summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta/classes/cml1.bbclass10
-rw-r--r--meta/classes/cve-check.bbclass34
-rw-r--r--meta/classes/gtk-icon-cache.bbclass19
-rw-r--r--meta/classes/image.bbclass2
-rw-r--r--meta/classes/image_types_wic.bbclass3
-rw-r--r--meta/classes/insane.bbclass18
-rw-r--r--meta/classes/kernel-devicetree.bbclass2
-rw-r--r--meta/classes/kernel-yocto.bbclass16
-rw-r--r--meta/classes/nopackages.bbclass1
-rw-r--r--meta/classes/package.bbclass20
-rw-r--r--meta/classes/package_tar.bbclass6
-rw-r--r--meta/classes/populate_sdk_ext.bbclass5
-rw-r--r--meta/classes/testimage.bbclass11
-rw-r--r--meta/classes/uninative.bbclass13
-rw-r--r--meta/conf/distro/include/yocto-uninative.inc10
-rw-r--r--meta/conf/layer.conf1
-rw-r--r--meta/conf/machine/qemumips.conf4
-rw-r--r--meta/conf/machine/qemumips64.conf2
-rw-r--r--meta/conf/multilib.conf2
-rw-r--r--meta/conf/sanity.conf2
-rw-r--r--meta/lib/oeqa/core/runner.py14
-rw-r--r--meta/lib/oeqa/core/target/ssh.py7
-rw-r--r--meta/lib/oeqa/manual/bsp-hw.json44
-rw-r--r--meta/lib/oeqa/runtime/cases/ltp.py5
-rw-r--r--meta/lib/oeqa/sdk/case.py2
-rw-r--r--meta/lib/oeqa/sdk/cases/assimp.py2
-rw-r--r--meta/lib/oeqa/sdk/cases/buildcpio.py2
-rw-r--r--meta/lib/oeqa/sdk/cases/buildepoxy.py2
-rw-r--r--meta/lib/oeqa/sdk/cases/buildgalculator.py2
-rw-r--r--meta/lib/oeqa/sdk/cases/buildlzip.py2
-rw-r--r--meta/lib/oeqa/selftest/cases/prservice.py4
-rw-r--r--meta/lib/oeqa/selftest/cases/runtime_test.py2
-rw-r--r--meta/lib/oeqa/selftest/cases/signing.py4
-rw-r--r--meta/lib/oeqa/selftest/cases/tinfoil.py5
-rw-r--r--meta/lib/oeqa/selftest/context.py4
-rw-r--r--meta/recipes-bsp/grub/grub2.inc2
-rw-r--r--meta/recipes-bsp/u-boot/libubootenv_0.3.1.bb (renamed from meta/recipes-bsp/u-boot/libubootenv_0.2.bb)9
-rw-r--r--meta/recipes-bsp/u-boot/u-boot.inc10
-rw-r--r--meta/recipes-connectivity/bind/bind_9.11.22.bb (renamed from meta/recipes-connectivity/bind/bind_9.11.21.bb)2
-rw-r--r--meta/recipes-connectivity/bluez5/bluez5.inc4
-rw-r--r--meta/recipes-core/busybox/busybox.inc10
-rw-r--r--meta/recipes-core/ell/ell_0.33.bb (renamed from meta/recipes-core/ell/ell_0.32.bb)2
-rw-r--r--meta/recipes-core/glib-2.0/glib-2.0/0001-Do-not-write-bindir-into-pkg-config-files.patch2
-rw-r--r--meta/recipes-core/glib-2.0/glib-2.0/0011-GMainContext-Fix-GSource-iterator-if-iteration-can-m.patch43
-rw-r--r--meta/recipes-core/glib-2.0/glib-2.0/0012-GMainContext-Fix-memory-leaks-and-memory-corruption-.patch109
-rw-r--r--meta/recipes-core/glib-2.0/glib-2.0/0013-GMainContext-Move-mutex-unlocking-in-destructor-righ.patch36
-rw-r--r--meta/recipes-core/glib-2.0/glib-2.0/relocate-modules.patch4
-rw-r--r--meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb (renamed from meta/recipes-core/glib-2.0/glib-2.0_2.62.4.bb)7
-rw-r--r--meta/recipes-core/glibc/glibc-version.inc2
-rw-r--r--meta/recipes-core/glibc/glibc/0016-Add-unused-attribute.patch31
-rw-r--r--meta/recipes-core/glibc/glibc/CVE-2020-6096.patch112
-rw-r--r--meta/recipes-core/glibc/glibc/CVE-2020-6096_2.patch194
-rw-r--r--meta/recipes-core/glibc/glibc_2.31.bb5
-rw-r--r--meta/recipes-core/images/build-appliance-image_15.0.0.bb2
-rwxr-xr-xmeta/recipes-core/initrdscripts/initramfs-framework/init13
-rw-r--r--meta/recipes-core/libxml/libxml2/CVE-2020-24977.patch41
-rw-r--r--meta/recipes-core/libxml/libxml2_2.9.10.bb1
-rw-r--r--meta/recipes-core/meta/cve-update-db-native.bb96
-rw-r--r--meta/recipes-core/systemd/systemd-serialgetty.bb4
-rw-r--r--meta/recipes-core/sysvinit/sysvinit_2.96.bb1
-rw-r--r--meta/recipes-core/util-linux/util-linux.inc3
-rw-r--r--meta/recipes-devtools/autoconf/autoconf.inc5
-rw-r--r--meta/recipes-devtools/cmake/cmake.inc4
-rw-r--r--meta/recipes-devtools/gcc/gcc-9.3.inc2
-rw-r--r--meta/recipes-devtools/go/go-1.14.inc5
-rw-r--r--meta/recipes-devtools/json-c/json-c/CVE-2020-12762.patch231
-rw-r--r--meta/recipes-devtools/json-c/json-c_0.13.1.bb1
-rw-r--r--meta/recipes-devtools/perl/files/CVE-2020-12723.patch302
-rw-r--r--meta/recipes-devtools/perl/perl_5.30.1.bb1
-rw-r--r--meta/recipes-devtools/qemu/qemu.inc3
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2020-14364.patch93
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2020-14415.patch37
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2020-15863.patch63
-rw-r--r--meta/recipes-devtools/ruby/ruby_2.7.1.bb (renamed from meta/recipes-devtools/ruby/ruby_2.7.0.bb)4
-rw-r--r--meta/recipes-extended/ghostscript/files/do-not-check-local-libpng-source.patch37
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14869-0001.patch70
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/CVE-2020-15900.patch54
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/aarch64/objarch.h40
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/arm/objarch.h40
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/armeb/objarch.h40
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/ghostscript-9.02-genarch.patch38
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/i586/objarch.h41
l---------meta/recipes-extended/ghostscript/ghostscript/i6861
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/microblaze/objarch.h40
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/microblazeel/objarch.h40
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/mipsarchn32eb/objarch.h40
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/mipsarchn32el/objarch.h40
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/mipsarchn64eb/objarch.h40
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/mipsarchn64el/objarch.h40
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/mipsarcho32eb/objarch.h40
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/mipsarcho32el/objarch.h40
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/nios2/objarch.h40
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/powerpc/objarch.h40
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/powerpc64/objarch.h40
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/powerpc64le/objarch.h40
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/x86-64/objarch.h40
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript_9.52.bb (renamed from meta/recipes-extended/ghostscript/ghostscript_9.50.bb)26
-rw-r--r--meta/recipes-extended/rpcbind/rpcbind_1.2.5.bb5
-rw-r--r--meta/recipes-extended/sysstat/sysstat.inc2
-rw-r--r--meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb8
-rw-r--r--meta/recipes-gnome/json-glib/json-glib/0001-scanner-use-macro-instead-of-cast-to-convert-pointer.patch33
-rw-r--r--meta/recipes-gnome/json-glib/json-glib_1.4.4.bb4
-rw-r--r--meta/recipes-gnome/librsvg/librsvg_2.40.21.bb (renamed from meta/recipes-gnome/librsvg/librsvg_2.40.20.bb)3
-rw-r--r--meta/recipes-graphics/jpeg/files/CVE-2020-13790.patch76
-rw-r--r--meta/recipes-graphics/jpeg/libjpeg-turbo_2.0.4.bb1
-rw-r--r--meta/recipes-graphics/ttf-fonts/ttf-bitstream-vera_1.10.bb2
-rw-r--r--meta/recipes-graphics/wayland/weston_8.0.0.bb20
-rw-r--r--meta/recipes-graphics/xorg-lib/libx11/CVE-2020-14344.patch321
-rw-r--r--meta/recipes-graphics/xorg-lib/libx11_1.6.9.bb4
-rw-r--r--meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch38
-rw-r--r--meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.8.bb (renamed from meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.7.bb)5
-rw-r--r--meta/recipes-kernel/linux-firmware/linux-firmware_20200817.bb (renamed from meta/recipes-kernel/linux-firmware/linux-firmware_20200619.bb)10
-rw-r--r--meta/recipes-kernel/linux-libc-headers/linux-libc-headers.inc2
-rw-r--r--meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb6
-rw-r--r--meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb8
-rw-r--r--meta/recipes-kernel/linux/linux-yocto_5.4.bb22
-rw-r--r--meta/recipes-kernel/perf/perf.bb4
-rw-r--r--meta/recipes-multimedia/alsa/alsa-topology-conf_1.2.1.bb4
-rw-r--r--meta/recipes-multimedia/alsa/alsa-ucm-conf_1.2.1.2.bb6
-rw-r--r--meta/recipes-sato/webkit/webkitgtk/CVE-2020-13753.patch15
-rw-r--r--meta/recipes-sato/webkit/webkitgtk_2.28.2.bb1
-rw-r--r--meta/recipes-support/curl/curl_7.69.1.bb4
-rw-r--r--meta/recipes-support/fribidi/fribidi_1.0.9.bb2
-rw-r--r--meta/recipes-support/gnutls/gnutls/CVE-2020-24659.patch117
-rw-r--r--meta/recipes-support/gnutls/gnutls_3.6.14.bb1
-rw-r--r--meta/recipes-support/gpgme/gpgme_1.13.1.bb6
-rw-r--r--meta/recipes-support/libexif/libexif/CVE-2016-6328.patch64
-rw-r--r--meta/recipes-support/libexif/libexif/CVE-2017-7544.patch40
-rw-r--r--meta/recipes-support/libexif/libexif/CVE-2018-20030.patch115
-rw-r--r--meta/recipes-support/libexif/libexif_0.6.21.bb19
-rw-r--r--meta/recipes-support/libexif/libexif_0.6.22.bb19
-rw-r--r--meta/recipes-support/libffi/libffi_3.3.bb2
-rw-r--r--scripts/lib/devtool/deploy.py8
-rw-r--r--scripts/lib/devtool/standard.py2
-rw-r--r--scripts/lib/wic/misc.py5
-rwxr-xr-xscripts/oe-build-perf-report2
-rwxr-xr-xscripts/oe-publish-sdk2
-rwxr-xr-xscripts/runqemu12
138 files changed, 1852 insertions, 1853 deletions
diff --git a/meta/classes/cml1.bbclass b/meta/classes/cml1.bbclass
index c7f6723cb3..8ab240589a 100644
--- a/meta/classes/cml1.bbclass
+++ b/meta/classes/cml1.bbclass
@@ -1,3 +1,13 @@
+# returns all the elements from the src uri that are .cfg files
+def find_cfgs(d):
+ sources=src_patches(d, True)
+ sources_list=[]
+ for s in sources:
+ if s.endswith('.cfg'):
+ sources_list.append(s)
+
+ return sources_list
+
cml1_do_configure() {
set -e
unset CFLAGS CPPFLAGS CXXFLAGS LDFLAGS
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 514897e8b8..17f64a8a9c 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -27,9 +27,13 @@ CVE_VERSION ??= "${PV}"
CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"
CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.1.db"
+CVE_CHECK_DB_FILE_LOCK ?= "${CVE_CHECK_DB_FILE}.lock"
CVE_CHECK_LOG ?= "${T}/cve.log"
CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check"
+CVE_CHECK_SUMMARY_DIR ?= "${LOG_DIR}/cve"
+CVE_CHECK_SUMMARY_FILE_NAME ?= "cve-summary"
+CVE_CHECK_SUMMARY_FILE ?= "${CVE_CHECK_SUMMARY_DIR}/${CVE_CHECK_SUMMARY_FILE_NAME}"
CVE_CHECK_DIR ??= "${DEPLOY_DIR}/cve"
CVE_CHECK_MANIFEST ?= "${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cve"
@@ -46,6 +50,33 @@ CVE_CHECK_PN_WHITELIST ?= ""
#
CVE_CHECK_WHITELIST ?= ""
+python cve_save_summary_handler () {
+ import shutil
+ import datetime
+
+ cve_tmp_file = d.getVar("CVE_CHECK_TMP_FILE")
+
+ cve_summary_name = d.getVar("CVE_CHECK_SUMMARY_FILE_NAME")
+ cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR")
+ bb.utils.mkdirhier(cvelogpath)
+
+ timestamp = datetime.datetime.now().strftime('%Y%m%d%H%M%S')
+ cve_summary_file = os.path.join(cvelogpath, "%s-%s.txt" % (cve_summary_name, timestamp))
+
+ if os.path.exists(cve_tmp_file):
+ shutil.copyfile(cve_tmp_file, cve_summary_file)
+
+ if cve_summary_file and os.path.exists(cve_summary_file):
+ cvefile_link = os.path.join(cvelogpath, cve_summary_name)
+
+ if os.path.exists(os.path.realpath(cvefile_link)):
+ os.remove(cvefile_link)
+ os.symlink(os.path.basename(cve_summary_file), cvefile_link)
+}
+
+addhandler cve_save_summary_handler
+cve_save_summary_handler[eventmask] = "bb.event.BuildCompleted"
+
python do_cve_check () {
"""
Check recipe for patched and unpatched CVEs
@@ -331,5 +362,8 @@ def cve_write_data(d, patched, unpatched, whitelisted, cve_data):
f.write(write_string)
if d.getVar("CVE_CHECK_CREATE_MANIFEST") == "1":
+ cvelogpath = d.getVar("CVE_CHECK_SUMMARY_DIR")
+ bb.utils.mkdirhier(cvelogpath)
+
with open(d.getVar("CVE_CHECK_TMP_FILE"), "a") as f:
f.write("%s" % write_string)
diff --git a/meta/classes/gtk-icon-cache.bbclass b/meta/classes/gtk-icon-cache.bbclass
index dd394af27c..91cb4ad409 100644
--- a/meta/classes/gtk-icon-cache.bbclass
+++ b/meta/classes/gtk-icon-cache.bbclass
@@ -1,10 +1,6 @@
FILES_${PN} += "${datadir}/icons/hicolor"
-DEPENDS +=" ${@['hicolor-icon-theme', '']['${BPN}' == 'hicolor-icon-theme']} \
- ${@['gdk-pixbuf', '']['${BPN}' == 'gdk-pixbuf']} \
- ${@['gtk+3', '']['${BPN}' == 'gtk+3']} \
- gtk+3-native \
-"
+DEPENDS +=" ${@['hicolor-icon-theme', '']['${BPN}' == 'hicolor-icon-theme']} gtk+3-native"
PACKAGE_WRITE_DEPS += "gtk+3-native gdk-pixbuf-native"
@@ -52,18 +48,9 @@ python populate_packages_append () {
bb.note("adding hicolor-icon-theme dependency to %s" % pkg)
rdepends = ' ' + d.getVar('MLPREFIX', False) + "hicolor-icon-theme"
d.appendVar('RDEPENDS_%s' % pkg, rdepends)
-
- #gtk_icon_cache_postinst depend on gdk-pixbuf and gtk+3
- bb.note("adding gdk-pixbuf dependency to %s" % pkg)
- rdepends = ' ' + d.getVar('MLPREFIX', False) + "gdk-pixbuf"
- d.appendVar('RDEPENDS_%s' % pkg, rdepends)
-
- bb.note("adding gtk+3 dependency to %s" % pkg)
- rdepends = ' ' + d.getVar('MLPREFIX', False) + "gtk+3"
- d.appendVar('RDEPENDS_%s' % pkg, rdepends)
-
+
bb.note("adding gtk-icon-cache postinst and postrm scripts to %s" % pkg)
-
+
postinst = d.getVar('pkg_postinst_%s' % pkg)
if not postinst:
postinst = '#!/bin/sh\n'
diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
index 6620a9e9c3..459d872b4a 100644
--- a/meta/classes/image.bbclass
+++ b/meta/classes/image.bbclass
@@ -654,7 +654,7 @@ reproducible_final_image_task () {
if [ "${BUILD_REPRODUCIBLE_BINARIES}" = "1" ]; then
if [ "$REPRODUCIBLE_TIMESTAMP_ROOTFS" = "" ]; then
REPRODUCIBLE_TIMESTAMP_ROOTFS=`git -C "${COREBASE}" log -1 --pretty=%ct 2>/dev/null` || true
- if [ "${REPRODUCIBLE_TIMESTAMP_ROOTFS}" = "" ]; then
+ if [ "$REPRODUCIBLE_TIMESTAMP_ROOTFS" = "" ]; then
REPRODUCIBLE_TIMESTAMP_ROOTFS=`stat -c%Y ${@bb.utils.which(d.getVar("BBPATH"), "conf/bitbake.conf")}`
fi
fi
diff --git a/meta/classes/image_types_wic.bbclass b/meta/classes/image_types_wic.bbclass
index b83308b45c..196c86814e 100644
--- a/meta/classes/image_types_wic.bbclass
+++ b/meta/classes/image_types_wic.bbclass
@@ -4,7 +4,8 @@ WICVARS ?= "\
BBLAYERS IMGDEPLOYDIR DEPLOY_DIR_IMAGE FAKEROOTCMD IMAGE_BASENAME IMAGE_BOOT_FILES \
IMAGE_LINK_NAME IMAGE_ROOTFS INITRAMFS_FSTYPES INITRD INITRD_LIVE ISODIR RECIPE_SYSROOT_NATIVE \
ROOTFS_SIZE STAGING_DATADIR STAGING_DIR STAGING_LIBDIR TARGET_SYS \
- KERNEL_IMAGETYPE MACHINE INITRAMFS_IMAGE INITRAMFS_IMAGE_BUNDLE INITRAMFS_LINK_NAME APPEND"
+ KERNEL_IMAGETYPE MACHINE INITRAMFS_IMAGE INITRAMFS_IMAGE_BUNDLE INITRAMFS_LINK_NAME APPEND \
+ ASSUME_PROVIDED"
inherit ${@bb.utils.contains('INITRAMFS_IMAGE_BUNDLE', '1', 'kernel-artifact-names', '', d)}
diff --git a/meta/classes/insane.bbclass b/meta/classes/insane.bbclass
index 1d76ae7c1d..46d386a38b 100644
--- a/meta/classes/insane.bbclass
+++ b/meta/classes/insane.bbclass
@@ -437,12 +437,13 @@ def package_qa_hash_style(path, name, d, elf, messages):
for line in phdrs.split("\n"):
if "SYMTAB" in line:
has_syms = True
- if "GNU_HASH" or "DT_MIPS_XHASH" in line:
+ if "GNU_HASH" in line or "DT_MIPS_XHASH" in line:
sane = True
if ("[mips32]" in line or "[mips64]" in line) and d.getVar('TCLIBC') == "musl":
sane = True
if has_syms and not sane:
- package_qa_add_message(messages, "ldflags", "No GNU_HASH in the ELF binary %s, didn't pass LDFLAGS?" % path)
+ path = package_qa_clean_path(path, d, name)
+ package_qa_add_message(messages, "ldflags", "File %s in package %s doesn't have GNU_HASH (didn't pass LDFLAGS?)" % (path, name))
QAPATHTEST[buildpaths] = "package_qa_check_buildpaths"
@@ -707,12 +708,13 @@ def package_qa_walk(warnfuncs, errorfuncs, package, d):
warnings = {}
errors = {}
for path in pkgfiles[package]:
- elf = oe.qa.ELFFile(path)
- try:
- elf.open()
- except (IOError, oe.qa.NotELFFileError):
- # IOError can happen if the packaging control files disappear,
- elf = None
+ elf = None
+ if os.path.isfile(path):
+ elf = oe.qa.ELFFile(path)
+ try:
+ elf.open()
+ except oe.qa.NotELFFileError:
+ elf = None
for func in warnfuncs:
func(path, package, d, elf, warnings)
for func in errorfuncs:
diff --git a/meta/classes/kernel-devicetree.bbclass b/meta/classes/kernel-devicetree.bbclass
index 522c46575d..81dda8003f 100644
--- a/meta/classes/kernel-devicetree.bbclass
+++ b/meta/classes/kernel-devicetree.bbclass
@@ -52,7 +52,7 @@ do_configure_append() {
do_compile_append() {
for dtbf in ${KERNEL_DEVICETREE}; do
dtb=`normalize_dtb "$dtbf"`
- oe_runmake $dtb
+ oe_runmake $dtb CC="${KERNEL_CC} $cc_extra " LD="${KERNEL_LD}" ${KERNEL_EXTRA_ARGS}
done
}
diff --git a/meta/classes/kernel-yocto.bbclass b/meta/classes/kernel-yocto.bbclass
index 3311f6e84e..cc8bcb909a 100644
--- a/meta/classes/kernel-yocto.bbclass
+++ b/meta/classes/kernel-yocto.bbclass
@@ -85,6 +85,21 @@ def get_machine_branch(d, default):
return default
+# returns a list of all directories that are on FILESEXTRAPATHS (and
+# hence available to the build) that contain .scc or .cfg files
+def get_dirs_with_fragments(d):
+ extrapaths = []
+ extrafiles = []
+ extrapathsvalue = (d.getVar("FILESEXTRAPATHS") or "")
+ # Remove default flag which was used for checking
+ extrapathsvalue = extrapathsvalue.replace("__default:", "")
+ extrapaths = extrapathsvalue.split(":")
+ for path in extrapaths:
+ if path + ":True" not in extrafiles:
+ extrafiles.append(path + ":" + str(os.path.exists(path)))
+
+ return " ".join(extrafiles)
+
do_kernel_metadata() {
set +e
cd ${S}
@@ -330,6 +345,7 @@ do_kernel_checkout[dirs] = "${S}"
addtask kernel_checkout before do_kernel_metadata after do_symlink_kernsrc
addtask kernel_metadata after do_validate_branches do_unpack before do_patch
do_kernel_metadata[depends] = "kern-tools-native:do_populate_sysroot"
+do_kernel_metadata[file-checksums] = " ${@get_dirs_with_fragments(d)}"
do_validate_branches[depends] = "kern-tools-native:do_populate_sysroot"
do_kernel_configme[depends] += "virtual/${TARGET_PREFIX}binutils:do_populate_sysroot"
diff --git a/meta/classes/nopackages.bbclass b/meta/classes/nopackages.bbclass
index 559f5078bd..7a4f632d71 100644
--- a/meta/classes/nopackages.bbclass
+++ b/meta/classes/nopackages.bbclass
@@ -2,6 +2,7 @@ deltask do_package
deltask do_package_write_rpm
deltask do_package_write_ipk
deltask do_package_write_deb
+deltask do_package_write_tar
deltask do_package_qa
deltask do_packagedata
deltask do_package_setscene
diff --git a/meta/classes/package.bbclass b/meta/classes/package.bbclass
index 099d0459f3..cc64ddffc3 100644
--- a/meta/classes/package.bbclass
+++ b/meta/classes/package.bbclass
@@ -535,7 +535,7 @@ def copydebugsources(debugsrcdir, sources, d):
# Package data handling routines
#
-def get_package_mapping (pkg, basepkg, d):
+def get_package_mapping (pkg, basepkg, d, depversions=None):
import oe.packagedata
data = oe.packagedata.read_subpkgdata(pkg, d)
@@ -546,6 +546,14 @@ def get_package_mapping (pkg, basepkg, d):
if bb.data.inherits_class('allarch', d) and not d.getVar('MULTILIB_VARIANTS') \
and data[key] == basepkg:
return pkg
+ if depversions == []:
+ # Avoid returning a mapping if the renamed package rprovides its original name
+ rprovkey = "RPROVIDES_%s" % pkg
+ if rprovkey in data:
+ if pkg in bb.utils.explode_dep_versions2(data[rprovkey]):
+ bb.note("%s rprovides %s, not replacing the latter" % (data[key], pkg))
+ return pkg
+ # Do map to rewritten package name
return data[key]
return pkg
@@ -566,8 +574,10 @@ def runtime_mapping_rename (varname, pkg, d):
new_depends = {}
deps = bb.utils.explode_dep_versions2(d.getVar(varname) or "")
- for depend in deps:
- new_depend = get_package_mapping(depend, pkg, d)
+ for depend, depversions in deps.items():
+ new_depend = get_package_mapping(depend, pkg, d, depversions)
+ if depend != new_depend:
+ bb.note("package name mapping done: %s -> %s" % (depend, new_depend))
new_depends[new_depend] = deps[depend]
d.setVar(varname, bb.utils.join_deps(new_depends, commasep=False))
@@ -1544,7 +1554,7 @@ fi
# Symlinks needed for rprovides lookup
rprov = d.getVar('RPROVIDES_%s' % pkg) or d.getVar('RPROVIDES')
if rprov:
- for p in rprov.strip().split():
+ for p in bb.utils.explode_deps(rprov):
subdata_sym = pkgdatadir + "/runtime-rprovides/%s/%s" % (p, pkg)
bb.utils.mkdirhier(os.path.dirname(subdata_sym))
oe.path.symlink("../../runtime/%s" % pkg, subdata_sym, True)
@@ -1842,7 +1852,7 @@ python package_do_shlibs() {
shlibs_file = os.path.join(shlibswork_dir, pkg + ".list")
if len(sonames):
with open(shlibs_file, 'w') as fd:
- for s in sonames:
+ for s in sorted(sonames):
if s[0] in shlib_provider and s[1] in shlib_provider[s[0]]:
(old_pkg, old_pkgver) = shlib_provider[s[0]][s[1]]
if old_pkg != pkg:
diff --git a/meta/classes/package_tar.bbclass b/meta/classes/package_tar.bbclass
index ce3ab4c8e2..d6c1b306fc 100644
--- a/meta/classes/package_tar.bbclass
+++ b/meta/classes/package_tar.bbclass
@@ -57,10 +57,8 @@ python do_package_tar () {
python () {
if d.getVar('PACKAGES') != '':
- deps = (d.getVarFlag('do_package_write_tar', 'depends') or "").split()
- deps.append('tar-native:do_populate_sysroot')
- deps.append('virtual/fakeroot-native:do_populate_sysroot')
- d.setVarFlag('do_package_write_tar', 'depends', " ".join(deps))
+ deps = ' tar-native:do_populate_sysroot virtual/fakeroot-native:do_populate_sysroot'
+ d.appendVarFlag('do_package_write_tar', 'depends', deps)
d.setVarFlag('do_package_write_tar', 'fakeroot', "1")
}
diff --git a/meta/classes/populate_sdk_ext.bbclass b/meta/classes/populate_sdk_ext.bbclass
index fd0da16e7e..71686bc993 100644
--- a/meta/classes/populate_sdk_ext.bbclass
+++ b/meta/classes/populate_sdk_ext.bbclass
@@ -310,8 +310,9 @@ python copy_buildsystem () {
if os.path.exists(builddir + '/conf/auto.conf'):
with open(builddir + '/conf/auto.conf', 'r') as f:
oldlines += f.readlines()
- with open(builddir + '/conf/local.conf', 'r') as f:
- oldlines += f.readlines()
+ if os.path.exists(builddir + '/conf/local.conf'):
+ with open(builddir + '/conf/local.conf', 'r') as f:
+ oldlines += f.readlines()
(updated, newlines) = bb.utils.edit_metadata(oldlines, varlist, handle_var)
with open(baseoutpath + '/conf/local.conf', 'w') as f:
diff --git a/meta/classes/testimage.bbclass b/meta/classes/testimage.bbclass
index 53945478af..00f0c29836 100644
--- a/meta/classes/testimage.bbclass
+++ b/meta/classes/testimage.bbclass
@@ -31,6 +31,7 @@ TESTIMAGE_AUTO ??= "0"
# TEST_LOG_DIR contains a command ssh log and may contain infromation about what command is running, output and return codes and for qemu a boot log till login.
