphics/wayland/libinput/determinism.patch21
-rw-r--r--meta/recipes-graphics/wayland/libinput_1.14.1.bb4
-rw-r--r--meta/recipes-graphics/x11-common/xserver-nodm-init/capability.conf2
-rwxr-xr-xmeta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm8
-rw-r--r--meta/recipes-graphics/x11-common/xserver-nodm-init_3.0.bb7
-rw-r--r--meta/recipes-graphics/xorg-app/xorg-app-common.inc2
-rw-r--r--meta/recipes-graphics/xorg-lib/libxshmfence_1.3.bb2
-rw-r--r--meta/recipes-kernel/linux/linux-yocto-rt_5.2.bb6
-rw-r--r--meta/recipes-kernel/linux/linux-yocto-tiny_5.2.bb8
-rw-r--r--meta/recipes-kernel/linux/linux-yocto_5.2.bb22
-rwxr-xr-xmeta/recipes-sato/webkit/webkitgtk/fix-link-error.patch45
-rw-r--r--meta/recipes-sato/webkit/webkitgtk_2.24.4.bb1
-rw-r--r--meta/recipes-support/curl/curl/CVE-2019-15601.patch46
-rw-r--r--meta/recipes-support/curl/curl_7.66.0.bb1
-rw-r--r--meta/recipes-support/libevdev/libevdev/determinism.patch34
-rw-r--r--meta/recipes-support/libevdev/libevdev_1.8.0.bb3
-rw-r--r--meta/recipes-support/libgcrypt/files/determinism.patch32
-rw-r--r--meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb1
-rw-r--r--scripts/lib/devtool/standard.py6
76 files changed, 1321 insertions, 310 deletions
diff --git a/meta/classes/patch.bbclass b/meta/classes/patch.bbclass
index cd241f1c84..25ec089ae1 100644
--- a/meta/classes/patch.bbclass
+++ b/meta/classes/patch.bbclass
@@ -5,6 +5,13 @@ QUILTRCFILE ?= "${STAGING_ETCDIR_NATIVE}/quiltrc"
PATCHDEPENDENCY = "${PATCHTOOL}-native:do_populate_sysroot"
+# There is a bug in patch 2.7.3 and earlier where index lines
+# in patches can change file modes when they shouldn't:
+# http://git.savannah.gnu.org/cgit/patch.git/patch/?id=82b800c9552a088a241457948219d25ce0a407a4
+# This leaks into debug sources in particular. Add the dependency
+# to target recipes to avoid this problem until we can rely on 2.7.4 or later.
+PATCHDEPENDENCY_append_class-target = " patch-replacement-native:do_populate_sysroot"
+
PATCH_GIT_USER_NAME ?= "OpenEmbedded"
PATCH_GIT_USER_EMAIL ?= "oe.patch@oe"
diff --git a/meta/classes/reproducible_build.bbclass b/meta/classes/reproducible_build.bbclass
index 39b6e40cac..750eb950f2 100644
--- a/meta/classes/reproducible_build.bbclass
+++ b/meta/classes/reproducible_build.bbclass
@@ -44,10 +44,12 @@ SDE_DEPLOYDIR = "${WORKDIR}/deploy-source-date-epoch"
SSTATETASKS += "do_deploy_source_date_epoch"
do_deploy_source_date_epoch () {
- echo "Deploying SDE to ${SDE_DIR}."
mkdir -p ${SDE_DEPLOYDIR}
if [ -e ${SDE_FILE} ]; then
+ echo "Deploying SDE from ${SDE_FILE} -> ${SDE_DEPLOYDIR}."
cp -p ${SDE_FILE} ${SDE_DEPLOYDIR}/__source_date_epoch.txt
+ else
+ echo "${SDE_FILE} not found!"
fi
}
@@ -56,7 +58,11 @@ python do_deploy_source_date_epoch_setscene () {
bb.utils.mkdirhier(d.getVar('SDE_DIR'))
sde_file = os.path.join(d.getVar('SDE_DEPLOYDIR'), '__source_date_epoch.txt')
if os.path.exists(sde_file):
- os.rename(sde_file, d.getVar('SDE_FILE'))
+ target = d.getVar('SDE_FILE')
+ bb.debug(1, "Moving setscene SDE file %s -> %s" % (sde_file, target))
+ os.rename(sde_file, target)
+ else:
+ bb.debug(1, "%s not found!" % sde_file)
}
do_deploy_source_date_epoch[dirs] = "${SDE_DEPLOYDIR}"
@@ -164,16 +170,32 @@ python do_create_source_date_epoch_stamp() {
f.write(str(source_date_epoch))
}
+def get_source_date_epoch_value(d):
+ cached = d.getVar('__CACHED_SOURCE_DATE_EPOCH')
+ if cached:
+ return cached
+
+ epochfile = d.getVar('SDE_FILE')
+ source_date_epoch = 0
+ if os.path.isfile(epochfile):
+ with open(epochfile, 'r') as f:
+ s = f.read()
+ try:
+ source_date_epoch = int(s)
+ except ValueError:
+ bb.warn("SOURCE_DATE_EPOCH value '%s' is invalid. Reverting to 0" % s)
+ source_date_epoch = 0
+ bb.debug(1, "SOURCE_DATE_EPOCH: %d" % source_date_epoch)
+ else:
+ bb.debug(1, "Cannot find %s. SOURCE_DATE_EPOCH will default to %d" % (epochfile, source_date_epoch))
+
+ d.setVar('__CACHED_SOURCE_DATE_EPOCH', str(source_date_epoch))
+ return str(source_date_epoch)
+
+export SOURCE_DATE_EPOCH ?= "${@get_source_date_epoch_value(d)}"
BB_HASHBASE_WHITELIST += "SOURCE_DATE_EPOCH"
python () {
if d.getVar('BUILD_REPRODUCIBLE_BINARIES') == '1':
d.appendVarFlag("do_unpack", "postfuncs", " do_create_source_date_epoch_stamp")
- epochfile = d.getVar('SDE_FILE')
- source_date_epoch = "0"
- if os.path.isfile(epochfile):
- with open(epochfile, 'r') as f:
- source_date_epoch = f.read()
- bb.debug(1, "SOURCE_DATE_EPOCH: %s" % source_date_epoch)
- d.setVar('SOURCE_DATE_EPOCH', source_date_epoch)
}
diff --git a/meta/files/toolchain-shar-extract.sh b/meta/files/toolchain-shar-extract.sh
index ccc4f4e1ac..4c4b4deb4c 100644
--- a/meta/files/toolchain-shar-extract.sh
+++ b/meta/files/toolchain-shar-extract.sh
@@ -249,7 +249,7 @@ if [ @SDK_ARCHIVE_TYPE@ = "zip" ]; then
rm sdk.zip && exit 1
fi
else
- tail -n +$payload_offset $0| $SUDO_EXEC tar xJ -C $target_sdk_dir --checkpoint=.2500 $EXTRA_TAR_OPTIONS || exit 1
+ tail -n +$payload_offset $0| $SUDO_EXEC tar mxJ -C $target_sdk_dir --checkpoint=.2500 $EXTRA_TAR_OPTIONS || exit 1
fi
echo "done"
diff --git a/meta/lib/oe/sstatesig.py b/meta/lib/oe/sstatesig.py
index 24a221eb1a..b2316b12b8 100644
--- a/meta/lib/oe/sstatesig.py
+++ b/meta/lib/oe/sstatesig.py
@@ -521,8 +521,12 @@ def OEOuthashBasic(path, sigfile, task, d):
add_perm(stat.S_IXOTH, 'x')
if include_owners:
- update_hash(" %10s" % pwd.getpwuid(s.st_uid).pw_name)
- update_hash(" %10s" % grp.getgrgid(s.st_gid).gr_name)
+ try:
+ update_hash(" %10s" % pwd.getpwuid(s.st_uid).pw_name)
+ update_hash(" %10s" % grp.getgrgid(s.st_gid).gr_name)
+ except KeyError:
+ bb.warn("KeyError in %s" % path)
+ raise
update_hash(" ")
if stat.S_ISBLK(s.st_mode) or stat.S_ISCHR(s.st_mode):
diff --git a/meta/lib/oeqa/selftest/cases/reproducible.py b/meta/lib/oeqa/selftest/cases/reproducible.py
index a9110565a9..1b0b5bae70 100644
--- a/meta/lib/oeqa/selftest/cases/reproducible.py
+++ b/meta/lib/oeqa/selftest/cases/reproducible.py
@@ -174,6 +174,8 @@ class ReproducibleTests(OESelftestTestCase):
# NOTE: The temp directories from the reproducible build are purposely
# kept after the build so it can be diffed for debugging.
+ fails = []
+
for c in self.package_classes:
with self.subTest(package_class=c):
package_class = 'package_' + c
@@ -197,6 +199,9 @@ class ReproducibleTests(OESelftestTestCase):
self.copy_file(d.test, '/'.join([save_dir, d.test]))
if result.missing or result.different:
- self.fail("The following %s packages are missing or different: %s" %
- (c, ' '.join(r.test for r in (result.missing + result.different))))
+ fails.append("The following %s packages are missing or different: %s" %
+ (c, '\n'.join(r.test for r in (result.missing + result.different))))
+
+ if fails:
+ self.fail('\n'.join(fails))
diff --git a/meta/lib/oeqa/utils/qemurunner.py b/meta/lib/oeqa/utils/qemurunner.py
index fe8b77d97a..0d63e44ea7 100644
--- a/meta/lib/oeqa/utils/qemurunner.py
+++ b/meta/lib/oeqa/utils/qemurunner.py
@@ -396,7 +396,10 @@ class QemuRunner:
self.qemupid = None
self.ip = None
if os.path.exists(self.qemu_pidfile):
- os.remove(self.qemu_pidfile)
+ try:
+ os.remove(self.qemu_pidfile)
+ except FileNotFoundError as e:
+ self.logger.warning('qemu pidfile is no longer present')
if self.monitorpipe:
self.monitorpipe.close()
diff --git a/meta/recipes-bsp/u-boot/u-boot.inc b/meta/recipes-bsp/u-boot/u-boot.inc
index 9a754fd09b..d241347bf7 100644
--- a/meta/recipes-bsp/u-boot/u-boot.inc
+++ b/meta/recipes-bsp/u-boot/u-boot.inc
@@ -87,6 +87,8 @@ do_configure () {
fi
merge_config.sh -m .config ${@" ".join(find_cfgs(d))}
cml1_do_configure
+ else
+ DEVTOOL_DISABLE_MENUCONFIG=true
fi
}
diff --git a/meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch b/meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch
new file mode 100644
index 0000000000..e2930c3c7d
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch
@@ -0,0 +1,46 @@
+From 3cccc0a2ab597b8273bddf08e9a3cc5551d7e530 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Fri, 3 Jan 2020 03:02:26 +0000
+Subject: [PATCH] upstream: what bozo decided to use 2020 as a future date in a
+ regress
+
+test?
+
+OpenBSD-Regress-ID: 3b953df5a7e14081ff6cf495d4e8d40e153cbc3a
+
+Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/ff31f15773ee173502eec4d7861ec56f26bba381]
+
+[Dropped the script version and copyright year change at the top]
+
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ regress/cert-hostkey.sh | 2 +-
+ regress/cert-userkey.sh | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh
+index 3ce7779..74d5a53 100644
+--- a/regress/cert-hostkey.sh
++++ b/regress/cert-hostkey.sh
+@@ -248,7 +248,7 @@ test_one() {
+ test_one "user-certificate" failure "-n $HOSTS"
+ test_one "empty principals" success "-h"
+ test_one "wrong principals" failure "-h -n foo"
+-test_one "cert not yet valid" failure "-h -V20200101:20300101"
++test_one "cert not yet valid" failure "-h -V20300101:20320101"
+ test_one "cert expired" failure "-h -V19800101:19900101"
+ test_one "cert valid interval" success "-h -V-1w:+2w"
+ test_one "cert has constraints" failure "-h -Oforce-command=false"
+diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh
+index 6849e99..de455b8 100644
+--- a/regress/cert-userkey.sh
++++ b/regress/cert-userkey.sh
+@@ -327,7 +327,7 @@ test_one() {
+ test_one "correct principal" success "-n ${USER}"
+ test_one "host-certificate" failure "-n ${USER} -h"
+ test_one "wrong principals" failure "-n foo"
+-test_one "cert not yet valid" failure "-n ${USER} -V20200101:20300101"
++test_one "cert not yet valid" failure "-n ${USER} -V20300101:20320101"
+ test_one "cert expired" failure "-n ${USER} -V19800101:19900101"
+ test_one "cert valid interval" success "-n ${USER} -V-1w:+2w"
+ test_one "wrong source-address" failure "-n ${USER} -Osource-address=10.0.0.0/8"
diff --git a/meta/recipes-connectivity/openssh/openssh_8.0p1.bb b/meta/recipes-connectivity/openssh/openssh_8.0p1.bb
index 2ffbc9a95f..3d16f9d347 100644
--- a/meta/recipes-connectivity/openssh/openssh_8.0p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_8.0p1.bb
@@ -25,6 +25,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
file://sshd_check_keys \
file://add-test-support-for-busybox.patch \
file://0001-upstream-fix-integer-overflow-in-XMSS-private-key-pa.patch \
+ file://0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch \
"
SRC_URI[md5sum] = "bf050f002fe510e1daecd39044e1122d"
SRC_URI[sha256sum] = "bd943879e69498e8031eb6b7f44d08cdc37d59a7ab689aa0b437320c3481fd68"
diff --git a/meta/recipes-connectivity/openssl/openssl/reproducible.patch b/meta/recipes-connectivity/openssl/openssl/reproducible.patch
new file mode 100644
index 0000000000..a24260c95d
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/reproducible.patch
@@ -0,0 +1,32 @@
+The value for perl_archname can vary depending on the host, e.g.
+x86_64-linux-gnu-thread-multi or x86_64-linux-thread-multi which
+makes the ptest package non-reproducible. Its unused other than
+these references so drop it.