# Booting is handled by this class, and it's not a test in itself.
# TEST_QEMUBOOT_TIMEOUT can be used to set the maximum time in seconds the launch code will wait for the login prompt.
+# TEST_OVERALL_TIMEOUT can be used to set the maximum time in seconds the tests will be allowed to run (defaults to no limit).
# TEST_QEMUPARAMS can be used to pass extra parameters to qemu, e.g. "-m 1024" for setting the amount of ram to 1 GB.
# TEST_RUNQEMUPARAMS can be used to pass extra parameters to runqemu, e.g. "gl" to enable OpenGL acceleration.
@@ -75,6 +76,7 @@ DEFAULT_TEST_SUITES_remove_qemumips64 = "${MIPSREMOVE}"
TEST_SUITES ?= "${DEFAULT_TEST_SUITES}"
TEST_QEMUBOOT_TIMEOUT ?= "1000"
+TEST_OVERALL_TIMEOUT ?= ""
TEST_TARGET ?= "qemu"
TEST_QEMUPARAMS ?= ""
TEST_RUNQEMUPARAMS ?= ""
@@ -206,6 +208,10 @@ def testimage_main(d):
"""
os.kill(os.getpid(), signal.SIGINT)
+ def handle_test_timeout(timeout):
+ bb.warn("Global test timeout reached (%s seconds), stopping the tests." %(timeout))
+ os.kill(os.getpid(), signal.SIGINT)
+
testimage_sanity(d)
if (d.getVar('IMAGE_PKGTYPE') == 'rpm'
@@ -363,6 +369,11 @@ def testimage_main(d):
# We need to check if runqemu ends unexpectedly
# or if the worker send us a SIGTERM
tc.target.start(params=d.getVar("TEST_QEMUPARAMS"), runqemuparams=d.getVar("TEST_RUNQEMUPARAMS"))
+ import threading
+ try:
+ threading.Timer(int(d.getVar("TEST_OVERALL_TIMEOUT")), handle_test_timeout, (int(d.getVar("TEST_OVERALL_TIMEOUT")),)).start()
+ except ValueError:
+ pass
results = tc.runTests()
except (KeyboardInterrupt, BlockingIOError) as err:
if isinstance(err, KeyboardInterrupt):
diff --git a/meta/classes/uninative.bbclass b/meta/classes/uninative.bbclass
index 70799bbf6d..316c0f0616 100644
--- a/meta/classes/uninative.bbclass
+++ b/meta/classes/uninative.bbclass
@@ -56,12 +56,17 @@ python uninative_event_fetchloader() {
# Our games with path manipulation of DL_DIR mean standard PREMIRRORS don't work
# and we can't easily put 'chksum' into the url path from a url parameter with
# the current fetcher url handling
- ownmirror = d.getVar('SOURCE_MIRROR_URL')
- if ownmirror:
- localdata.appendVar("PREMIRRORS", " ${UNINATIVE_URL}${UNINATIVE_TARBALL} ${SOURCE_MIRROR_URL}/uninative/%s/${UNINATIVE_TARBALL}" % chksum)
+ premirrors = bb.fetch2.mirror_from_string(localdata.getVar("PREMIRRORS"))
+ for line in premirrors:
+ try:
+ (find, replace) = line
+ except ValueError:
+ continue
+ if find.startswith("http"):
+ localdata.appendVar("PREMIRRORS", " ${UNINATIVE_URL}${UNINATIVE_TARBALL} %s/uninative/%s/${UNINATIVE_TARBALL}" % (replace, chksum))
srcuri = d.expand("${UNINATIVE_URL}${UNINATIVE_TARBALL};sha256sum=%s" % chksum)
- bb.note("Fetching uninative binary shim from %s" % srcuri)
+ bb.note("Fetching uninative binary shim %s (will check PREMIRRORS first)" % srcuri)
fetcher = bb.fetch2.Fetch([srcuri], localdata, cache=False)
fetcher.download()
diff --git a/meta/conf/distro/include/yocto-uninative.inc b/meta/conf/distro/include/yocto-uninative.inc
index 889695eae3..69b6edee5f 100644
--- a/meta/conf/distro/include/yocto-uninative.inc
+++ b/meta/conf/distro/include/yocto-uninative.inc
@@ -6,9 +6,9 @@
# to the distro running on the build machine.
#
-UNINATIVE_MAXGLIBCVERSION = "2.31"
+UNINATIVE_MAXGLIBCVERSION = "2.32"
-UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/2.8/"
-UNINATIVE_CHECKSUM[aarch64] ?= "989187344bf9539b464fb7ed9c223e51f4bdb4c7a677d2c314e6fed393176efe"
-UNINATIVE_CHECKSUM[i686] ?= "cc3e45bc8594488b407363e3fa9af5a099279dab2703c64342098719bd674990"
-UNINATIVE_CHECKSUM[x86_64] ?= "a09922172c3a439105e0ae6b943daad2d83505b17da0aba97961ff433b8c21ab"
+UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/2.9/"
+UNINATIVE_CHECKSUM[aarch64] ?= "9f25a667aee225b1dd65c4aea73e01983e825b1cb9b56937932a1ee328b45f81"
+UNINATIVE_CHECKSUM[i686] ?= "cae5d73245d95b07cf133b780ba3f6c8d0adca3ffc4e7e7fab999961d5e24d36"
+UNINATIVE_CHECKSUM[x86_64] ?= "d07916b95c419c81541a19c8ef0ed8cbd78ae18437ff28a4c8a60ef40518e423"
diff --git a/meta/conf/layer.conf b/meta/conf/layer.conf
index 43917d4c3c..0249f21d07 100644
--- a/meta/conf/layer.conf
+++ b/meta/conf/layer.conf
@@ -71,6 +71,7 @@ SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \
grub-efi->grub-bootconf \
liberation-fonts->fontconfig \
cantarell-fonts->fontconfig \
+ ttf-bitstream-vera->fontconfig \
gnome-icon-theme->librsvg \
font-alias->font-util \
systemd-boot->systemd-bootconf \
diff --git a/meta/conf/machine/qemumips.conf b/meta/conf/machine/qemumips.conf
index 31ad754483..1373e4cba0 100644
--- a/meta/conf/machine/qemumips.conf
+++ b/meta/conf/machine/qemumips.conf
@@ -9,6 +9,10 @@ require conf/machine/include/qemuboot-mips.inc
KERNEL_IMAGETYPE = "vmlinux"
KERNEL_ALT_IMAGETYPE = "vmlinux.bin"
+UBOOT_MACHINE ?= "qemu_mips_defconfig"
+
SERIAL_CONSOLES ?= "115200;ttyS0 115200;ttyS1"
QB_SYSTEM_NAME = "qemu-system-mips"
+
+QB_CPU = "-cpu 34Kf"
diff --git a/meta/conf/machine/qemumips64.conf b/meta/conf/machine/qemumips64.conf
index 6d5174665f..1e77486491 100644
--- a/meta/conf/machine/qemumips64.conf
+++ b/meta/conf/machine/qemumips64.conf
@@ -11,6 +11,8 @@ QB_CPU = "-cpu MIPS64R2-generic"
KERNEL_IMAGETYPE = "vmlinux"
KERNEL_ALT_IMAGETYPE = "vmlinux.bin"
+UBOOT_MACHINE ?= "qemu_mips64_defconfig"
+
SERIAL_CONSOLES ?= "115200;ttyS0 115200;ttyS1"
QB_SYSTEM_NAME = "qemu-system-mips64"
diff --git a/meta/conf/multilib.conf b/meta/conf/multilib.conf
index 58f2ac5c86..d231107f8b 100644
--- a/meta/conf/multilib.conf
+++ b/meta/conf/multilib.conf
@@ -30,4 +30,4 @@ PKG_CONFIG_PATH[vardepvalueexclude] = ":${WORKDIR}/recipe-sysroot/${datadir}/pkg
# These recipes don't need multilib variants, the ${BPN} PROVDES/RPROVDES
# ${MLPREFIX}${BPN}
-NON_MULTILIB_RECIPES = "grub grub-efi make-mod-scripts ovmf"
+NON_MULTILIB_RECIPES = "grub grub-efi make-mod-scripts ovmf u-boot"
diff --git a/meta/conf/sanity.conf b/meta/conf/sanity.conf
index 8b2f655394..e2a18a16fa 100644
--- a/meta/conf/sanity.conf
+++ b/meta/conf/sanity.conf
@@ -3,7 +3,7 @@
# See sanity.bbclass
#
# Expert users can confirm their sanity with "touch conf/sanity.conf"
-BB_MIN_VERSION = "1.43.2"
+BB_MIN_VERSION = "1.46.0"
SANITY_ABIFILE = "${TMPDIR}/abi_version"
diff --git a/meta/lib/oeqa/core/runner.py b/meta/lib/oeqa/core/runner.py
index 00b7d0bb12..d50690ab37 100644
--- a/meta/lib/oeqa/core/runner.py
+++ b/meta/lib/oeqa/core/runner.py
@@ -195,6 +195,20 @@ class OETestResult(_TestResult):
report['log'] = log
if duration:
report['duration'] = duration
+
+ alltags = []
+ # pull tags from the case class
+ if hasattr(case, "__oeqa_testtags"):
+ alltags.extend(getattr(case, "__oeqa_testtags"))
+ # pull tags from the method itself
+ test_name = case._testMethodName
+ if hasattr(case, test_name):
+ method = getattr(case, test_name)
+ if hasattr(method, "__oeqa_testtags"):
+ alltags.extend(getattr(method, "__oeqa_testtags"))
+ if alltags:
+ report['oetags'] = alltags
+
if dump_streams and case.id() in self.logged_output:
(stdout, stderr) = self.logged_output[case.id()]
report['stdout'] = stdout
diff --git a/meta/lib/oeqa/core/target/ssh.py b/meta/lib/oeqa/core/target/ssh.py
index 090b40a814..aefb576805 100644
--- a/meta/lib/oeqa/core/target/ssh.py
+++ b/meta/lib/oeqa/core/target/ssh.py
@@ -107,13 +107,16 @@ class OESSHTarget(OETarget):
scpCmd = self.scp + [localSrc, remotePath]
return self._run(scpCmd, ignore_status=False)
- def copyFrom(self, remoteSrc, localDst):
+ def copyFrom(self, remoteSrc, localDst, warn_on_failure=False):
"""
Copy file from target.
"""
remotePath = '%s@%s:%s' % (self.user, self.ip, remoteSrc)
scpCmd = self.scp + [remotePath, localDst]
- return self._run(scpCmd, ignore_status=False)
+ (status, output) = self._run(scpCmd, ignore_status=warn_on_failure)
+ if warn_on_failure and status:
+ self.logger.warning("Copy returned non-zero exit status %d:\n%s" % (status, output))
+ return (status, output)
def copyDirTo(self, localSrc, remoteDst):
"""
diff --git a/meta/lib/oeqa/manual/bsp-hw.json b/meta/lib/oeqa/manual/bsp-hw.json
index a9bc7d4501..75b89758cb 100644
--- a/meta/lib/oeqa/manual/bsp-hw.json
+++ b/meta/lib/oeqa/manual/bsp-hw.json
@@ -125,28 +125,6 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-hw.shutdown_system",
- "author": [
- {
- "email": "alexandru.c.georgescu@intel.com",
- "name": "alexandru.c.georgescu@intel.com"
- }
- ],
- "execution": {
- "1": {
- "action": "boot system",
- "expected_results": ""
- },
- "2": {
- "action": "launch terminal and run \"shutdown -h now\" or \"poweroff\"",
- "expected_results": "System can be shutdown successfully . "
- }
- },
- "summary": "shutdown_system"
- }
- },
- {
- "test": {
"@alias": "bsps-hw.bsps-hw.switch_among_multi_applications_and_desktop",
"author": [
{
@@ -263,28 +241,6 @@
},
{
"test": {
- "@alias": "bsps-hw.bsps-hw.X_server_can_start_up_with_runlevel_5_boot",
- "author": [
- {
- "email": "alexandru.c.georgescu@intel.com",
- "name": "alexandru.c.georgescu@intel.com"
- }
- ],
- "execution": {
- "1": {
- "action": "boot up system with default runlevel \n\n",
- "expected_results": "X server can start up well and desktop display has no problem . \n\n"
- },
- "2": {
- "action": "type runlevel at command prompt",
- "expected_results": "Output:N 5"
- }
- },
- "summary": "X_server_can_start_up_with_runlevel_5_boot"
- }
- },
- {
- "test": {
"@alias": "bsps-hw.bsps-hw.standby",
"author": [
{
diff --git a/meta/lib/oeqa/runtime/cases/ltp.py b/meta/lib/oeqa/runtime/cases/ltp.py
index 6dc5ef22ad..a66d5d13d7 100644
--- a/meta/lib/oeqa/runtime/cases/ltp.py
+++ b/meta/lib/oeqa/runtime/cases/ltp.py
@@ -78,9 +78,10 @@ class LtpTest(LtpTestBase):
# copy nice log from DUT
dst = os.path.join(self.ltptest_log_dir, "%s" % ltp_group )
remote_src = "/opt/ltp/results/%s" % ltp_group
- (status, output) = self.target.copyFrom(remote_src, dst)
+ (status, output) = self.target.copyFrom(remote_src, dst, True)
msg = 'File could not be copied. Output: %s' % output
- self.assertEqual(status, 0, msg=msg)
+ if status:
+ self.target.logger.warning(msg)
parser = LtpParser()
results, sections = parser.parse(dst)
diff --git a/meta/lib/oeqa/sdk/case.py b/meta/lib/oeqa/sdk/case.py
index ebb03af9eb..c45882689c 100644
--- a/meta/lib/oeqa/sdk/case.py
+++ b/meta/lib/oeqa/sdk/case.py
@@ -26,7 +26,7 @@ class OESDKTestCase(OETestCase):
return tarball
tarball = os.path.join(workdir, archive)
- subprocess.check_output(["wget", "-O", tarball, url])
+ subprocess.check_output(["wget", "-O", tarball, url], stderr=subprocess.STDOUT)
return tarball
def check_elf(self, path, target_os=None, target_arch=None):
diff --git a/meta/lib/oeqa/sdk/cases/assimp.py b/meta/lib/oeqa/sdk/cases/assimp.py
index f26b17f2e9..f166758e49 100644
--- a/meta/lib/oeqa/sdk/cases/assimp.py
+++ b/meta/lib/oeqa/sdk/cases/assimp.py
@@ -30,7 +30,7 @@ class BuildAssimp(OESDKTestCase):
dirs["build"] = os.path.join(testdir, "build")
dirs["install"] = os.path.join(testdir, "install")
- subprocess.check_output(["tar", "xf", tarball, "-C", testdir])
+ subprocess.check_output(["tar", "xf", tarball, "-C", testdir], stderr=subprocess.STDOUT)
self.assertTrue(os.path.isdir(dirs["source"]))
os.makedirs(dirs["build"])
diff --git a/meta/lib/oeqa/sdk/cases/buildcpio.py b/meta/lib/oeqa/sdk/cases/buildcpio.py
index 902e93f623..681d0e750d 100644
--- a/meta/lib/oeqa/sdk/cases/buildcpio.py
+++ b/meta/lib/oeqa/sdk/cases/buildcpio.py
@@ -24,7 +24,7 @@ class BuildCpioTest(OESDKTestCase):
dirs["build"] = os.path.join(testdir, "build")
dirs["install"] = os.path.join(testdir, "install")
- subprocess.check_output(["tar", "xf", tarball, "-C", testdir])
+ subprocess.check_output(["tar", "xf", tarball, "-C", testdir], stderr=subprocess.STDOUT)
self.assertTrue(os.path.isdir(dirs["source"]))
os.makedirs(dirs["build"])
diff --git a/meta/lib/oeqa/sdk/cases/buildepoxy.py b/meta/lib/oeqa/sdk/cases/buildepoxy.py
index 4211955f8d..385f8ccca8 100644
--- a/meta/lib/oeqa/sdk/cases/buildepoxy.py
+++ b/meta/lib/oeqa/sdk/cases/buildepoxy.py
@@ -28,7 +28,7 @@ class EpoxyTest(OESDKTestCase):
dirs["build"] = os.path.join(testdir, "build")
dirs["install"] = os.path.join(testdir, "install")
- subprocess.check_output(["tar", "xf", tarball, "-C", testdir])
+ subprocess.check_output(["tar", "xf", tarball, "-C", testdir], stderr=subprocess.STDOUT)
self.assertTrue(os.path.isdir(dirs["source"]))
os.makedirs(dirs["build"])
diff --git a/meta/lib/oeqa/sdk/cases/buildgalculator.py b/meta/lib/oeqa/sdk/cases/buildgalculator.py
index bbaa5c55c9..4d85adcaf1 100644
--- a/meta/lib/oeqa/sdk/cases/buildgalculator.py
+++ b/meta/lib/oeqa/sdk/cases/buildgalculator.py
@@ -31,7 +31,7 @@ class GalculatorTest(OESDKTestCase):
dirs["build"] = os.path.join(testdir, "build")
dirs["install"] = os.path.join(testdir, "install")
- subprocess.check_output(["tar", "xf", tarball, "-C", testdir])
+ subprocess.check_output(["tar", "xf", tarball, "-C", testdir], stderr=subprocess.STDOUT)
self.assertTrue(os.path.isdir(dirs["source"]))
os.makedirs(dirs["build"])
diff --git a/meta/lib/oeqa/sdk/cases/buildlzip.py b/meta/lib/oeqa/sdk/cases/buildlzip.py
index 515acd2891..49ae756bf3 100644
--- a/meta/lib/oeqa/sdk/cases/buildlzip.py
+++ b/meta/lib/oeqa/sdk/cases/buildlzip.py
@@ -20,7 +20,7 @@ class BuildLzipTest(OESDKTestCase):
dirs["build"] = os.path.join(testdir, "build")
dirs["install"] = os.path.join(testdir, "install")
- subprocess.check_output(["tar", "xf", tarball, "-C", testdir])
+ subprocess.check_output(["tar", "xf", tarball, "-C", testdir], stderr=subprocess.STDOUT)
self.assertTrue(os.path.isdir(dirs["source"]))
os.makedirs(dirs["build"])
diff --git a/meta/lib/oeqa/selftest/cases/prservice.py b/meta/lib/oeqa/selftest/cases/prservice.py
index fe1f24ea6d..85b534963d 100644
--- a/meta/lib/oeqa/selftest/cases/prservice.py
+++ b/meta/lib/oeqa/selftest/cases/prservice.py
@@ -63,7 +63,7 @@ class BitbakePrTests(OESelftestTestCase):
pr_2 = self.get_pr_version(package_name)
stamp_2 = self.get_task_stamp(package_name, track_task)
- self.assertTrue(pr_2 - pr_1 == 1, "Step between same pkg. revision is greater than 1")
+ self.assertTrue(pr_2 - pr_1 == 1, "Step between pkg revisions is not 1 (was %s - %s)" % (pr_2, pr_1))
self.assertTrue(stamp_1 != stamp_2, "Different pkg rev. but same stamp: %s" % stamp_1)
def run_test_pr_export_import(self, package_name, replace_current_db=True):
@@ -89,7 +89,7 @@ class BitbakePrTests(OESelftestTestCase):
self.increment_package_pr(package_name)
pr_2 = self.get_pr_version(package_name)
- self.assertTrue(pr_2 - pr_1 == 1, "Step between same pkg. revision is greater than 1")
+ self.assertTrue(pr_2 - pr_1 == 1, "Step between pkg revisions is not 1 (was %s - %s)" % (pr_2, pr_1))
def test_import_export_replace_db(self):
self.run_test_pr_export_import('m4')
diff --git a/meta/lib/oeqa/selftest/cases/runtime_test.py b/meta/lib/oeqa/selftest/cases/runtime_test.py
index 60cb2e01a6..cd03069340 100644
--- a/meta/lib/oeqa/selftest/cases/runtime_test.py
+++ b/meta/lib/oeqa/selftest/cases/runtime_test.py
@@ -156,7 +156,7 @@ class TestImage(OESelftestTestCase):
self.gpg_home = tempfile.mkdtemp(prefix="oeqa-feed-sign-")
self.track_for_cleanup(self.gpg_home)
signing_key_dir = os.path.join(self.testlayer_path, 'files', 'signing')
- runCmd('gpg --batch --homedir %s --import %s' % (self.gpg_home, os.path.join(signing_key_dir, 'key.secret')), native_sysroot=get_bb_var("RECIPE_SYSROOT_NATIVE", "gnupg-native"))
+ runCmd('gpgconf --list-dirs --homedir %s; gpg -v --batch --homedir %s --import %s' % (self.gpg_home, self.gpg_home, os.path.join(signing_key_dir, 'key.secret')), native_sysroot=get_bb_var("RECIPE_SYSROOT_NATIVE", "gnupg-native"), shell=True)
features += 'INHERIT += "sign_package_feed"\n'
features += 'PACKAGE_FEED_GPG_NAME = "testuser"\n'
features += 'PACKAGE_FEED_GPG_PASSPHRASE_FILE = "%s"\n' % os.path.join(signing_key_dir, 'key.passphrase')
diff --git a/meta/lib/oeqa/selftest/cases/signing.py b/meta/lib/oeqa/selftest/cases/signing.py
index 202d54994b..a28c7eb19a 100644
--- a/meta/lib/oeqa/selftest/cases/signing.py
+++ b/meta/lib/oeqa/selftest/cases/signing.py
@@ -44,7 +44,9 @@ class Signing(OESelftestTestCase):
origenv = os.environ.copy()
for e in os.environ:
- if builddir in os.environ[e]:
+ if builddir + "/" in os.environ[e]:
+ os.environ[e] = os.environ[e].replace(builddir + "/", newbuilddir + "/")
+ if os.environ[e].endswith(builddir):
os.environ[e] = os.environ[e].replace(builddir, newbuilddir)
os.chdir(newbuilddir)
diff --git a/meta/lib/oeqa/selftest/cases/tinfoil.py b/meta/lib/oeqa/selftest/cases/tinfoil.py
index d1aa7b9afd..206168ed00 100644
--- a/meta/lib/oeqa/selftest/cases/tinfoil.py
+++ b/meta/lib/oeqa/selftest/cases/tinfoil.py
@@ -100,8 +100,9 @@ class TinfoilTests(OESelftestTestCase):
eventreceived = False
commandcomplete = False
start = time.time()
- # Wait for 5s in total so we'd detect spurious heartbeat events for example
- while time.time() - start < 5:
+ # Wait for 10s in total so we'd detect spurious heartbeat events for example
+ # The test is IO load sensitive too
+ while time.time() - start < 10:
event = tinfoil.wait_event(1)
if event:
if isinstance(event, bb.command.CommandCompleted):
diff --git a/meta/lib/oeqa/selftest/context.py b/meta/lib/oeqa/selftest/context.py
index 9baad58321..33557b1240 100644
--- a/meta/lib/oeqa/selftest/context.py
+++ b/meta/lib/oeqa/selftest/context.py
@@ -82,7 +82,9 @@ class OESelftestTestContext(OETestContext):
oe.path.copytree(selftestdir, newselftestdir)
for e in os.environ:
- if builddir + "/" in os.environ[e] or os.environ[e].endswith(builddir):
+ if builddir + "/" in os.environ[e]:
+ os.environ[e] = os.environ[e].replace(builddir + "/", newbuilddir + "/")
+ if os.environ[e].endswith(builddir):
os.environ[e] = os.environ[e].replace(builddir, newbuilddir)
subprocess.check_output("git init; git add *; git commit -a -m 'initial'", cwd=newselftestdir, shell=True)
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index b3291cb4b8..e796904f5b 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -11,6 +11,8 @@ SECTION = "bootloaders"
LICENSE = "GPLv3"
LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
+CVE_PRODUCT = "grub2"
+
SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://0001-Disable-mfpmath-sse-as-well-when-SSE-is-disabled.patch \
file://autogen.sh-exclude-pc.patch \
diff --git a/meta/recipes-bsp/u-boot/libubootenv_0.2.bb b/meta/recipes-bsp/u-boot/libubootenv_0.3.1.bb
index ea29b668e8..613e3161fb 100644
--- a/meta/recipes-bsp/u-boot/libubootenv_0.2.bb
+++ b/meta/recipes-bsp/u-boot/libubootenv_0.3.1.bb
@@ -10,13 +10,12 @@ LICENSE = "LGPL-2.1"
LIC_FILES_CHKSUM = "file://Licenses/lgpl-2.1.txt;md5=4fbd65380cdd255951079008b364516c"
SECTION = "libs"
-PV = "0.2+git${SRCPV}"
SRC_URI = "git://github.com/sbabic/libubootenv;protocol=https"
-SRCREV = "f4b9cde3815abe84a98079cedd515283ea08c16b"
+SRCREV = "824551ac77bab1d0f7ae34d7a7c77b155240e754"
S = "${WORKDIR}/git"
-inherit cmake lib_package
+inherit uboot-config cmake lib_package
EXTRA_OECMAKE = "-DCMAKE_BUILD_TYPE=Release"
@@ -24,4 +23,8 @@ DEPENDS = "zlib"
PROVIDES += "u-boot-fw-utils"
RPROVIDES_${PN}-bin += "u-boot-fw-utils"
+PACKAGE_ARCH = "${MACHINE_ARCH}"
+
+RRECOMMENDS_${PN}-bin_append_class-target = " u-boot-default-env"
+
BBCLASSEXTEND = "native"
diff --git a/meta/recipes-bsp/u-boot/u-boot.inc b/meta/recipes-bsp/u-boot/u-boot.inc
index 23cc795cab..a88a7a1120 100644
--- a/meta/recipes-bsp/u-boot/u-boot.inc
+++ b/meta/recipes-bsp/u-boot/u-boot.inc
@@ -70,16 +70,6 @@ UBOOT_EXTLINUX_INSTALL_DIR ?= "/boot/extlinux"
UBOOT_EXTLINUX_CONF_NAME ?= "extlinux.conf"
UBOOT_EXTLINUX_SYMLINK ?= "${UBOOT_EXTLINUX_CONF_NAME}-${MACHINE}-${PR}"
-# returns all the elements from the src uri that are .cfg files
-def find_cfgs(d):
- sources=src_patches(d, True)
- sources_list=[]
- for s in sources:
- if s.endswith('.cfg'):
- sources_list.append(s)
-
- return sources_list
-
do_configure () {
if [ -n "${UBOOT_CONFIG}" ]; then
unset i j
diff --git a/meta/recipes-connectivity/bind/bind_9.11.21.bb b/meta/recipes-connectivity/bind/bind_9.11.22.bb
index ee546a0a2c..7128bd3870 100644
--- a/meta/recipes-connectivity/bind/bind_9.11.21.bb
+++ b/meta/recipes-connectivity/bind/bind_9.11.22.bb
@@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
file://0001-avoid-start-failure-with-bind-user.patch \
"
-SRC_URI[sha256sum] = "668158b005b3de4328fa0dbbbb3f524b66f28f024c67538aa9412a9e69c9dfbc"
+SRC_URI[sha256sum] = "afc6d8015006f1cabf699ff19f517bb8fd9c1811e5231f26baf51c3550262ac9"
UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
# stay at 9.11 until 9.16, from 9.16 follow the ESV versions divisible by 4
diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc
index 150d909d73..f34ba0dce5 100644
--- a/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -42,8 +42,8 @@ PACKAGECONFIG[sixaxis] = "--enable-sixaxis,--disable-sixaxis"
PACKAGECONFIG[tools] = "--enable-tools,--disable-tools"
PACKAGECONFIG[threads] = "--enable-threads,--disable-threads"
PACKAGECONFIG[deprecated] = "--enable-deprecated,--disable-deprecated"
-PACKAGECONFIG[mesh] = "--enable-mesh,--disable-mesh, json-c ell"
-PACKAGECONFIG[btpclient] = "--enable-btpclient,--disable-btpclient, ell"
+PACKAGECONFIG[mesh] = "--enable-mesh --enable-external-ell,--disable-mesh, json-c ell"
+PACKAGECONFIG[btpclient] = "--enable-btpclient --enable-external-ell,--disable-btpclient, ell"
PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,udev"
SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
diff --git a/meta/recipes-core/busybox/busybox.inc b/meta/recipes-core/busybox/busybox.inc
index 6cfdcd7344..45aaa2b41c 100644
--- a/meta/recipes-core/busybox/busybox.inc
+++ b/meta/recipes-core/busybox/busybox.inc
@@ -133,16 +133,6 @@ do_prepare_config () {
fi
}
-# returns all the elements from the src uri that are .cfg files
-def find_cfgs(d):
- sources=src_patches(d, True)
- sources_list=[]
- for s in sources:
- if s.endswith('.cfg'):
- sources_list.append(s)
-
- return sources_list
-
do_configure () {
set -x
do_prepare_config
diff --git a/meta/recipes-core/ell/ell_0.32.bb b/meta/recipes-core/ell/ell_0.33.bb
index 07dc4d4cbb..2fa05104fb 100644
--- a/meta/recipes-core/ell/ell_0.32.bb
+++ b/meta/recipes-core/ell/ell_0.33.bb
@@ -14,7 +14,7 @@ DEPENDS = "dbus"
inherit autotools pkgconfig
SRC_URI = "https://mirrors.edge.kernel.org/pub/linux/libs/${BPN}/${BPN}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "42fdb9e24ff561a101389d51445cab1ff7d55f5385dc22a05b0493088cf99e30"
+SRC_URI[sha256sum] = "d9e40e641164150394b74b719b9726fc734f24b2cde679cf5f3be6915c34eded"
do_configure_prepend () {
mkdir -p ${S}/build-aux
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/0001-Do-not-write-bindir-into-pkg-config-files.patch b/meta/recipes-core/glib-2.0/glib-2.0/0001-Do-not-write-bindir-into-pkg-config-files.patch
index edac4c9f75..8dd959b7e2 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0/0001-Do-not-write-bindir-into-pkg-config-files.patch
+++ b/meta/recipes-core/glib-2.0/glib-2.0/0001-Do-not-write-bindir-into-pkg-config-files.patch
@@ -22,7 +22,7 @@ index 71e88c4..8ce3987 100644
@@ -831,14 +831,14 @@ pkg.generate(libgio,
'schemasdir=' + join_paths('${datadir}', schemas_subdir),
'bindir=' + join_paths('${prefix}', get_option('bindir')),
- 'giomoduledir=' + giomodulesdir,
+ 'giomoduledir=' + pkgconfig_giomodulesdir,
- 'gio=' + join_paths('${bindir}', 'gio'),
- 'gio_querymodules=' + join_paths('${bindir}', 'gio-querymodules'),
- 'glib_compile_schemas=' + join_paths('${bindir}', 'glib-compile-schemas'),
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/0011-GMainContext-Fix-GSource-iterator-if-iteration-can-m.patch b/meta/recipes-core/glib-2.0/glib-2.0/0011-GMainContext-Fix-GSource-iterator-if-iteration-can-m.patch
deleted file mode 100644
index 37b77d567c..0000000000
--- a/meta/recipes-core/glib-2.0/glib-2.0/0011-GMainContext-Fix-GSource-iterator-if-iteration-can-m.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From ef2be42998e3fc10299055a5a01f7c791538174c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
-Date: Mon, 3 Feb 2020 15:38:28 +0200
-Subject: [PATCH] GMainContext - Fix GSource iterator if iteration can modify
- the list
-
-We first have to ref the next source and then unref the previous one.
-This might be the last reference to the previous source, and freeing the
-previous source might unref and free the next one which would then leave
-use with a dangling pointer here.
-
-Fixes https://gitlab.gnome.org/GNOME/glib/issues/2031
-
-Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/b06c48de7554607ff3fb58d6c0510cfa5088e909]
-
----
- glib/gmain.c | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/glib/gmain.c b/glib/gmain.c
-index af979c8..a9a287d 100644
---- a/glib/gmain.c
-+++ b/glib/gmain.c
-@@ -969,13 +969,17 @@ g_source_iter_next (GSourceIter *iter, GSource **source)
- * GSourceList to be removed from source_lists (if iter->source is
- * the only source in its list, and it is destroyed), so we have to
- * keep it reffed until after we advance iter->current_list, above.
-+ *
-+ * Also we first have to ref the next source before unreffing the
-+ * previous one as unreffing the previous source can potentially
-+ * free the next one.
- */
-+ if (next_source && iter->may_modify)
-+ g_source_ref (next_source);
-
- if (iter->source && iter->may_modify)
- g_source_unref_internal (iter->source, iter->context, TRUE);
- iter->source = next_source;
-- if (iter->source && iter->may_modify)
-- g_source_ref (iter->source);
-
- *source = iter->source;
- return *source != NULL;
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/0012-GMainContext-Fix-memory-leaks-and-memory-corruption-.patch b/meta/recipes-core/glib-2.0/glib-2.0/0012-GMainContext-Fix-memory-leaks-and-memory-corruption-.patch
deleted file mode 100644
index cf97d9d3db..0000000000
--- a/meta/recipes-core/glib-2.0/glib-2.0/0012-GMainContext-Fix-memory-leaks-and-memory-corruption-.patch
+++ /dev/null
@@ -1,109 +0,0 @@
-From 611430a32a46d0dc806a829161e2dccf9c0196a8 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
-Date: Mon, 3 Feb 2020 15:35:51 +0200
-Subject: [PATCH] GMainContext - Fix memory leaks and memory corruption when
- freeing sources while freeing a context
-
-Instead of destroying sources directly while freeing the context, and
-potentially freeing them if this was the last reference to them, collect
-new references of all sources in a separate list before and at the same
-time invalidate their context so that they can't access it anymore. Only
-once all sources have their context invalidated, destroy them while
-still keeping a reference to them. Once all sources are destroyed we get
-rid of the additional references and free them if nothing else keeps a
-reference to them anymore.
-
-This fixes a regression introduced by 26056558be in 2012.
-
-The previous code that invalidated the context of each source and then
-destroyed it before going to the next source without keeping an
-additional reference caused memory leaks or memory corruption depending
-on the order of the sources in the sources lists.
-
-If a source was destroyed it might happen that this was the last
-reference to this source, and it would then be freed. This would cause
-the finalize function to be called, which might destroy and unref
-another source and potentially free it. This other source would then
-either
-- go through the normal free logic and change the intern linked list
- between the sources, while other sources that are unreffed as part of
- the main context freeing would not. As such the list would be in an
- inconsistent state and we might dereference freed memory.
-- go through the normal destroy and free logic but because the context
- pointer was already invalidated it would simply mark the source as
- destroyed without actually removing it from the context. This would
- then cause a memory leak because the reference owned by the context is
- not freed.
-
-Fixes https://github.com/gtk-rs/glib/issues/583 while still keeping
-https://bugzilla.gnome.org/show_bug.cgi?id=661767 fixes.
-
-Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/aa20167d419c649f34fed06a9463890b41b1eba0]
-
----
- glib/gmain.c | 35 ++++++++++++++++++++++++++++++++++-
- 1 file changed, 34 insertions(+), 1 deletion(-)
-
-diff --git a/glib/gmain.c b/glib/gmain.c
-index a9a287d..10ba2f8 100644
---- a/glib/gmain.c
-+++ b/glib/gmain.c
-@@ -538,6 +538,7 @@ g_main_context_unref (GMainContext *context)
- GSourceIter iter;
- GSource *source;
- GList *sl_iter;
-+ GSList *s_iter, *remaining_sources = NULL;
- GSourceList *list;
- guint i;
-
-@@ -557,10 +558,30 @@ g_main_context_unref (GMainContext *context)
-
- /* g_source_iter_next() assumes the context is locked. */
- LOCK_CONTEXT (context);
-- g_source_iter_init (&iter, context, TRUE);
-+
-+ /* First collect all remaining sources from the sources lists and store a
-+ * new reference in a separate list. Also set the context of the sources
-+ * to NULL so that they can't access a partially destroyed context anymore.
-+ *
-+ * We have to do this first so that we have a strong reference to all
-+ * sources and destroying them below does not also free them, and so that
-+ * none of the sources can access the context from their finalize/dispose
-+ * functions. */
-+ g_source_iter_init (&iter, context, FALSE);
- while (g_source_iter_next (&iter, &source))
- {
- source->context = NULL;
-+ remaining_sources = g_slist_prepend (remaining_sources, g_source_ref (source));
-+ }
-+ g_source_iter_clear (&iter);
-+
-+ /* Next destroy all sources. As we still hold a reference to all of them,
-+ * this won't cause any of them to be freed yet and especially prevents any
-+ * source that unrefs another source from its finalize function to be freed.
-+ */
-+ for (s_iter = remaining_sources; s_iter; s_iter = s_iter->next)
-+ {
-+ source = s_iter->data;
- g_source_destroy_internal (source, context, TRUE);
- }
- UNLOCK_CONTEXT (context);
-@@ -585,6 +606,18 @@ g_main_context_unref (GMainContext *context)
- g_cond_clear (&context->cond);
-
- g_free (context);
-+
-+ /* And now finally get rid of our references to the sources. This will cause
-+ * them to be freed unless something else still has a reference to them. Due
-+ * to setting the context pointers in the sources to NULL above, this won't
-+ * ever access the context or the internal linked list inside the GSource.
-+ * We already removed the sources completely from the context above. */
-+ for (s_iter = remaining_sources; s_iter; s_iter = s_iter->next)
-+ {
-+ source = s_iter->data;
-+ g_source_unref_internal (source, NULL, FALSE);
-+ }
-+ g_slist_free (remaining_sources);
- }
-
- /* Helper function used by mainloop/overflow test.
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/0013-GMainContext-Move-mutex-unlocking-in-destructor-righ.patch b/meta/recipes-core/glib-2.0/glib-2.0/0013-GMainContext-Move-mutex-unlocking-in-destructor-righ.patch
deleted file mode 100644
index 4c9e9f5182..0000000000
--- a/meta/recipes-core/glib-2.0/glib-2.0/0013-GMainContext-Move-mutex-unlocking-in-destructor-righ.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 3e9d85f1b75e2b1096d9643563d7d17380752fc7 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
-Date: Tue, 11 Feb 2020 09:34:38 +0200
-Subject: [PATCH] GMainContext - Move mutex unlocking in destructor right
- before freeing the mutex
-
-This does not have any behaviour changes but is cleaner. The mutex is
-only unlocked now after all operations on the context are done and right
-before freeing the mutex and the context itself.
-
-Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/730a75fc8e8271c38fbd5363d1f77a00876b9ddc]
-
----
- glib/gmain.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/glib/gmain.c b/glib/gmain.c
-index 10ba2f8..b1df470 100644
---- a/glib/gmain.c
-+++ b/glib/gmain.c
-@@ -584,7 +584,6 @@ g_main_context_unref (GMainContext *context)
- source = s_iter->data;
- g_source_destroy_internal (source, context, TRUE);
- }
-- UNLOCK_CONTEXT (context);
-
- for (sl_iter = context->source_lists; sl_iter; sl_iter = sl_iter->next)
- {
-@@ -595,6 +594,7 @@ g_main_context_unref (GMainContext *context)
-
- g_hash_table_destroy (context->sources);
-
-+ UNLOCK_CONTEXT (context);
- g_mutex_clear (&context->mutex);
-
- g_ptr_array_free (context->pending_dispatches, TRUE);
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/relocate-modules.patch b/meta/recipes-core/glib-2.0/glib-2.0/relocate-modules.patch
index fc320dcab8..36d32506e2 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0/relocate-modules.patch
+++ b/meta/recipes-core/glib-2.0/glib-2.0/relocate-modules.patch
@@ -31,8 +31,8 @@ index 1007abd..5380982 100644
#endif
#include <glib/gstdio.h>
-@@ -1158,7 +1160,15 @@ get_gio_module_dir (void)
- #endif
+@@ -1149,7 +1151,15 @@ get_gio_module_dir (void)
+ NULL);
g_free (install_dir);
#else
- module_dir = g_strdup (GIO_MODULE_DIR);
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.62.4.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb
index d496235003..911152ddaa 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0_2.62.4.bb
+++ b/meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb
@@ -16,15 +16,12 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
file://0001-Do-not-write-bindir-into-pkg-config-files.patch \
file://0001-meson-Run-atomics-test-on-clang-as-well.patch \
file://0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch \
- file://0011-GMainContext-Fix-GSource-iterator-if-iteration-can-m.patch \
- file://0012-GMainContext-Fix-memory-leaks-and-memory-corruption-.patch \
- file://0013-GMainContext-Move-mutex-unlocking-in-destructor-righ.patch \
"
SRC_URI_append_class-native = " file://relocate-modules.patch"
-SRC_URI[md5sum] = "d52234ecba128932bed90bbc3553bfe5"
-SRC_URI[sha256sum] = "4c84030d77fa9712135dfa8036ad663925655ae95b1d19399b6200e869925bbc"
+SRC_URI[md5sum] = "46bba5410ad4e75f65e4b2cc61a1afc8"
+SRC_URI[sha256sum] = "104fa26fbefae8024ff898330c671ec23ad075c1c0bce45c325c6d5657d58b9c"
# Find any meson cross files in FILESPATH that are relevant for the current
# build (using siteinfo) and add them to EXTRA_OEMESON.
diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc
index c2d68979eb..3bcd336de4 100644
--- a/meta/recipes-core/glibc/glibc-version.inc
+++ b/meta/recipes-core/glibc/glibc-version.inc
@@ -1,6 +1,6 @@
SRCBRANCH ?= "release/2.31/master"
PV = "2.31+git${SRCPV}"
-SRCREV_glibc ?= "109474122400ca7d60782b131dc867a5c1f2fe55"
+SRCREV_glibc ?= "6fdf971c9dbf7dac9bea552113fe4694015bbc4d"
SRCREV_localedef ?= "cd9f958c4c94a638fa7b2b4e21627364f1a1a655"
GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git"
diff --git a/meta/recipes-core/glibc/glibc/0016-Add-unused-attribute.patch b/meta/recipes-core/glibc/glibc/0016-Add-unused-attribute.patch
deleted file mode 100644
index 574e7c3503..0000000000
--- a/meta/recipes-core/glibc/glibc/0016-Add-unused-attribute.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From c323125744020a29f79e50dc4d024b55c482eafc Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Wed, 18 Mar 2015 00:28:41 +0000
-Subject: [PATCH] Add unused attribute
-
-Helps in avoiding gcc warning when header is is included in
-a source file which does not use both functions
-
- * iconv/gconv_charset.h (strip):
- Add unused attribute.
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
-Upstream-Status: Pending
----
- iconv/gconv_charset.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/iconv/gconv_charset.h b/iconv/gconv_charset.h
-index 348acc089b..fa92465d89 100644
---- a/iconv/gconv_charset.h
-+++ b/iconv/gconv_charset.h
-@@ -21,7 +21,7 @@
- #include <locale.h>
-
-
--static void
-+static void __attribute__ ((unused))
- strip (char *wp, const char *s)
- {
- int slash_count = 0;
diff --git a/meta/recipes-core/glibc/glibc/CVE-2020-6096.patch b/meta/recipes-core/glibc/glibc/CVE-2020-6096.patch
deleted file mode 100644
index 9c26f76432..0000000000
--- a/meta/recipes-core/glibc/glibc/CVE-2020-6096.patch
+++ /dev/null
@@ -1,112 +0,0 @@
-From beea361050728138b82c57dda0c4810402d342b9 Mon Sep 17 00:00:00 2001
-From: Alexander Anisimov <a.anisimov@omprussia.ru>
-Date: Wed, 8 Jul 2020 14:18:31 +0200
-Subject: [PATCH] arm: CVE-2020-6096: Fix multiarch memcpy for negative length
- [BZ #25620]
-
-Unsigned branch instructions could be used for r2 to fix the wrong
-behavior when a negative length is passed to memcpy.
-This commit fixes the armv7 version.
-
-Upstream-Status: Backport
-CVE: CVE-2020-6096 patch #1
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- sysdeps/arm/armv7/multiarch/memcpy_impl.S | 22 +++++++++++-----------
- 1 file changed, 11 insertions(+), 11 deletions(-)
-
-diff --git a/sysdeps/arm/armv7/multiarch/memcpy_impl.S b/sysdeps/arm/armv7/multiarch/memcpy_impl.S
-index bf4ac7077f..379bb56fc9 100644
---- a/sysdeps/arm/armv7/multiarch/memcpy_impl.S
-+++ b/sysdeps/arm/armv7/multiarch/memcpy_impl.S
-@@ -268,7 +268,7 @@ ENTRY(memcpy)
-
- mov dst, dstin /* Preserve dstin, we need to return it. */
- cmp count, #64
-- bge .Lcpy_not_short
-+ bhs .Lcpy_not_short
- /* Deal with small copies quickly by dropping straight into the
- exit block. */
-
-@@ -351,10 +351,10 @@ ENTRY(memcpy)
-
- 1:
- subs tmp2, count, #64 /* Use tmp2 for count. */
-- blt .Ltail63aligned
-+ blo .Ltail63aligned
-
- cmp tmp2, #512
-- bge .Lcpy_body_long
-+ bhs .Lcpy_body_long
-
- .Lcpy_body_medium: /* Count in tmp2. */
- #ifdef USE_VFP
-@@ -378,7 +378,7 @@ ENTRY(memcpy)
- add src, src, #64
- vstr d1, [dst, #56]
- add dst, dst, #64
-- bge 1b
-+ bhs 1b
- tst tmp2, #0x3f
- beq .Ldone
-
-@@ -412,7 +412,7 @@ ENTRY(memcpy)
- ldrd A_l, A_h, [src, #64]!
- strd A_l, A_h, [dst, #64]!
- subs tmp2, tmp2, #64
-- bge 1b
-+ bhs 1b
- tst tmp2, #0x3f
- bne 1f
- ldr tmp2,[sp], #FRAME_SIZE
-@@ -482,7 +482,7 @@ ENTRY(memcpy)
- add src, src, #32
-
- subs tmp2, tmp2, #prefetch_lines * 64 * 2
-- blt 2f
-+ blo 2f
- 1:
- cpy_line_vfp d3, 0
- cpy_line_vfp d4, 64
-@@ -494,7 +494,7 @@ ENTRY(memcpy)
- add dst, dst, #2 * 64
- add src, src, #2 * 64
- subs tmp2, tmp2, #prefetch_lines * 64
-- bge 1b
-+ bhs 1b
-
- 2:
- cpy_tail_vfp d3, 0
-@@ -615,8 +615,8 @@ ENTRY(memcpy)
- 1:
- pld [src, #(3 * 64)]
- subs count, count, #64
-- ldrmi tmp2, [sp], #FRAME_SIZE
-- bmi .Ltail63unaligned
-+ ldrlo tmp2, [sp], #FRAME_SIZE
-+ blo .Ltail63unaligned
- pld [src, #(4 * 64)]
-
- #ifdef USE_NEON
-@@ -633,7 +633,7 @@ ENTRY(memcpy)
- neon_load_multi d0-d3, src
- neon_load_multi d4-d7, src
- subs count, count, #64
-- bmi 2f
-+ blo 2f
- 1:
- pld [src, #(4 * 64)]
- neon_store_multi d0-d3, dst
-@@ -641,7 +641,7 @@ ENTRY(memcpy)
- neon_store_multi d4-d7, dst
- neon_load_multi d4-d7, src
- subs count, count, #64
-- bpl 1b
-+ bhs 1b
- 2:
- neon_store_multi d0-d3, dst
- neon_store_multi d4-d7, dst
---
-2.17.1
-
diff --git a/meta/recipes-core/glibc/glibc/CVE-2020-6096_2.patch b/meta/recipes-core/glibc/glibc/CVE-2020-6096_2.patch
deleted file mode 100644
index 905e44c8e3..0000000000
--- a/meta/recipes-core/glibc/glibc/CVE-2020-6096_2.patch
+++ /dev/null
@@ -1,194 +0,0 @@
-From 79a4fa341b8a89cb03f84564fd72abaa1a2db394 Mon Sep 17 00:00:00 2001
-From: Evgeny Eremin <e.eremin@omprussia.ru>
-Date: Wed, 8 Jul 2020 14:18:19 +0200
-Subject: [PATCH] arm: CVE-2020-6096: fix memcpy and memmove for negative
- length [BZ #25620]
-
-Unsigned branch instructions could be used for r2 to fix the wrong
-behavior when a negative length is passed to memcpy and memmove.
-This commit fixes the generic arm implementation of memcpy amd memmove.
-
-Upstream-Status: Backport
-CVE: CVE-2020-6096 patch #2
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- sysdeps/arm/memcpy.S | 24 ++++++++++--------------
- sysdeps/arm/memmove.S | 24 ++++++++++--------------
- 2 files changed, 20 insertions(+), 28 deletions(-)
-
-diff --git a/sysdeps/arm/memcpy.S b/sysdeps/arm/memcpy.S
-index 510e8adaf2..bcfbc51d99 100644
---- a/sysdeps/arm/memcpy.S
-+++ b/sysdeps/arm/memcpy.S
-@@ -68,7 +68,7 @@ ENTRY(memcpy)
- cfi_remember_state
-
- subs r2, r2, #4
-- blt 8f
-+ blo 8f
- ands ip, r0, #3
- PLD( pld [r1, #0] )
- bne 9f
-@@ -82,7 +82,7 @@ ENTRY(memcpy)
- cfi_rel_offset (r6, 4)
- cfi_rel_offset (r7, 8)
- cfi_rel_offset (r8, 12)
-- blt 5f
-+ blo 5f
-
- CALGN( ands ip, r1, #31 )
- CALGN( rsb r3, ip, #32 )
-@@ -98,9 +98,9 @@ ENTRY(memcpy)
- #endif
-
- PLD( pld [r1, #0] )
--2: PLD( subs r2, r2, #96 )
-+2: PLD( cmp r2, #96 )
- PLD( pld [r1, #28] )
-- PLD( blt 4f )
-+ PLD( blo 4f )
- PLD( pld [r1, #60] )
- PLD( pld [r1, #92] )
-
-@@ -108,9 +108,7 @@ ENTRY(memcpy)
- 4: ldmia r1!, {r3, r4, r5, r6, r7, r8, ip, lr}
- subs r2, r2, #32
- stmia r0!, {r3, r4, r5, r6, r7, r8, ip, lr}
-- bge 3b
-- PLD( cmn r2, #96 )
-- PLD( bge 4b )
-+ bhs 3b
-
- 5: ands ip, r2, #28
- rsb ip, ip, #32
-@@ -222,7 +220,7 @@ ENTRY(memcpy)
- strbge r4, [r0], #1
- subs r2, r2, ip
- strb lr, [r0], #1
-- blt 8b
-+ blo 8b
- ands ip, r1, #3
- beq 1b
-
-@@ -236,7 +234,7 @@ ENTRY(memcpy)
- .macro forward_copy_shift pull push
-
- subs r2, r2, #28
-- blt 14f
-+ blo 14f
-
- CALGN( ands ip, r1, #31 )
- CALGN( rsb ip, ip, #32 )
-@@ -253,9 +251,9 @@ ENTRY(memcpy)
- cfi_rel_offset (r10, 16)
-
- PLD( pld [r1, #0] )
-- PLD( subs r2, r2, #96 )
-+ PLD( cmp r2, #96 )
- PLD( pld [r1, #28] )
-- PLD( blt 13f )
-+ PLD( blo 13f )
- PLD( pld [r1, #60] )
- PLD( pld [r1, #92] )
-
-@@ -280,9 +278,7 @@ ENTRY(memcpy)
- mov ip, ip, PULL #\pull
- orr ip, ip, lr, PUSH #\push
- stmia r0!, {r3, r4, r5, r6, r7, r8, r10, ip}
-- bge 12b
-- PLD( cmn r2, #96 )
-- PLD( bge 13b )
-+ bhs 12b
-
- pop {r5 - r8, r10}
- cfi_adjust_cfa_offset (-20)
-diff --git a/sysdeps/arm/memmove.S b/sysdeps/arm/memmove.S
-index 954037ef3a..0d07b76ee6 100644
---- a/sysdeps/arm/memmove.S
-+++ b/sysdeps/arm/memmove.S
-@@ -85,7 +85,7 @@ ENTRY(memmove)
- add r1, r1, r2
- add r0, r0, r2
- subs r2, r2, #4
-- blt 8f
-+ blo 8f
- ands ip, r0, #3
- PLD( pld [r1, #-4] )
- bne 9f
-@@ -99,7 +99,7 @@ ENTRY(memmove)
- cfi_rel_offset (r6, 4)
- cfi_rel_offset (r7, 8)
- cfi_rel_offset (r8, 12)
-- blt 5f
-+ blo 5f
-
- CALGN( ands ip, r1, #31 )
- CALGN( sbcsne r4, ip, r2 ) @ C is always set here
-@@ -114,9 +114,9 @@ ENTRY(memmove)
- #endif
-
- PLD( pld [r1, #-4] )
--2: PLD( subs r2, r2, #96 )
-+2: PLD( cmp r2, #96 )
- PLD( pld [r1, #-32] )
-- PLD( blt 4f )
-+ PLD( blo 4f )
- PLD( pld [r1, #-64] )
- PLD( pld [r1, #-96] )
-
-@@ -124,9 +124,7 @@ ENTRY(memmove)
- 4: ldmdb r1!, {r3, r4, r5, r6, r7, r8, ip, lr}
- subs r2, r2, #32
- stmdb r0!, {r3, r4, r5, r6, r7, r8, ip, lr}
-- bge 3b
-- PLD( cmn r2, #96 )
-- PLD( bge 4b )
-+ bhs 3b
-
- 5: ands ip, r2, #28
- rsb ip, ip, #32
-@@ -237,7 +235,7 @@ ENTRY(memmove)
- strbge r4, [r0, #-1]!
- subs r2, r2, ip
- strb lr, [r0, #-1]!