+
+RP 2020/2/6
+
+Upstream-Status: Pending
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Index: openssl-1.1.1d/Configure
+===================================================================
+--- openssl-1.1.1d.orig/Configure
++++ openssl-1.1.1d/Configure
+@@ -286,7 +286,7 @@ if (defined env($local_config_envname))
+ # Save away perl command information
+ $config{perl_cmd} = $^X;
+ $config{perl_version} = $Config{version};
+-$config{perl_archname} = $Config{archname};
++#$config{perl_archname} = $Config{archname};
+
+ $config{prefix}="";
+ $config{openssldir}="";
+@@ -2517,7 +2517,7 @@ _____
+ @{$config{perlargv}}), "\n";
+ print "\nPerl information:\n\n";
+ print ' ',$config{perl_cmd},"\n";
+- print ' ',$config{perl_version},' for ',$config{perl_archname},"\n";
++ print ' ',$config{perl_version},"\n";
+ }
+ if ($dump || $options) {
+ my $longest = 0;
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
index 458ae7daf4..169824a8be 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
@@ -17,6 +17,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
file://afalg.patch \
file://CVE-2019-1551.patch \
+ file://reproducible.patch \
"
SRC_URI_append_class-nativesdk = " \
diff --git a/meta/recipes-core/glibc/glibc-testsuite_2.30.bb b/meta/recipes-core/glibc/glibc-testsuite_2.30.bb
index 657fd4dbc1..d887aeff79 100644
--- a/meta/recipes-core/glibc/glibc-testsuite_2.30.bb
+++ b/meta/recipes-core/glibc/glibc-testsuite_2.30.bb
@@ -1,5 +1,7 @@
require glibc_${PV}.bb
+EXCLUDE_FROM_WORLD = "1"
+
# handle PN differences
FILESEXTRAPATHS_prepend := "${THISDIR}/glibc:"
@@ -58,3 +60,4 @@ addtask do_check after do_compile
inherit nopackages
deltask do_stash_locale
+deltask do_install
diff --git a/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/meta/recipes-core/images/build-appliance-image_15.0.0.bb
index 6c9049f9ff..0c57d2a9f9 100644
--- a/meta/recipes-core/images/build-appliance-image_15.0.0.bb
+++ b/meta/recipes-core/images/build-appliance-image_15.0.0.bb
@@ -24,7 +24,7 @@ IMAGE_FSTYPES = "wic.vmdk"
inherit core-image module-base setuptools3
-SRCREV ?= "cf0cefd53c5d4f72e26c74571a10e098996a1ff2"
+SRCREV ?= "65d341daaf1edf7241b0ea518ef9beb4328f16e9"
SRC_URI = "git://git.yoctoproject.org/poky;branch=zeus \
file://Yocto_Build_Appliance.vmx \
file://Yocto_Build_Appliance.vmxf \
diff --git a/meta/recipes-core/kbd/kbd/0001-configure.ac-Fix-logic-of-vlock-configure-switch.patch b/meta/recipes-core/kbd/kbd/0001-configure.ac-Fix-logic-of-vlock-configure-switch.patch
new file mode 100644
index 0000000000..c3f068f61b
--- /dev/null
+++ b/meta/recipes-core/kbd/kbd/0001-configure.ac-Fix-logic-of-vlock-configure-switch.patch
@@ -0,0 +1,31 @@
+From f7f357ef079b6d185f340e716d7c72a98d82bad0 Mon Sep 17 00:00:00 2001
+From: Garry Filakhtov <filakhtov@gmail.com>
+Date: Fri, 20 Jul 2018 15:58:56 +0200
+Subject: [PATCH] configure.ac: Fix logic of vlock configure switch
+
+Downstream bug report: https://bugs.gentoo.org/661650
+
+Upstream-Status: Backport [f7f357ef079b6d185f340e716d7c72a98d82bad0]
+
+Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
+Signed-off-by: De Huo <de.huo@windriver.com>
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 87eb63c..07098cf 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -119,7 +119,7 @@ AM_CONDITIONAL(BUILD_LIBKEYMAP, test "$BUILD_LIBKEYMAP" = "yes")
+
+ AC_ARG_ENABLE(vlock,
+ AS_HELP_STRING(--disable-vlock, [do not build vlock]),
+- [VLOCK_PROG=no],[VLOCK_PROG=yes])
++ [VLOCK_PROG=$enableval],[VLOCK_PROG=yes])
+ AM_CONDITIONAL(VLOCK, test "$VLOCK_PROG" = "yes")
+
+ if test "$VLOCK_PROG" = "yes"; then
+--
+2.23.0
+
diff --git a/meta/recipes-core/kbd/kbd_2.0.4.bb b/meta/recipes-core/kbd/kbd_2.0.4.bb
index 4af3256fff..47e76da2b4 100644
--- a/meta/recipes-core/kbd/kbd_2.0.4.bb
+++ b/meta/recipes-core/kbd/kbd_2.0.4.bb
@@ -13,6 +13,7 @@ RCONFLICTS_${PN} = "console-tools"
SRC_URI = "${KERNELORG_MIRROR}/linux/utils/${BPN}/${BP}.tar.xz \
file://run-ptest \
${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'file://set-proper-path-of-resources.patch', '', d)} \
+ file://0001-configure.ac-Fix-logic-of-vlock-configure-switch.patch \
"
SRC_URI[md5sum] = "c1635a5a83b63aca7f97a3eab39ebaa6"
@@ -58,7 +59,8 @@ RDEPENDS_${PN}-ptest = "make"
inherit update-alternatives
-ALTERNATIVE_${PN} = "chvt deallocvt fgconsole openvt showkey"
+ALTERNATIVE_${PN} = "chvt deallocvt fgconsole openvt showkey \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'vlock','', d)}"
ALTERNATIVE_PRIORITY = "100"
BBCLASSEXTEND = "native"
diff --git a/meta/recipes-core/libxml/libxml2/Fix-CVE-2019-19956.patch b/meta/recipes-core/libxml/libxml2/Fix-CVE-2019-19956.patch
new file mode 100644
index 0000000000..1c2dff9d5f
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/Fix-CVE-2019-19956.patch
@@ -0,0 +1,40 @@
+From 5a02583c7e683896d84878bd90641d8d9b0d0549 Mon Sep 17 00:00:00 2001
+From: Zhipeng Xie <xiezhipeng1@huawei.com>
+Date: Wed, 7 Aug 2019 17:39:17 +0800
+Subject: [PATCH] Fix memory leak in xmlParseBalancedChunkMemoryRecover
+
+When doc is NULL, namespace created in xmlTreeEnsureXMLDecl
+is bind to newDoc->oldNs, in this case, set newDoc->oldNs to
+NULL and free newDoc will cause a memory leak.
+
+Found with libFuzzer.
+
+Closes #82.
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549]
+CVE: CVE-2019-19956
+
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+
+---
+ parser.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/parser.c b/parser.c
+index 1ce1ccf1..26d9f4e3 100644
+--- a/parser.c
++++ b/parser.c
+@@ -13894,7 +13894,8 @@ xmlParseBalancedChunkMemoryRecover(xmlDocPtr doc, xmlSAXHandlerPtr sax,
+ xmlFreeParserCtxt(ctxt);
+ newDoc->intSubset = NULL;
+ newDoc->extSubset = NULL;
+- newDoc->oldNs = NULL;
++ if(doc != NULL)
++ newDoc->oldNs = NULL;
+ xmlFreeDoc(newDoc);
+
+ return(ret);
+--
+2.24.1
+
+
diff --git a/meta/recipes-core/libxml/libxml2_2.9.9.bb b/meta/recipes-core/libxml/libxml2_2.9.9.bb
index c38f883e44..c44a90b1c2 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.9.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.9.bb
@@ -20,6 +20,7 @@ SRC_URI = "http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \
file://libxml-m4-use-pkgconfig.patch \
file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \
file://fix-execution-of-ptests.patch \
+ file://Fix-CVE-2019-19956.patch \
"
SRC_URI[libtar.md5sum] = "c04a5a0a042eaa157e8e8c9eabe76bd6"
diff --git a/meta/recipes-core/meta/buildtools-tarball.bb b/meta/recipes-core/meta/buildtools-tarball.bb
index 91df6f1ae9..66201514d7 100644
--- a/meta/recipes-core/meta/buildtools-tarball.bb
+++ b/meta/recipes-core/meta/buildtools-tarball.bb
@@ -25,6 +25,7 @@ TOOLCHAIN_HOST_TASK ?= "\
nativesdk-texinfo \
nativesdk-libnss-nis \
nativesdk-rpcsvc-proto \
+ nativesdk-patch \
"
MULTIMACH_TARGET_SYS = "${SDK_ARCH}-nativesdk${SDK_VENDOR}-${SDK_OS}"
diff --git a/meta/recipes-core/ncurses/ncurses.inc b/meta/recipes-core/ncurses/ncurses.inc
index 5f2cc35823..b7bf4c0d81 100644
--- a/meta/recipes-core/ncurses/ncurses.inc
+++ b/meta/recipes-core/ncurses/ncurses.inc
@@ -87,6 +87,7 @@ ncurses_configure() {
--disable-rpath-hack \
${EXCONFIG_ARGS} \
--with-manpage-format=normal \
+ --without-manpage-renames \
--disable-stripping \
"$@" || return 1
cd ..
diff --git a/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb b/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb
index bfc1283f73..39f612be1f 100644
--- a/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb
+++ b/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb
@@ -31,6 +31,7 @@ B = "${S}/src"
inherit update-alternatives distro_features_check
DEPENDS_append = " update-rc.d-native base-passwd virtual/crypt"
+do_package_setscene[depends] = "${MLPREFIX}base-passwd:do_populate_sysroot"
REQUIRED_DISTRO_FEATURES = "sysvinit"
diff --git a/meta/recipes-devtools/gcc/gcc-9.2.inc b/meta/recipes-devtools/gcc/gcc-9.2.inc
index c6395998d5..4f068231f3 100644
--- a/meta/recipes-devtools/gcc/gcc-9.2.inc
+++ b/meta/recipes-devtools/gcc/gcc-9.2.inc
@@ -68,6 +68,7 @@ SRC_URI = "\
file://CVE-2019-15847_1.patch \
file://CVE-2019-15847_2.patch \
file://CVE-2019-15847_3.patch \
+ file://re-PR-target-91102-aarch64-ICE-on-Linux-kernel-with-.patch \
"
S = "${TMPDIR}/work-shared/gcc-${PV}-${PR}/gcc-${PV}"
SRC_URI[md5sum] = "3818ad8600447f05349098232c2ddc78"
diff --git a/meta/recipes-devtools/gcc/gcc-9.2/re-PR-target-91102-aarch64-ICE-on-Linux-kernel-with-.patch b/meta/recipes-devtools/gcc/gcc-9.2/re-PR-target-91102-aarch64-ICE-on-Linux-kernel-with-.patch
new file mode 100644
index 0000000000..c37e0bb9dd
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc-9.2/re-PR-target-91102-aarch64-ICE-on-Linux-kernel-with-.patch
@@ -0,0 +1,95 @@
+From efb0ee06f5c0186c2d1442ecd4dbbd55dbd97b44 Mon Sep 17 00:00:00 2001
+From: Vladimir Makarov <vmakarov@redhat.com>
+Date: Wed, 10 Jul 2019 16:07:10 +0000
+Subject: [PATCH] re PR target/91102 (aarch64 ICE on Linux kernel with -Os
+ starting with r270266)
+
+2019-07-10 Vladimir Makarov <vmakarov@redhat.com>
+
+ PR target/91102
+ * lra-constraints.c (process_alt_operands): Don't match user
+ defined regs only if they are early clobbers.
+
+2019-07-10 Vladimir Makarov <vmakarov@redhat.com>
+
+ PR target/91102
+ * gcc.target/aarch64/pr91102.c: New test.
+
+From-SVN: r273357
+Upstream-Status: Backport [https://github.com/gcc-mirror/gcc/commit/613caed2feb9cfc8158308670b59df3d031ec629]
+[takondra: dropped conflicting ChangeLog changes]
+Signed-off-by: Taras Kondratiuk <takondra@cisco.com>
+---
+ gcc/lra-constraints.c | 17 ++++++++++----
+ gcc/testsuite/gcc.target/aarch64/pr91102.c | 26 ++++++++++++++++++++++
+ 2 files changed, 39 insertions(+), 4 deletions(-)
+ create mode 100644 gcc/testsuite/gcc.target/aarch64/pr91102.c
+
+diff --git a/gcc/lra-constraints.c b/gcc/lra-constraints.c
+index cf33da8013e4..6382dbf852b6 100644
+--- a/gcc/lra-constraints.c
++++ b/gcc/lra-constraints.c
+@@ -2172,8 +2172,9 @@ process_alt_operands (int only_alternative)
+ else
+ {
+ /* Operands don't match. If the operands are
+- different user defined explicit hard registers,
+- then we cannot make them match. */
++ different user defined explicit hard
++ registers, then we cannot make them match
++ when one is early clobber operand. */
+ if ((REG_P (*curr_id->operand_loc[nop])
+ || SUBREG_P (*curr_id->operand_loc[nop]))
+ && (REG_P (*curr_id->operand_loc[m])
+@@ -2192,9 +2193,17 @@ process_alt_operands (int only_alternative)
+ && REG_P (m_reg)
+ && HARD_REGISTER_P (m_reg)
+ && REG_USERVAR_P (m_reg))
+- break;
++ {
++ int i;
++
++ for (i = 0; i < early_clobbered_regs_num; i++)
++ if (m == early_clobbered_nops[i])
++ break;
++ if (i < early_clobbered_regs_num
++ || early_clobber_p)
++ break;
++ }
+ }
+-
+ /* Both operands must allow a reload register,
+ otherwise we cannot make them match. */
+ if (curr_alt[m] == NO_REGS)
+diff --git a/gcc/testsuite/gcc.target/aarch64/pr91102.c b/gcc/testsuite/gcc.target/aarch64/pr91102.c
+new file mode 100644
+index 000000000000..70b99045a48e
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/aarch64/pr91102.c
+@@ -0,0 +1,26 @@
++/* PR target/91102 */
++/* { dg-do compile } */
++/* { dg-options "-O2" } */
++
++int
++foo (long d, long l)
++{
++ register long e asm ("x1") = d;
++ register long f asm("x2") = l;
++ asm ("" : : "r" (e), "r" (f));
++ return 3;
++}
++
++struct T { int i; int j; };
++union S { long h; struct T t; };
++
++void
++bar (union S b)
++{
++ while (1)
++ {
++ union S c = b;
++ c.t.j++;
++ b.h = foo (b.h, c.h);
++ }
++}
diff --git a/meta/recipes-devtools/opkg-utils/opkg-utils/0001-Switch-all-scripts-to-use-Python-3.x.patch b/meta/recipes-devtools/opkg-utils/opkg-utils/0001-Switch-all-scripts-to-use-Python-3.x.patch
deleted file mode 100644
index 691ed50c2b..0000000000
--- a/meta/recipes-devtools/opkg-utils/opkg-utils/0001-Switch-all-scripts-to-use-Python-3.x.patch
+++ /dev/null
@@ -1,113 +0,0 @@
-From d42b23f4fb5d6bd58e92e995fe5befc76efbae0c Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex.kanavin@gmail.com>
-Date: Thu, 27 Apr 2017 15:47:58 +0300
-Subject: [PATCH] Switch all scripts to use Python 3.x
-
-Upstream-Status: Pending
-Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
----
- makePackage | 2 +-
- opkg-compare-indexes | 2 +-
- opkg-graph-deps | 2 +-
- opkg-list-fields | 2 +-
- opkg-make-index | 2 +-
- opkg-show-deps | 2 +-
- opkg-unbuild | 2 +-
- opkg-update-index | 2 +-
- opkg.py | 2 +-
- 9 files changed, 9 insertions(+), 9 deletions(-)
-
-diff --git a/makePackage b/makePackage
-index 4bdfc56..02124dd 100755
---- a/makePackage
-+++ b/makePackage
-@@ -1,4 +1,4 @@
--#!/usr/bin/python
-+#!/usr/bin/env python3
-
- # The general algorithm this program follows goes like this:
- # Run tar to extract control from control.tar.gz from the package.