-- blt 8b
-+ blo 8b
- ands ip, r1, #3
- beq 1b
-
-@@ -251,7 +249,7 @@ ENTRY(memmove)
- .macro backward_copy_shift push pull
-
- subs r2, r2, #28
-- blt 14f
-+ blo 14f
-
- CALGN( ands ip, r1, #31 )
- CALGN( rsb ip, ip, #32 )
-@@ -268,9 +266,9 @@ ENTRY(memmove)
- cfi_rel_offset (r10, 16)
-
- PLD( pld [r1, #-4] )
-- PLD( subs r2, r2, #96 )
-+ PLD( cmp r2, #96 )
- PLD( pld [r1, #-32] )
-- PLD( blt 13f )
-+ PLD( blo 13f )
- PLD( pld [r1, #-64] )
- PLD( pld [r1, #-96] )
-
-@@ -295,9 +293,7 @@ ENTRY(memmove)
- mov r4, r4, PUSH #\push
- orr r4, r4, r3, PULL #\pull
- stmdb r0!, {r4 - r8, r10, ip, lr}
-- bge 12b
-- PLD( cmn r2, #96 )
-- PLD( bge 13b )
-+ bhs 12b
-
- pop {r5 - r8, r10}
- cfi_adjust_cfa_offset (-20)
---
-2.17.1
-
diff --git a/meta/recipes-core/glibc/glibc_2.31.bb b/meta/recipes-core/glibc/glibc_2.31.bb
index e8e11f5438..3d486fbb59 100644
--- a/meta/recipes-core/glibc/glibc_2.31.bb
+++ b/meta/recipes-core/glibc/glibc_2.31.bb
@@ -1,7 +1,7 @@
require glibc.inc
require glibc-version.inc
-CVE_CHECK_WHITELIST += "CVE-2020-10029"
+CVE_CHECK_WHITELIST += "CVE-2020-10029 CVE-2020-6096 CVE-2016-10228 CVE-2020-1751 CVE-2020-1752"
DEPENDS += "gperf-native bison-native make-native"
@@ -28,7 +28,6 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0013-eglibc-run-libm-err-tab.pl-with-specific-dirs-in-S.patch \
file://0014-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch \
file://0015-sysdeps-gnu-configure.ac-handle-correctly-libc_cv_ro.patch \
- file://0016-Add-unused-attribute.patch \
file://0017-yes-within-the-path-sets-wrong-config-variables.patch \
file://0018-timezone-re-written-tzselect-as-posix-sh.patch \
file://0019-Remove-bash-dependency-for-nscd-init-script.patch \
@@ -42,8 +41,6 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0027-intl-Emit-no-lines-in-bison-generated-files.patch \
file://0028-inject-file-assembly-directives.patch \
file://0029-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \
- file://CVE-2020-6096.patch \
- file://CVE-2020-6096_2.patch \
"
S = "${WORKDIR}/git"
B = "${WORKDIR}/build-${TARGET_SYS}"
diff --git a/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/meta/recipes-core/images/build-appliance-image_15.0.0.bb
index 3e1ffe1975..4f935be730 100644
--- a/meta/recipes-core/images/build-appliance-image_15.0.0.bb
+++ b/meta/recipes-core/images/build-appliance-image_15.0.0.bb
@@ -24,7 +24,7 @@ IMAGE_FSTYPES = "wic.vmdk"
inherit core-image module-base setuptools3
-SRCREV ?= "ff7dbd392aced161a79303f5312c2b356f3305dc"
+SRCREV ?= "5ad59495782e8dbcb2b9d18e27ca4bde131465b4"
SRC_URI = "git://git.yoctoproject.org/poky;branch=dunfell \
file://Yocto_Build_Appliance.vmx \
file://Yocto_Build_Appliance.vmxf \
diff --git a/meta/recipes-core/initrdscripts/initramfs-framework/init b/meta/recipes-core/initrdscripts/initramfs-framework/init
index c71ce0ce8c..567694aff7 100755
--- a/meta/recipes-core/initrdscripts/initramfs-framework/init
+++ b/meta/recipes-core/initrdscripts/initramfs-framework/init
@@ -88,12 +88,25 @@ fi
# populate bootparam environment
for p in `cat /proc/cmdline`; do
+ if [ -n "$quoted" ]; then
+ value="$value $p"
+ if [ "`echo $p | sed -e 's/\"$//'`" != "$p" ]; then
+ eval "bootparam_${quoted}=${value}"
+ unset quoted
+ fi
+ continue
+ fi
+
opt=`echo $p | cut -d'=' -f1`
opt=`echo $opt | sed -e 'y/.-/__/'`
if [ "`echo $p | cut -d'=' -f1`" = "$p" ]; then
eval "bootparam_${opt}=true"
else
value="`echo $p | cut -d'=' -f2-`"
+ if [ "`echo $value | sed -e 's/^\"//'`" != "$value" ]; then
+ quoted=${opt}
+ continue
+ fi
eval "bootparam_${opt}=\"${value}\""
fi
done
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2020-24977.patch b/meta/recipes-core/libxml/libxml2/CVE-2020-24977.patch
new file mode 100644
index 0000000000..8224346660
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2020-24977.patch
@@ -0,0 +1,41 @@
+From 50f06b3efb638efb0abd95dc62dca05ae67882c2 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Fri, 7 Aug 2020 21:54:27 +0200
+Subject: [PATCH] Fix out-of-bounds read with 'xmllint --htmlout'
+
+Make sure that truncated UTF-8 sequences don't cause an out-of-bounds
+array access.
+
+Thanks to @SuhwanSong and the Agency for Defense Development (ADD) for
+the report.
+
+Fixes #178.
+
+CVE: CVE-2020-24977
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2]
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ xmllint.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/xmllint.c b/xmllint.c
+index f6a8e463..c647486f 100644
+--- a/xmllint.c
++++ b/xmllint.c
+@@ -528,6 +528,12 @@ static void
+ xmlHTMLEncodeSend(void) {
+ char *result;
+
++ /*
++ * xmlEncodeEntitiesReentrant assumes valid UTF-8, but the buffer might
++ * end with a truncated UTF-8 sequence. This is a hack to at least avoid
++ * an out-of-bounds read.
++ */
++ memset(&buffer[sizeof(buffer)-4], 0, 4);
+ result = (char *) xmlEncodeEntitiesReentrant(NULL, BAD_CAST buffer);
+ if (result) {
+ xmlGenericError(xmlGenericErrorContext, "%s", result);
+--
+2.17.1
+
diff --git a/meta/recipes-core/libxml/libxml2_2.9.10.bb b/meta/recipes-core/libxml/libxml2_2.9.10.bb
index 097aceb2c0..4ebfb9e556 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.10.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.10.bb
@@ -22,6 +22,7 @@ SRC_URI = "http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \
file://fix-execution-of-ptests.patch \
file://CVE-2020-7595.patch \
file://CVE-2019-20388.patch \
+ file://CVE-2020-24977.patch \
"
SRC_URI[libtar.md5sum] = "10942a1dc23137a8aa07f0639cbfece5"
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index 32d6dbdffc..328f6ab364 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -29,6 +29,7 @@ python do_populate_cve_db() {
Update NVD database with json data feed
"""
import bb.utils
+ import bb.progress
import sqlite3, urllib, urllib.parse, shutil, gzip
from datetime import date
@@ -49,10 +50,7 @@ python do_populate_cve_db() {
except OSError:
pass
- cve_f = open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a')
-
- if not os.path.isdir(db_dir):
- os.mkdir(db_dir)
+ bb.utils.mkdirhier(db_dir)
# Connect to database
conn = sqlite3.connect(db_file)
@@ -60,56 +58,60 @@ python do_populate_cve_db() {
initialize_db(c)
- for year in range(YEAR_START, date.today().year + 1):
- year_url = BASE_URL + str(year)
- meta_url = year_url + ".meta"
- json_url = year_url + ".json.gz"
-
- # Retrieve meta last modified date
- try:
- response = urllib.request.urlopen(meta_url)
- except urllib.error.URLError as e:
- cve_f.write('Warning: CVE db update error, Unable to fetch CVE data.\n\n')
- bb.warn("Failed to fetch CVE data (%s)" % e.reason)
- return
-
- if response:
- for l in response.read().decode("utf-8").splitlines():
- key, value = l.split(":", 1)
- if key == "lastModifiedDate":
- last_modified = value
- break
- else:
- bb.warn("Cannot parse CVE metadata, update failed")
- return
-
- # Compare with current db last modified date
- c.execute("select DATE from META where YEAR = ?", (year,))
- meta = c.fetchone()
- if not meta or meta[0] != last_modified:
- # Clear products table entries corresponding to current year
- c.execute("delete from PRODUCTS where ID like ?", ('CVE-%d%%' % year,))
+ with bb.progress.ProgressHandler(d) as ph, open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') as cve_f:
+ total_years = date.today().year + 1 - YEAR_START
+ for i, year in enumerate(range(YEAR_START, date.today().year + 1)):
+ ph.update((float(i + 1) / total_years) * 100)
+ year_url = BASE_URL + str(year)
+ meta_url = year_url + ".meta"
+ json_url = year_url + ".json.gz"
- # Update db with current year json file
+ # Retrieve meta last modified date
try:
- response = urllib.request.urlopen(json_url)
- if response:
- update_db(c, gzip.decompress(response.read()).decode('utf-8'))
- c.execute("insert or replace into META values (?, ?)", [year, last_modified])
+ response = urllib.request.urlopen(meta_url)
except urllib.error.URLError as e:
- cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n')
- bb.warn("Cannot parse CVE data (%s), update failed" % e.reason)
+ cve_f.write('Warning: CVE db update error, Unable to fetch CVE data.\n\n')
+ bb.warn("Failed to fetch CVE data (%s)" % e.reason)
return
- # Update success, set the date to cve_check file.
- if year == date.today().year:
- cve_f.write('CVE database update : %s\n\n' % date.today())
-
- cve_f.close()
- conn.commit()
- conn.close()
+ if response:
+ for l in response.read().decode("utf-8").splitlines():
+ key, value = l.split(":", 1)
+ if key == "lastModifiedDate":
+ last_modified = value
+ break
+ else:
+ bb.warn("Cannot parse CVE metadata, update failed")
+ return
+
+ # Compare with current db last modified date
+ c.execute("select DATE from META where YEAR = ?", (year,))
+ meta = c.fetchone()
+ if not meta or meta[0] != last_modified:
+ # Clear products table entries corresponding to current year
+ c.execute("delete from PRODUCTS where ID like ?", ('CVE-%d%%' % year,))
+
+ # Update db with current year json file
+ try:
+ response = urllib.request.urlopen(json_url)
+ if response:
+ update_db(c, gzip.decompress(response.read()).decode('utf-8'))
+ c.execute("insert or replace into META values (?, ?)", [year, last_modified])
+ except urllib.error.URLError as e:
+ cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n')
+ bb.warn("Cannot parse CVE data (%s), update failed" % e.reason)
+ return
+
+ # Update success, set the date to cve_check file.
+ if year == date.today().year:
+ cve_f.write('CVE database update : %s\n\n' % date.today())
+
+ conn.commit()
+ conn.close()
}
+do_populate_cve_db[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}"
+
def initialize_db(c):
c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)")
diff --git a/meta/recipes-core/systemd/systemd-serialgetty.bb b/meta/recipes-core/systemd/systemd-serialgetty.bb
index 044c6c5b67..0cc0dc8c79 100644
--- a/meta/recipes-core/systemd/systemd-serialgetty.bb
+++ b/meta/recipes-core/systemd/systemd-serialgetty.bb
@@ -21,7 +21,7 @@ do_install() {
install -d ${D}${systemd_unitdir}/system/
install -d ${D}${sysconfdir}/systemd/system/getty.target.wants/
install -m 0644 ${WORKDIR}/serial-getty@.service ${D}${systemd_unitdir}/system/
- sed -i -e s/\@BAUDRATE\@/$default_baudrate/g ${D}${systemd_unitdir}/system/serial-getty@.service
+ sed -i -e "s/\@BAUDRATE\@/$default_baudrate/g" ${D}${systemd_unitdir}/system/serial-getty@.service
tmp="${SERIAL_CONSOLES}"
for entry in $tmp ; do
@@ -34,7 +34,7 @@ do_install() {
else
# install custom service file for the non-default baudrate
install -m 0644 ${WORKDIR}/serial-getty@.service ${D}${systemd_unitdir}/system/serial-getty$baudrate@.service
- sed -i -e s/\@BAUDRATE\@/$baudrate/g ${D}${systemd_unitdir}/system/serial-getty$baudrate@.service
+ sed -i -e "s/\@BAUDRATE\@/$baudrate/g" ${D}${systemd_unitdir}/system/serial-getty$baudrate@.service
# enable the service
ln -sf ${systemd_unitdir}/system/serial-getty$baudrate@.service \
${D}${sysconfdir}/systemd/system/getty.target.wants/serial-getty$baudrate@$ttydev.service
diff --git a/meta/recipes-core/sysvinit/sysvinit_2.96.bb b/meta/recipes-core/sysvinit/sysvinit_2.96.bb
index d2b85ed9c0..7358f02385 100644
--- a/meta/recipes-core/sysvinit/sysvinit_2.96.bb
+++ b/meta/recipes-core/sysvinit/sysvinit_2.96.bb
@@ -25,7 +25,6 @@ SRC_URI[md5sum] = "48cebffebf2a96ab09bec14bf9976016"
SRC_URI[sha256sum] = "2a2e26b72aa235a23ab1c8471005f890309ce1196c83fbc9413c57b9ab62b587"
S = "${WORKDIR}/sysvinit-${PV}"
-B = "${S}/src"
inherit update-alternatives features_check
DEPENDS_append = " update-rc.d-native base-passwd virtual/crypt"
diff --git a/meta/recipes-core/util-linux/util-linux.inc b/meta/recipes-core/util-linux/util-linux.inc
index 532cceb935..248dfc1b6e 100644
--- a/meta/recipes-core/util-linux/util-linux.inc
+++ b/meta/recipes-core/util-linux/util-linux.inc
@@ -247,12 +247,14 @@ ALTERNATIVE_LINK_NAME[logger] = "${bindir}/logger"
ALTERNATIVE_LINK_NAME[losetup] = "${base_sbindir}/losetup"
ALTERNATIVE_LINK_NAME[mesg] = "${bindir}/mesg"
ALTERNATIVE_LINK_NAME[mkswap] = "${base_sbindir}/mkswap"
+ALTERNATIVE_LINK_NAME[mcookie] = "${bindir}/mcookie"
ALTERNATIVE_LINK_NAME[more] = "${base_bindir}/more"
ALTERNATIVE_LINK_NAME[mount] = "${base_bindir}/mount"
ALTERNATIVE_LINK_NAME[mountpoint] = "${base_bindir}/mountpoint"
ALTERNATIVE_LINK_NAME[nologin] = "${base_sbindir}/nologin"
ALTERNATIVE_LINK_NAME[nsenter] = "${bindir}/nsenter"
ALTERNATIVE_LINK_NAME[pivot_root] = "${base_sbindir}/pivot_root"
+ALTERNATIVE_LINK_NAME[prlimit] = "${bindir}/prlimit"
ALTERNATIVE_LINK_NAME[readprofile] = "${sbindir}/readprofile"
ALTERNATIVE_LINK_NAME[renice] = "${bindir}/renice"
ALTERNATIVE_LINK_NAME[rev] = "${bindir}/rev"
@@ -269,6 +271,7 @@ ALTERNATIVE_LINK_NAME[taskset] = "${bindir}/taskset"
ALTERNATIVE_LINK_NAME[umount] = "${base_bindir}/umount"
ALTERNATIVE_LINK_NAME[unshare] = "${bindir}/unshare"
ALTERNATIVE_LINK_NAME[utmpdump] = "${bindir}/utmpdump"
+ALTERNATIVE_LINK_NAME[uuidgen] = "${bindir}/uuidgen"
ALTERNATIVE_LINK_NAME[wall] = "${bindir}/wall"
ALTERNATIVE_${PN}-doc = "\
diff --git a/meta/recipes-devtools/autoconf/autoconf.inc b/meta/recipes-devtools/autoconf/autoconf.inc
index 2c87bf8296..36a48d9116 100644
--- a/meta/recipes-devtools/autoconf/autoconf.inc
+++ b/meta/recipes-devtools/autoconf/autoconf.inc
@@ -5,9 +5,8 @@ file that lists the operating system features that the package can use, in the f
LICENSE = "GPLv3"
HOMEPAGE = "http://www.gnu.org/software/autoconf/"
SECTION = "devel"
-DEPENDS += "m4-native"
-DEPENDS_class-native = "m4-native gnu-config-native"
-DEPENDS_class-nativesdk = "nativesdk-m4 nativesdk-gnu-config"
+DEPENDS = "m4-native gnu-config-native"
+
RDEPENDS_${PN} = "m4 gnu-config \
perl \
perl-module-bytes \
diff --git a/meta/recipes-devtools/cmake/cmake.inc b/meta/recipes-devtools/cmake/cmake.inc
index 09949b566c..a2c7d513b3 100644
--- a/meta/recipes-devtools/cmake/cmake.inc
+++ b/meta/recipes-devtools/cmake/cmake.inc
@@ -26,3 +26,7 @@ SRC_URI[md5sum] = "d86ccaf3d2462b6b5947919abe5b9f15"
SRC_URI[sha256sum] = "5f760b50b8ecc9c0c37135fae5fbf00a2fef617059aa9d61c1bb91653e5a8bfc"
UPSTREAM_CHECK_REGEX = "cmake-(?P<pver>\d+(\.\d+)+)\.tar"
+
+# This is specific to the npm package that installs cmake, so isn't
+# relevant to OpenEmbedded
+CVE_CHECK_WHITELIST += "CVE-2016-10642"
diff --git a/meta/recipes-devtools/gcc/gcc-9.3.inc b/meta/recipes-devtools/gcc/gcc-9.3.inc
index b0411078d3..38dee001d4 100644
--- a/meta/recipes-devtools/gcc/gcc-9.3.inc
+++ b/meta/recipes-devtools/gcc/gcc-9.3.inc
@@ -23,6 +23,8 @@ LIC_FILES_CHKSUM = "\
file://COPYING.RUNTIME;md5=fe60d87048567d4fe8c8a0ed2448bcc8 \
"
+CVE_CHECK_WHITELIST += "CVE-2019-15847"
+
BASEURI ?= "${GNU_MIRROR}/gcc/gcc-${PV}/gcc-${PV}.tar.xz"
#RELEASE ?= "5a5ca2d"
#BASEURI ?= "https://repo.or.cz/official-gcc.git/snapshot/${RELEASE}.tar.gz;downloadfilename=gcc-${RELEASE}.tar.gz"
diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc
index c52593db6b..8f8ed89de8 100644
--- a/meta/recipes-devtools/go/go-1.14.inc
+++ b/meta/recipes-devtools/go/go-1.14.inc
@@ -1,7 +1,7 @@
require go-common.inc
GO_BASEVERSION = "1.14"
-GO_MINOR = ".1"
+GO_MINOR = ".7"
PV .= "${GO_MINOR}"
FILESEXTRAPATHS_prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"
@@ -18,5 +18,4 @@ SRC_URI += "\
file://0008-use-GOBUILDMODE-to-set-buildmode.patch \
"
SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
-
-SRC_URI[main.sha256sum] = "2ad2572115b0d1b4cb4c138e6b3a31cee6294cb48af75ee86bec3dca04507676"
+SRC_URI[main.sha256sum] = "064392433563660c73186991c0a315787688e7c38a561e26647686f89b6c30e3"
diff --git a/meta/recipes-devtools/json-c/json-c/CVE-2020-12762.patch b/meta/recipes-devtools/json-c/json-c/CVE-2020-12762.patch
new file mode 100644
index 0000000000..50674f0c5c
--- /dev/null
+++ b/meta/recipes-devtools/json-c/json-c/CVE-2020-12762.patch
@@ -0,0 +1,231 @@
+From 865b5a65199973bb63dff8e47a2f57e04fec9736 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
+Date: Thu, 14 May 2020 12:32:30 +0200
+Subject: [PATCH] Fix CVE-2020-12762.
+
+This commit is a squashed backport of the following commits
+on the master branch:
+
+ * 099016b7e8d70a6d5dd814e788bba08d33d48426
+ * 77d935b7ae7871a1940cd827e850e6063044ec45
+ * d07b91014986900a3a75f306d302e13e005e9d67
+ * 519dfe1591d85432986f9762d41d1a883198c157
+ * a59d5acfab4485d5133114df61785b1fc633e0c6
+---
+CVE: CVE-2020-12762
+Upstream-Status: Backport [https://github.com/json-c/json-c/commit/865b5a65199973bb63dff8e47a2f57e04fec9736]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+ arraylist.c | 3 +++
+ linkhash.c | 21 ++++++++++++++-------
+ printbuf.c | 38 ++++++++++++++++++++++++++------------
+ tests/test4.c | 30 +++++++++++++++++++++++++++++-
+ tests/test4.expected | 1 +
+ 5 files changed, 73 insertions(+), 20 deletions(-)
+
+diff --git a/arraylist.c b/arraylist.c
+index ddeb8d4eb4..e737052e32 100644
+--- a/arraylist.c
++++ b/arraylist.c
+@@ -135,6 +135,9 @@ array_list_del_idx( struct array_list *arr, size_t idx, size_t count )
+ {
+ size_t i, stop;
+
++ /* Avoid overflow in calculation with large indices. */
++ if (idx > SIZE_T_MAX - count)
++ return -1;
+ stop = idx + count;
+ if ( idx >= arr->length || stop > arr->length ) return -1;
+ for ( i = idx; i < stop; ++i ) {
+diff --git a/linkhash.c b/linkhash.c
+index 5497061a8a..6435a154ac 100644
+--- a/linkhash.c
++++ b/linkhash.c
+@@ -12,12 +12,13 @@
+
+ #include "config.h"
+
+-#include <stdio.h>
+-#include <string.h>
+-#include <stdlib.h>
++#include <assert.h>
++#include <limits.h>
+ #include <stdarg.h>
+ #include <stddef.h>
+-#include <limits.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
+
+ #ifdef HAVE_ENDIAN_H
+ # include <endian.h> /* attempt to define endianness */
+@@ -28,8 +29,8 @@
+ # include <windows.h> /* Get InterlockedCompareExchange */
+ #endif
+
+-#include "random_seed.h"
+ #include "linkhash.h"
++#include "random_seed.h"
+
+ /* hash functions */
+ static unsigned long lh_char_hash(const void *k);
+@@ -498,7 +499,9 @@ struct lh_table* lh_table_new(int size,
+ int i;
+ struct lh_table *t;
+
+- t = (struct lh_table*)calloc(1, sizeof(struct lh_table));
++ /* Allocate space for elements to avoid divisions by zero. */
++ assert(size > 0);
++ t = (struct lh_table *)calloc(1, sizeof(struct lh_table));
+ if (!t)
+ return NULL;
+
+@@ -577,8 +580,12 @@ int lh_table_insert_w_hash(struct lh_table *t, const void *k, const void *v, con
+ unsigned long n;
+
+ if (t->count >= t->size * LH_LOAD_FACTOR)
+- if (lh_table_resize(t, t->size * 2) != 0)
++ {
++ /* Avoid signed integer overflow with large tables. */
++ int new_size = (t->size > INT_MAX / 2) ? INT_MAX : (t->size * 2);
++ if (t->size == INT_MAX || lh_table_resize(t, new_size) != 0)
+ return -1;
++ }
+
+ n = h % t->size;
+
+diff --git a/printbuf.c b/printbuf.c
+index 6c77b5defd..6fc56de455 100644
+--- a/printbuf.c
++++ b/printbuf.c
+@@ -15,6 +15,7 @@
+
+ #include "config.h"
+
++#include <limits.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
+@@ -64,10 +65,16 @@ static int printbuf_extend(struct printbuf *p, int min_size)
+
+ if (p->size >= min_size)
+ return 0;
+-
+- new_size = p->size * 2;
+- if (new_size < min_size + 8)
+- new_size = min_size + 8;
++ /* Prevent signed integer overflows with large buffers. */
++ if (min_size > INT_MAX - 8)
++ return -1;
++ if (p->size > INT_MAX / 2)
++ new_size = min_size + 8;
++ else {
++ new_size = p->size * 2;
++ if (new_size < min_size + 8)
++ new_size = min_size + 8;
++ }
+ #ifdef PRINTBUF_DEBUG
+ MC_DEBUG("printbuf_memappend: realloc "
+ "bpos=%d min_size=%d old_size=%d new_size=%d\n",
+@@ -82,14 +89,18 @@ static int printbuf_extend(struct printbuf *p, int min_size)
+
+ int printbuf_memappend(struct printbuf *p, const char *buf, int size)
+ {
+- if (p->size <= p->bpos + size + 1) {
+- if (printbuf_extend(p, p->bpos + size + 1) < 0)
+- return -1;
+- }
+- memcpy(p->buf + p->bpos, buf, size);
+- p->bpos += size;
+- p->buf[p->bpos]= '\0';
+- return size;
++ /* Prevent signed integer overflows with large buffers. */
++ if (size > INT_MAX - p->bpos - 1)
++ return -1;
++ if (p->size <= p->bpos + size + 1)
++ {
++ if (printbuf_extend(p, p->bpos + size + 1) < 0)
++ return -1;
++ }
++ memcpy(p->buf + p->bpos, buf, size);
++ p->bpos += size;
++ p->buf[p->bpos] = '\0';
++ return size;
+ }
+
+ int printbuf_memset(struct printbuf *pb, int offset, int charvalue, int len)
+@@ -98,6 +109,9 @@ int printbuf_memset(struct printbuf *pb, int offset, int charvalue, int len)
+
+ if (offset == -1)
+ offset = pb->bpos;
++ /* Prevent signed integer overflows with large buffers. */
++ if (len > INT_MAX - offset)
++ return -1;
+ size_needed = offset + len;
+ if (pb->size < size_needed)
+ {
+diff --git a/tests/test4.c b/tests/test4.c
+index fc8b79dbf4..82d3f494de 100644
+--- a/tests/test4.c
++++ b/tests/test4.c
+@@ -2,9 +2,11 @@
+ * gcc -o utf8 utf8.c -I/home/y/include -L./.libs -ljson
+ */
+
++#include "config.h"
++#include <assert.h>
+ #include <stdio.h>
++#include <stdlib.h>
+ #include <string.h>
+-#include "config.h"
+
+ #include "json_inttypes.h"
+ #include "json_object.h"
+@@ -24,6 +26,29 @@ void print_hex(const char* s)
+ putchar('\n');
+ }
+
++static void test_lot_of_adds(void);
++static void test_lot_of_adds()
++{
++ int ii;
++ char key[50];
++ json_object *jobj = json_object_new_object();
++ assert(jobj != NULL);
++ for (ii = 0; ii < 500; ii++)
++ {
++ snprintf(key, sizeof(key), "k%d", ii);
++ json_object *iobj = json_object_new_int(ii);
++ assert(iobj != NULL);
++ if (json_object_object_add(jobj, key, iobj))
++ {
++ fprintf(stderr, "FAILED to add object #%d\n", ii);
++ abort();
++ }
++ }
++ printf("%s\n", json_object_to_json_string(jobj));
++ assert(json_object_object_length(jobj) == 500);
++ json_object_put(jobj);
++}
++
+ int main(void)
+ {
+ const char *input = "\"\\ud840\\udd26,\\ud840\\udd27,\\ud800\\udd26,\\ud800\\udd27\"";
+@@ -49,5 +74,8 @@ int main(void)
+ retval = 1;
+ }
+ json_object_put(parse_result);
++
++ test_lot_of_adds();
++
+ return retval;
+ }
+diff --git a/tests/test4.expected b/tests/test4.expected
+index 68d4336d90..cb2744012b 100644
+--- a/tests/test4.expected
++++ b/tests/test4.expected
+@@ -1,3 +1,4 @@
+ input: "\ud840\udd26,\ud840\udd27,\ud800\udd26,\ud800\udd27"
+ JSON parse result is correct: 𠄦,𠄧,𐄦,𐄧
+ PASS
++{ "k0": 0, "k1": 1, "k2": 2, "k3": 3, "k4": 4, "k5": 5, "k6": 6, "k7": 7, "k8": 8, "k9": 9, "k10": 10, "k11": 11, "k12": 12, "k13": 13, "k14": 14, "k15": 15, "k16": 16, "k17": 17, "k18": 18, "k19": 19, "k20": 20, "k21": 21, "k22": 22, "k23": 23, "k24": 24, "k25": 25, "k26": 26, "k27": 27, "k28": 28, "k29": 29, "k30": 30, "k31": 31, "k32": 32, "k33": 33, "k34": 34, "k35": 35, "k36": 36, "k37": 37, "k38": 38, "k39": 39, "k40": 40, "k41": 41, "k42": 42, "k43": 43, "k44": 44, "k45": 45, "k46": 46, "k47": 47, "k48": 48, "k49": 49, "k50": 50, "k51": 51, "k52": 52, "k53": 53, "k54": 54, "k55": 55, "k56": 56, "k57": 57, "k58": 58, "k59": 59, "k60": 60, "k61": 61, "k62": 62, "k63": 63, "k64": 64, "k65": 65, "k66": 66, "k67": 67, "k68": 68, "k69": 69, "k70": 70, "k71": 71, "k72": 72, "k73": 73, "k74": 74, "k75": 75, "k76": 76, "k77": 77, "k78": 78, "k79": 79, "k80": 80, "k81": 81, "k82": 82, "k83": 83, "k84": 84, "k85": 85, "k86": 86, "k87": 87, "k88": 88, "k89": 89, "k90": 90, "k91": 91, "k92": 92, "k93": 93, "k94": 94, "k95": 95, "k96": 96, "k97": 97, "k98": 98, "k99": 99, "k100": 100, "k101": 101, "k102": 102, "k103": 103, "k104": 104, "k105": 105, "k106": 106, "k107": 107, "k108": 108, "k109": 109, "k110": 110, "k111": 111, "k112": 112, "k113": 113, "k114": 114, "k115": 115, "k116": 116, "k117": 117, "k118": 118, "k119": 119, "k120": 120, "k121": 121, "k122": 122, "k123": 123, "k124": 124, "k125": 125, "k126": 126, "k127": 127, "k128": 128, "k129": 129, "k130": 130, "k131": 131, "k132": 132, "k133": 133, "k134": 134, "k135": 135, "k136": 136, "k137": 137, "k138": 138, "k139": 139, "k140": 140, "k141": 141, "k142": 142, "k143": 143, "k144": 144, "k145": 145, "k146": 146, "k147": 147, "k148": 148, "k149": 149, "k150": 150, "k151": 151, "k152": 152, "k153": 153, "k154": 154, "k155": 155, "k156": 156, "k157": 157, "k158": 158, "k159": 159, "k160": 160, "k161": 161, "k162": 162, "k163": 163, "k164": 164, "k165": 165, "k166": 166, "k167": 167, "k168": 168, "k169": 169, "k170": 170, "k171": 171, "k172": 172, "k173": 173, "k174": 174, "k175": 175, "k176": 176, "k177": 177, "k178": 178, "k179": 179, "k180": 180, "k181": 181, "k182": 182, "k183": 183, "k184": 184, "k185": 185, "k186": 186, "k187": 187, "k188": 188, "k189": 189, "k190": 190, "k191": 191, "k192": 192, "k193": 193, "k194": 194, "k195": 195, "k196": 196, "k197": 197, "k198": 198, "k199": 199, "k200": 200, "k201": 201, "k202": 202, "k203": 203, "k204": 204, "k205": 205, "k206": 206, "k207": 207, "k208": 208, "k209": 209, "k210": 210, "k211": 211, "k212": 212, "k213": 213, "k214": 214, "k215": 215, "k216": 216, "k217": 217, "k218": 218, "k219": 219, "k220": 220, "k221": 221, "k222": 222, "k223": 223, "k224": 224, "k225": 225, "k226": 226, "k227": 227, "k228": 228, "k229": 229, "k230": 230, "k231": 231, "k232": 232, "k233": 233, "k234": 234, "k235": 235, "k236": 236, "k237": 237, "k238": 238, "k239": 239, "k240": 240, "k241": 241, "k242": 242, "k243": 243, "k244": 244, "k245": 245, "k246": 246, "k247": 247, "k248": 248, "k249": 249, "k250": 250, "k251": 251, "k252": 252, "k253": 253, "k254": 254, "k255": 255, "k256": 256, "k257": 257, "k258": 258, "k259": 259, "k260": 260, "k261": 261, "k262": 262, "k263": 263, "k264": 264, "k265": 265, "k266": 266, "k267": 267, "k268": 268, "k269": 269, "k270": 270, "k271": 271, "k272": 272, "k273": 273, "k274": 274, "k275": 275, "k276": 276, "k277": 277, "k278": 278, "k279": 279, "k280": 280, "k281": 281, "k282": 282, "k283": 283, "k284": 284, "k285": 285, "k286": 286, "k287": 287, "k288": 288, "k289": 289, "k290": 290, "k291": 291, "k292": 292, "k293": 293, "k294": 294, "k295": 295, "k296": 296, "k297": 297, "k298": 298, "k299": 299, "k300": 300, "k301": 301, "k302": 302, "k303": 303, "k304": 304, "k305": 305, "k306": 306, "k307": 307, "k308": 308, "k309": 309, "k310": 310, "k311": 311, "k312": 312, "k313": 313, "k314": 314, "k315": 315, "k316": 316, "k317": 317, "k318": 318, "k319": 319, "k320": 320, "k321": 321, "k322": 322, "k323": 323, "k324": 324, "k325": 325, "k326": 326, "k327": 327, "k328": 328, "k329": 329, "k330": 330, "k331": 331, "k332": 332, "k333": 333, "k334": 334, "k335": 335, "k336": 336, "k337": 337, "k338": 338, "k339": 339, "k340": 340, "k341": 341, "k342": 342, "k343": 343, "k344": 344, "k345": 345, "k346": 346, "k347": 347, "k348": 348, "k349": 349, "k350": 350, "k351": 351, "k352": 352, "k353": 353, "k354": 354, "k355": 355, "k356": 356, "k357": 357, "k358": 358, "k359": 359, "k360": 360, "k361": 361, "k362": 362, "k363": 363, "k364": 364, "k365": 365, "k366": 366, "k367": 367, "k368": 368, "k369": 369, "k370": 370, "k371": 371, "k372": 372, "k373": 373, "k374": 374, "k375": 375, "k376": 376, "k377": 377, "k378": 378, "k379": 379, "k380": 380, "k381": 381, "k382": 382, "k383": 383, "k384": 384, "k385": 385, "k386": 386, "k387": 387, "k388": 388, "k389": 389, "k390": 390, "k391": 391, "k392": 392, "k393": 393, "k394": 394, "k395": 395, "k396": 396, "k397": 397, "k398": 398, "k399": 399, "k400": 400, "k401": 401, "k402": 402, "k403": 403, "k404": 404, "k405": 405, "k406": 406, "k407": 407, "k408": 408, "k409": 409, "k410": 410, "k411": 411, "k412": 412, "k413": 413, "k414": 414, "k415": 415, "k416": 416, "k417": 417, "k418": 418, "k419": 419, "k420": 420, "k421": 421, "k422": 422, "k423": 423, "k424": 424, "k425": 425, "k426": 426, "k427": 427, "k428": 428, "k429": 429, "k430": 430, "k431": 431, "k432": 432, "k433": 433, "k434": 434, "k435": 435, "k436": 436, "k437": 437, "k438": 438, "k439": 439, "k440": 440, "k441": 441, "k442": 442, "k443": 443, "k444": 444, "k445": 445, "k446": 446, "k447": 447, "k448": 448, "k449": 449, "k450": 450, "k451": 451, "k452": 452, "k453": 453, "k454": 454, "k455": 455, "k456": 456, "k457": 457, "k458": 458, "k459": 459, "k460": 460, "k461": 461, "k462": 462, "k463": 463, "k464": 464, "k465": 465, "k466": 466, "k467": 467, "k468": 468, "k469": 469, "k470": 470, "k471": 471, "k472": 472, "k473": 473, "k474": 474, "k475": 475, "k476": 476, "k477": 477, "k478": 478, "k479": 479, "k480": 480, "k481": 481, "k482": 482, "k483": 483, "k484": 484, "k485": 485, "k486": 486, "k487": 487, "k488": 488, "k489": 489, "k490": 490, "k491": 491, "k492": 492, "k493": 493, "k494": 494, "k495": 495, "k496": 496, "k497": 497, "k498": 498, "k499": 499 }
diff --git a/meta/recipes-devtools/json-c/json-c_0.13.1.bb b/meta/recipes-devtools/json-c/json-c_0.13.1.bb
index 522879f21f..c7c755bb16 100644
--- a/meta/recipes-devtools/json-c/json-c_0.13.1.bb
+++ b/meta/recipes-devtools/json-c/json-c_0.13.1.bb
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=de54b60fbbc35123ba193fea8ee216f2"
SRC_URI = "https://s3.amazonaws.com/json-c_releases/releases/${BP}.tar.gz \
file://add-disable-werror-option-to-configure.patch \
+ file://CVE-2020-12762.patch \
"
SRC_URI[md5sum] = "04969ad59cc37bddd83741a08b98f350"
SRC_URI[sha256sum] = "b87e608d4d3f7bfdd36ef78d56d53c74e66ab278d318b71e6002a369d36f4873"
diff --git a/meta/recipes-devtools/perl/files/CVE-2020-12723.patch b/meta/recipes-devtools/perl/files/CVE-2020-12723.patch
new file mode 100644
index 0000000000..ad195cffab
--- /dev/null
+++ b/meta/recipes-devtools/perl/files/CVE-2020-12723.patch
@@ -0,0 +1,302 @@
+From da9ec461e22915ccabb06785bf39ec34577ada12 Mon Sep 17 00:00:00 2001
+From: Hugo van der Sanden <hv@crypt.org>
+Date: Sat, 11 Apr 2020 14:10:24 +0100
+Subject: [PATCH] study_chunk: avoid mutating regexp program within GOSUB
+
+gh16947 and gh17743: studying GOSUB may restudy in an inner call
+(via a mix of recursion and enframing) something that an outer call
+is in the middle of looking at. Let the outer frame deal with it.
+
+(CVE-2020-12723)
+
+(cherry picked from commit c4033e740bd18d9fbe3456a9db2ec2053cdc5271)
+
+Upstream-Status: Backport [https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a]
+CVE: CVE-2020-12723
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+
+---
+ embed.fnc | 2 +-
+ embed.h | 2 +-
+ proto.h | 2 +-
+ regcomp.c | 54 +++++++++++++++++++++++++++++++++++-------------------
+ t/re/pat.t | 26 +++++++++++++++++++++++++-
+ 5 files changed, 63 insertions(+), 23 deletions(-)
+
+diff --git a/embed.fnc b/embed.fnc
+index f45c127..eff4a50 100644
+--- a/embed.fnc
++++ b/embed.fnc
+@@ -2480,7 +2480,7 @@ Es |SSize_t|study_chunk |NN RExC_state_t *pRExC_state \
+ |NULLOK struct scan_data_t *data \
+ |I32 stopparen|U32 recursed_depth \
+ |NULLOK regnode_ssc *and_withp \
+- |U32 flags|U32 depth
++ |U32 flags|U32 depth|bool was_mutate_ok
+ Es |void |rck_elide_nothing|NN regnode *node
+ EsR |SV * |get_ANYOFM_contents|NN const regnode * n
+ EsRn |U32 |add_data |NN RExC_state_t* const pRExC_state \
+diff --git a/embed.h b/embed.h
+index 356a8b9..5346ec5 100644
+--- a/embed.h
++++ b/embed.h
+@@ -1239,7 +1239,7 @@
+ #define ssc_is_cp_posixl_init S_ssc_is_cp_posixl_init
+ #define ssc_or(a,b,c) S_ssc_or(aTHX_ a,b,c)
+ #define ssc_union(a,b,c) S_ssc_union(aTHX_ a,b,c)
+-#define study_chunk(a,b,c,d,e,f,g,h,i,j,k) S_study_chunk(aTHX_ a,b,c,d,e,f,g,h,i,j,k)
++#define study_chunk(a,b,c,d,e,f,g,h,i,j,k,l) S_study_chunk(aTHX_ a,b,c,d,e,f,g,h,i,j,k,l)
+ # endif
+ # if defined(PERL_IN_REGCOMP_C) || defined (PERL_IN_DUMP_C)
+ #define _invlist_dump(a,b,c,d) Perl__invlist_dump(aTHX_ a,b,c,d)
+diff --git a/proto.h b/proto.h
+index 91530b1..1bda01f 100644
+--- a/proto.h
++++ b/proto.h
+@@ -5655,7 +5655,7 @@ PERL_STATIC_INLINE void S_ssc_union(pTHX_ regnode_ssc *ssc, SV* const invlist, c
+ #define PERL_ARGS_ASSERT_SSC_UNION \
+ assert(ssc); assert(invlist)
+ #endif
+-STATIC SSize_t S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp, SSize_t *minlenp, SSize_t *deltap, regnode *last, struct scan_data_t *data, I32 stopparen, U32 recursed_depth, regnode_ssc *and_withp, U32 flags, U32 depth);
++STATIC SSize_t S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp, SSize_t *minlenp, SSize_t *deltap, regnode *last, struct scan_data_t *data, I32 stopparen, U32 recursed_depth, regnode_ssc *and_withp, U32 flags, U32 depth, bool was_mutate_ok);
+ #define PERL_ARGS_ASSERT_STUDY_CHUNK \
+ assert(pRExC_state); assert(scanp); assert(minlenp); assert(deltap); assert(last)
+ #endif
+diff --git a/regcomp.c b/regcomp.c
+index 5a9adee..8d7df1f 100644
+--- a/regcomp.c
++++ b/regcomp.c
+@@ -106,6 +106,7 @@ typedef struct scan_frame {
+ regnode *next_regnode; /* next node to process when last is reached */
+ U32 prev_recursed_depth;
+ I32 stopparen; /* what stopparen do we use */
++ bool in_gosub; /* this or an outer frame is for GOSUB */
+
+ struct scan_frame *this_prev_frame; /* this previous frame */
+ struct scan_frame *prev_frame; /* previous frame */
+@@ -4466,7 +4467,7 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+ I32 stopparen,
+ U32 recursed_depth,
+ regnode_ssc *and_withp,
+- U32 flags, U32 depth)
++ U32 flags, U32 depth, bool was_mutate_ok)
+ /* scanp: Start here (read-write). */
+ /* deltap: Write maxlen-minlen here. */
+ /* last: Stop before this one. */
+@@ -4545,6 +4546,10 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+ node length to get a real minimum (because
+ the folded version may be shorter) */
+ bool unfolded_multi_char = FALSE;
++ /* avoid mutating ops if we are anywhere within the recursed or
++ * enframed handling for a GOSUB: the outermost level will handle it.
++ */
++ bool mutate_ok = was_mutate_ok && !(frame && frame->in_gosub);
+ /* Peephole optimizer: */
+ DEBUG_STUDYDATA("Peep", data, depth, is_inf);
+ DEBUG_PEEP("Peep", scan, depth, flags);
+@@ -4555,7 +4560,8 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+ * parsing code, as each (?:..) is handled by a different invocation of
+ * reg() -- Yves
+ */
+- JOIN_EXACT(scan,&min_subtract, &unfolded_multi_char, 0);
++ if (mutate_ok)
++ JOIN_EXACT(scan,&min_subtract, &unfolded_multi_char, 0);
+
+ /* Follow the next-chain of the current node and optimize
+ away all the NOTHINGs from it.
+@@ -4587,7 +4593,7 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+ /* DEFINEP study_chunk() recursion */
+ (void)study_chunk(pRExC_state, &scan, &minlen,
+ &deltanext, next, &data_fake, stopparen,
+- recursed_depth, NULL, f, depth+1);
++ recursed_depth, NULL, f, depth+1, mutate_ok);
+
+ scan = next;
+ } else
+@@ -4655,7 +4661,8 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+ /* recurse study_chunk() for each BRANCH in an alternation */
+ minnext = study_chunk(pRExC_state, &scan, minlenp,
+ &deltanext, next, &data_fake, stopparen,
+- recursed_depth, NULL, f, depth+1);
++ recursed_depth, NULL, f, depth+1,
++ mutate_ok);
+
+ if (min1 > minnext)
+ min1 = minnext;
+@@ -4722,9 +4729,10 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+ }
+ }
+
+- if (PERL_ENABLE_TRIE_OPTIMISATION &&
+- OP( startbranch ) == BRANCH )
+- {
++ if (PERL_ENABLE_TRIE_OPTIMISATION
++ && OP(startbranch) == BRANCH
++ && mutate_ok
++ ) {
+ /* demq.
+
+ Assuming this was/is a branch we are dealing with: 'scan'
+@@ -5179,6 +5187,9 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+ newframe->stopparen = stopparen;
+ newframe->prev_recursed_depth = recursed_depth;
+ newframe->this_prev_frame= frame;
++ newframe->in_gosub = (
++ (frame && frame->in_gosub) || OP(scan) == GOSUB
++ );
+
+ DEBUG_STUDYDATA("frame-new", data, depth, is_inf);
+ DEBUG_PEEP("fnew", scan, depth, flags);
+@@ -5336,7 +5347,7 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+
+ /* This temporary node can now be turned into EXACTFU, and
+ * must, as regexec.c doesn't handle it */
+- if (OP(next) == EXACTFU_S_EDGE) {
++ if (OP(next) == EXACTFU_S_EDGE && mutate_ok) {
+ OP(next) = EXACTFU;
+ }
+
+@@ -5344,8 +5355,9 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+ && isALPHA_A(* STRING(next))
+ && ( OP(next) == EXACTFAA
+ || ( OP(next) == EXACTFU
+- && ! HAS_NONLATIN1_SIMPLE_FOLD_CLOSURE(* STRING(next)))))
+- {
++ && ! HAS_NONLATIN1_SIMPLE_FOLD_CLOSURE(* STRING(next))))
++ && mutate_ok
++ ) {
+ /* These differ in just one bit */
+ U8 mask = ~ ('A' ^ 'a');
+
+@@ -5432,7 +5444,7 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+ (mincount == 0
+ ? (f & ~SCF_DO_SUBSTR)
+ : f)
+- ,depth+1);
++ , depth+1, mutate_ok);
+
+ if (flags & SCF_DO_STCLASS)
+ data->start_class = oclass;
+@@ -5498,7 +5510,9 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+ if ( OP(oscan) == CURLYX && data
+ && data->flags & SF_IN_PAR
+ && !(data->flags & SF_HAS_EVAL)
+- && !deltanext && minnext == 1 ) {
++ && !deltanext && minnext == 1
++ && mutate_ok
++ ) {
+ /* Try to optimize to CURLYN. */
+ regnode *nxt = NEXTOPER(oscan) + EXTRA_STEP_2ARGS;
+ regnode * const nxt1 = nxt;
+@@ -5548,10 +5562,10 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+ && !(data->flags & SF_HAS_EVAL)
+ && !deltanext /* atom is fixed width */
+ && minnext != 0 /* CURLYM can't handle zero width */
+-
+ /* Nor characters whose fold at run-time may be
+ * multi-character */
+ && ! (RExC_seen & REG_UNFOLDED_MULTI_SEEN)
++ && mutate_ok
+ ) {
+ /* XXXX How to optimize if data == 0? */
+ /* Optimize to a simpler form. */
+@@ -5604,7 +5618,7 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+ /* recurse study_chunk() on optimised CURLYX => CURLYM */
+ study_chunk(pRExC_state, &nxt1, minlenp, &deltanext, nxt,
+ NULL, stopparen, recursed_depth, NULL, 0,
+- depth+1);
++ depth+1, mutate_ok);
+ }
+ else
+ oscan->flags = 0;
+@@ -6009,7 +6023,8 @@ Perl_re_printf( aTHX_ "LHS=%" UVuf " RHS=%" UVuf "\n",
+ /* recurse study_chunk() for lookahead body */
+ minnext = study_chunk(pRExC_state, &nscan, minlenp, &deltanext,
+ last, &data_fake, stopparen,
+- recursed_depth, NULL, f, depth+1);
++ recursed_depth, NULL, f, depth+1,
++ mutate_ok);
+ if (scan->flags) {
+ if ( deltanext < 0
+ || deltanext > (I32) U8_MAX
+@@ -6114,7 +6129,7 @@ Perl_re_printf( aTHX_ "LHS=%" UVuf " RHS=%" UVuf "\n",
+ *minnextp = study_chunk(pRExC_state, &nscan, minnextp,
+ &deltanext, last, &data_fake,
+ stopparen, recursed_depth, NULL,
+- f, depth+1);
++ f, depth+1, mutate_ok);
+ if (scan->flags) {
+ assert(0); /* This code has never been tested since this
+ is normally not compiled */
+@@ -6282,7 +6297,8 @@ Perl_re_printf( aTHX_ "LHS=%" UVuf " RHS=%" UVuf "\n",
+ /* optimise study_chunk() for TRIE */
+ minnext = study_chunk(pRExC_state, &scan, minlenp,
+ &deltanext, (regnode *)nextbranch, &data_fake,
+- stopparen, recursed_depth, NULL, f, depth+1);
++ stopparen, recursed_depth, NULL, f, depth+1,
++ mutate_ok);
+ }
+ if (nextbranch && PL_regkind[OP(nextbranch)]==BRANCH)
+ nextbranch= regnext((regnode*)nextbranch);
+@@ -8075,7 +8091,7 @@ Perl_re_op_compile(pTHX_ SV ** const patternp, int pat_count,
+ &data, -1, 0, NULL,
+ SCF_DO_SUBSTR | SCF_WHILEM_VISITED_POS | stclass_flag
+ | (restudied ? SCF_TRIE_DOING_RESTUDY : 0),
+- 0);
++ 0, TRUE);
+
+
+ CHECK_RESTUDY_GOTO_butfirst(LEAVE_with_name("study_chunk"));
+@@ -8204,7 +8220,7 @@ Perl_re_op_compile(pTHX_ SV ** const patternp, int pat_count,
+ SCF_DO_STCLASS_AND|SCF_WHILEM_VISITED_POS|(restudied
+ ? SCF_TRIE_DOING_RESTUDY
+ : 0),
+- 0);
++ 0, TRUE);
+
+ CHECK_RESTUDY_GOTO_butfirst(NOOP);
+
+diff --git a/t/re/pat.t b/t/re/pat.t
+index 6a868f4..2869b58 100644
+--- a/t/re/pat.t
++++ b/t/re/pat.t
+@@ -25,7 +25,7 @@ BEGIN {
+ skip_all('no re module') unless defined &DynaLoader::boot_DynaLoader;
+ skip_all_without_unicode_tables();
+
+-plan tests => 864; # Update this when adding/deleting tests.
++plan tests => 873; # Update this when adding/deleting tests.
+
+ run_tests() unless caller;
+
+@@ -2115,6 +2115,30 @@ x{0c!}\;\;îçÿ
+ like(runperl(prog => "$s", stderr => 1), qr/Unmatched \(/);
+ }
+
++ # gh16947: test regexp corruption (GOSUB)
++ {
++ fresh_perl_is(q{
++ 'xy' =~ /x(?0)|x(?|y|y)/ && print 'ok'
++ }, 'ok', {}, 'gh16947: test regexp corruption (GOSUB)');
++ }
++ # gh16947: test fix doesn't break SUSPEND
++ {
++ fresh_perl_is(q{ 'sx' =~ m{ss++}i; print 'ok' },
++ 'ok', {}, "gh16947: test fix doesn't break SUSPEND");
++ }
++
++ # gh17743: more regexp corruption via GOSUB
++ {
++ fresh_perl_is(q{
++ "0" =~ /((0(?0)|000(?|0000|0000)(?0))|)/; print "ok"
++ }, 'ok', {}, 'gh17743: test regexp corruption (1)');
++
++ fresh_perl_is(q{
++ "000000000000" =~ /(0(())(0((?0)())|000(?|\x{ef}\x{bf}\x{bd}|\x{ef}\x{bf}\x{bd}))|)/;
++ print "ok"
++ }, 'ok', {}, 'gh17743: test regexp corruption (2)');
++ }
++
+ } # End of sub run_tests
+
+ 1;
diff --git a/meta/recipes-devtools/perl/perl_5.30.1.bb b/meta/recipes-devtools/perl/perl_5.30.1.bb
index 47b2f9ca65..b53aff1216 100644
--- a/meta/recipes-devtools/perl/perl_5.30.1.bb
+++ b/meta/recipes-devtools/perl/perl_5.30.1.bb
@@ -27,6 +27,7 @@ SRC_URI = "https://www.cpan.org/src/5.0/perl-${PV}.tar.gz;name=perl \
file://CVE-2020-10543.patch \
file://CVE-2020-10878_1.patch \
file://CVE-2020-10878_2.patch \
+ file://CVE-2020-12723.patch \
"
SRC_URI_append_class-native = " \
file://perl-configpm-switch.patch \
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 24b0379de4..e0ea5ad477 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -44,6 +44,9 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://CVE-2020-13659.patch \
file://CVE-2020-13800.patch \
file://CVE-2020-13362.patch \
+ file://CVE-2020-15863.patch \
+ file://CVE-2020-14364.patch \
+ file://CVE-2020-14415.patch \
"
UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-14364.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-14364.patch
new file mode 100644
index 0000000000..8333025a32
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-14364.patch
@@ -0,0 +1,93 @@
+From b946434f2659a182afc17e155be6791ebfb302eb Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Tue, 25 Aug 2020 07:36:36 +0200
+Subject: [PATCH] usb: fix setup_len init (CVE-2020-14364)
+
+Store calculated setup_len in a local variable, verify it, and only
+write it to the struct (USBDevice->setup_len) in case it passed the
+sanity checks.
+
+This prevents other code (do_token_{in,out} functions specifically)
+from working with invalid USBDevice->setup_len values and overrunning
+the USBDevice->setup_buf[] buffer.