-diff --git a/opkg-compare-indexes b/opkg-compare-indexes
-index b60d20a..80c1263 100755
---- a/opkg-compare-indexes
-+++ b/opkg-compare-indexes
-@@ -1,4 +1,4 @@
--#!/usr/bin/env python
-+#!/usr/bin/env python3
- from __future__ import absolute_import
- from __future__ import print_function
-
-diff --git a/opkg-graph-deps b/opkg-graph-deps
-index 6653fd5..f1e376a 100755
---- a/opkg-graph-deps
-+++ b/opkg-graph-deps
-@@ -1,4 +1,4 @@
--#!/usr/bin/env python
-+#!/usr/bin/env python3
- from __future__ import absolute_import
- from __future__ import print_function
-
-diff --git a/opkg-list-fields b/opkg-list-fields
-index c14a90f..24f7955 100755
---- a/opkg-list-fields
-+++ b/opkg-list-fields
-@@ -1,4 +1,4 @@
--#!/usr/bin/env python
-+#!/usr/bin/env python3
- from __future__ import absolute_import
- from __future__ import print_function
-
-diff --git a/opkg-make-index b/opkg-make-index
-index 3f757f6..2988f9f 100755
---- a/opkg-make-index
-+++ b/opkg-make-index
-@@ -1,4 +1,4 @@
--#!/usr/bin/env python
-+#!/usr/bin/env python3
- """
- Utility to create opkg compatible indexes
- """
-
-diff --git a/opkg-show-deps b/opkg-show-deps
-index 153f21e..4e18b4f 100755
---- a/opkg-show-deps
-+++ b/opkg-show-deps
-@@ -1,4 +1,4 @@
--#!/usr/bin/env python
-+#!/usr/bin/env python3
- from __future__ import absolute_import
- from __future__ import print_function
-
-diff --git a/opkg-unbuild b/opkg-unbuild
-index 4f36bec..57642c9 100755
---- a/opkg-unbuild
-+++ b/opkg-unbuild
-@@ -1,4 +1,4 @@
--#!/usr/bin/env python
-+#!/usr/bin/env python3
- from __future__ import absolute_import
- from __future__ import print_function
-
-diff --git a/opkg-update-index b/opkg-update-index
-index 341c1c2..7bff8a1 100755
---- a/opkg-update-index
-+++ b/opkg-update-index
-@@ -1,4 +1,4 @@
--#!/usr/bin/env python
-+#!/usr/bin/env python3
- from __future__ import absolute_import
-
- import sys, os
-diff --git a/opkg.py b/opkg.py
-index 2ecac8a..7e64de4 100644
---- a/opkg.py
-+++ b/opkg.py
-@@ -1,4 +1,4 @@
--#!/usr/bin/env python
-+#!/usr/bin/env python3
- # Copyright (C) 2001 Alexander S. Guy <a7r@andern.org>
- # Andern Research Labs
- #
---
-2.11.0
-
diff --git a/meta/recipes-devtools/opkg-utils/opkg-utils/0001-opkg-build-clamp-mtimes-to-SOURCE_DATE_EPOCH.patch b/meta/recipes-devtools/opkg-utils/opkg-utils/0001-opkg-build-clamp-mtimes-to-SOURCE_DATE_EPOCH.patch
deleted file mode 100644
index a181169d47..0000000000
--- a/meta/recipes-devtools/opkg-utils/opkg-utils/0001-opkg-build-clamp-mtimes-to-SOURCE_DATE_EPOCH.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 59da5577bf8df441c6ca958e50fcb83228702764 Mon Sep 17 00:00:00 2001
-From: Alejandro del Castillo <alejandro.delcastillo@ni.com>
-Date: Thu, 12 Sep 2019 10:24:58 -0500
-Subject: [PATCH] opkg-build: clamp mtimes to SOURCE_DATE_EPOCH
-
-For reproducible builds, clamp mtimes bigger than SOURCE_DATE_EPOCH to
-SOURCE_DATE_EPOCH (build generated files, usually).
-
-Fixes bugzilla 13450
-
-Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
-Signed-off-by: Ross Burton <ross.burton@intel.com>
----
- opkg-build | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/opkg-build b/opkg-build
-index dcd2d68..2517a2b 100755
---- a/opkg-build
-+++ b/opkg-build
-@@ -297,9 +297,16 @@ mkdir $tmp_dir
-
- build_date="${SOURCE_DATE_EPOCH:-$(date +%s)}"
-
-+mtime_args=""
-+# --clamp-mtime requires tar > 1.28. Only use it if SOURCE_DATE_EPOCH is set, to avoid having a generic case dependency on tar > 1.28.
-+# this setting will make sure files generated at build time have consistent mtimes, for reproducible builds.
-+if [ ! -z "$SOURCE_DATE_EPOCH" ]; then
-+ mtime_args="--mtime=@$build_date --clamp-mtime"
-+fi
-+
- ( cd $pkg_dir/$CONTROL && find . -type f > $tmp_dir/control_list )
- ( cd $pkg_dir && find . -path ./$CONTROL -prune -o -print > $tmp_dir/file_list )
--( cd $pkg_dir && tar $ogargs $tsortargs --no-recursion -c $tarformat -T $tmp_dir/file_list | $compressor $compressorargs > $tmp_dir/data.tar.$cext )
-+( cd $pkg_dir && tar $ogargs $tsortargs --no-recursion $mtime_args -c $tarformat -T $tmp_dir/file_list | $compressor $compressorargs > $tmp_dir/data.tar.$cext )
- ( cd $pkg_dir/$CONTROL && tar $ogargs $tsortargs --no-recursion --mtime=@$build_date -c $tarformat -T $tmp_dir/control_list | gzip $zipargs > $tmp_dir/control.tar.gz )
- rm $tmp_dir/file_list
- rm $tmp_dir/control_list
---
-2.20.1
-
diff --git a/meta/recipes-devtools/opkg-utils/opkg-utils/fix-reproducibility.patch b/meta/recipes-devtools/opkg-utils/opkg-utils/fix-reproducibility.patch
new file mode 100644
index 0000000000..945979bc8a
--- /dev/null
+++ b/meta/recipes-devtools/opkg-utils/opkg-utils/fix-reproducibility.patch
@@ -0,0 +1,32 @@
+Fix reproducibility issues in opkg-build
+
+There is a sorting problem with opkg-build where the ipk generated is depending
+upon the order of files on disk. The reason is the --sort option to tar only
+influences the orders of files tar reads, not those passed by the -T option.
+
+Add in a sort call to resolve this issue. To ensure consistent sorting we
+also need to force to a specific locale (C) else the results are still not
+deterministic.
+
+RP 2020/2/5
+
+Upstream-Status: Submitted [https://groups.google.com/forum/#!topic/opkg-devel/YttZ73NLrYQ]
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Index: opkg-utils-0.4.2/opkg-build
+===================================================================
+--- opkg-utils-0.4.2.orig/opkg-build
++++ opkg-utils-0.4.2/opkg-build
+@@ -305,8 +305,10 @@ if [ ! -z "$SOURCE_DATE_EPOCH" ]; then
+ mtime_args="--mtime=@$build_date --clamp-mtime"
+ fi
+
+-( cd $pkg_dir/$CONTROL && find . -type f > $tmp_dir/control_list )
+-( cd $pkg_dir && find . -path ./$CONTROL -prune -o -path . -o -print > $tmp_dir/file_list )
++export LANG=C
++export LC_ALL=C
++( cd $pkg_dir/$CONTROL && find . -type f | sort > $tmp_dir/control_list )
++( cd $pkg_dir && find . -path ./$CONTROL -prune -o -path . -o -print | sort > $tmp_dir/file_list )
+ ( cd $pkg_dir && tar $ogargs $tsortargs --no-recursion $mtime_args -c $tarformat -T $tmp_dir/file_list | $compressor $compressorargs > $tmp_dir/data.tar.$cext )
+ ( cd $pkg_dir/$CONTROL && tar $ogargs $tsortargs --no-recursion --mtime=@$build_date -c $tarformat -T $tmp_dir/control_list | gzip $zipargs > $tmp_dir/control.tar.gz )
+ rm $tmp_dir/file_list
diff --git a/meta/recipes-devtools/opkg-utils/opkg-utils/pipefail.patch b/meta/recipes-devtools/opkg-utils/opkg-utils/pipefail.patch
deleted file mode 100644
index 55ddcc1fd2..0000000000
--- a/meta/recipes-devtools/opkg-utils/opkg-utils/pipefail.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-We need opkg-build to fail if for example the tar command is passed invalid
-options. Without this, we see silently created empty packaged where data.tar
-is zero bytes in size. This creates hard to debug problems.
-
-An example is when reproducible builds are enabled and run on old hosts like
-centos7 which has tar < 1.28:
-
-Subprocess output:tar: unrecognized option '--clamp-mtime'
-Try `tar --help' or `tar --usage' for more information.
-
-Upstream-Status: Pending
-Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-
-Index: opkg-utils-0.4.1/opkg-build
-===================================================================
---- opkg-utils-0.4.1.orig/opkg-build
-+++ opkg-utils-0.4.1/opkg-build
-@@ -1,4 +1,4 @@
--#!/bin/sh
-+#!/bin/bash
-
- : <<=cut
- =head1 NAME
-@@ -12,6 +12,7 @@ opkg-build - construct an .opk from a di
- # Updated to work on Familiar Pre0.7rc1, with busybox tar.
- # Note it Requires: binutils-ar (since the busybox ar can't create)
- set -e
-+set -o pipefail
-
- version=1.0
-
diff --git a/meta/recipes-devtools/opkg-utils/opkg-utils_0.4.1.bb b/meta/recipes-devtools/opkg-utils/opkg-utils_0.4.2.bb
index eb6c7a3a6a..042eec7e0e 100644
--- a/meta/recipes-devtools/opkg-utils/opkg-utils_0.4.1.bb
+++ b/meta/recipes-devtools/opkg-utils/opkg-utils_0.4.2.bb
@@ -4,19 +4,16 @@ SECTION = "base"
HOMEPAGE = "http://git.yoctoproject.org/cgit/cgit.cgi/opkg-utils"
LICENSE = "GPLv2+"
LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \
- file://opkg.py;beginline=2;endline=18;md5=63ce9e6bcc445181cd9e4baf4b4ccc35"
+ file://opkg.py;beginline=2;endline=18;md5=ffa11ff3c15eb31c6a7ceaa00cc9f986"
PROVIDES += "${@bb.utils.contains('PACKAGECONFIG', 'update-alternatives', 'virtual/update-alternatives', '', d)}"
-SRC_URI = "http://git.yoctoproject.org/cgit/cgit.cgi/${BPN}/snapshot/${BPN}-${PV}.tar.gz \
- file://0001-Switch-all-scripts-to-use-Python-3.x.patch \
- file://0001-opkg-build-clamp-mtimes-to-SOURCE_DATE_EPOCH.patch \
- file://pipefail.patch \
+SRC_URI = "http://git.yoctoproject.org/cgit/cgit.cgi/${BPN}/snapshot/${BPN}-${PV}.tar.gz \
+ file://fix-reproducibility.patch \
"
UPSTREAM_CHECK_URI = "http://git.yoctoproject.org/cgit/cgit.cgi/opkg-utils/refs/"
-
-SRC_URI[md5sum] = "8c140f835b694a0c27cfb23d2426a02b"
-SRC_URI[sha256sum] = "9ea9efdd9fe13661ad251e3a2860c1c93045adcfaa6659c3e86d9748ecda3b6e"
+SRC_URI[md5sum] = "cc210650644fcb9bba06ad5ec95a63ec"
+SRC_URI[sha256sum] = "5929ad87d541789e0b82d626db01a1201ac48df6f49f2262fcfb86cf815e5d6c"
TARGET_CC_ARCH += "${LDFLAGS}"
diff --git a/meta/recipes-devtools/patch/patch_2.7.6.bb b/meta/recipes-devtools/patch/patch_2.7.6.bb
index 5d7f55f8dc..b5897b357a 100644
--- a/meta/recipes-devtools/patch/patch_2.7.6.bb
+++ b/meta/recipes-devtools/patch/patch_2.7.6.bb
@@ -22,3 +22,6 @@ acpaths = "-I ${S}/m4 "
PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'xattr', d)}"
PACKAGECONFIG[xattr] = "--enable-xattr,--disable-xattr,attr,"
+PROVIDES_append_class-native = " patch-replacement-native"
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-devtools/perl/files/0001-tests-adjust-to-correctly-exclude-unbuilt-extensions.patch b/meta/recipes-devtools/perl/files/0001-tests-adjust-to-correctly-exclude-unbuilt-extensions.patch
new file mode 100644
index 0000000000..0f3a2c6327
--- /dev/null
+++ b/meta/recipes-devtools/perl/files/0001-tests-adjust-to-correctly-exclude-unbuilt-extensions.patch
@@ -0,0 +1,27 @@
+From b0d53cfd785f64002128ac5eecc4aed0663d9c30 Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex.kanavin@gmail.com>
+Date: Thu, 9 Jan 2020 17:26:55 +0100
+Subject: [PATCH] tests: adjust to correctly exclude unbuilt extensions
+
+Issue is reported here:
+https://github.com/arsv/perl-cross/issues/85
+
+Upstream-Status: Inappropriate [issue caused by perl-cross]
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+---
+ t/TEST | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/t/TEST b/t/TEST
+index a9c844f..8d3505f 100755
+--- a/t/TEST
++++ b/t/TEST
+@@ -419,7 +419,7 @@ sub _tests_from_manifest {
+ while (<MANI>) {
+ if (m!^((?:cpan|dist|ext)/(\S+)/+(?:[^/\s]+\.t|test\.pl)|lib/\S+?(?:\.t|test\.pl))\s!) {
+ my $t = $1;
+- my $extension = $2;
++ my $extension = $1."/".$2;
+
+ # XXX Generates way too many error lines currently. Skip for
+ # v5.22
diff --git a/meta/recipes-devtools/perl/files/determinism.patch b/meta/recipes-devtools/perl/files/determinism.patch
new file mode 100644
index 0000000000..ed4d06f5ec
--- /dev/null
+++ b/meta/recipes-devtools/perl/files/determinism.patch
@@ -0,0 +1,81 @@
+Fixes to make the perl build reproducible:
+
+a) Remove the \n from configure_attr.sh since it gets quoted differently depending on
+ whether the shell is bash or dash which can cause the test result to be incorrect.
+ Reported upstream: https://github.com/arsv/perl-cross/issues/87
+
+b) Sort the order of the module lists from configure_mods.sh since otherwise
+ the result isn't the same leading to makefile differences.
+ Reported upstream: https://github.com/arsv/perl-cross/issues/88
+
+c) Sort the Encode::Byte byte_t.fnm file output (and the makefile depends whilst
+ there for good measure)
+ This needs to go to upstream perl (not done)
+
+d) Use bash for perl-cross configure since otherwise trnl gets set to "\n" with bash
+ and "" with dash
+ Reported upstream: https://github.com/arsv/perl-cross/issues/87
+
+RP 2020/2/7
+
+Upstream-Status: Pending [75% submitted]
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org
+
+Index: perl-5.30.1/cnf/configure_attr.sh
+===================================================================
+--- perl-5.30.1.orig/cnf/configure_attr.sh
++++ perl-5.30.1/cnf/configure_attr.sh
+@@ -131,7 +131,7 @@ if not hinted d_c99_variadic_macros 'sup
+ try_start
+ try_add '#include <stdio.h>'
+ try_add '#define foo(fmt, ...) printf(fmt, __VA_ARGS__)'
+- try_add 'int main(void) { foo("%i\n", 1234); return 0; }'
++ try_add 'int main(void) { foo("%i", 1234); return 0; }'
+ try_compile
+ resdef d_c99_variadic_macros 'supported' 'missing'
+ fi
+Index: perl-5.30.1/cnf/configure_mods.sh
+===================================================================
+--- perl-5.30.1.orig/cnf/configure_mods.sh
++++ perl-5.30.1/cnf/configure_mods.sh
+@@ -82,7 +82,7 @@ extonlyif() {
+ }
+
+ definetrimspaces() {
+- v=`echo "$2" | sed -r -e 's/\s+/ /g' -e 's/^\s+//' -e 's/\s+$//'`
++ v=`echo "$2" | sed -r -e 's/\s+/ /g' -e 's/^\s+//' -e 's/\s+$//' | xargs -n1 | LANG=C sort | xargs`
+ define $1 "$v"
+ }
+
+Index: perl-5.30.1/cpan/Encode/Byte/Makefile.PL
+===================================================================
+--- perl-5.30.1.orig/cpan/Encode/Byte/Makefile.PL
++++ perl-5.30.1/cpan/Encode/Byte/Makefile.PL
+@@ -171,7 +171,7 @@ sub postamble
+ my $lengthsofar = length($str);
+ my $continuator = '';
+ $str .= "$table.c : $enc2xs Makefile.PL";
+- foreach my $file (@{$tables{$table}})
++ foreach my $file (sort (@{$tables{$table}}))
+ {
+ $str .= $continuator.' '.$self->catfile($dir,$file);
+ if ( length($str)-$lengthsofar > 128*$numlines )
+@@ -189,7 +189,7 @@ sub postamble
+ qq{\n\t\$(PERL) $plib $enc2xs $ucopts -o \$\@ -f $table.fnm\n\n};
+ open (FILELIST, ">$table.fnm")
+ || die "Could not open $table.fnm: $!";
+- foreach my $file (@{$tables{$table}})
++ foreach my $file (sort (@{$tables{$table}}))
+ {
+ print FILELIST $self->catfile($dir,$file) . "\n";
+ }
+Index: perl-5.30.1/cnf/configure
+===================================================================
+--- perl-5.30.1.orig/cnf/configure
++++ perl-5.30.1/cnf/configure
+@@ -1,4 +1,4 @@
+-#!/bin/sh
++#!/bin/bash
+
+ base=${0%/*}; test -z "$base" && base=.
+
diff --git a/meta/recipes-devtools/perl/files/encodefix.patch b/meta/recipes-devtools/perl/files/encodefix.patch
new file mode 100644
index 0000000000..396ed0d53e
--- /dev/null
+++ b/meta/recipes-devtools/perl/files/encodefix.patch
@@ -0,0 +1,20 @@
+The code is encoding host compiler parameters into target builds. Avoid
+this for our target builds (patch is target specific, not native)
+
+Upstream-Status: Inappropriate [Cross compile hack]
+RP 2020/2/18
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Index: perl-5.30.1/cpan/Encode/bin/enc2xs
+===================================================================
+--- perl-5.30.1.orig/cpan/Encode/bin/enc2xs
++++ perl-5.30.1/cpan/Encode/bin/enc2xs
+@@ -195,7 +195,7 @@ sub compiler_info {
+ # above becomes false.
+ my $sized = $declaration && !($compat && !$pedantic);
+
+- return ($cpp, $static, $sized);
++ return (0, 1, 1);
+ }
+
+
diff --git a/meta/recipes-devtools/perl/files/fix-setgroup.patch b/meta/recipes-devtools/perl/files/fix-setgroup.patch
deleted file mode 100644
index 2b490e6067..0000000000
--- a/meta/recipes-devtools/perl/files/fix-setgroup.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-Test script to reproduce the problem:
-
-#!/usr/bin/env perl
-$) = "2 2";
-print $!;
-
-Result from perl 5.28 under strace:
-
-setgroups(1, [2]) = 0
-setresgid(-1, 2, -1) = 0
-
-Result from perl 5.30 under strace:
-
-setgroups(1, [-1]) = -1 EINVAL (Invalid argument)
-setresgid(-1, 2, -1) = 0
-
-Patch which broke this upstream:
-https://perl5.git.perl.org/perl.git/commitdiff/5d4a52b5c68a11bfc97c2e24806993b84a61eade
-
-Issue is that the new function changes the endptr to the end of the
-scanned number and needs to be reset to the end of the string for
-each iteration of the loop.
-
-[YOCTO #13391]
-
-RP
-2019/6/14
-Upstream-Status: Pending
-
-Index: perl-5.30.0/mg.c
-===================================================================
---- perl-5.30.0.orig/mg.c
-+++ perl-5.30.0/mg.c
-@@ -3179,6 +3256,7 @@ Perl_magic_set(pTHX_ SV *sv, MAGIC *mg)
- const char *p = SvPV_const(sv, len);
- Groups_t *gary = NULL;
- const char* endptr = p + len;
-+ const char* realend = p + len;
- UV uv;
- #ifdef _SC_NGROUPS_MAX
- int maxgrp = sysconf(_SC_NGROUPS_MAX);
-@@ -3209,6 +3287,7 @@ Perl_magic_set(pTHX_ SV *sv, MAGIC *mg)
- Newx(gary, i + 1, Groups_t);
- else
- Renew(gary, i + 1, Groups_t);
-+ endptr = realend;
- if (grok_atoUV(p, &uv, &endptr))
- gary[i] = (Groups_t)uv;
- else {
diff --git a/meta/recipes-devtools/perl/files/perl-configpm-switch.patch b/meta/recipes-devtools/perl/files/perl-configpm-switch.patch
index 3c2cecb8c1..80ce4a6de7 100644
--- a/meta/recipes-devtools/perl/files/perl-configpm-switch.patch
+++ b/meta/recipes-devtools/perl/files/perl-configpm-switch.patch
@@ -1,4 +1,4 @@
-From 7f313cac31c55cbe62a4d0cdfa8321cc05a8eb3a Mon Sep 17 00:00:00 2001
+From 5120acaa2be5787d9657f6b91bc8ee3c2d664fbe Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Sun, 27 May 2007 21:04:11 +0000
Subject: [PATCH] perl: 5.8.7 -> 5.8.8 (from OE)
@@ -20,7 +20,7 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/configpm b/configpm
-index 09c4a3b..6a0a680 100755
+index c8de8bf..204613c 100755
--- a/configpm
+++ b/configpm
@@ -687,7 +687,7 @@ sub FETCH {
diff --git a/meta/recipes-devtools/perl/files/racefix.patch b/meta/recipes-devtools/perl/files/racefix.patch
new file mode 100644
index 0000000000..bac42d26ae
--- /dev/null
+++ b/meta/recipes-devtools/perl/files/racefix.patch
@@ -0,0 +1,24 @@
+In our builds Config_heavy.pl sometimes has lines:
+cwarnflags=XXX
+ccstdflags=XXX
+and sometimes does not.
+The reason is that this information is pulled from cflags by configpm and yet
+there is no dependency in the Makefile. Add one to fix this.
+
+Upstream-Status: Submitted [https://github.com/arsv/perl-cross/pull/89]
+RP 2020/2/19
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Index: perl-5.30.1/Makefile
+===================================================================
+--- perl-5.30.1.orig/Makefile
++++ perl-5.30.1/Makefile
+@@ -204,7 +204,7 @@ configpod: $(CONFIGPOD)
+ git_version.h lib/Config_git.pl: make_patchnum.pl | miniperl$X
+ ./miniperl_top make_patchnum.pl
+
+-lib/Config.pm lib/Config_heavy.pl lib/Config.pod: config.sh \
++lib/Config.pm lib/Config_heavy.pl lib/Config.pod: config.sh cflags \
+ lib/Config_git.pl Porting/Glossary | miniperl$X
+ ./miniperl_top configpm
+
diff --git a/meta/recipes-devtools/perl/liberror-perl_0.17028.bb b/meta/recipes-devtools/perl/liberror-perl_0.17029.bb
index 8c6bbcba94..038808f0cd 100644
--- a/meta/recipes-devtools/perl/liberror-perl_0.17028.bb
+++ b/meta/recipes-devtools/perl/liberror-perl_0.17029.bb
@@ -32,8 +32,8 @@ RDEPENDS_${PN}-ptest += " \
SRC_URI = "http://cpan.metacpan.org/authors/id/S/SH/SHLOMIF/Error-${PV}.tar.gz"
-SRC_URI[md5sum] = "ec3522c60a43a368f19c0f89e2205cb1"
-SRC_URI[sha256sum] = "3ad85c5e58b31c8903006298424a51bba39f1840e324f5ae612eabc8b935e960"
+SRC_URI[md5sum] = "6732b1c6207e4a9a3e2987c88368039a"
+SRC_URI[sha256sum] = "1a23f7913032aed6d4b68321373a3899ca66590f4727391a091ec19c95bf7adc"
S = "${WORKDIR}/Error-${PV}"
diff --git a/meta/recipes-devtools/perl/libmodule-build-perl/run-ptest b/meta/recipes-devtools/perl/libmodule-build-perl/run-ptest
index 0d63d1513b..d802781f9e 100644
--- a/meta/recipes-devtools/perl/libmodule-build-perl/run-ptest
+++ b/meta/recipes-devtools/perl/libmodule-build-perl/run-ptest
@@ -6,8 +6,6 @@ for case in `find t -type f -name '*.t'`; do
cat $case.output
if [ $ret -ne 0 ]; then
echo "FAIL: ${case%.t}"
- elif grep -i 'SKIP' $case.output; then
- echo "SKIP: ${case%.t}"
else
echo "PASS: ${case%.t}"
fi
diff --git a/meta/recipes-devtools/perl/libmodule-build-perl_0.4229.bb b/meta/recipes-devtools/perl/libmodule-build-perl_0.4229.bb
index f759f862fb..e3ba40d96c 100644
--- a/meta/recipes-devtools/perl/libmodule-build-perl_0.4229.bb
+++ b/meta/recipes-devtools/perl/libmodule-build-perl_0.4229.bb
@@ -36,7 +36,10 @@ do_patch[postfuncs] += "do_patch_module_build"
do_install_ptest() {
cp -r ${B}/inc ${D}${PTEST_PATH}
cp -r ${B}/blib ${D}${PTEST_PATH}
+ cp -r ${B}/_build ${D}${PTEST_PATH}
+ cp -r ${B}/lib ${D}${PTEST_PATH}
chown -R root:root ${D}${PTEST_PATH}
+ sed -i -e "s,'perl' => .*,'perl' => '/usr/bin/perl'\,,g" ${D}${PTEST_PATH}/_build/build_params
}
RDEPENDS_${PN} += " \
diff --git a/meta/recipes-devtools/perl/perl-ptest.inc b/meta/recipes-devtools/perl/perl-ptest.inc
index 7152057762..98e3361fcc 100644
--- a/meta/recipes-devtools/perl/perl-ptest.inc
+++ b/meta/recipes-devtools/perl/perl-ptest.inc
@@ -42,6 +42,9 @@ do_install_ptest () {
# Remove a useless timestamp...
sed -i -e '/Autogenerated starting on/d' ${D}${PTEST_PATH}/lib/unicore/mktables.lst
+
+ # Remove files with host-specific configuration for building native binaries
+ rm ${D}${PTEST_PATH}/Makefile.config ${D}${PTEST_PATH}/xconfig.h ${D}${PTEST_PATH}/xconfig.sh
}
python populate_packages_prepend() {
diff --git a/meta/recipes-devtools/perl/perl_5.30.0.bb b/meta/recipes-devtools/perl/perl_5.30.1.bb
index ba2a8437d4..32746c7095 100644
--- a/meta/recipes-devtools/perl/perl_5.30.0.bb
+++ b/meta/recipes-devtools/perl/perl_5.30.1.bb
@@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://Copying;md5=5b122a36d0f6dc55279a0ebc69f3c60b \
SRC_URI = "https://www.cpan.org/src/5.0/perl-${PV}.tar.gz;name=perl \
- https://github.com/arsv/perl-cross/releases/download/1.3/perl-cross-1.3.tar.gz;name=perl-cross \
+ https://github.com/arsv/perl-cross/releases/download/1.3.1/perl-cross-1.3.1.tar.gz;name=perl-cross \
file://perl-rdepends.txt \
file://0001-configure_tool.sh-do-not-quote-the-argument-to-comma.patch \
file://0001-ExtUtils-MakeMaker-add-LDFLAGS-when-linking-binary-m.patch \
@@ -18,18 +18,23 @@ SRC_URI = "https://www.cpan.org/src/5.0/perl-${PV}.tar.gz;name=perl \
file://0001-perl-cross-add-LDFLAGS-when-linking-libperl.patch \
file://perl-dynloader.patch \
file://0001-configure_path.sh-do-not-hardcode-prefix-lib-as-libr.patch \
- file://fix-setgroup.patch \
file://0001-enc2xs-Add-environment-variable-to-suppress-comments.patch \
file://0002-Constant-Fix-up-shebang.patch \
+ file://0001-tests-adjust-to-correctly-exclude-unbuilt-extensions.patch \
+ file://determinism.patch \
+ file://racefix.patch \
"
SRC_URI_append_class-native = " \
file://perl-configpm-switch.patch \
"
+SRC_URI_append_class-target = " \
+ file://encodefix.patch \
+"
-SRC_URI[perl.md5sum] = "9770584cdf9b5631c38097645ce33549"
-SRC_URI[perl.sha256sum] = "851213c754d98ccff042caa40ba7a796b2cee88c5325f121be5cbb61bbf975f2"
-SRC_URI[perl-cross.md5sum] = "4dda3daf9c4fe42b3d6a5dd052852a48"
-SRC_URI[perl-cross.sha256sum] = "49edea1ea2cd6c5c47386ca71beda8d150c748835781354dbe7f75b1df27e703"
+SRC_URI[perl.md5sum] = "6438eb7b8db9bbde28e01086de376a46"
+SRC_URI[perl.sha256sum] = "bf3d25571ff1ee94186177c2cdef87867fd6a14aa5a84f0b1fb7bf798f42f964"
+SRC_URI[perl-cross.md5sum] = "1e463b105cfa56d251a86979af23e3a7"
+SRC_URI[perl-cross.sha256sum] = "edce0b0c2f725e2db3f203d6d8e9f3f7161256f5d1590551e40694f21200141d"
S = "${WORKDIR}/perl-${PV}"
@@ -112,6 +117,14 @@ print(datetime.fromtimestamp($SOURCE_DATE_EPOCH, timezone.utc).strftime('%a %b %
do_compile() {
oe_runmake
+ # This isn't generated reliably so delete and re-generate.
+ # https://github.com/arsv/perl-cross/issues/86
+
+ if [ -e pod/perltoc.pod ]; then
+ bbnote Rebuilding perltoc.pod
+ rm -f pod/perltoc.pod
+ oe_runmake pod/perltoc.pod
+ fi
}
do_install() {
@@ -135,6 +148,9 @@ do_install_append_class-target() {
# This is used to substitute target configuration when running native perl via perl-configpm-switch.patch
ln -s Config_heavy.pl ${D}${libdir}/perl5/${PV}/${TARGET_ARCH}-linux/Config_heavy-target.pl
+ # This contains host-specific information used for building miniperl (a helper executable built with host compiler)
+ # and therefore isn't reproducible. I believe the file isn't actually needed on target.