+
+Fixes: CVE-2020-14364
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Tested-by: Gonglei <arei.gonglei@huawei.com>
+Reviewed-by: Li Qiang <liq3ea@gmail.com>
+Message-id: 20200825053636.29648-1-kraxel@redhat.com
+
+Upstream-Status: Backport
+[https://git.qemu.org/?p=qemu.git;a=patch;h=b946434f2659a182afc17e155be6791ebfb302eb]
+CVE: CVE-2020-14364
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ hw/usb/core.c | 16 ++++++++++------
+ 1 file changed, 10 insertions(+), 6 deletions(-)
+
+diff --git a/hw/usb/core.c b/hw/usb/core.c
+index 5abd128..5234dcc 100644
+--- a/hw/usb/core.c
++++ b/hw/usb/core.c
+@@ -129,6 +129,7 @@ void usb_wakeup(USBEndpoint *ep, unsigned int stream)
+ static void do_token_setup(USBDevice *s, USBPacket *p)
+ {
+ int request, value, index;
++ unsigned int setup_len;
+
+ if (p->iov.size != 8) {
+ p->status = USB_RET_STALL;
+@@ -138,14 +139,15 @@ static void do_token_setup(USBDevice *s, USBPacket *p)
+ usb_packet_copy(p, s->setup_buf, p->iov.size);
+ s->setup_index = 0;
+ p->actual_length = 0;
+- s->setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6];
+- if (s->setup_len > sizeof(s->data_buf)) {
++ setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6];
++ if (setup_len > sizeof(s->data_buf)) {
+ fprintf(stderr,
+ "usb_generic_handle_packet: ctrl buffer too small (%d > %zu)\n",
+- s->setup_len, sizeof(s->data_buf));
++ setup_len, sizeof(s->data_buf));
+ p->status = USB_RET_STALL;
+ return;
+ }
++ s->setup_len = setup_len;
+
+ request = (s->setup_buf[0] << 8) | s->setup_buf[1];
+ value = (s->setup_buf[3] << 8) | s->setup_buf[2];
+@@ -259,26 +261,28 @@ static void do_token_out(USBDevice *s, USBPacket *p)
+ static void do_parameter(USBDevice *s, USBPacket *p)
+ {
+ int i, request, value, index;
++ unsigned int setup_len;
+
+ for (i = 0; i < 8; i++) {
+ s->setup_buf[i] = p->parameter >> (i*8);
+ }
+
+ s->setup_state = SETUP_STATE_PARAM;
+- s->setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6];
+ s->setup_index = 0;
+
+ request = (s->setup_buf[0] << 8) | s->setup_buf[1];
+ value = (s->setup_buf[3] << 8) | s->setup_buf[2];
+ index = (s->setup_buf[5] << 8) | s->setup_buf[4];
+
+- if (s->setup_len > sizeof(s->data_buf)) {
++ setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6];
++ if (setup_len > sizeof(s->data_buf)) {
+ fprintf(stderr,
+ "usb_generic_handle_packet: ctrl buffer too small (%d > %zu)\n",
+- s->setup_len, sizeof(s->data_buf));
++ setup_len, sizeof(s->data_buf));
+ p->status = USB_RET_STALL;
+ return;
+ }
++ s->setup_len = setup_len;
+
+ if (p->pid == USB_TOKEN_OUT) {
+ usb_packet_copy(p, s->data_buf, s->setup_len);
+--
+1.8.3.1
+
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-14415.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-14415.patch
new file mode 100644
index 0000000000..dca2f90a49
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-14415.patch
@@ -0,0 +1,37 @@
+From 7a4ede0047a8613b0e3b72c9d351038f013dd357 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Mon, 20 Jan 2020 11:18:04 +0100
+Subject: [PATCH] audio/oss: fix buffer pos calculation
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+Fixes: 3ba4066d085f ("ossaudio: port to the new audio backend api")
+Reported-by: ziming zhang <ezrakiez@gmail.com>
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Message-Id: <20200120101804.29578-1-kraxel@redhat.com>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+
+Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=7a4ede0047a8613b0e3b72c9d351038f013dd357]
+CVE: CVE-2020-14415
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ audio/ossaudio.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/audio/ossaudio.c b/audio/ossaudio.c
+index c43faee..9456491 100644
+--- a/audio/ossaudio.c
++++ b/audio/ossaudio.c
+@@ -420,7 +420,7 @@ static size_t oss_write(HWVoiceOut *hw, void *buf, size_t len)
+ size_t to_copy = MIN(len, hw->size_emul - hw->pos_emul);
+ memcpy(hw->buf_emul + hw->pos_emul, buf, to_copy);
+
+- hw->pos_emul = (hw->pos_emul + to_copy) % hw->pos_emul;
++ hw->pos_emul = (hw->pos_emul + to_copy) % hw->size_emul;
+ buf += to_copy;
+ len -= to_copy;
+ }
+--
+1.8.3.1
+
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-15863.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-15863.patch
new file mode 100644
index 0000000000..1505c7eed0
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-15863.patch
@@ -0,0 +1,63 @@
+From 5519724a13664b43e225ca05351c60b4468e4555 Mon Sep 17 00:00:00 2001
+From: Mauro Matteo Cascella <mcascell@redhat.com>
+Date: Fri, 10 Jul 2020 11:19:41 +0200
+Subject: [PATCH] hw/net/xgmac: Fix buffer overflow in xgmac_enet_send()
+
+A buffer overflow issue was reported by Mr. Ziming Zhang, CC'd here. It
+occurs while sending an Ethernet frame due to missing break statements
+and improper checking of the buffer size.
+
+Reported-by: Ziming Zhang <ezrakiez@gmail.com>
+Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+
+Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commitdiff;h=5519724a13664b43e225ca05351c60b4468e4555]
+CVE: CVE-2020-15863
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+
+---
+ hw/net/xgmac.c | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/hw/net/xgmac.c b/hw/net/xgmac.c
+index 574dd47..5bf1b61 100644
+--- a/hw/net/xgmac.c
++++ b/hw/net/xgmac.c
+@@ -220,21 +220,31 @@ static void xgmac_enet_send(XgmacState *s)
+ }
+ len = (bd.buffer1_size & 0xfff) + (bd.buffer2_size & 0xfff);
+
++ /*
++ * FIXME: these cases of malformed tx descriptors (bad sizes)
++ * should probably be reported back to the guest somehow
++ * rather than simply silently stopping processing, but we
++ * don't know what the hardware does in this situation.
++ * This will only happen for buggy guests anyway.
++ */
+ if ((bd.buffer1_size & 0xfff) > 2048) {
+ DEBUGF_BRK("qemu:%s:ERROR...ERROR...ERROR... -- "
+ "xgmac buffer 1 len on send > 2048 (0x%x)\n",
+ __func__, bd.buffer1_size & 0xfff);
++ break;
+ }
+ if ((bd.buffer2_size & 0xfff) != 0) {
+ DEBUGF_BRK("qemu:%s:ERROR...ERROR...ERROR... -- "
+ "xgmac buffer 2 len on send != 0 (0x%x)\n",
+ __func__, bd.buffer2_size & 0xfff);
++ break;
+ }
+- if (len >= sizeof(frame)) {
++ if (frame_size + len >= sizeof(frame)) {
+ DEBUGF_BRK("qemu:%s: buffer overflow %d read into %zu "
+- "buffer\n" , __func__, len, sizeof(frame));
++ "buffer\n" , __func__, frame_size + len, sizeof(frame));
+ DEBUGF_BRK("qemu:%s: buffer1.size=%d; buffer2.size=%d\n",
+ __func__, bd.buffer1_size, bd.buffer2_size);
++ break;
+ }
+
+ cpu_physical_memory_read(bd.buffer1_addr, ptr, len);
+--
+1.8.3.1
+
diff --git a/meta/recipes-devtools/ruby/ruby_2.7.0.bb b/meta/recipes-devtools/ruby/ruby_2.7.1.bb
index 7f07080497..3dd9fb0a62 100644
--- a/meta/recipes-devtools/ruby/ruby_2.7.0.bb
+++ b/meta/recipes-devtools/ruby/ruby_2.7.1.bb
@@ -8,8 +8,8 @@ SRC_URI += " \
file://0001-Modify-shebang-of-libexec-y2racc-and-libexec-racc2y.patch \
"
-SRC_URI[md5sum] = "bf4a54e8231176e109a42c546b4725a9"
-SRC_URI[sha256sum] = "8c99aa93b5e2f1bc8437d1bbbefd27b13e7694025331f77245d0c068ef1f8cbe"
+SRC_URI[md5sum] = "debb9c325bf65021214451660f46e909"
+SRC_URI[sha256sum] = "d418483bdd0000576c1370571121a6eb24582116db0b7bb2005e90e250eae418"
PACKAGECONFIG ??= ""
PACKAGECONFIG += "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
diff --git a/meta/recipes-extended/ghostscript/files/do-not-check-local-libpng-source.patch b/meta/recipes-extended/ghostscript/files/do-not-check-local-libpng-source.patch
index 5834ffaf9f..a9afb9948c 100644
--- a/meta/recipes-extended/ghostscript/files/do-not-check-local-libpng-source.patch
+++ b/meta/recipes-extended/ghostscript/files/do-not-check-local-libpng-source.patch
@@ -1,7 +1,7 @@
-From a954bf29a5f906b3151dffbecb5856e02e1565da Mon Sep 17 00:00:00 2001
+From 2adaa7366064a8f18af864eda74e52877a89620c Mon Sep 17 00:00:00 2001
From: Hongxu Jia <hongxu.jia@windriver.com>
Date: Mon, 18 Jan 2016 01:00:30 -0500
-Subject: [PATCH 03/10] configure.ac: do not check local png source
+Subject: [PATCH] configure.ac: do not check local png source
In oe-core, it did not need to compile local libpng
source in ghostscript, so do not check local png
@@ -11,28 +11,21 @@ libpng library.
Upstream-Status: Inappropriate [OE-Core specific]
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+
---
- configure.ac | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
-index 9341930..80a60b1 100644
+index 698abd3..e65ac8b 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -1114,11 +1114,11 @@ AC_SUBST(ZLIBDIR)
- AC_SUBST(FT_SYS_ZLIB)
-
- dnl png for the png output device; it also requires zlib
--LIBPNGDIR=src
-+LIBPNGDIR=$srcdir/libpng
- PNGDEVS=''
- PNGDEVS_ALL='png48 png16m pnggray pngmono pngmonod png256 png16 pngalpha'
- AC_MSG_CHECKING([for local png library source])
--if test -f $srcdir/libpng/pngread.c; then
-+if false; then
- AC_MSG_RESULT([yes])
- SHARE_LIBPNG=0
- LIBPNGDIR=$srcdir/libpng
---
-1.8.3.1
-
+@@ -1241,7 +1241,7 @@ else
+ PNGDEVS=''
+ PNGDEVS_ALL='png48 png16m pnggray pngmono pngmonod png256 png16 pngalpha'
+ AC_MSG_CHECKING([for local png library source])
+- if test -f $srcdir/libpng/pngread.c; then
++ if false; then
+ AC_MSG_RESULT([yes])
+ SHARE_LIBPNG=0
+ LIBPNGDIR=$srcdir/libpng
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14869-0001.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14869-0001.patch
deleted file mode 100644
index 715ec1c450..0000000000
--- a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14869-0001.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From 485904772c5f0aa1140032746e5a0abfc40f4cef Mon Sep 17 00:00:00 2001
-From: Chris Liddell <chris.liddell@artifex.com>
-Date: Tue, 5 Nov 2019 09:45:27 +0000
-Subject: [PATCH] Bug 701841: remove .forceput from /.charkeys
-
-When loading Type 1 or Truetype fonts from disk, we attempt to extend the glyph
-name table to include all identifiable glyph names from the Adobe Glyph List.
-
-In the case of Type 1 fonts, the font itself (almost always) marks the
-CharStrings dictionary as read-only, hence we have to use .forceput for that
-case.
-
-But for Truetype fonts, the CharStrings dictionary is created internally and is
-not read-only until *after* we have fully populated it (including the extended
-glyph names from the AGL), hence there is no need for .forceput, and no need to
-carry the security risk of using it.
-
-Replace with regular put.
-
-CVE: CVE-2019-14869
-Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
-
-Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
----
- Resource/Init/gs_ttf.ps | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/Resource/Init/gs_ttf.ps b/Resource/Init/gs_ttf.ps
-index e34967d..5354ff0 100644
---- a/Resource/Init/gs_ttf.ps
-+++ b/Resource/Init/gs_ttf.ps
-@@ -1301,7 +1301,7 @@ currentdict /.pickcmap_with_no_xlatmap .undef
- TTFDEBUG { (\n1 setting alias: ) print dup ==only
- ( to be the same as ) print 2 index //== exec } if
-
-- 7 index 2 index 3 -1 roll exch .forceput
-+ 7 index 2 index 3 -1 roll exch put
- } forall
- pop pop pop
- }
-@@ -1319,7 +1319,7 @@ currentdict /.pickcmap_with_no_xlatmap .undef
- exch pop
- TTFDEBUG { (\n2 setting alias: ) print 1 index ==only
- ( to use glyph index: ) print dup //== exec } if
-- 5 index 3 1 roll .forceput
-+ 5 index 3 1 roll put
- //false
- }
- {
-@@ -1336,7 +1336,7 @@ currentdict /.pickcmap_with_no_xlatmap .undef
- { % CharStrings(dict) isunicode(boolean) cmap(dict) RAGL(dict) gname(name) codep(integer) gindex(integer)
- TTFDEBUG { (\3 nsetting alias: ) print 1 index ==only
- ( to be index: ) print dup //== exec } if
-- exch pop 5 index 3 1 roll .forceput
-+ exch pop 5 index 3 1 roll put
- }
- {
- pop pop
-@@ -1366,7 +1366,7 @@ currentdict /.pickcmap_with_no_xlatmap .undef
- } ifelse
- ]
- TTFDEBUG { (Encoding: ) print dup === flush } if
--} .bind executeonly odef % hides .forceput
-+} .bind odef
-
- % ---------------- CIDFontType 2 font loading ---------------- %
-
---
-2.20.1
-
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2020-15900.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2020-15900.patch
new file mode 100644
index 0000000000..d7c5f034e5
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2020-15900.patch
@@ -0,0 +1,54 @@
+From 5d499272b95a6b890a1397e11d20937de000d31b Mon Sep 17 00:00:00 2001
+From: Ray Johnston <ray.johnston@artifex.com>
+Date: Wed, 22 Jul 2020 09:57:54 -0700
+Subject: [PATCH] Bug 702582, CVE 2020-15900 Memory Corruption in Ghostscript
+ 9.52
+
+Fix the 'rsearch' calculation for the 'post' size to give the correct
+size. Previous calculation would result in a size that was too large,
+and could underflow to max uint32_t. Also fix 'rsearch' to return the
+correct 'pre' string with empty string match.
+
+A future change may 'undefine' this undocumented, non-standard operator
+during initialization as we do with the many other non-standard internal
+PostScript operators and procedures.
+
+Upstream-Status: Backport [https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b]
+CVE: CVE-2020-15900
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ psi/zstring.c | 17 +++++++++++------
+ 1 file changed, 11 insertions(+), 6 deletions(-)
+
+diff --git a/psi/zstring.c b/psi/zstring.c
+index 33662dafa..58e1af2b3 100644
+--- a/psi/zstring.c
++++ b/psi/zstring.c
+@@ -142,13 +142,18 @@ search_impl(i_ctx_t *i_ctx_p, bool forward)
+ return 0;
+ found:
+ op->tas.type_attrs = op1->tas.type_attrs;
+- op->value.bytes = ptr;
+- r_set_size(op, size);
++ op->value.bytes = ptr; /* match */
++ op->tas.rsize = size; /* match */
+ push(2);
+- op[-1] = *op1;
+- r_set_size(op - 1, ptr - op[-1].value.bytes);
+- op1->value.bytes = ptr + size;
+- r_set_size(op1, count + (!forward ? (size - 1) : 0));
++ op[-1] = *op1; /* pre */
++ op[-3].value.bytes = ptr + size; /* post */
++ if (forward) {
++ op[-1].tas.rsize = ptr - op[-1].value.bytes; /* pre */
++ op[-3].tas.rsize = count; /* post */
++ } else {
++ op[-1].tas.rsize = count; /* pre */
++ op[-3].tas.rsize -= count + size; /* post */
++ }
+ make_true(op);
+ return 0;
+ }
+--
+2.17.1
+
diff --git a/meta/recipes-extended/ghostscript/ghostscript/aarch64/objarch.h b/meta/recipes-extended/ghostscript/ghostscript/aarch64/objarch.h
deleted file mode 100644
index a05de29def..0000000000
--- a/meta/recipes-extended/ghostscript/ghostscript/aarch64/objarch.h
+++ /dev/null
@@ -1,40 +0,0 @@
-/* Parameters derived from machine and compiler architecture. */
-/* This file is generated mechanically by genarch.c. */
-
- /* ---------------- Scalar alignments ---------------- */
-
-#define ARCH_ALIGN_SHORT_MOD 2
-#define ARCH_ALIGN_INT_MOD 4
-#define ARCH_ALIGN_LONG_MOD 8
-#define ARCH_ALIGN_PTR_MOD 8
-#define ARCH_ALIGN_FLOAT_MOD 4
-#define ARCH_ALIGN_DOUBLE_MOD 8
-
- /* ---------------- Scalar sizes ---------------- */
-
-#define ARCH_LOG2_SIZEOF_CHAR 0
-#define ARCH_LOG2_SIZEOF_SHORT 1
-#define ARCH_LOG2_SIZEOF_INT 2
-#define ARCH_LOG2_SIZEOF_LONG 3
-#define ARCH_LOG2_SIZEOF_LONG_LONG 3
-#define ARCH_SIZEOF_GX_COLOR_INDEX 8
-#define ARCH_SIZEOF_PTR 8
-#define ARCH_SIZEOF_FLOAT 4
-#define ARCH_SIZEOF_DOUBLE 8
-#define ARCH_FLOAT_MANTISSA_BITS 24
-#define ARCH_DOUBLE_MANTISSA_BITS 53
-
- /* ---------------- Unsigned max values ---------------- */
-
-#define ARCH_MAX_UCHAR ((unsigned char)0xff + (unsigned char)0)
-#define ARCH_MAX_USHORT ((unsigned short)0xffff + (unsigned short)0)
-#define ARCH_MAX_UINT ((unsigned int)~0 + (unsigned int)0)
-#define ARCH_MAX_ULONG ((unsigned long)~0L + (unsigned long)0)
-
- /* ---------------- Miscellaneous ---------------- */
-
-#define ARCH_IS_BIG_ENDIAN 0
-#define ARCH_PTRS_ARE_SIGNED 0
-#define ARCH_FLOATS_ARE_IEEE 1
-#define ARCH_ARITH_RSHIFT 2
-#define ARCH_DIV_NEG_POS_TRUNCATES 1
diff --git a/meta/recipes-extended/ghostscript/ghostscript/arm/objarch.h b/meta/recipes-extended/ghostscript/ghostscript/arm/objarch.h
deleted file mode 100644
index e8772cd958..0000000000
--- a/meta/recipes-extended/ghostscript/ghostscript/arm/objarch.h
+++ /dev/null
@@ -1,40 +0,0 @@
-/* Parameters derived from machine and compiler architecture. */
-/* This file is generated mechanically by genarch.c. */
-
- /* ---------------- Scalar alignments ---------------- */
-
-#define ARCH_ALIGN_SHORT_MOD 2
-#define ARCH_ALIGN_INT_MOD 4
-#define ARCH_ALIGN_LONG_MOD 4
-#define ARCH_ALIGN_PTR_MOD 4
-#define ARCH_ALIGN_FLOAT_MOD 4
-#define ARCH_ALIGN_DOUBLE_MOD 8
-
- /* ---------------- Scalar sizes ---------------- */
-
-#define ARCH_LOG2_SIZEOF_CHAR 0
-#define ARCH_LOG2_SIZEOF_SHORT 1
-#define ARCH_LOG2_SIZEOF_INT 2
-#define ARCH_LOG2_SIZEOF_LONG 2
-#define ARCH_LOG2_SIZEOF_LONG_LONG 3
-#define ARCH_SIZEOF_GX_COLOR_INDEX 8
-#define ARCH_SIZEOF_PTR 4
-#define ARCH_SIZEOF_FLOAT 4
-#define ARCH_SIZEOF_DOUBLE 8
-#define ARCH_FLOAT_MANTISSA_BITS 24
-#define ARCH_DOUBLE_MANTISSA_BITS 53
-
- /* ---------------- Unsigned max values ---------------- */
-
-#define ARCH_MAX_UCHAR ((unsigned char)0xff + (unsigned char)0)
-#define ARCH_MAX_USHORT ((unsigned short)0xffff + (unsigned short)0)
-#define ARCH_MAX_UINT ((unsigned int)~0 + (unsigned int)0)
-#define ARCH_MAX_ULONG ((unsigned long)~0L + (unsigned long)0)
-
- /* ---------------- Miscellaneous ---------------- */
-
-#define ARCH_IS_BIG_ENDIAN 0
-#define ARCH_PTRS_ARE_SIGNED 0
-#define ARCH_FLOATS_ARE_IEEE 1
-#define ARCH_ARITH_RSHIFT 2
-#define ARCH_DIV_NEG_POS_TRUNCATES 1
diff --git a/meta/recipes-extended/ghostscript/ghostscript/armeb/objarch.h b/meta/recipes-extended/ghostscript/ghostscript/armeb/objarch.h
deleted file mode 100644
index 359097f356..0000000000
--- a/meta/recipes-extended/ghostscript/ghostscript/armeb/objarch.h
+++ /dev/null
@@ -1,40 +0,0 @@
-/* Parameters derived from machine and compiler architecture. */
-/* This file is generated mechanically by genarch.c. */
-
- /* ---------------- Scalar alignments ---------------- */
-
-#define ARCH_ALIGN_SHORT_MOD 2
-#define ARCH_ALIGN_INT_MOD 4
-#define ARCH_ALIGN_LONG_MOD 4
-#define ARCH_ALIGN_PTR_MOD 4
-#define ARCH_ALIGN_FLOAT_MOD 4
-#define ARCH_ALIGN_DOUBLE_MOD 8
-
- /* ---------------- Scalar sizes ---------------- */
-
-#define ARCH_LOG2_SIZEOF_CHAR 0
-#define ARCH_LOG2_SIZEOF_SHORT 1
-#define ARCH_LOG2_SIZEOF_INT 2
-#define ARCH_LOG2_SIZEOF_LONG 2
-#define ARCH_LOG2_SIZEOF_LONG_LONG 3
-#define ARCH_SIZEOF_GX_COLOR_INDEX 8
-#define ARCH_SIZEOF_PTR 4
-#define ARCH_SIZEOF_FLOAT 4
-#define ARCH_SIZEOF_DOUBLE 8
-#define ARCH_FLOAT_MANTISSA_BITS 24
-#define ARCH_DOUBLE_MANTISSA_BITS 53
-
- /* ---------------- Unsigned max values ---------------- */
-
-#define ARCH_MAX_UCHAR ((unsigned char)0xff + (unsigned char)0)
-#define ARCH_MAX_USHORT ((unsigned short)0xffff + (unsigned short)0)
-#define ARCH_MAX_UINT ((unsigned int)~0 + (unsigned int)0)
-#define ARCH_MAX_ULONG ((unsigned long)~0L + (unsigned long)0)
-
- /* ---------------- Miscellaneous ---------------- */
-
-#define ARCH_IS_BIG_ENDIAN 1
-#define ARCH_PTRS_ARE_SIGNED 0
-#define ARCH_FLOATS_ARE_IEEE 1
-#define ARCH_ARITH_RSHIFT 2
-#define ARCH_DIV_NEG_POS_TRUNCATES 1
diff --git a/meta/recipes-extended/ghostscript/ghostscript/ghostscript-9.02-genarch.patch b/meta/recipes-extended/ghostscript/ghostscript/ghostscript-9.02-genarch.patch
deleted file mode 100644
index 7b70bb8e2c..0000000000
--- a/meta/recipes-extended/ghostscript/ghostscript/ghostscript-9.02-genarch.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From c076d0fc970f190f723018258790c79b59daba2e Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Sat, 11 May 2019 21:20:27 +0800
-Subject: [PATCH] not generate objarch.h at compile time
-
-Import patch from windriver linux for cross compilation, and split
-patches into oe way under different directories such as i586, powerpc etc
-according to Richard's opinion.