+ rm ${D}${libdir}/perl5/${PV}/${TARGET_ARCH}-linux/CORE/xconfig.h
}
do_install_append_class-nativesdk() {
@@ -198,6 +214,7 @@ require perl-ptest.inc
FILES_${PN} = "${bindir}/perl ${bindir}/perl.real ${bindir}/perl${PV} ${libdir}/libperl.so* \
${libdir}/perl5/site_perl \
${libdir}/perl5/${PV}/Config.pm \
+ ${libdir}/perl5/${PV}/${TARGET_ARCH}-linux/Config.pm \
${libdir}/perl5/${PV}/*/Config_git.pl \
${libdir}/perl5/${PV}/*/Config_heavy-target.pl \
${libdir}/perl5/config.sh \
@@ -206,6 +223,9 @@ FILES_${PN} = "${bindir}/perl ${bindir}/perl.real ${bindir}/perl${PV} ${libdir}/
${libdir}/perl5/${PV}/warnings \
${libdir}/perl5/${PV}/vars.pm \
${libdir}/perl5/site_perl \
+ ${libdir}/perl5/${PV}/ExtUtils/MANIFEST.SKIP \
+ ${libdir}/perl5/${PV}/ExtUtils/xsubpp \
+ ${libdir}/perl5/${PV}/ExtUtils/typemap \
"
RPROVIDES_${PN} += "perl-module-strict perl-module-vars perl-module-config perl-module-warnings \
perl-module-warnings-register"
@@ -216,9 +236,6 @@ FILES_${PN}-dev_append = " ${libdir}/perl5/${PV}/*/CORE"
FILES_${PN}-doc_append = " ${libdir}/perl5/${PV}/Unicode/Collate/*.txt \
${libdir}/perl5/${PV}/*/.packlist \
- ${libdir}/perl5/${PV}/ExtUtils/MANIFEST.SKIP \
- ${libdir}/perl5/${PV}/ExtUtils/xsubpp \
- ${libdir}/perl5/${PV}/ExtUtils/typemap \
${libdir}/perl5/${PV}/Encode/encode.h \
"
PACKAGES += "${PN}-misc"
diff --git a/meta/recipes-devtools/python/python/python2-manifest.json b/meta/recipes-devtools/python/python/python2-manifest.json
index eb52e862ab..fd98774d00 100644
--- a/meta/recipes-devtools/python/python/python2-manifest.json
+++ b/meta/recipes-devtools/python/python/python2-manifest.json
@@ -267,6 +267,7 @@
"${libdir}/python2.7/lib-dynload/xreadlines.so",
"${libdir}/python2.7/linecache.py",
"${libdir}/python2.7/new.py",
+ "${libdir}/python2.7/ntpath.py",
"${libdir}/python2.7/os.py",
"${libdir}/python2.7/platform.py",
"${libdir}/python2.7/posixpath.py",
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index bb444b63d9..d394db8a41 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -29,7 +29,8 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://0010-configure-Add-pkg-config-handling-for-libgcrypt.patch \
file://CVE-2019-15890.patch \
file://CVE-2019-12068.patch \
- "
+ file://CVE-2020-1711.patch \
+ "
UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
SRC_URI[md5sum] = "cdf2b5ca52b9abac9bacb5842fa420f8"
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-1711.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-1711.patch
new file mode 100644
index 0000000000..aa7bc82329
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-1711.patch
@@ -0,0 +1,64 @@
+From 693fd2acdf14dd86c0bf852610f1c2cca80a74dc Mon Sep 17 00:00:00 2001
+From: Felipe Franciosi <felipe@nutanix.com>
+Date: Thu, 23 Jan 2020 12:44:59 +0000
+Subject: [PATCH] iscsi: Cap block count from GET LBA STATUS (CVE-2020-1711)
+
+When querying an iSCSI server for the provisioning status of blocks (via
+GET LBA STATUS), Qemu only validates that the response descriptor zero's
+LBA matches the one requested. Given the SCSI spec allows servers to
+respond with the status of blocks beyond the end of the LUN, Qemu may
+have its heap corrupted by clearing/setting too many bits at the end of
+its allocmap for the LUN.
+
+A malicious guest in control of the iSCSI server could carefully program
+Qemu's heap (by selectively setting the bitmap) and then smash it.
+
+This limits the number of bits that iscsi_co_block_status() will try to
+update in the allocmap so it can't overflow the bitmap.
+
+Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=patch;h=693fd2acdf14dd86c0bf852610f1c2cca80a74dc]
+CVE: CVE-2020-1711
+
+Fixes: CVE-2020-1711
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Felipe Franciosi <felipe@nutanix.com>
+Signed-off-by: Peter Turschmid <peter.turschm@nutanix.com>
+Signed-off-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+---
+ block/iscsi.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/block/iscsi.c b/block/iscsi.c
+index 2aea7e3..cbd5729 100644
+--- a/block/iscsi.c
++++ b/block/iscsi.c
+@@ -701,7 +701,7 @@ static int coroutine_fn iscsi_co_block_status(BlockDriverState *bs,
+ struct scsi_get_lba_status *lbas = NULL;
+ struct scsi_lba_status_descriptor *lbasd = NULL;
+ struct IscsiTask iTask;
+- uint64_t lba;
++ uint64_t lba, max_bytes;
+ int ret;
+
+ iscsi_co_init_iscsitask(iscsilun, &iTask);
+@@ -721,6 +721,7 @@ static int coroutine_fn iscsi_co_block_status(BlockDriverState *bs,
+ }
+
+ lba = offset / iscsilun->block_size;
++ max_bytes = (iscsilun->num_blocks - lba) * iscsilun->block_size;
+
+ qemu_mutex_lock(&iscsilun->mutex);
+ retry:
+@@ -764,7 +765,7 @@ retry:
+ goto out_unlock;
+ }
+
+- *pnum = (int64_t) lbasd->num_blocks * iscsilun->block_size;
++ *pnum = MIN((int64_t) lbasd->num_blocks * iscsilun->block_size, max_bytes);
+
+ if (lbasd->provisioning == SCSI_PROVISIONING_TYPE_DEALLOCATED ||
+ lbasd->provisioning == SCSI_PROVISIONING_TYPE_ANCHORED) {
+--
+1.8.3.1
diff --git a/meta/recipes-devtools/rsync/rsync_3.1.3.bb b/meta/recipes-devtools/rsync/rsync_3.1.3.bb
index ffb1d061c0..152ff02a25 100644
--- a/meta/recipes-devtools/rsync/rsync_3.1.3.bb
+++ b/meta/recipes-devtools/rsync/rsync_3.1.3.bb
@@ -20,6 +20,9 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \
SRC_URI[md5sum] = "1581a588fde9d89f6bc6201e8129afaf"
SRC_URI[sha256sum] = "55cc554efec5fdaad70de921cd5a5eeb6c29a95524c715f3bbf849235b0800c0"
+# -16548 required for v3.1.3pre1. Already in v3.1.3.
+CVE_CHECK_WHITELIST += " CVE-2017-16548 "
+
inherit autotools
PACKAGECONFIG ??= "acl attr \
diff --git a/meta/recipes-extended/cpio/cpio-2.12/CVE-2019-14866.patch b/meta/recipes-extended/cpio/cpio-2.12/CVE-2019-14866.patch
new file mode 100644
index 0000000000..5d587fc832
--- /dev/null
+++ b/meta/recipes-extended/cpio/cpio-2.12/CVE-2019-14866.patch
@@ -0,0 +1,316 @@
+CVE: CVE-2019-14866
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=7554e3e42cd72f6f8304410c47fe6f8918e9bfd7]
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+
+From a052401293e45a13cded5959b258204dae6d0af5 Mon Sep 17 00:00:00 2001
+From: Sergey Poznyakoff <gray@gnu.org>
+Date: Sun, 3 Nov 2019 23:59:39 +0200
+Subject: [PATCH] Fix CVE-2019-14866
+
+* src/copyout.c (to_ascii): Additional argument nul controls whether
+to add the terminating nul character.
+(field_width_error): Improve diagnostics: print the actual and the
+maximum allowed field value.
+* src/extern.h (to_ascii, field_width_error): New prototypes.
+* src/tar.c (to_oct): Remove.
+(to_oct_or_error): New function.
+(TO_OCT): New macro.
+(write_out_tar_header): Use TO_OCT and to_ascii. Return 0 on
+success, 1 on error.
+---
+ src/copyout.c | 49 ++++++++++++++++++++++--------------
+ src/extern.h | 15 +++++++++--
+ src/tar.c | 69 ++++++++++++++++++++++++---------------------------
+ 3 files changed, 75 insertions(+), 58 deletions(-)
+
+diff --git a/src/copyout.c b/src/copyout.c
+index 1f0987a..1ae5477 100644
+--- a/src/copyout.c
++++ b/src/copyout.c
+@@ -269,26 +269,32 @@ writeout_final_defers (int out_des)
+ so it should be moved to paxutils too.
+ Allowed values for logbase are: 1 (binary), 2, 3 (octal), 4 (hex) */
+ int
+-to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase)
++to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase, bool nul)
+ {
+ static char codetab[] = "0123456789ABCDEF";
+- int i = digits;
+-
+- do
++
++ if (nul)
++ where[--digits] = 0;
++ while (digits > 0)
+ {
+- where[--i] = codetab[(v & ((1 << logbase) - 1))];
++ where[--digits] = codetab[(v & ((1 << logbase) - 1))];
+ v >>= logbase;
+ }
+- while (i);
+
+ return v != 0;
+ }
+
+-static void
+-field_width_error (const char *filename, const char *fieldname)
++void
++field_width_error (const char *filename, const char *fieldname,
++ uintmax_t value, size_t width, bool nul)
+ {
+- error (0, 0, _("%s: field width not sufficient for storing %s"),
+- filename, fieldname);
++ char valbuf[UINTMAX_STRSIZE_BOUND + 1];
++ char maxbuf[UINTMAX_STRSIZE_BOUND + 1];
++ error (0, 0, _("%s: value %s %s out of allowed range 0..%s"),
++ filename, fieldname,
++ STRINGIFY_BIGINT (value, valbuf),
++ STRINGIFY_BIGINT (MAX_VAL_WITH_DIGITS (width - nul, LG_8),
++ maxbuf));
+ }
+
+ static void
+@@ -303,7 +309,7 @@ to_ascii_or_warn (char *where, uintmax_t n, size_t digits,
+ unsigned logbase,
+ const char *filename, const char *fieldname)
+ {
+- if (to_ascii (where, n, digits, logbase))
++ if (to_ascii (where, n, digits, logbase, false))
+ field_width_warning (filename, fieldname);
+ }
+
+@@ -312,9 +318,9 @@ to_ascii_or_error (char *where, uintmax_t n, size_t digits,
+ unsigned logbase,
+ const char *filename, const char *fieldname)
+ {
+- if (to_ascii (where, n, digits, logbase))
++ if (to_ascii (where, n, digits, logbase, false))
+ {
+- field_width_error (filename, fieldname);
++ field_width_error (filename, fieldname, n, digits, false);
+ return 1;
+ }
+ return 0;
+@@ -371,7 +377,7 @@ write_out_new_ascii_header (const char *magic_string,
+ _("name size")))
+ return 1;
+ p += 8;
+- to_ascii (p, file_hdr->c_chksum & 0xffffffff, 8, LG_16);
++ to_ascii (p, file_hdr->c_chksum & 0xffffffff, 8, LG_16, false);
+
+ tape_buffered_write (ascii_header, out_des, sizeof ascii_header);
+
+@@ -388,7 +394,7 @@ write_out_old_ascii_header (dev_t dev, dev_t rdev,
+ char ascii_header[76];
+ char *p = ascii_header;
+
+- to_ascii (p, file_hdr->c_magic, 6, LG_8);
++ to_ascii (p, file_hdr->c_magic, 6, LG_8, false);
+ p += 6;
+ to_ascii_or_warn (p, dev, 6, LG_8, file_hdr->c_name, _("device number"));
+ p += 6;
+@@ -492,7 +498,10 @@ write_out_binary_header (dev_t rdev,
+ short_hdr.c_namesize = file_hdr->c_namesize & 0xFFFF;
+ if (short_hdr.c_namesize != file_hdr->c_namesize)
+ {
+- field_width_error (file_hdr->c_name, _("name size"));
++ char maxbuf[UINTMAX_STRSIZE_BOUND + 1];
++ error (0, 0, _("%s: value %s %s out of allowed range 0..%u"),
++ file_hdr->c_name, _("name size"),
++ STRINGIFY_BIGINT (file_hdr->c_namesize, maxbuf), 0xFFFFu);
+ return 1;
+ }
+
+@@ -502,7 +511,10 @@ write_out_binary_header (dev_t rdev,
+ if (((off_t)short_hdr.c_filesizes[0] << 16) + short_hdr.c_filesizes[1]
+ != file_hdr->c_filesize)
+ {
+- field_width_error (file_hdr->c_name, _("file size"));
++ char maxbuf[UINTMAX_STRSIZE_BOUND + 1];
++ error (0, 0, _("%s: value %s %s out of allowed range 0..%lu"),
++ file_hdr->c_name, _("file size"),
++ STRINGIFY_BIGINT (file_hdr->c_namesize, maxbuf), 0xFFFFFFFFlu);
+ return 1;
+ }
+
+@@ -552,8 +564,7 @@ write_out_header (struct cpio_file_stat *file_hdr, int out_des)
+ error (0, 0, _("%s: file name too long"), file_hdr->c_name);
+ return 1;
+ }
+- write_out_tar_header (file_hdr, out_des); /* FIXME: No error checking */
+- return 0;
++ return write_out_tar_header (file_hdr, out_des);
+
+ case arf_binary:
+ return write_out_binary_header (makedev (file_hdr->c_rdev_maj,
+diff --git a/src/extern.h b/src/extern.h
+index e27d662..f9ef56a 100644
+--- a/src/extern.h
++++ b/src/extern.h
+@@ -117,6 +117,10 @@ void print_name_with_quoting (char *p);
+ /* copyout.c */
+ int write_out_header (struct cpio_file_stat *file_hdr, int out_des);
+ void process_copy_out (void);
++int to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase,
++ bool nul);
++void field_width_error (const char *filename, const char *fieldname,
++ uintmax_t value, size_t width, bool nul);
+
+ /* copypass.c */
+ void process_copy_pass (void);
+@@ -145,7 +149,7 @@ int make_path (char *argpath, uid_t owner, gid_t group,
+ const char *verbose_fmt_string);
+
+ /* tar.c */
+-void write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des);
++int write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des);
+ int null_block (long *block, int size);
+ void read_in_tar_header (struct cpio_file_stat *file_hdr, int in_des);
+ int otoa (char *s, unsigned long *n);
+@@ -204,9 +208,16 @@ void cpio_safer_name_suffix (char *name, bool link_target,
+ int cpio_create_dir (struct cpio_file_stat *file_hdr, int existing_dir);
+ void change_dir (void);
+
+-/* FIXME: These two defines should be defined in paxutils */
++/* FIXME: The following three should be defined in paxutils */
+ #define LG_8 3
+ #define LG_16 4
++/* The maximum uintmax_t value that can be represented with DIGITS digits,
++ assuming that each digit is BITS_PER_DIGIT wide. */
++#define MAX_VAL_WITH_DIGITS(digits, bits_per_digit) \
++ ((digits) * (bits_per_digit) < sizeof (uintmax_t) * CHAR_BIT \
++ ? ((uintmax_t) 1 << ((digits) * (bits_per_digit))) - 1 \
++ : (uintmax_t) -1)
++
+
+ uintmax_t from_ascii (char const *where, size_t digs, unsigned logbase);
+
+diff --git a/src/tar.c b/src/tar.c
+index a2ce171..ef58027 100644
+--- a/src/tar.c
++++ b/src/tar.c
+@@ -79,36 +79,17 @@ stash_tar_filename (char *prefix, char *filename)
+ return hold_tar_filename;
+ }
+
+-/* Convert a number into a string of octal digits.