-
-Upstream-Status: Pending
-
-Signed-off-by: Kang Kai <kai.kang@windriver.com>
-Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
-
-Rebase to 9.27
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- base/lib.mak | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/base/lib.mak b/base/lib.mak
-index 3ed088a..5af2b43 100644
---- a/base/lib.mak
-+++ b/base/lib.mak
-@@ -87,8 +87,8 @@ arch_h=$(GLGEN)arch.h
- stdpre_h=$(GLSRC)stdpre.h
- stdint__h=$(GLSRC)stdint_.h
-
--$(GLGEN)arch.h : $(GENARCH_XE)
-- $(EXP)$(GENARCH_XE) $(GLGEN)arch.h $(TARGET_ARCH_FILE)
-+##$(GLGEN)arch.h : $(GENARCH_XE)
-+## $(EXP)$(GENARCH_XE) $(GLGEN)arch.h $(TARGET_ARCH_FILE)
-
- # Platform interfaces
-
---
-2.7.4
-
diff --git a/meta/recipes-extended/ghostscript/ghostscript/i586/objarch.h b/meta/recipes-extended/ghostscript/ghostscript/i586/objarch.h
deleted file mode 100644
index 5817b7a6d7..0000000000
--- a/meta/recipes-extended/ghostscript/ghostscript/i586/objarch.h
+++ /dev/null
@@ -1,41 +0,0 @@
-/* Parameters derived from machine and compiler architecture. */
-/* This file is generated mechanically by genarch.c. */
-
- /* ---------------- Scalar alignments ---------------- */
-
-#define ARCH_ALIGN_SHORT_MOD 2
-#define ARCH_ALIGN_INT_MOD 4
-#define ARCH_ALIGN_LONG_MOD 4
-#define ARCH_ALIGN_PTR_MOD 4
-#define ARCH_ALIGN_FLOAT_MOD 4
-#define ARCH_ALIGN_DOUBLE_MOD 4
-
- /* ---------------- Scalar sizes ---------------- */
-
-#define ARCH_LOG2_SIZEOF_CHAR 0
-#define ARCH_LOG2_SIZEOF_SHORT 1
-#define ARCH_LOG2_SIZEOF_INT 2
-#define ARCH_LOG2_SIZEOF_LONG 2
-#define ARCH_LOG2_SIZEOF_LONG_LONG 3
-#define ARCH_SIZEOF_GX_COLOR_INDEX 8
-#define ARCH_SIZEOF_PTR 4
-#define ARCH_SIZEOF_FLOAT 4
-#define ARCH_SIZEOF_DOUBLE 8
-#define ARCH_FLOAT_MANTISSA_BITS 24
-#define ARCH_DOUBLE_MANTISSA_BITS 53
-
- /* ---------------- Unsigned max values ---------------- */
-
-#define ARCH_MAX_UCHAR ((unsigned char)0xff + (unsigned char)0)
-#define ARCH_MAX_USHORT ((unsigned short)0xffff + (unsigned short)0)
-#define ARCH_MAX_UINT ((unsigned int)~0 + (unsigned int)0)
-#define ARCH_MAX_ULONG ((unsigned long)~0L + (unsigned long)0)
-
- /* ---------------- Miscellaneous ---------------- */
-
-#define ARCH_IS_BIG_ENDIAN 0
-#define ARCH_PTRS_ARE_SIGNED 0
-#define ARCH_FLOATS_ARE_IEEE 1
-#define ARCH_ARITH_RSHIFT 2
-#define ARCH_DIV_NEG_POS_TRUNCATES 1
-
diff --git a/meta/recipes-extended/ghostscript/ghostscript/i686 b/meta/recipes-extended/ghostscript/ghostscript/i686
deleted file mode 120000
index 87aaca5903..0000000000
--- a/meta/recipes-extended/ghostscript/ghostscript/i686
+++ /dev/null
@@ -1 +0,0 @@
-i586 \ No newline at end of file
diff --git a/meta/recipes-extended/ghostscript/ghostscript/microblaze/objarch.h b/meta/recipes-extended/ghostscript/ghostscript/microblaze/objarch.h
deleted file mode 100644
index 63232fdfa6..0000000000
--- a/meta/recipes-extended/ghostscript/ghostscript/microblaze/objarch.h
+++ /dev/null
@@ -1,40 +0,0 @@
-/* Parameters derived from machine and compiler architecture. */
-/* This file is generated mechanically by genarch.c. */
-
- /* ---------------- Scalar alignments ---------------- */
-
-#define ARCH_ALIGN_SHORT_MOD 2
-#define ARCH_ALIGN_INT_MOD 4
-#define ARCH_ALIGN_LONG_MOD 4
-#define ARCH_ALIGN_PTR_MOD 4
-#define ARCH_ALIGN_FLOAT_MOD 4
-#define ARCH_ALIGN_DOUBLE_MOD 4
-
- /* ---------------- Scalar sizes ---------------- */
-
-#define ARCH_LOG2_SIZEOF_CHAR 0
-#define ARCH_LOG2_SIZEOF_SHORT 1
-#define ARCH_LOG2_SIZEOF_INT 2
-#define ARCH_LOG2_SIZEOF_LONG 2
-#define ARCH_LOG2_SIZEOF_LONG_LONG 3
-#define ARCH_SIZEOF_GX_COLOR_INDEX 8
-#define ARCH_SIZEOF_PTR 4
-#define ARCH_SIZEOF_FLOAT 4
-#define ARCH_SIZEOF_DOUBLE 8
-#define ARCH_FLOAT_MANTISSA_BITS 24
-#define ARCH_DOUBLE_MANTISSA_BITS 53
-
- /* ---------------- Unsigned max values ---------------- */
-
-#define ARCH_MAX_UCHAR ((unsigned char)0xff + (unsigned char)0)
-#define ARCH_MAX_USHORT ((unsigned short)0xffff + (unsigned short)0)
-#define ARCH_MAX_UINT ((unsigned int)~0 + (unsigned int)0)
-#define ARCH_MAX_ULONG ((unsigned long)~0L + (unsigned long)0)
-
- /* ---------------- Miscellaneous ---------------- */
-
-#define ARCH_IS_BIG_ENDIAN 1
-#define ARCH_PTRS_ARE_SIGNED 0
-#define ARCH_FLOATS_ARE_IEEE 1
-#define ARCH_ARITH_RSHIFT 2
-#define ARCH_DIV_NEG_POS_TRUNCATES 1
diff --git a/meta/recipes-extended/ghostscript/ghostscript/microblazeel/objarch.h b/meta/recipes-extended/ghostscript/ghostscript/microblazeel/objarch.h
deleted file mode 100644
index 3ec8101681..0000000000
--- a/meta/recipes-extended/ghostscript/ghostscript/microblazeel/objarch.h
+++ /dev/null
@@ -1,40 +0,0 @@
-/* Parameters derived from machine and compiler architecture. */
-/* This file is generated mechanically by genarch.c. */
-
- /* ---------------- Scalar alignments ---------------- */
-
-#define ARCH_ALIGN_SHORT_MOD 2
-#define ARCH_ALIGN_INT_MOD 4
-#define ARCH_ALIGN_LONG_MOD 4
-#define ARCH_ALIGN_PTR_MOD 4
-#define ARCH_ALIGN_FLOAT_MOD 4
-#define ARCH_ALIGN_DOUBLE_MOD 4
-
- /* ---------------- Scalar sizes ---------------- */
-
-#define ARCH_LOG2_SIZEOF_CHAR 0
-#define ARCH_LOG2_SIZEOF_SHORT 1
-#define ARCH_LOG2_SIZEOF_INT 2
-#define ARCH_LOG2_SIZEOF_LONG 2
-#define ARCH_LOG2_SIZEOF_LONG_LONG 3
-#define ARCH_SIZEOF_GX_COLOR_INDEX 8
-#define ARCH_SIZEOF_PTR 4
-#define ARCH_SIZEOF_FLOAT 4
-#define ARCH_SIZEOF_DOUBLE 8
-#define ARCH_FLOAT_MANTISSA_BITS 24
-#define ARCH_DOUBLE_MANTISSA_BITS 53
-
- /* ---------------- Unsigned max values ---------------- */
-
-#define ARCH_MAX_UCHAR ((unsigned char)0xff + (unsigned char)0)
-#define ARCH_MAX_USHORT ((unsigned short)0xffff + (unsigned short)0)
-#define ARCH_MAX_UINT ((unsigned int)~0 + (unsigned int)0)
-#define ARCH_MAX_ULONG ((unsigned long)~0L + (unsigned long)0)
-
- /* ---------------- Miscellaneous ---------------- */
-
-#define ARCH_IS_BIG_ENDIAN 0
-#define ARCH_PTRS_ARE_SIGNED 0
-#define ARCH_FLOATS_ARE_IEEE 1
-#define ARCH_ARITH_RSHIFT 2
-#define ARCH_DIV_NEG_POS_TRUNCATES 1
diff --git a/meta/recipes-extended/ghostscript/ghostscript/mipsarchn32eb/objarch.h b/meta/recipes-extended/ghostscript/ghostscript/mipsarchn32eb/objarch.h
deleted file mode 100644
index 0d0a16bfa3..0000000000
--- a/meta/recipes-extended/ghostscript/ghostscript/mipsarchn32eb/objarch.h
+++ /dev/null
@@ -1,40 +0,0 @@
-/* Parameters derived from machine and compiler architecture. */
-/* This file is generated mechanically by genarch.c. */
-
- /* ---------------- Scalar alignments ---------------- */
-
-#define ARCH_ALIGN_SHORT_MOD 2
-#define ARCH_ALIGN_INT_MOD 4
-#define ARCH_ALIGN_LONG_MOD 8
-#define ARCH_ALIGN_PTR_MOD 8
-#define ARCH_ALIGN_FLOAT_MOD 4
-#define ARCH_ALIGN_DOUBLE_MOD 8
-
- /* ---------------- Scalar sizes ---------------- */
-
-#define ARCH_LOG2_SIZEOF_CHAR 0
-#define ARCH_LOG2_SIZEOF_SHORT 1
-#define ARCH_LOG2_SIZEOF_INT 2
-#define ARCH_LOG2_SIZEOF_LONG 3
-#define ARCH_LOG2_SIZEOF_LONG_LONG 3
-#define ARCH_SIZEOF_GX_COLOR_INDEX 8
-#define ARCH_SIZEOF_PTR 8
-#define ARCH_SIZEOF_FLOAT 4
-#define ARCH_SIZEOF_DOUBLE 8
-#define ARCH_FLOAT_MANTISSA_BITS 24
-#define ARCH_DOUBLE_MANTISSA_BITS 53
-
- /* ---------------- Unsigned max values ---------------- */
-
-#define ARCH_MAX_UCHAR ((unsigned char)0xff + (unsigned char)0)
-#define ARCH_MAX_USHORT ((unsigned short)0xffff + (unsigned short)0)
-#define ARCH_MAX_UINT ((unsigned int)~0 + (unsigned int)0)
-#define ARCH_MAX_ULONG ((unsigned long)~0L + (unsigned long)0)
-
- /* ---------------- Miscellaneous ---------------- */
-
-#define ARCH_IS_BIG_ENDIAN 1
-#define ARCH_PTRS_ARE_SIGNED 0
-#define ARCH_FLOATS_ARE_IEEE 1
-#define ARCH_ARITH_RSHIFT 2
-#define ARCH_DIV_NEG_POS_TRUNCATES 1
diff --git a/meta/recipes-extended/ghostscript/ghostscript/mipsarchn32el/objarch.h b/meta/recipes-extended/ghostscript/ghostscript/mipsarchn32el/objarch.h
deleted file mode 100644
index a05de29def..0000000000
--- a/meta/recipes-extended/ghostscript/ghostscript/mipsarchn32el/objarch.h
+++ /dev/null
@@ -1,40 +0,0 @@
-/* Parameters derived from machine and compiler architecture. */
-/* This file is generated mechanically by genarch.c. */
-
- /* ---------------- Scalar alignments ---------------- */
-
-#define ARCH_ALIGN_SHORT_MOD 2
-#define ARCH_ALIGN_INT_MOD 4
-#define ARCH_ALIGN_LONG_MOD 8
-#define ARCH_ALIGN_PTR_MOD 8
-#define ARCH_ALIGN_FLOAT_MOD 4
-#define ARCH_ALIGN_DOUBLE_MOD 8
-
- /* ---------------- Scalar sizes ---------------- */
-
-#define ARCH_LOG2_SIZEOF_CHAR 0
-#define ARCH_LOG2_SIZEOF_SHORT 1
-#define ARCH_LOG2_SIZEOF_INT 2
-#define ARCH_LOG2_SIZEOF_LONG 3
-#define ARCH_LOG2_SIZEOF_LONG_LONG 3
-#define ARCH_SIZEOF_GX_COLOR_INDEX 8
-#define ARCH_SIZEOF_PTR 8
-#define ARCH_SIZEOF_FLOAT 4
-#define ARCH_SIZEOF_DOUBLE 8
-#define ARCH_FLOAT_MANTISSA_BITS 24
-#define ARCH_DOUBLE_MANTISSA_BITS 53
-
- /* ---------------- Unsigned max values ---------------- */
-
-#define ARCH_MAX_UCHAR ((unsigned char)0xff + (unsigned char)0)
-#define ARCH_MAX_USHORT ((unsigned short)0xffff + (unsigned short)0)
-#define ARCH_MAX_UINT ((unsigned int)~0 + (unsigned int)0)
-#define ARCH_MAX_ULONG ((unsigned long)~0L + (unsigned long)0)
-
- /* ---------------- Miscellaneous ---------------- */
-
-#define ARCH_IS_BIG_ENDIAN 0
-#define ARCH_PTRS_ARE_SIGNED 0
-#define ARCH_FLOATS_ARE_IEEE 1
-#define ARCH_ARITH_RSHIFT 2
-#define ARCH_DIV_NEG_POS_TRUNCATES 1
diff --git a/meta/recipes-extended/ghostscript/ghostscript/mipsarchn64eb/objarch.h b/meta/recipes-extended/ghostscript/ghostscript/mipsarchn64eb/objarch.h
deleted file mode 100644
index 0d0a16bfa3..0000000000
--- a/meta/recipes-extended/ghostscript/ghostscript/mipsarchn64eb/objarch.h
+++ /dev/null
@@ -1,40 +0,0 @@
-/* Parameters derived from machine and compiler architecture. */
-/* This file is generated mechanically by genarch.c. */
-
- /* ---------------- Scalar alignments ---------------- */
-
-#define ARCH_ALIGN_SHORT_MOD 2
-#define ARCH_ALIGN_INT_MOD 4
-#define ARCH_ALIGN_LONG_MOD 8
-#define ARCH_ALIGN_PTR_MOD 8
-#define ARCH_ALIGN_FLOAT_MOD 4
-#define ARCH_ALIGN_DOUBLE_MOD 8
-
- /* ---------------- Scalar sizes ---------------- */
-
-#define ARCH_LOG2_SIZEOF_CHAR 0
-#define ARCH_LOG2_SIZEOF_SHORT 1
-#define ARCH_LOG2_SIZEOF_INT 2
-#define ARCH_LOG2_SIZEOF_LONG 3
-#define ARCH_LOG2_SIZEOF_LONG_LONG 3
-#define ARCH_SIZEOF_GX_COLOR_INDEX 8
-#define ARCH_SIZEOF_PTR 8
-#define ARCH_SIZEOF_FLOAT 4
-#define ARCH_SIZEOF_DOUBLE 8
-#define ARCH_FLOAT_MANTISSA_BITS 24
-#define ARCH_DOUBLE_MANTISSA_BITS 53
-
- /* ---------------- Unsigned max values ---------------- */
-
-#define ARCH_MAX_UCHAR ((unsigned char)0xff + (unsigned char)0)
-#define ARCH_MAX_USHORT ((unsigned short)0xffff + (unsigned short)0)
-#define ARCH_MAX_UINT ((unsigned int)~0 + (unsigned int)0)
-#define ARCH_MAX_ULONG ((unsigned long)~0L + (unsigned long)0)
-
- /* ---------------- Miscellaneous ---------------- */
-
-#define ARCH_IS_BIG_ENDIAN 1
-#define ARCH_PTRS_ARE_SIGNED 0
-#define ARCH_FLOATS_ARE_IEEE 1
-#define ARCH_ARITH_RSHIFT 2
-#define ARCH_DIV_NEG_POS_TRUNCATES 1
diff --git a/meta/recipes-extended/ghostscript/ghostscript/mipsarchn64el/objarch.h b/meta/recipes-extended/ghostscript/ghostscript/mipsarchn64el/objarch.h
deleted file mode 100644
index a05de29def..0000000000
--- a/meta/recipes-extended/ghostscript/ghostscript/mipsarchn64el/objarch.h
+++ /dev/null
@@ -1,40 +0,0 @@
-/* Parameters derived from machine and compiler architecture. */
-/* This file is generated mechanically by genarch.c. */
-
- /* ---------------- Scalar alignments ---------------- */
-
-#define ARCH_ALIGN_SHORT_MOD 2
-#define ARCH_ALIGN_INT_MOD 4
-#define ARCH_ALIGN_LONG_MOD 8
-#define ARCH_ALIGN_PTR_MOD 8
-#define ARCH_ALIGN_FLOAT_MOD 4
-#define ARCH_ALIGN_DOUBLE_MOD 8
-
- /* ---------------- Scalar sizes ---------------- */
-
-#define ARCH_LOG2_SIZEOF_CHAR 0
-#define ARCH_LOG2_SIZEOF_SHORT 1
-#define ARCH_LOG2_SIZEOF_INT 2
-#define ARCH_LOG2_SIZEOF_LONG 3
-#define ARCH_LOG2_SIZEOF_LONG_LONG 3
-#define ARCH_SIZEOF_GX_COLOR_INDEX 8
-#define ARCH_SIZEOF_PTR 8
-#define ARCH_SIZEOF_FLOAT 4
-#define ARCH_SIZEOF_DOUBLE 8
-#define ARCH_FLOAT_MANTISSA_BITS 24
-#define ARCH_DOUBLE_MANTISSA_BITS 53
-
- /* ---------------- Unsigned max values ---------------- */
-
-#define ARCH_MAX_UCHAR ((unsigned char)0xff + (unsigned char)0)
-#define ARCH_MAX_USHORT ((unsigned short)0xffff + (unsigned short)0)
-#define ARCH_MAX_UINT ((unsigned int)~0 + (unsigned int)0)
-#define ARCH_MAX_ULONG ((unsigned long)~0L + (unsigned long)0)
-
- /* ---------------- Miscellaneous ---------------- */
-
-#define ARCH_IS_BIG_ENDIAN 0
-#define ARCH_PTRS_ARE_SIGNED 0
-#define ARCH_FLOATS_ARE_IEEE 1
-#define ARCH_ARITH_RSHIFT 2
-#define ARCH_DIV_NEG_POS_TRUNCATES 1
diff --git a/meta/recipes-extended/ghostscript/ghostscript/mipsarcho32eb/objarch.h b/meta/recipes-extended/ghostscript/ghostscript/mipsarcho32eb/objarch.h
deleted file mode 100644
index b8b637cca2..0000000000
--- a/meta/recipes-extended/ghostscript/ghostscript/mipsarcho32eb/objarch.h
+++ /dev/null
@@ -1,40 +0,0 @@
-/* Parameters derived from machine and compiler architecture. */
-/* This file is generated mechanically by genarch.c. */
-
- /* ---------------- Scalar alignments ---------------- */
-
-#define ARCH_ALIGN_SHORT_MOD 2
-#define ARCH_ALIGN_INT_MOD 4
-#define ARCH_ALIGN_LONG_MOD 4
-#define ARCH_ALIGN_PTR_MOD 4
-#define ARCH_ALIGN_FLOAT_MOD 4
-#define ARCH_ALIGN_DOUBLE_MOD 8
-
- /* ---------------- Scalar sizes ---------------- */
-
-#define ARCH_LOG2_SIZEOF_CHAR 0
-#define ARCH_LOG2_SIZEOF_SHORT 1
-#define ARCH_LOG2_SIZEOF_INT 2
-#define ARCH_LOG2_SIZEOF_LONG 2
-#define ARCH_LOG2_SIZEOF_LONG_LONG 3
-#define ARCH_SIZEOF_GX_COLOR_INDEX 4
-#define ARCH_SIZEOF_PTR 4
-#define ARCH_SIZEOF_FLOAT 4
-#define ARCH_SIZEOF_DOUBLE 8
-#define ARCH_FLOAT_MANTISSA_BITS 24
-#define ARCH_DOUBLE_MANTISSA_BITS 53
-
- /* ---------------- Unsigned max values ---------------- */
-
-#define ARCH_MAX_UCHAR ((unsigned char)0xff + (unsigned char)0)
-#define ARCH_MAX_USHORT ((unsigned short)0xffff + (unsigned short)0)
-#define ARCH_MAX_UINT ((unsigned int)~0 + (unsigned int)0)
-#define ARCH_MAX_ULONG ((unsigned long)~0L + (unsigned long)0)
-
- /* ---------------- Miscellaneous ---------------- */
-
-#define ARCH_IS_BIG_ENDIAN 1
-#define ARCH_PTRS_ARE_SIGNED 0
-#define ARCH_FLOATS_ARE_IEEE 1
-#define ARCH_ARITH_RSHIFT 2
-#define ARCH_DIV_NEG_POS_TRUNCATES 1
diff --git a/meta/recipes-extended/ghostscript/ghostscript/mipsarcho32el/objarch.h b/meta/recipes-extended/ghostscript/ghostscript/mipsarcho32el/objarch.h
deleted file mode 100644
index 29f90ddf85..0000000000
--- a/meta/recipes-extended/ghostscript/ghostscript/mipsarcho32el/objarch.h
+++ /dev/null
@@ -1,40 +0,0 @@
-/* Parameters derived from machine and compiler architecture. */
-/* This file is generated mechanically by genarch.c. */
-
- /* ---------------- Scalar alignments ---------------- */
-
-#define ARCH_ALIGN_SHORT_MOD 2
-#define ARCH_ALIGN_INT_MOD 4
-#define ARCH_ALIGN_LONG_MOD 4
-#define ARCH_ALIGN_PTR_MOD 4
-#define ARCH_ALIGN_FLOAT_MOD 4
-#define ARCH_ALIGN_DOUBLE_MOD 8
-
- /* ---------------- Scalar sizes ---------------- */
-
-#define ARCH_LOG2_SIZEOF_CHAR 0
-#define ARCH_LOG2_SIZEOF_SHORT 1
-#define ARCH_LOG2_SIZEOF_INT 2
-#define ARCH_LOG2_SIZEOF_LONG 2
-#define ARCH_LOG2_SIZEOF_LONG_LONG 3
-#define ARCH_SIZEOF_GX_COLOR_INDEX 4
-#define ARCH_SIZEOF_PTR 4
-#define ARCH_SIZEOF_FLOAT 4
-#define ARCH_SIZEOF_DOUBLE 8
-#define ARCH_FLOAT_MANTISSA_BITS 24
-#define ARCH_DOUBLE_MANTISSA_BITS 53
-
- /* ---------------- Unsigned max values ---------------- */
-
-#define ARCH_MAX_UCHAR ((unsigned char)0xff + (unsigned char)0)
-#define ARCH_MAX_USHORT ((unsigned short)0xffff + (unsigned short)0)
-#define ARCH_MAX_UINT ((unsigned int)~0 + (unsigned int)0)
-#define ARCH_MAX_ULONG ((unsigned long)~0L + (unsigned long)0)
-
- /* ---------------- Miscellaneous ---------------- */
-
-#define ARCH_IS_BIG_ENDIAN 0
-#define ARCH_PTRS_ARE_SIGNED 0
-#define ARCH_FLOATS_ARE_IEEE 1
-#define ARCH_ARITH_RSHIFT 2
-#define ARCH_DIV_NEG_POS_TRUNCATES 1
diff --git a/meta/recipes-extended/ghostscript/ghostscript/nios2/objarch.h b/meta/recipes-extended/ghostscript/ghostscript/nios2/objarch.h
deleted file mode 100644
index 3ec8101681..0000000000
--- a/meta/recipes-extended/ghostscript/ghostscript/nios2/objarch.h
+++ /dev/null
@@ -1,40 +0,0 @@
-/* Parameters derived from machine and compiler architecture. */
-/* This file is generated mechanically by genarch.c. */
-
- /* ---------------- Scalar alignments ---------------- */
-
-#define ARCH_ALIGN_SHORT_MOD 2
-#define ARCH_ALIGN_INT_MOD 4
-#define ARCH_ALIGN_LONG_MOD 4
-#define ARCH_ALIGN_PTR_MOD 4
-#define ARCH_ALIGN_FLOAT_MOD 4
-#define ARCH_ALIGN_DOUBLE_MOD 4
-
- /* ---------------- Scalar sizes ---------------- */
-
-#define ARCH_LOG2_SIZEOF_CHAR 0
-#define ARCH_LOG2_SIZEOF_SHORT 1
-#define ARCH_LOG2_SIZEOF_INT 2
-#define ARCH_LOG2_SIZEOF_LONG 2
-#define ARCH_LOG2_SIZEOF_LONG_LONG 3
-#define ARCH_SIZEOF_GX_COLOR_INDEX 8
-#define ARCH_SIZEOF_PTR 4
-#define ARCH_SIZEOF_FLOAT 4
-#define ARCH_SIZEOF_DOUBLE 8
-#define ARCH_FLOAT_MANTISSA_BITS 24
-#define ARCH_DOUBLE_MANTISSA_BITS 53
-
- /* ---------------- Unsigned max values ---------------- */
-
-#define ARCH_MAX_UCHAR ((unsigned char)0xff + (unsigned char)0)
-#define ARCH_MAX_USHORT ((unsigned short)0xffff + (unsigned short)0)
-#define ARCH_MAX_UINT ((unsigned int)~0 + (unsigned int)0)
-#define ARCH_MAX_ULONG ((unsigned long)~0L + (unsigned long)0)
-
- /* ---------------- Miscellaneous ---------------- */
-
-#define ARCH_IS_BIG_ENDIAN 0
-#define ARCH_PTRS_ARE_SIGNED 0
-#define ARCH_FLOATS_ARE_IEEE 1
-#define ARCH_ARITH_RSHIFT 2
-#define ARCH_DIV_NEG_POS_TRUNCATES 1
diff --git a/meta/recipes-extended/ghostscript/ghostscript/powerpc/objarch.h b/meta/recipes-extended/ghostscript/ghostscript/powerpc/objarch.h
deleted file mode 100644
index 359097f356..0000000000
--- a/meta/recipes-extended/ghostscript/ghostscript/powerpc/objarch.h
+++ /dev/null
@@ -1,40 +0,0 @@
-/* Parameters derived from machine and compiler architecture. */
-/* This file is generated mechanically by genarch.c. */
-
- /* ---------------- Scalar alignments ---------------- */
-
-#define ARCH_ALIGN_SHORT_MOD 2
-#define ARCH_ALIGN_INT_MOD 4
-#define ARCH_ALIGN_LONG_MOD 4
-#define ARCH_ALIGN_PTR_MOD 4
-#define ARCH_ALIGN_FLOAT_MOD 4
-#define ARCH_ALIGN_DOUBLE_MOD 8
-
- /* ---------------- Scalar sizes ---------------- */
-
-#define ARCH_LOG2_SIZEOF_CHAR 0
-#define ARCH_LOG2_SIZEOF_SHORT 1
-#define ARCH_LOG2_SIZEOF_INT 2
-#define ARCH_LOG2_SIZEOF_LONG 2
-#define ARCH_LOG2_SIZEOF_LONG_LONG 3
-#define ARCH_SIZEOF_GX_COLOR_INDEX 8
-#define ARCH_SIZEOF_PTR 4
-#define ARCH_SIZEOF_FLOAT 4
-#define ARCH_SIZEOF_DOUBLE 8
-#define ARCH_FLOAT_MANTISSA_BITS 24
-#define ARCH_DOUBLE_MANTISSA_BITS 53
-
- /* ---------------- Unsigned max values ---------------- */
-
-#define ARCH_MAX_UCHAR ((unsigned char)0xff + (unsigned char)0)
-#define ARCH_MAX_USHORT ((unsigned short)0xffff + (unsigned short)0)
-#define ARCH_MAX_UINT ((unsigned int)~0 + (unsigned int)0)
-#define ARCH_MAX_ULONG ((unsigned long)~0L + (unsigned long)0)
-
- /* ---------------- Miscellaneous ---------------- */
-
-#define ARCH_IS_BIG_ENDIAN 1
-#define ARCH_PTRS_ARE_SIGNED 0
-#define ARCH_FLOATS_ARE_IEEE 1
-#define ARCH_ARITH_RSHIFT 2
-#define ARCH_DIV_NEG_POS_TRUNCATES 1
diff --git a/meta/recipes-extended/ghostscript/ghostscript/powerpc64/objarch.h b/meta/recipes-extended/ghostscript/ghostscript/powerpc64/objarch.h
deleted file mode 100644
index 0d0a16bfa3..0000000000
--- a/meta/recipes-extended/ghostscript/ghostscript/powerpc64/objarch.h
+++ /dev/null
@@ -1,40 +0,0 @@
-/* Parameters derived from machine and compiler architecture. */
-/* This file is generated mechanically by genarch.c. */
-
- /* ---------------- Scalar alignments ---------------- */
-
-#define ARCH_ALIGN_SHORT_MOD 2
-#define ARCH_ALIGN_INT_MOD 4
-#define ARCH_ALIGN_LONG_MOD 8
-#define ARCH_ALIGN_PTR_MOD 8
-#define ARCH_ALIGN_FLOAT_MOD 4
-#define ARCH_ALIGN_DOUBLE_MOD 8
-
- /* ---------------- Scalar sizes ---------------- */
-
-#define ARCH_LOG2_SIZEOF_CHAR 0
-#define ARCH_LOG2_SIZEOF_SHORT 1
-#define ARCH_LOG2_SIZEOF_INT 2
-#define ARCH_LOG2_SIZEOF_LONG 3
-#define ARCH_LOG2_SIZEOF_LONG_LONG 3
-#define ARCH_SIZEOF_GX_COLOR_INDEX 8
-#define ARCH_SIZEOF_PTR 8
-#define ARCH_SIZEOF_FLOAT 4
-#define ARCH_SIZEOF_DOUBLE 8
-#define ARCH_FLOAT_MANTISSA_BITS 24
-#define ARCH_DOUBLE_MANTISSA_BITS 53
-
- /* ---------------- Unsigned max values ---------------- */
-
-#define ARCH_MAX_UCHAR ((unsigned char)0xff + (unsigned char)0)
-#define ARCH_MAX_USHORT ((unsigned short)0xffff + (unsigned short)0)
-#define ARCH_MAX_UINT ((unsigned int)~0 + (unsigned int)0)
-#define ARCH_MAX_ULONG ((unsigned long)~0L + (unsigned long)0)
-
- /* ---------------- Miscellaneous ---------------- */
-
-#define ARCH_IS_BIG_ENDIAN 1
-#define ARCH_PTRS_ARE_SIGNED 0
-#define ARCH_FLOATS_ARE_IEEE 1
-#define ARCH_ARITH_RSHIFT 2
-#define ARCH_DIV_NEG_POS_TRUNCATES 1
diff --git a/meta/recipes-extended/ghostscript/ghostscript/powerpc64le/objarch.h b/meta/recipes-extended/ghostscript/ghostscript/powerpc64le/objarch.h
deleted file mode 100644
index a05de29def..0000000000
--- a/meta/recipes-extended/ghostscript/ghostscript/powerpc64le/objarch.h
+++ /dev/null
@@ -1,40 +0,0 @@
-/* Parameters derived from machine and compiler architecture. */
-/* This file is generated mechanically by genarch.c. */
-
- /* ---------------- Scalar alignments ---------------- */
-
-#define ARCH_ALIGN_SHORT_MOD 2
-#define ARCH_ALIGN_INT_MOD 4
-#define ARCH_ALIGN_LONG_MOD 8
-#define ARCH_ALIGN_PTR_MOD 8
-#define ARCH_ALIGN_FLOAT_MOD 4
-#define ARCH_ALIGN_DOUBLE_MOD 8
-
- /* ---------------- Scalar sizes ---------------- */
-
-#define ARCH_LOG2_SIZEOF_CHAR 0
-#define ARCH_LOG2_SIZEOF_SHORT 1
-#define ARCH_LOG2_SIZEOF_INT 2
-#define ARCH_LOG2_SIZEOF_LONG 3
-#define ARCH_LOG2_SIZEOF_LONG_LONG 3
-#define ARCH_SIZEOF_GX_COLOR_INDEX 8
-#define ARCH_SIZEOF_PTR 8
-#define ARCH_SIZEOF_FLOAT 4
-#define ARCH_SIZEOF_DOUBLE 8
-#define ARCH_FLOAT_MANTISSA_BITS 24
-#define ARCH_DOUBLE_MANTISSA_BITS 53
-
- /* ---------------- Unsigned max values ---------------- */
-
-#define ARCH_MAX_UCHAR ((unsigned char)0xff + (unsigned char)0)
-#define ARCH_MAX_USHORT ((unsigned short)0xffff + (unsigned short)0)
-#define ARCH_MAX_UINT ((unsigned int)~0 + (unsigned int)0)
-#define ARCH_MAX_ULONG ((unsigned long)~0L + (unsigned long)0)
-
- /* ---------------- Miscellaneous ---------------- */
-
-#define ARCH_IS_BIG_ENDIAN 0
-#define ARCH_PTRS_ARE_SIGNED 0
-#define ARCH_FLOATS_ARE_IEEE 1
-#define ARCH_ARITH_RSHIFT 2
-#define ARCH_DIV_NEG_POS_TRUNCATES 1
diff --git a/meta/recipes-extended/ghostscript/ghostscript/x86-64/objarch.h b/meta/recipes-extended/ghostscript/ghostscript/x86-64/objarch.h
deleted file mode 100644
index a05de29def..0000000000
--- a/meta/recipes-extended/ghostscript/ghostscript/x86-64/objarch.h
+++ /dev/null
@@ -1,40 +0,0 @@
-/* Parameters derived from machine and compiler architecture. */
-/* This file is generated mechanically by genarch.c. */
-
- /* ---------------- Scalar alignments ---------------- */
-
-#define ARCH_ALIGN_SHORT_MOD 2
-#define ARCH_ALIGN_INT_MOD 4
-#define ARCH_ALIGN_LONG_MOD 8
-#define ARCH_ALIGN_PTR_MOD 8
-#define ARCH_ALIGN_FLOAT_MOD 4
-#define ARCH_ALIGN_DOUBLE_MOD 8
-
- /* ---------------- Scalar sizes ---------------- */
-
-#define ARCH_LOG2_SIZEOF_CHAR 0
-#define ARCH_LOG2_SIZEOF_SHORT 1
-#define ARCH_LOG2_SIZEOF_INT 2
-#define ARCH_LOG2_SIZEOF_LONG 3
-#define ARCH_LOG2_SIZEOF_LONG_LONG 3
-#define ARCH_SIZEOF_GX_COLOR_INDEX 8
-#define ARCH_SIZEOF_PTR 8
-#define ARCH_SIZEOF_FLOAT 4
-#define ARCH_SIZEOF_DOUBLE 8
-#define ARCH_FLOAT_MANTISSA_BITS 24
-#define ARCH_DOUBLE_MANTISSA_BITS 53
-
- /* ---------------- Unsigned max values ---------------- */
-
-#define ARCH_MAX_UCHAR ((unsigned char)0xff + (unsigned char)0)
-#define ARCH_MAX_USHORT ((unsigned short)0xffff + (unsigned short)0)
-#define ARCH_MAX_UINT ((unsigned int)~0 + (unsigned int)0)
-#define ARCH_MAX_ULONG ((unsigned long)~0L + (unsigned long)0)
-
- /* ---------------- Miscellaneous ---------------- */
-
-#define ARCH_IS_BIG_ENDIAN 0
-#define ARCH_PTRS_ARE_SIGNED 0
-#define ARCH_FLOATS_ARE_IEEE 1
-#define ARCH_ARITH_RSHIFT 2
-#define ARCH_DIV_NEG_POS_TRUNCATES 1
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.50.bb b/meta/recipes-extended/ghostscript/ghostscript_9.52.bb
index 39c32644db..65135f5821 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.50.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.52.bb
@@ -19,20 +19,22 @@ DEPENDS_class-native = "libpng-native"
UPSTREAM_CHECK_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases"
UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.tar"
-SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs950/${BPN}-${PV}.tar.gz \
+def gs_verdir(v):
+ return "".join(v.split("."))