+- Convert long VALUE into a DIGITS-digit field at WHERE,
+- including a trailing space and room for a NUL. DIGITS==3 means
+- 1 digit, a space, and room for a NUL.
+-
+- We assume the trailing NUL is already there and don't fill it in.
+- This fact is used by start_header and finish_header, so don't change it!
+-
+- This is be equivalent to:
+- sprintf (where, "%*lo ", digits - 2, value);
+- except that sprintf fills in the trailing NUL and we don't. */
+-
+-static void
+-to_oct (register long value, register int digits, register char *where)
++static int
++to_oct_or_error (uintmax_t value, size_t digits, char *where, char const *field,
++ char const *file)
+ {
+- --digits; /* Leave the trailing NUL slot alone. */
+-
+- /* Produce the digits -- at least one. */
+- do
++ if (to_ascii (where, value, digits, LG_8, true))
+ {
+- where[--digits] = '0' + (char) (value & 7); /* One octal digit. */
+- value >>= 3;
++ field_width_error (file, field, value, digits, true);
++ return 1;
+ }
+- while (digits > 0 && value != 0);
+-
+- /* Add leading zeroes, if necessary. */
+- while (digits > 0)
+- where[--digits] = '0';
++ return 0;
+ }
+-
+
+
+ /* Compute and return a checksum for TAR_HDR,
+@@ -134,10 +115,22 @@ tar_checksum (struct tar_header *tar_hdr)
+ return sum;
+ }
+
++#define TO_OCT(file_hdr, c_fld, digits, tar_hdr, tar_field) \
++ do \
++ { \
++ if (to_oct_or_error (file_hdr -> c_fld, \
++ digits, \
++ tar_hdr -> tar_field, \
++ #tar_field, \
++ file_hdr->c_name)) \
++ return 1; \
++ } \
++ while (0)
++
+ /* Write out header FILE_HDR, including the file name, to file
+ descriptor OUT_DES. */
+
+-void
++int
+ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des)
+ {
+ int name_len;
+@@ -166,11 +159,11 @@ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des)
+
+ /* Ustar standard (POSIX.1-1988) requires the mode to contain only 3 octal
+ digits */
+- to_oct (file_hdr->c_mode & MODE_ALL, 8, tar_hdr->mode);
+- to_oct (file_hdr->c_uid, 8, tar_hdr->uid);
+- to_oct (file_hdr->c_gid, 8, tar_hdr->gid);
+- to_oct (file_hdr->c_filesize, 12, tar_hdr->size);
+- to_oct (file_hdr->c_mtime, 12, tar_hdr->mtime);
++ TO_OCT (file_hdr, c_mode & MODE_ALL, 8, tar_hdr, mode);
++ TO_OCT (file_hdr, c_uid, 8, tar_hdr, uid);
++ TO_OCT (file_hdr, c_gid, 8, tar_hdr, gid);
++ TO_OCT (file_hdr, c_filesize, 12, tar_hdr, size);
++ TO_OCT (file_hdr, c_mtime, 12, tar_hdr, mtime);
+
+ switch (file_hdr->c_mode & CP_IFMT)
+ {
+@@ -182,7 +175,7 @@ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des)
+ strncpy (tar_hdr->linkname, file_hdr->c_tar_linkname,
+ TARLINKNAMESIZE);
+ tar_hdr->typeflag = LNKTYPE;
+- to_oct (0, 12, tar_hdr->size);
++ to_ascii (tar_hdr->size, 0, 12, LG_8, true);
+ }
+ else
+ tar_hdr->typeflag = REGTYPE;
+@@ -208,7 +201,7 @@ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des)
+ than TARLINKNAMESIZE. */
+ strncpy (tar_hdr->linkname, file_hdr->c_tar_linkname,
+ TARLINKNAMESIZE);
+- to_oct (0, 12, tar_hdr->size);
++ to_ascii (tar_hdr->size, 0, 12, LG_8, true);
+ break;
+ #endif /* CP_IFLNK */
+ }
+@@ -227,13 +220,15 @@ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des)
+ if (name)
+ strcpy (tar_hdr->gname, name);
+
+- to_oct (file_hdr->c_rdev_maj, 8, tar_hdr->devmajor);
+- to_oct (file_hdr->c_rdev_min, 8, tar_hdr->devminor);
++ TO_OCT (file_hdr, c_rdev_maj, 8, tar_hdr, devmajor);
++ TO_OCT (file_hdr, c_rdev_min, 8, tar_hdr, devminor);
+ }
+
+- to_oct (tar_checksum (tar_hdr), 8, tar_hdr->chksum);
++ to_ascii (tar_hdr->chksum, tar_checksum (tar_hdr), 8, LG_8, true);
+
+ tape_buffered_write ((char *) &tar_rec, out_des, TARRECORDSIZE);
++
++ return 0;
+ }
+
+ /* Return nonzero iff all the bytes in BLOCK are NUL.
+--
+2.24.1
+
diff --git a/meta/recipes-extended/cpio/cpio_2.12.bb b/meta/recipes-extended/cpio/cpio_2.12.bb
index 3713bf0b1f..5abe494ebc 100644
--- a/meta/recipes-extended/cpio/cpio_2.12.bb
+++ b/meta/recipes-extended/cpio/cpio_2.12.bb
@@ -11,6 +11,7 @@ SRC_URI = "${GNU_MIRROR}/cpio/cpio-${PV}.tar.gz \
file://0001-Fix-CVE-2015-1197.patch \
file://0001-CVE-2016-2037-1-byte-out-of-bounds-write.patch \
file://0001-Fix-segfault-with-append.patch \
+ file://CVE-2019-14866.patch \
"
SRC_URI[md5sum] = "fc207561a86b63862eea4b8300313e86"
diff --git a/meta/recipes-extended/iputils/iputils_s20190709.bb b/meta/recipes-extended/iputils/iputils_s20190709.bb
index 3f9e9917f0..42260f531e 100644
--- a/meta/recipes-extended/iputils/iputils_s20190709.bb
+++ b/meta/recipes-extended/iputils/iputils_s20190709.bb
@@ -32,7 +32,8 @@ PACKAGECONFIG[docs] = "-DBUILD_HTML_MANS=true -DBUILD_MANS=true,-DBUILD_HTML_MAN
inherit meson update-alternatives
-EXTRA_OEMESON += "--prefix=${root_prefix}/"
+# Have to disable setcap/suid as its not deterministic
+EXTRA_OEMESON += "--prefix=${root_prefix}/ -DNO_SETCAP_OR_SUID=true"
ALTERNATIVE_PRIORITY = "100"
diff --git a/meta/recipes-extended/libidn/libidn2_2.2.0.bb b/meta/recipes-extended/libidn/libidn2_2.2.0.bb
index bcbfdd85b9..71314149e1 100644
--- a/meta/recipes-extended/libidn/libidn2_2.2.0.bb
+++ b/meta/recipes-extended/libidn/libidn2_2.2.0.bb
@@ -22,7 +22,8 @@ EXTRA_OECONF += "--disable-rpath \
"
do_install_append() {
- sed -i -e 's|-L${STAGING_LIBDIR}||' ${D}${libdir}/pkgconfig/libidn2.pc
+ # Need to remove any duplicate whitespace too for reproducibility
+ sed -i -e 's|-L${STAGING_LIBDIR}||' -e 's/ */ /g' ${D}${libdir}/pkgconfig/libidn2.pc
}
LICENSE_${PN} = "(GPLv2+ | LGPLv3)"
diff --git a/meta/recipes-extended/man-db/man-db_2.8.7.bb b/meta/recipes-extended/man-db/man-db_2.8.7.bb
index 083b2374aa..0d73b03482 100644
--- a/meta/recipes-extended/man-db/man-db_2.8.7.bb
+++ b/meta/recipes-extended/man-db/man-db_2.8.7.bb
@@ -10,7 +10,7 @@ SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/man-db/man-db-${PV}.tar.xz \
SRC_URI[md5sum] = "ec0b23c8314a1654c4d059b2c18ce43d"
SRC_URI[sha256sum] = "b9cd5bb996305d08bfe9e1114edc30b4c97be807093b88af8033ed1cf9beb326"
-DEPENDS = "libpipeline gdbm groff-native base-passwd"
+DEPENDS = "libpipeline gdbm groff-native base-passwd flex-native"
RDEPENDS_${PN} += "base-passwd"
# | /usr/src/debug/man-db/2.8.0-r0/man-db-2.8.0/src/whatis.c:939: undefined reference to `_nl_msg_cat_cntr'
diff --git a/meta/recipes-extended/mc/files/0001-Add-option-to-control-configure-args.patch b/meta/recipes-extended/mc/files/0001-Add-option-to-control-configure-args.patch
new file mode 100644
index 0000000000..e76aac8161
--- /dev/null
+++ b/meta/recipes-extended/mc/files/0001-Add-option-to-control-configure-args.patch
@@ -0,0 +1,99 @@
+From a54501d3c9541bc8600225aa2d42531f93c6def7 Mon Sep 17 00:00:00 2001
+From: Joshua Watt <JPEWhacker@gmail.com>
+Date: Sat, 9 Nov 2019 20:01:48 -0600
+Subject: [PATCH] Add option to control configure args
+
+Embedding the configure time options into the executable can lead to
+non-reproducible builds, since configure options often have embedded
+paths. Add a configure time option to control if the configure args are
+embedded so this can be disabled.
+
+Upstream-Status: Submitted [https://midnight-commander.org/ticket/4031]
+Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
+---
+ configure.ac | 6 ++++++
+ src/args.c | 6 ++++++
+ src/textconf.c | 2 ++
+ 3 files changed, 14 insertions(+)
+
+diff --git a/configure.ac b/configure.ac
+index 19d1a76be..a1948f6b9 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -544,6 +544,12 @@ dnl Clarify do we really need GModule
+ AM_CONDITIONAL([HAVE_GMODULE], [test -n "$g_module_supported" && \
+ test x"$textmode_x11_support" = x"yes" -o x"$enable_aspell" = x"yes"])
+
++AC_ARG_ENABLE([configure-args],
++ AS_HELP_STRING([--enable-configure-args], [Handle all compiler warnings as errors]))
++if test "x$enable_configure_args" != xno; then
++ AC_DEFINE([ENABLE_CONFIGURE_ARGS], 1, [Define to enable showing configure arguments in help])
++fi
++
+ AC_DEFINE_UNQUOTED([MC_CONFIGURE_ARGS], ["$ac_configure_args"], [MC configure arguments])
+
+ AC_CONFIG_FILES(
+diff --git a/src/args.c b/src/args.c
+index baef1a1c8..f8dc24020 100644
+--- a/src/args.c
++++ b/src/args.c
+@@ -95,7 +95,9 @@ static gboolean mc_args__nouse_subshell = FALSE;
+ #endif /* ENABLE_SUBSHELL */
+ static gboolean mc_args__show_datadirs = FALSE;
+ static gboolean mc_args__show_datadirs_extended = FALSE;
++#ifdef ENABLE_CONFIGURE_ARGS
+ static gboolean mc_args__show_configure_opts = FALSE;
++#endif
+
+ static GOptionGroup *main_group;
+
+@@ -125,6 +127,7 @@ static const GOptionEntry argument_main_table[] = {
+ NULL
+ },
+
++#ifdef ENABLE_CONFIGURE_ARGS
+ /* show configure options */
+ {
+ "configure-options", '\0', G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_NONE,
+@@ -132,6 +135,7 @@ static const GOptionEntry argument_main_table[] = {
+ N_("Print configure options"),
+ NULL
+ },
++#endif
+
+ {
+ "printwd", 'P', G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_STRING,
+@@ -758,11 +762,13 @@ mc_args_show_info (void)
+ return FALSE;
+ }
+
++#ifdef ENABLE_CONFIGURE_ARGS
+ if (mc_args__show_configure_opts)
+ {
+ show_configure_options ();
+ return FALSE;
+ }
++#endif
+
+ return TRUE;
+ }
+diff --git a/src/textconf.c b/src/textconf.c
+index 1e0613e58..f39b9e028 100644
+--- a/src/textconf.c
++++ b/src/textconf.c
+@@ -232,10 +232,12 @@ show_datadirs_extended (void)
+
+ /* --------------------------------------------------------------------------------------------- */
+
++#ifdef ENABLE_CONFIGURE_ARGS
+ void
+ show_configure_options (void)
+ {
+ (void) printf ("%s\n", MC_CONFIGURE_ARGS);
+ }
++#endif
+
+ /* --------------------------------------------------------------------------------------------- */
+--
+2.23.0
+
diff --git a/meta/recipes-extended/mc/files/nomandate.patch b/meta/recipes-extended/mc/files/nomandate.patch
new file mode 100644
index 0000000000..48bd73b110
--- /dev/null
+++ b/meta/recipes-extended/mc/files/nomandate.patch
@@ -0,0 +1,21 @@
+The man page date can vary depending upon the host perl, e.g. in Russian
+some versions print 'июня', others 'Июнь' or Polish 'czerwca' or 'czerwiec'.
+Rather than depend upon perl-native to fix this, just remove the date from
+the manpages.
+
+RP 2020/2/4
+
+Upstream-Status: Inappropriate [OE specficic reproducibility workaround]
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Index: mc-4.8.23/doc/man/date-of-man-include.am
+===================================================================
+--- mc-4.8.23.orig/doc/man/date-of-man-include.am
++++ mc-4.8.23/doc/man/date-of-man-include.am
+@@ -1,5 +1,5 @@
+ SED_PARAMETERS = \
+- -e "s/%DATE_OF_MAN_PAGE%/$${MAN_DATE}/g" \
++ -e "s/%DATE_OF_MAN_PAGE%//g" \
+ -e "s/%DISTR_VERSION%/@DISTR_VERSION@/g" \
+ -e "s{%prefix%{@prefix@{g" \
+ -e "s{%sysconfdir%{@sysconfdir@{g" \
diff --git a/meta/recipes-extended/mc/mc_4.8.23.bb b/meta/recipes-extended/mc/mc_4.8.23.bb
index 83de8dbb2c..de76591d9b 100644
--- a/meta/recipes-extended/mc/mc_4.8.23.bb
+++ b/meta/recipes-extended/mc/mc_4.8.23.bb
@@ -8,6 +8,8 @@ RDEPENDS_${PN} = "ncurses-terminfo"
SRC_URI = "http://www.midnight-commander.org/downloads/${BPN}-${PV}.tar.bz2 \
file://0001-mc-replace-perl-w-with-use-warnings.patch \
+ file://0001-Add-option-to-control-configure-args.patch \
+ file://nomandate.patch \
"
SRC_URI[md5sum] = "152927ac29cf0e61d7d019f261bb7d89"
SRC_URI[sha256sum] = "238c4552545dcf3065359bd50753abbb150c1b22ec5a36eaa02c82808293267d"
@@ -21,9 +23,12 @@ PACKAGECONFIG ??= ""
PACKAGECONFIG[smb] = "--enable-vfs-smb,--disable-vfs-smb,samba,"
PACKAGECONFIG[sftp] = "--enable-vfs-sftp,--disable-vfs-sftp,libssh2,"
-EXTRA_OECONF = "--with-screen=ncurses --without-gpm-mouse --without-x"
+EXTRA_OECONF = "--with-screen=ncurses --without-gpm-mouse --without-x --disable-configure-args"
CACHED_CONFIGUREVARS += "ac_cv_path_PERL='/usr/bin/env perl'"
+CACHED_CONFIGUREVARS += "ac_cv_path_PYTHON='/usr/bin/env python'"
+CACHED_CONFIGUREVARS += "ac_cv_path_GREP='/usr/bin/env grep'"
+CACHED_CONFIGUREVARS += "mc_cv_have_zipinfo=yes"
do_install_append () {
sed -i -e '1s,#!.*perl,#!${bindir}/env perl,' ${D}${libexecdir}/mc/extfs.d/*
diff --git a/meta/recipes-extended/psmisc/psmisc.inc b/meta/recipes-extended/psmisc/psmisc.inc
index 594a10cf22..6de5acb71b 100644
--- a/meta/recipes-extended/psmisc/psmisc.inc
+++ b/meta/recipes-extended/psmisc/psmisc.inc
@@ -7,7 +7,7 @@ command sends a specified signal (SIGTERM if nothing is specified) to \
processes identified by name. The fuser command identifies the PIDs \
of processes that are using specified files or filesystems."
SECTION = "base"
-DEPENDS = "ncurses virtual/libintl gettext-native"
+DEPENDS = "ncurses virtual/libintl gettext-native xz-native"
LICENSE = "GPLv2"
SRC_URI = "${SOURCEFORGE_MIRROR}/psmisc/psmisc-${PV}.tar.gz"
diff --git a/meta/recipes-extended/sudo/sudo.inc b/meta/recipes-extended/sudo/sudo.inc
index 15075bcefd..4edfabe510 100644
--- a/meta/recipes-extended/sudo/sudo.inc
+++ b/meta/recipes-extended/sudo/sudo.inc
@@ -26,7 +26,7 @@ PACKAGECONFIG[pam-wheel] = ",,,pam-plugin-wheel"
CONFFILES_${PN} = "${sysconfdir}/sudoers"
-EXTRA_OECONF = "--with-editor=/bin/vi --with-env-editor"
+EXTRA_OECONF = "--with-editor=${base_bindir}/vi --with-env-editor"
EXTRA_OECONF_append_libc-musl = " --disable-hardening "
diff --git a/meta/recipes-extended/sudo/sudo_1.8.27.bb b/meta/recipes-extended/sudo/sudo_1.8.27.bb
index 0a11a1b28f..6d470d0373 100644
--- a/meta/recipes-extended/sudo/sudo_1.8.27.bb
+++ b/meta/recipes-extended/sudo/sudo_1.8.27.bb
@@ -15,10 +15,18 @@ SRC_URI[sha256sum] = "7beb68b94471ef56d8a1036dbcdc09a7b58a949a68ffce48b83f837dd3
DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
RDEPENDS_${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}"
+CACHED_CONFIGUREVARS = " \
+ ac_cv_type_rsize_t=no \
+ ac_cv_path_MVPROG=${base_bindir}/mv \
+ ac_cv_path_BSHELLPROG=${base_bindir}/sh \
+ ac_cv_path_SENDMAILPROG=${sbindir}/sendmail \
+ ac_cv_path_VIPROG=${base_bindir}/vi \
+ "
+
EXTRA_OECONF += " \
- ac_cv_type_rsize_t=no \
${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--enable-tmpfiles.d=${nonarch_libdir}/tmpfiles.d', '--disable-tmpfiles.d', d)} \
+ --with-vardir=/var/lib/sudo \
"
do_install_append () {
diff --git a/meta/recipes-extended/tar/tar_1.32.bb b/meta/recipes-extended/tar/tar_1.32.bb
index 18f09b5711..ebe6cb0dbd 100644
--- a/meta/recipes-extended/tar/tar_1.32.bb
+++ b/meta/recipes-extended/tar/tar_1.32.bb
@@ -22,6 +22,8 @@ PACKAGECONFIG[acl] = "--with-posix-acls,--without-posix-acls,acl"
EXTRA_OECONF += "DEFAULT_RMT_DIR=${sbindir}"
+CACHED_CONFIGUREVARS += "tar_cv_path_RSH=no"
+
# Let aclocal use the relative path for the m4 file rather than the
# absolute since tar has a lot of m4 files, otherwise there might
# be an "Argument list too long" error when it is built in a long/deep
diff --git a/meta/recipes-gnome/gtk+/gtk+3/sort-resources.patch b/meta/recipes-gnome/gtk+/gtk+3/sort-resources.patch
new file mode 100644
index 0000000000..7f87372c52
--- /dev/null
+++ b/meta/recipes-gnome/gtk+/gtk+3/sort-resources.patch
@@ -0,0 +1,19 @@
+If the resources file isn't sorted in some way then libgdk.so will differ
+depending on the inode order of the resource files.
+
+Upstream-Status: Pending
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+diff --git a/gdk/Makefile.am b/gdk/Makefile.am
+index e25b57ba50..26f2d57c6e 100644
+--- a/gdk/Makefile.am
++++ b/gdk/Makefile.am
+@@ -465,7 +465,7 @@ stamp-gc-h: $(top_builddir)/config.status
+ # Resources
+ #
+
+-glsl_sources := $(wildcard $(srcdir)/resources/glsl/*.glsl)
++glsl_sources := $(sort $(wildcard $(srcdir)/resources/glsl/*.glsl))
+
+ gdk.gresource.xml: Makefile.am
+ $(AM_V_GEN) echo "<?xml version='1.0' encoding='UTF-8'?>" > $@; \
diff --git a/meta/recipes-gnome/gtk+/gtk+3_3.24.8.bb b/meta/recipes-gnome/gtk+/gtk+3_3.24.8.bb
index d79b18bee0..596dee6264 100644
--- a/meta/recipes-gnome/gtk+/gtk+3_3.24.8.bb
+++ b/meta/recipes-gnome/gtk+/gtk+3_3.24.8.bb
@@ -7,6 +7,7 @@ SRC_URI = "http://ftp.gnome.org/pub/gnome/sources/gtk+/${MAJ_VER}/gtk+-${PV}.tar
file://0002-Do-not-try-to-initialize-GL-without-libGL.patch \
file://0003-Add-disable-opengl-configure-option.patch \
file://link_fribidi.patch \
+ file://sort-resources.patch \
"
SRC_URI[md5sum] = "eeedde01856238114dcf4df3ebc942a5"
SRC_URI[sha256sum] = "666962de9b9768fe9ca785b0e2f42c8b9db3868a12fa9b356b167238d70ac799"
diff --git a/meta/recipes-graphics/wayland/libinput/determinism.patch b/meta/recipes-graphics/wayland/libinput/determinism.patch
new file mode 100644
index 0000000000..cb554030cf
--- /dev/null
+++ b/meta/recipes-graphics/wayland/libinput/determinism.patch
@@ -0,0 +1,21 @@
+This finds our outer git tree and that version information breaks
+determinism of this recipe. Disable it.
+
+RP 2020/2/6
+
+Upstream-Status: Pending
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Index: libinput-1.14.3/meson.build
+===================================================================
+--- libinput-1.14.3.orig/meson.build
++++ libinput-1.14.3/meson.build
+@@ -387,7 +387,7 @@ pkgconfig.generate(
+ libraries : lib_libinput
+ )
+
+-git_version_h = vcs_tag(command : ['git', 'describe'],
++git_version_h = vcs_tag(command : ['false'],
+ fallback : 'unknown',
+ input : 'src/libinput-git-version.h.in',
+ output :'libinput-git-version.h')
diff --git a/meta/recipes-graphics/wayland/libinput_1.14.1.bb b/meta/recipes-graphics/wayland/libinput_1.14.1.bb
index 38bc8d2c33..2c5733f33a 100644
--- a/meta/recipes-graphics/wayland/libinput_1.14.1.bb
+++ b/meta/recipes-graphics/wayland/libinput_1.14.1.bb
@@ -7,7 +7,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=1f2ea9ebff3a2c6d458faf58492efb63"
DEPENDS = "libevdev udev mtdev"
-SRC_URI = "http://www.freedesktop.org/software/${BPN}/${BP}.tar.xz"
+SRC_URI = "http://www.freedesktop.org/software/${BPN}/${BP}.tar.xz \
+ file://determinism.patch \
+"
SRC_URI[md5sum] = "da29a704dc6f7ea2d5aac754db046340"
SRC_URI[sha256sum] = "e333a3242835c019ca37d2cef8b51a87d3138eb47444119c0153dc7a8656ee70"
diff --git a/meta/recipes-graphics/x11-common/xserver-nodm-init/capability.conf b/meta/recipes-graphics/x11-common/xserver-nodm-init/capability.conf
new file mode 100644
index 0000000000..7ab7460816
--- /dev/null
+++ b/meta/recipes-graphics/x11-common/xserver-nodm-init/capability.conf
@@ -0,0 +1,2 @@
+cap_sys_admin @USER@
+none *
diff --git a/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm b/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm
index 6c548551b8..116bb278bc 100755
--- a/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm
+++ b/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm
@@ -38,6 +38,14 @@ case "$1" in
if [ -e /dev/hidraw0 ]; then
chmod o+rw /dev/hidraw*
fi
+ # Make sure that the Xorg has the cap_sys_admin capability which is
+ # needed for setting the drm master
+ if ! grep -q "^auth.*pam_cap\.so" /etc/pam.d/su; then
+ echo "auth optional pam_cap.so" >>/etc/pam.d/su
+ fi
+ if ! /usr/sbin/getcap $XSERVER | grep -q cap_sys_admin; then
+ /usr/sbin/setcap cap_sys_admin+eip $XSERVER
+ fi
fi
# Using su rather than sudo as latest 1.8.1 cause failure [YOCTO #1211]
diff --git a/meta/recipes-graphics/x11-common/xserver-nodm-init_3.0.bb b/meta/recipes-graphics/x11-common/xserver-nodm-init_3.0.bb
index a77c56445c..7f4e1e29f1 100644
--- a/meta/recipes-graphics/x11-common/xserver-nodm-init_3.0.bb
+++ b/meta/recipes-graphics/x11-common/xserver-nodm-init_3.0.bb
@@ -10,6 +10,7 @@ SRC_URI = "file://xserver-nodm \
file://gplv2-license.patch \
file://xserver-nodm.service.in \
file://xserver-nodm.conf.in \
+ file://capability.conf \
"
S = "${WORKDIR}"
@@ -19,7 +20,7 @@ PACKAGE_ARCH = "${MACHINE_ARCH}"
inherit update-rc.d systemd distro_features_check
-REQUIRED_DISTRO_FEATURES = "x11"
+REQUIRED_DISTRO_FEATURES = "x11 ${@oe.utils.conditional('ROOTLESS_X', '1', 'pam', '', d)}"
PACKAGECONFIG ??= "blank"
# dpms and screen saver will be on only if 'blank' is in PACKAGECONFIG
@@ -40,6 +41,8 @@ do_install() {
if [ "${ROOTLESS_X}" = "1" ] ; then
XUSER_HOME="/home/xuser"
XUSER="xuser"
+ install -D capability.conf ${D}${sysconfdir}/security/capability.conf
+ sed -i "s:@USER@:${XUSER}:" ${D}${sysconfdir}/security/capability.conf
else
XUSER_HOME=${ROOT_HOME}
XUSER="root"
@@ -60,7 +63,7 @@ do_install() {
fi
}
-RDEPENDS_${PN} = "xinit ${@oe.utils.conditional('ROOTLESS_X', '1', 'xuser-account', '', d)}"
+RDEPENDS_${PN} = "xinit ${@oe.utils.conditional('ROOTLESS_X', '1', 'xuser-account libcap libcap-bin', '', d)}"
INITSCRIPT_NAME = "xserver-nodm"
INITSCRIPT_PARAMS = "start 9 5 . stop 20 0 1 2 3 6 ."
diff --git a/meta/recipes-graphics/xorg-app/xorg-app-common.inc b/meta/recipes-graphics/xorg-app/xorg-app-common.inc
index 3529cb26ef..211e399cf0 100644
--- a/meta/recipes-graphics/xorg-app/xorg-app-common.inc
+++ b/meta/recipes-graphics/xorg-app/xorg-app-common.inc
@@ -12,6 +12,6 @@ INC_PR = "r8"
SRC_URI = "${XORG_MIRROR}/individual/app/${BPN}-${PV}.tar.bz2"
-inherit autotools pkgconfig distro_features_check
+inherit autotools pkgconfig distro_features_check gettext
FILES_${PN} += " ${libdir}/X11/${BPN} ${datadir}/X11/app-defaults/"
diff --git a/meta/recipes-graphics/xorg-lib/libxshmfence_1.3.bb b/meta/recipes-graphics/xorg-lib/libxshmfence_1.3.bb
index 85a48e4c58..cc45696530 100644
--- a/meta/recipes-graphics/xorg-lib/libxshmfence_1.3.bb
+++ b/meta/recipes-graphics/xorg-lib/libxshmfence_1.3.bb
@@ -11,6 +11,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=47e508ca280fde97906eacb77892c3ac"
DEPENDS += "virtual/libx11"
+EXTRA_OECONF += "--with-shared-memory-dir=/dev/shm"
+
BBCLASSEXTEND = "native nativesdk"
SRC_URI[md5sum] = "42dda8016943dc12aff2c03a036e0937"
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.2.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.2.bb
index 5391e052c5..79da8c14b3 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.2.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.2.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "e2d396270864afd14f5882ce8921d8fb562f5665"
-SRCREV_meta ?= "dd6019025cbb701b9818102f267c26e87031a59b"
+SRCREV_machine ?= "e1abc7e80e4df82d180aecd09e0d80b579d79c34"
+SRCREV_meta ?= "9a13706c994275b544f78dbfc9ed8ff98cd94aef"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.2;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.2.28"
+LINUX_VERSION ?= "5.2.29"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.2.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.2.bb
index 986dd6e351..d88cb5d742 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.2.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.2.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.2.28"
+LINUX_VERSION ?= "5.2.29"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine_qemuarm ?= "d79fa780eef7c3b08fcff8a44070c211afa91214"
-SRCREV_machine ?= "992280855e88289b7e7019ee2cf9dff867c58b94"
-SRCREV_meta ?= "dd6019025cbb701b9818102f267c26e87031a59b"
+SRCREV_machine_qemuarm ?= "f5a3e7e2c94b9d35d1b1933c503ffdaf1e9abec8"
+SRCREV_machine ?= "6f93a47515b2008468437f2f655404906337c574"
+SRCREV_meta ?= "9a13706c994275b544f78dbfc9ed8ff98cd94aef"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.2.bb b/meta/recipes-kernel/linux/linux-yocto_5.2.bb
index 358c0ad80a..59cc08e9a3 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.2.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.2.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86 ?= "v5.2/standard/base"
KBRANCH_qemux86-64 ?= "v5.2/standard/base"
KBRANCH_qemumips64 ?= "v5.2/standard/mti-malta64"
-SRCREV_machine_qemuarm ?= "ed43b791f2cca6e87928fa47556e540333385187"
-SRCREV_machine_qemuarm64 ?= "992280855e88289b7e7019ee2cf9dff867c58b94"
-SRCREV_machine_qemumips ?= "5d47f37ab0b7bcd5c0aaf0ecbd6d00bb8a22ddf4"
-SRCREV_machine_qemuppc ?= "992280855e88289b7e7019ee2cf9dff867c58b94"
-SRCREV_machine_qemuriscv64 ?= "992280855e88289b7e7019ee2cf9dff867c58b94"
-SRCREV_machine_qemux86 ?= "992280855e88289b7e7019ee2cf9dff867c58b94"
-SRCREV_machine_qemux86-64 ?= "992280855e88289b7e7019ee2cf9dff867c58b94"
-SRCREV_machine_qemumips64 ?= "894ee953d9c4036003f41e0800315efe3bab8492"
-SRCREV_machine ?= "992280855e88289b7e7019ee2cf9dff867c58b94"
-SRCREV_meta ?= "dd6019025cbb701b9818102f267c26e87031a59b"
+SRCREV_machine_qemuarm ?= "6080c11f80fbba3ae018518af53564a226e7efcf"
+SRCREV_machine_qemuarm64 ?= "6f93a47515b2008468437f2f655404906337c574"
+SRCREV_machine_qemumips ?= "078d960b86b2b6539e6823f1da884e85b07e50f3"
+SRCREV_machine_qemuppc ?= "6f93a47515b2008468437f2f655404906337c574"
+SRCREV_machine_qemuriscv64 ?= "6f93a47515b2008468437f2f655404906337c574"
+SRCREV_machine_qemux86 ?= "6f93a47515b2008468437f2f655404906337c574"
+SRCREV_machine_qemux86-64 ?= "6f93a47515b2008468437f2f655404906337c574"
+SRCREV_machine_qemumips64 ?= "ad3efcb4a297394ceb0ab2357737bd8be9846fec"
+SRCREV_machine ?= "6f93a47515b2008468437f2f655404906337c574"
+SRCREV_meta ?= "9a13706c994275b544f78dbfc9ed8ff98cd94aef"
# remap qemuarm to qemuarma15 for the 5.2 kernel
# KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.2;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.2.28"
+LINUX_VERSION ?= "5.2.29"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
diff --git a/meta/recipes-sato/webkit/webkitgtk/fix-link-error.patch b/meta/recipes-sato/webkit/webkitgtk/fix-link-error.patch
new file mode 100755
index 0000000000..9696ddd691
--- /dev/null
+++ b/meta/recipes-sato/webkit/webkitgtk/fix-link-error.patch
@@ -0,0 +1,45 @@
+webkitgtk: fix an occasional link error
+
+Part of ae465a4e... Changelog is not included in the source tarball.
+
+Upstream-Status: backport [git://git.webkit.org/WebKit.git]
+
+commit ae465a4e3b1498b6c4038fc7e596e0e3662d116f
+Author: Hironori.Fujii@sony.com <Hironori.Fujii@sony.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
+Date: Fri Jun 28 07:38:09 2019 +0000
+
+ [Win] unresolved external symbol "JSC::JSObject::didBecomePrototype(void)" referenced in function "JSC::Structure::create(...)"
+ https://bugs.webkit.org/show_bug.cgi?id=199312
+
+ Reviewed by Keith Miller.
+
+ WinCairo port, clang-cl Release builds reported a following linkage error:
+
+ > WebCore.lib(UnifiedSource-4babe430-10.cpp.obj) : error LNK2019: unresolved external symbol "public: void __cdecl JSC::JSObject::didBecomePrototype(void)" (?didBecomePrototype@JSObject@JSC@@QEAAXXZ) referenced in function "public: static class JSC::Structure * __cdecl JSC::Structure::create(class JSC::VM &,class JSC::JSGlobalObject *,class JSC::JSValue,class JSC::TypeInfo const &,struct JSC::ClassInfo const *,unsigned char,unsigned int)" (?create@Structure@JSC@@SAPEAV12@AEAVVM@2@PEAVJSGlobalObject@2@VJSValue@2@AEBVTypeInfo@2@PEBUClassInfo@2@EI@Z)
+
+ No new tests because there is no behavior change.
+
+ * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp: Include <JavaScriptCore/JSCInlines.h>,
+ and do not include headers which is included by it.
+
+ git-svn-id: http://svn.webkit.org/repository/webkit/trunk@246922 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+[ modification of Changelog deleted ]
+
+diff --git a/Source/WebCore/Modules/indexeddb/server/SQLiteIDBBackingStore.cpp b/Source/WebCore/Modules/indexeddb/server/SQLiteIDBBackingStore.cpp
+index d1b047c..0899a9a 100644
+--- a/Source/WebCore/Modules/indexeddb/server/SQLiteIDBBackingStore.cpp
++++ b/Source/WebCore/Modules/indexeddb/server/SQLiteIDBBackingStore.cpp
+@@ -49,11 +49,8 @@
+ #include "SQLiteTransaction.h"
+ #include "ThreadSafeDataBuffer.h"
+ #include <JavaScriptCore/AuxiliaryBarrierInlines.h>
+-#include <JavaScriptCore/HeapInlines.h>
+-#include <JavaScriptCore/JSCJSValueInlines.h>
+-#include <JavaScriptCore/JSGlobalObject.h>
++#include <JavaScriptCore/JSCInlines.h>
+ #include <JavaScriptCore/StrongInlines.h>
+-#include <JavaScriptCore/StructureInlines.h>
+ #include <wtf/FileSystem.h>
+ #include <wtf/NeverDestroyed.h>
+ #include <wtf/text/StringConcatenateNumbers.h>
diff --git a/meta/recipes-sato/webkit/webkitgtk_2.24.4.bb b/meta/recipes-sato/webkit/webkitgtk_2.24.4.bb
index c090782411..1c71762945 100644
--- a/meta/recipes-sato/webkit/webkitgtk_2.24.4.bb
+++ b/meta/recipes-sato/webkit/webkitgtk_2.24.4.bb
@@ -23,6 +23,7 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \
file://include_array.patch \
file://narrowing.patch \
file://0001-gstreamer-add-a-missing-format-string.patch \
+ file://fix-link-error.patch \
"
SRC_URI[md5sum] = "c214963d8c0e7d83460da04a0d8dda87"
diff --git a/meta/recipes-support/curl/curl/CVE-2019-15601.patch b/meta/recipes-support/curl/curl/CVE-2019-15601.patch
new file mode 100644
index 0000000000..7bfaae7b21
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2019-15601.patch
@@ -0,0 +1,46 @@
+Upstream-Status: Backport [https://github.com/curl/curl/commit/1b71bc532bde8621fd3260843f8197182a467ff2]
+CVE: CVE-2019-15601
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+
+From 1b71bc532bde8621fd3260843f8197182a467ff2 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 7 Nov 2019 10:13:01 +0100
+Subject: [PATCH] file: on Windows, refuse paths that start with \\
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+... as that might cause an unexpected SMB connection to a given host
+name.
+
+Reported-by: Fernando Muñoz
+CVE-2019-15601
+Bug: https://curl.haxx.se/docs/CVE-2019-15601.html
+---
+ lib/file.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/lib/file.c b/lib/file.c
+index d349cd9241..166931d7f1 100644
+--- a/lib/file.c
++++ b/lib/file.c
+@@ -136,7 +136,7 @@ static CURLcode file_connect(struct connectdata *conn, bool *done)
+ struct Curl_easy *data = conn->data;
+ char *real_path;
+ struct FILEPROTO *file = data->req.protop;
+- int fd;
++ int fd = -1;
+ #ifdef DOS_FILESYSTEM
+ size_t i;
+ char *actual_path;
+@@ -181,7 +181,9 @@ static CURLcode file_connect(struct connectdata *conn, bool *done)
+ return CURLE_URL_MALFORMAT;
+ }
+
+- fd = open_readonly(actual_path, O_RDONLY|O_BINARY);
++ if(strncmp("\\\\", actual_path, 2))
++ /* refuse to open path that starts with two backslashes */
++ fd = open_readonly(actual_path, O_RDONLY|O_BINARY);
+ file->path = actual_path;
+ #else
+ if(memchr(real_path, 0, real_path_len)) {
diff --git a/meta/recipes-support/curl/curl_7.66.0.bb b/meta/recipes-support/curl/curl_7.66.0.bb
index d1975f2460..a54e0536e9 100644
--- a/meta/recipes-support/curl/curl_7.66.0.bb
+++ b/meta/recipes-support/curl/curl_7.66.0.bb
@@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=be5d9e1419c4363f4b32037a2d3b7ffa"
SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
file://0001-replace-krb5-config-with-pkg-config.patch \
+ file://CVE-2019-15601.patch \
"
SRC_URI[md5sum] = "c238aa394e3aa47ca4fcb0491774149f"
diff --git a/meta/recipes-support/libevdev/libevdev/determinism.patch b/meta/recipes-support/libevdev/libevdev/determinism.patch
new file mode 100644
index 0000000000..33a6076b78
--- /dev/null
+++ b/meta/recipes-support/libevdev/libevdev/determinism.patch
@@ -0,0 +1,34 @@
+The order of dict values is not deterministic leading to differing header file generation.
+Sort to remove this inconsistency.
+
+RP 2020/2/7
+
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+Upstream-Status: Pending
+
+Index: a/libevdev/make-event-names.py
+===================================================================
+--- a/libevdev/make-event-names.py
++++ b/libevdev/make-event-names.py
+@@ -67,10 +67,10 @@ def print_bits(bits, prefix):
+ if not hasattr(bits, prefix):
+ return
+ print("static const char * const %s_map[%s_MAX + 1] = {" % (prefix, prefix.upper()))
+- for val, name in list(getattr(bits, prefix).items()):
++ for val, name in sorted(list(getattr(bits, prefix).items())):
+ print(" [%s] = \"%s\"," % (name, name))
+ if prefix == "key":
+- for val, name in list(getattr(bits, "btn").items()):
++ for val, name in sorted(list(getattr(bits, "btn").items())):
+ print(" [%s] = \"%s\"," % (name, name))
+ print("};")
+ print("")
+@@ -111,7 +111,7 @@ def print_lookup(bits, prefix):
+ if not hasattr(bits, prefix):
+ return
+
+- names = list(getattr(bits, prefix).items())
++ names = sorted(list(getattr(bits, prefix).items()))
+ if prefix == "btn":
+ names = names + btn_additional;
+
diff --git a/meta/recipes-support/libevdev/libevdev_1.8.0.bb b/meta/recipes-support/libevdev/libevdev_1.8.0.bb
index 84274987d7..46ed5d786a 100644
--- a/meta/recipes-support/libevdev/libevdev_1.8.0.bb
+++ b/meta/recipes-support/libevdev/libevdev_1.8.0.bb
@@ -6,7 +6,8 @@ LICENSE = "MIT-X"
LIC_FILES_CHKSUM = "file://COPYING;md5=75aae0d38feea6fda97ca381cb9132eb \
file://libevdev/libevdev.h;endline=21;md5=7ff4f0b5113252c2f1a828e0bbad98d1"
-SRC_URI = "http://www.freedesktop.org/software/libevdev/${BP}.tar.xz"
+SRC_URI = "http://www.freedesktop.org/software/libevdev/${BP}.tar.xz \
+ file://determinism.patch"
SRC_URI[md5sum] = "879631080be18526737e33b63d848039"
SRC_URI[sha256sum] = "20d3cae4efd277f485abdf8f2a7c46588e539998b5a08c2c4d368218379d4211"
diff --git a/meta/recipes-support/libgcrypt/files/determinism.patch b/meta/recipes-support/libgcrypt/files/determinism.patch
new file mode 100644
index 0000000000..ad0b8c7950
--- /dev/null
+++ b/meta/recipes-support/libgcrypt/files/determinism.patch
@@ -0,0 +1,32 @@
+gnutls detects our outer git trees and injects that revision into its objects.
+That isn't deterministic so stop it. Also ensure we're not marked as a development
+build as its git detection is faulty.
+
+RP 2020/2/6
+
+Upstream-Status: Pending
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+
+Index: libgcrypt-1.8.5/configure.ac
+===================================================================
+--- libgcrypt-1.8.5.orig/configure.ac
++++ libgcrypt-1.8.5/configure.ac
+@@ -45,7 +45,7 @@ m4_define([mym4_revision_dec],
+ m4_define([mym4_betastring],
+ m4_esyscmd_s([git describe --match 'libgcrypt-[0-9].*[0-9]' --long|\
+ awk -F- '$3!=0{print"-beta"$3}']))
+-m4_define([mym4_isgit],m4_if(mym4_betastring,[],[no],[yes]))
++m4_define([mym4_isgit],[no])
+ m4_define([mym4_full_version],[mym4_version[]mym4_betastring])
+
+ AC_INIT([libgcrypt],[mym4_full_version],[http://bugs.gnupg.org])
+@@ -2575,7 +2575,7 @@ AM_CONDITIONAL([BUILD_DOC], [test "x$bui
+ #
+ # Provide information about the build.
+ #
+-BUILD_REVISION="mym4_revision"
++BUILD_REVISION="None"
+ AC_SUBST(BUILD_REVISION)
+ AC_DEFINE_UNQUOTED(BUILD_REVISION, "$BUILD_REVISION",
+ [GIT commit id revision used to build this package])
diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb b/meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb
index 1bd355133e..92eb2d257a 100644
--- a/meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb
+++ b/meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb
@@ -26,6 +26,7 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \
file://0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch \
file://0001-ecc-Add-mitigation-against-timing-attack.patch \
file://0001-dsa-ecdsa-Fix-use-of-nonce-use-larger-one.patch \
+ file://determinism.patch \
"
SRC_URI[md5sum] = "fbfdaebbbc6d7e5fbbf6ffdb3e139573"
SRC_URI[sha256sum] = "f638143a0672628fde0cad745e9b14deb85dffb175709cacc1f4fe24b93f2227"
diff --git a/scripts/lib/devtool/standard.py b/scripts/lib/devtool/standard.py
index 60c9a046f9..b43c725cf8 100644
--- a/scripts/lib/devtool/standard.py
+++ b/scripts/lib/devtool/standard.py
@@ -940,8 +940,10 @@ def modify(args, config, basepath, workspace):
'}\n')
if rd.getVarFlag('do_menuconfig','task'):
f.write('\ndo_configure_append() {\n'
- ' cp ${B}/.config ${S}/.config.baseline\n'
- ' ln -sfT ${B}/.config ${S}/.config.new\n'
+ ' if [ ! ${DEVTOOL_DISABLE_MENUCONFIG} ]; then\n'
+ ' cp ${B}/.config ${S}/.config.baseline\n'
+ ' ln -sfT ${B}/.config ${S}/.config.new\n'
+ ' fi\n'
'}\n')
if initial_rev:
f.write('\n# initial_rev: %s\n' % initial_rev)