+
+
+SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs${@gs_verdir("${PV}")}/${BPN}-${PV}.tar.gz \
file://ghostscript-9.15-parallel-make.patch \
file://ghostscript-9.16-Werror-return-type.patch \
file://do-not-check-local-libpng-source.patch \
file://avoid-host-contamination.patch \
file://mkdir-p.patch \
- file://CVE-2019-14869-0001.patch \
"
SRC_URI = "${SRC_URI_BASE} \
file://ghostscript-9.21-prevent_recompiling.patch \
- file://ghostscript-9.02-genarch.patch \
- file://objarch.h \
file://cups-no-gcrypt.patch \
+ file://CVE-2020-15900.patch \
"
SRC_URI_class-native = "${SRC_URI_BASE} \
@@ -40,8 +42,8 @@ SRC_URI_class-native = "${SRC_URI_BASE} \
file://base-genht.c-add-a-preprocessor-define-to-allow-fope.patch \
"
-SRC_URI[md5sum] = "00970cf622bd5b46f68eec9383753870"
-SRC_URI[sha256sum] = "0f53e89fd647815828fc5171613e860e8535b68f7afbc91bf89aee886769ce89"
+SRC_URI[md5sum] = "0f6964ab9b83a63b7e373f136243f901"
+SRC_URI[sha256sum] = "c2501d8e8e0814c4a5aa7e443e230e73d7af7f70287546f7b697e5ef49e32176"
# Put something like
#
@@ -72,7 +74,7 @@ EXTRA_OECONF_class-native = "--without-x --with-system-libtiff=no \
--without-jbig2dec --without-libpaper \
--with-fontpath=${datadir}/fonts \
--without-libidn --disable-fontconfig \
- --disable-freetype --disable-cups"
+ --enable-freetype --disable-cups "
# This has been fixed upstream but for now we need to subvert the check for time.h
# http://bugs.ghostscript.com/show_bug.cgi?id=692443
@@ -80,15 +82,7 @@ EXTRA_OECONF_class-native = "--without-x --with-system-libtiff=no \
CFLAGS += "-DHAVE_SYS_TIME_H=1"
BUILD_CFLAGS += "-DHAVE_SYS_TIME_H=1"
-inherit autotools
-
-do_configure_prepend () {
- mkdir -p obj
- mkdir -p soobj
- if [ -e ${WORKDIR}/objarch.h ]; then
- cp ${WORKDIR}/objarch.h obj/arch.h
- fi
-}
+inherit autotools-brokensep
do_configure_append () {
# copy tools from the native ghostscript build
diff --git a/meta/recipes-extended/rpcbind/rpcbind_1.2.5.bb b/meta/recipes-extended/rpcbind/rpcbind_1.2.5.bb
index aff00e56e6..ec8f9e48b2 100644
--- a/meta/recipes-extended/rpcbind/rpcbind_1.2.5.bb
+++ b/meta/recipes-extended/rpcbind/rpcbind_1.2.5.bb
@@ -19,7 +19,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/rpcbind/rpcbind-${PV}.tar.bz2 \
SRC_URI[md5sum] = "ed46f09b9c0fa2d49015f6431bc5ea7b"
SRC_URI[sha256sum] = "2ce360683963b35c19c43f0ee2c7f18aa5b81ef41c3fdbd15ffcb00b8bffda7a"
-inherit autotools update-rc.d systemd pkgconfig
+inherit autotools update-rc.d systemd pkgconfig update-alternatives
PACKAGECONFIG ??= "tcp-wrappers"
PACKAGECONFIG[tcp-wrappers] = "--enable-libwrap,--disable-libwrap,tcp-wrappers"
@@ -50,3 +50,6 @@ do_install_append () {
${WORKDIR}/init.d > ${D}${sysconfdir}/init.d/rpcbind
chmod 0755 ${D}${sysconfdir}/init.d/rpcbind
}
+
+ALTERNATIVE_${PN} = "rpcinfo"
+ALTERNATIVE_LINK_NAME[rpcinfo] = "${bindir}/rpcinfo"
diff --git a/meta/recipes-extended/sysstat/sysstat.inc b/meta/recipes-extended/sysstat/sysstat.inc
index 8fd87b943b..e5e134c038 100644
--- a/meta/recipes-extended/sysstat/sysstat.inc
+++ b/meta/recipes-extended/sysstat/sysstat.inc
@@ -62,6 +62,6 @@ pkg_postinst_${PN} () {
fi
}
-FILES_${PN} += "${systemd_system_unitdir}"
+FILES_${PN} += "${systemd_system_unitdir} ${nonarch_base_libdir}/systemd"
TARGET_CC_ARCH += "${LDFLAGS}"
diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb
index d0df5015a5..0405fa78b5 100644
--- a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb
+++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb
@@ -40,20 +40,20 @@ inherit meson pkgconfig gettext pixbufcache ptest-gnome upstream-version-is-even
GIR_MESON_OPTION = 'gir'
-EXTRA_OEMESON_append = " ${@bb.utils.contains('PTEST_ENABLED', '1', '-Dinstalled_tests=true', '-Dinstalled_tests=false', d)}"
-
LIBV = "2.10.0"
GDK_PIXBUF_LOADERS ?= "png jpeg"
-PACKAGECONFIG = "${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)} ${GDK_PIXBUF_LOADERS}"
+PACKAGECONFIG = "${GDK_PIXBUF_LOADERS} \
+ ${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)} \
+ ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}"
PACKAGECONFIG_class-native = "${GDK_PIXBUF_LOADERS}"
PACKAGECONFIG[png] = "-Dpng=true,-Dpng=false,libpng"
PACKAGECONFIG[jpeg] = "-Djpeg=true,-Djpeg=false,jpeg"
PACKAGECONFIG[tiff] = "-Dtiff=true,-Dtiff=false,tiff"
PACKAGECONFIG[jpeg2000] = "-Djasper=true,-Djasper=false,jasper"
-
+PACKAGECONFIG[tests] = "-Dinstalled_tests=true,-Dinstalled_tests=false"
PACKAGECONFIG[x11] = "-Dx11=true,-Dx11=false,virtual/libx11"
PACKAGES =+ "${PN}-xlib"
diff --git a/meta/recipes-gnome/json-glib/json-glib/0001-scanner-use-macro-instead-of-cast-to-convert-pointer.patch b/meta/recipes-gnome/json-glib/json-glib/0001-scanner-use-macro-instead-of-cast-to-convert-pointer.patch
new file mode 100644
index 0000000000..2a834b674d
--- /dev/null
+++ b/meta/recipes-gnome/json-glib/json-glib/0001-scanner-use-macro-instead-of-cast-to-convert-pointer.patch
@@ -0,0 +1,33 @@
+From d60fcd5bd5c2675e4342775b910a2ea48ec0eccb Mon Sep 17 00:00:00 2001
+From: Dimitry Andric <dim@FreeBSD.org>
+Date: Wed, 19 Aug 2020 03:35:16 +0000
+Subject: [PATCH] scanner: use macro instead of cast to convert pointer to integer
+
+Clang 11 build failed due to a new warning (part of -Werror=pointer-to-int-cast):
+../json-glib/json-scanner.c:928:13: error: cast to smaller integer type 'GTokenType' from 'gpointer' (aka 'void *') [-Werror,-Wvoid-pointer-to-enum-cast]
+ *token_p = (GTokenType) value_p->v_symbol;
+ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/json-glib/-/commit/8c5fabe962b7337066dac7a697d23fce257a5d64]
+Signed-off-by: Jan Beich <jbeich@FreeBSD.org>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ json-glib/json-scanner.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/json-glib/json-scanner.c b/json-glib/json-scanner.c
+index 0c9919f..59dd29c 100644
+--- a/json-glib/json-scanner.c
++++ b/json-glib/json-scanner.c
+@@ -925,7 +925,7 @@ json_scanner_get_token_i (JsonScanner *scanner,
+
+ case G_TOKEN_SYMBOL:
+ if (scanner->config->symbol_2_token)
+- *token_p = (GTokenType) value_p->v_symbol;
++ *token_p = GPOINTER_TO_INT (value_p->v_symbol);
+ break;
+
+ case G_TOKEN_BINARY:
+--
+2.28.0
+
diff --git a/meta/recipes-gnome/json-glib/json-glib_1.4.4.bb b/meta/recipes-gnome/json-glib/json-glib_1.4.4.bb
index 5143d73ed7..bbe284c01e 100644
--- a/meta/recipes-gnome/json-glib/json-glib_1.4.4.bb
+++ b/meta/recipes-gnome/json-glib/json-glib_1.4.4.bb
@@ -14,7 +14,9 @@ DEPENDS = "glib-2.0"
GNOMEBASEBUILDCLASS = "meson"
inherit gnomebase lib_package gobject-introspection gtk-doc gettext ptest-gnome manpages
-SRC_URI += "file://run-ptest"
+SRC_URI += "file://run-ptest \
+ file://0001-scanner-use-macro-instead-of-cast-to-convert-pointer.patch \
+"
SRC_URI[archive.md5sum] = "4d4bb9837f6d31e32d0ce658ae135f68"
SRC_URI[archive.sha256sum] = "720c5f4379513dc11fd97dc75336eb0c0d3338c53128044d9fabec4374f4bc47"
diff --git a/meta/recipes-gnome/librsvg/librsvg_2.40.20.bb b/meta/recipes-gnome/librsvg/librsvg_2.40.21.bb
index 6dd0533a5d..237aec6062 100644
--- a/meta/recipes-gnome/librsvg/librsvg_2.40.20.bb
+++ b/meta/recipes-gnome/librsvg/librsvg_2.40.21.bb
@@ -23,8 +23,7 @@ SRC_URI += "file://gtk-option.patch \
file://0001-Remove-non-reproducible-SRCDIR.patch \
"
-SRC_URI[archive.md5sum] = "4949d313b0c5d9161a5c259104af5568"
-SRC_URI[archive.sha256sum] = "cff4dd3c3b78bfe99d8fcfad3b8ba1eee3289a0823c0e118d78106be6b84c92b"
+SRC_URI[archive.sha256sum] = "f7628905f1cada84e87e2b14883ed57d8094dca3281d5bcb24ece4279e9a92ba"
CACHED_CONFIGUREVARS = "ac_cv_path_GDK_PIXBUF_QUERYLOADERS=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/gdk-pixbuf-query-loaders"
diff --git a/meta/recipes-graphics/jpeg/files/CVE-2020-13790.patch b/meta/recipes-graphics/jpeg/files/CVE-2020-13790.patch
new file mode 100644
index 0000000000..4617978bdc
--- /dev/null
+++ b/meta/recipes-graphics/jpeg/files/CVE-2020-13790.patch
@@ -0,0 +1,76 @@
+From 07caad7e0a9afb372e0608299fb3e832cc78495f Mon Sep 17 00:00:00 2001
+From: DRC <information@libjpeg-turbo.org>
+Date: Tue, 2 Jun 2020 14:15:37 -0500
+Subject: [PATCH] rdppm.c: Fix buf overrun caused by bad binary PPM
+
+This extends the fix in 1e81b0c3ea26f4ea8f56de05367469333de64a9f to
+include binary PPM files with maximum values < 255, thus preventing a
+malformed binary PPM input file with those specifications from
+triggering an overrun of the rescale array and potentially crashing
+cjpeg, TJBench, or any program that uses the tjLoadImage() function.
+
+Fixes #433
+
+Upstream-Status: Backport [https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a]
+CVE: CVE-2020-13790
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+
+---
+ ChangeLog.md | 14 ++++++++++----
+ rdppm.c | 4 ++--
+ 2 files changed, 12 insertions(+), 6 deletions(-)
+
+diff --git a/ChangeLog.md b/ChangeLog.md
+index 4d1219e..af660ab 100644
+--- a/ChangeLog.md
++++ b/ChangeLog.md
+@@ -38,6 +38,12 @@ this issue did not likely pose a security risk.
+ separate read-only data section rather than in the text section, to support
+ execute-only memory layouts.
+
++3. Fixed an issue in the PPM reader that caused a buffer overrun in cjpeg,
++TJBench, or the `tjLoadImage()` function if one of the values in a binary
++PPM/PGM input file exceeded the maximum value defined in the file's header and
++that maximum value was less than 255. libjpeg-turbo 1.5.0 already included a
++similar fix for binary PPM/PGM files with maximum values greater than 255.
++
+
+ 2.0.3
+ =====
+@@ -562,10 +568,10 @@ application was linked against.
+
+ 3. Fixed a couple of issues in the PPM reader that would cause buffer overruns
+ in cjpeg if one of the values in a binary PPM/PGM input file exceeded the
+-maximum value defined in the file's header. libjpeg-turbo 1.4.2 already
+-included a similar fix for ASCII PPM/PGM files. Note that these issues were
+-not security bugs, since they were confined to the cjpeg program and did not
+-affect any of the libjpeg-turbo libraries.
++maximum value defined in the file's header and that maximum value was greater
++than 255. libjpeg-turbo 1.4.2 already included a similar fix for ASCII PPM/PGM
++files. Note that these issues were not security bugs, since they were confined
++to the cjpeg program and did not affect any of the libjpeg-turbo libraries.
+
+ 4. Fixed an issue whereby attempting to decompress a JPEG file with a corrupt
+ header using the `tjDecompressToYUV2()` function would cause the function to
+diff --git a/rdppm.c b/rdppm.c
+index 87bc330..a8507b9 100644
+--- a/rdppm.c
++++ b/rdppm.c
+@@ -5,7 +5,7 @@
+ * Copyright (C) 1991-1997, Thomas G. Lane.
+ * Modified 2009 by Bill Allombert, Guido Vollbeding.
+ * libjpeg-turbo Modifications:
+- * Copyright (C) 2015-2017, D. R. Commander.
++ * Copyright (C) 2015-2017, 2020, D. R. Commander.
+ * For conditions of distribution and use, see the accompanying README.ijg
+ * file.
+ *
+@@ -720,7 +720,7 @@ start_input_ppm(j_compress_ptr cinfo, cjpeg_source_ptr sinfo)
+ /* On 16-bit-int machines we have to be careful of maxval = 65535 */
+ source->rescale = (JSAMPLE *)
+ (*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE,
+- (size_t)(((long)maxval + 1L) *
++ (size_t)(((long)MAX(maxval, 255) + 1L) *
+ sizeof(JSAMPLE)));
+ half_maxval = maxval / 2;
+ for (val = 0; val <= (long)maxval; val++) {
diff --git a/meta/recipes-graphics/jpeg/libjpeg-turbo_2.0.4.bb b/meta/recipes-graphics/jpeg/libjpeg-turbo_2.0.4.bb
index 1f49fd3d3b..3005a8a789 100644
--- a/meta/recipes-graphics/jpeg/libjpeg-turbo_2.0.4.bb
+++ b/meta/recipes-graphics/jpeg/libjpeg-turbo_2.0.4.bb
@@ -12,6 +12,7 @@ DEPENDS_append_x86_class-target = " nasm-native"
SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz \
file://0001-libjpeg-turbo-fix-package_qa-error.patch \
+ file://CVE-2020-13790.patch \
"
SRC_URI[md5sum] = "d01d9e0c28c27bc0de9f4e2e8ff49855"
diff --git a/meta/recipes-graphics/ttf-fonts/ttf-bitstream-vera_1.10.bb b/meta/recipes-graphics/ttf-fonts/ttf-bitstream-vera_1.10.bb
index 70b32cf8f1..3e1ba196b5 100644
--- a/meta/recipes-graphics/ttf-fonts/ttf-bitstream-vera_1.10.bb
+++ b/meta/recipes-graphics/ttf-fonts/ttf-bitstream-vera_1.10.bb
@@ -9,7 +9,7 @@ LICENSE = "BitstreamVera"
LIC_FILES_CHKSUM = "file://COPYRIGHT.TXT;md5=27d7484b1e18d0ee4ce538644a3f04be"
PR = "r7"
-inherit fontcache
+inherit allarch fontcache
FONT_PACKAGES = "${PN}"
diff --git a/meta/recipes-graphics/wayland/weston_8.0.0.bb b/meta/recipes-graphics/wayland/weston_8.0.0.bb
index f8e9e15f84..8fef864827 100644
--- a/meta/recipes-graphics/wayland/weston_8.0.0.bb
+++ b/meta/recipes-graphics/wayland/weston_8.0.0.bb
@@ -20,7 +20,7 @@ inherit meson pkgconfig useradd features_check
# depends on virtual/egl
REQUIRED_DISTRO_FEATURES = "opengl"
-DEPENDS = "libxkbcommon gdk-pixbuf pixman cairo glib-2.0 jpeg"
+DEPENDS = "libxkbcommon gdk-pixbuf pixman cairo glib-2.0"
DEPENDS += "wayland wayland-protocols libinput virtual/egl pango wayland-native"
WESTON_MAJOR_VERSION = "${@'.'.join(d.getVar('PV').split('.')[0:1])}"
@@ -31,7 +31,13 @@ PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'wayland', 'kms fbdev
${@bb.utils.contains('DISTRO_FEATURES', 'x11 wayland', 'xwayland', '', d)} \
${@bb.utils.filter('DISTRO_FEATURES', 'pam systemd x11', d)} \
${@bb.utils.contains_any('DISTRO_FEATURES', 'wayland x11', '', 'headless', d)} \
- launch"
+ launch \
+ image-jpeg \
+ screenshare \
+ shell-desktop \
+ shell-fullscreen \
+ shell-ivi"
+
#
# Compositor choices
#
@@ -67,6 +73,16 @@ PACKAGECONFIG[clients] = "-Dsimple-clients=all -Ddemo-clients=true,-Dsimple-clie
PACKAGECONFIG[remoting] = "-Dremoting=true,-Dremoting=false,gstreamer-1.0"
# Weston with PAM support
PACKAGECONFIG[pam] = "-Dpam=true,-Dpam=false,libpam"
+# Weston with screen-share support
+PACKAGECONFIG[screenshare] = "-Dscreenshare=true,-Dscreenshare=false"
+# Traditional desktop shell
+PACKAGECONFIG[shell-desktop] = "-Dshell-desktop=true,-Dshell-desktop=false"
+# Fullscreen shell
+PACKAGECONFIG[shell-fullscreen] = "-Dshell-fullscreen=true,-Dshell-fullscreen=false"
+# In-Vehicle Infotainment (IVI) shell
+PACKAGECONFIG[shell-ivi] = "-Dshell-ivi=true,-Dshell-ivi=false"
+# JPEG image loading support
+PACKAGECONFIG[image-jpeg] = "-Dimage-jpeg=true,-Dimage-jpeg=false, jpeg"
do_install_append() {
# Weston doesn't need the .la files to load modules, so wipe them
diff --git a/meta/recipes-graphics/xorg-lib/libx11/CVE-2020-14344.patch b/meta/recipes-graphics/xorg-lib/libx11/CVE-2020-14344.patch
new file mode 100644
index 0000000000..9d07202b06
--- /dev/null
+++ b/meta/recipes-graphics/xorg-lib/libx11/CVE-2020-14344.patch
@@ -0,0 +1,321 @@
+From f64388ed036b6668686ad5448bc7d4f73b35e1c7 Mon Sep 17 00:00:00 2001
+From: Matthieu Herrb <matthieu@herrb.eu>
+Date: Fri, 24 Jul 2020 21:09:10 +0200
+Subject: [PATCH] Fix CVE-2020-14344
+
+This is a squashed of below commit:
+
+commit 1 :-
+https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1703b9f3435079d3c6021e1ee2ec34fd4978103d
+Change the data_len parameter of _XimAttributeToValue() to CARD16
+
+It's coming from a length in the protocol (unsigned) and passed
+to functions that expect unsigned int parameters (_XCopyToArg()
+and memcpy()).
+
+Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
+Reviewed-by: Todd Carson <toc@daybefore.net>
+
+commit 2 :-
+https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1a566c9e00e5f35c1f9e7f3d741a02e5170852b2
+Zero out buffers in functions
+
+It looks like uninitialized stack or heap memory can leak
+out via padding bytes.
+
+Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
+Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
+
+commit 3 :-
+https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/2fcfcc49f3b1be854bb9085993a01d17c62acf60
+Fix more unchecked lengths
+
+Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
+Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
+
+commit 4 :-
+https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/388b303c62aa35a245f1704211a023440ad2c488
+fix integer overflows in _XimAttributeToValue()
+
+Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
+Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
+
+commit 5 :-
+https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/93fce3f4e79cbc737d6468a4f68ba3de1b83953b
+Fix size calculation in `_XimAttributeToValue`.
+
+The check here guards the read below.
+For `XimType_XIMStyles`, these are `num` of `CARD32` and for `XimType_XIMHotKeyTriggers`
+these are `num` of `XIMTRIGGERKEY` ref[1] which is defined as 3 x `CARD32`.
+(There are data after the `XIMTRIGGERKEY` according to the spec but they are not read by this
+function and doesn't need to be checked.)
+
+The old code here used the native datatype size instead of the wire protocol size causing
+the check to always fail.
+
+Also fix the size calculation for the header (size). It is 2 x CARD16 for both types
+despite the unused `CARD16` for `XimType_XIMStyles`.
+
+[1] https://www.x.org/releases/X11R7.6/doc/libX11/specs/XIM/xim.html#Input_Method_Styles
+
+This fixes a regression caused by 388b303c62aa35a245f1704211a023440ad2c488 in 1.6.10.
+
+Fix #116
+
+Upstream-Status: Backport
+[ https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1703b9f3435079d3c6021e1ee2ec34fd4978103d
+https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1a566c9e00e5f35c1f9e7f3d741a02e5170852b2
+https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/2fcfcc49f3b1be854bb9085993a01d17c62acf60
+https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/388b303c62aa35a245f1704211a023440ad2c488
+https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/93fce3f4e79cbc737d6468a4f68ba3de1b83953b ]
+CVE: CVE-2020-14344
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ modules/im/ximcp/imDefIc.c | 6 ++++--
+ modules/im/ximcp/imDefIm.c | 25 +++++++++++++++++--------
+ modules/im/ximcp/imRmAttr.c | 31 +++++++++++++++++++++++--------
+ 3 files changed, 44 insertions(+), 18 deletions(-)
+
+diff --git a/modules/im/ximcp/imDefIc.c b/modules/im/ximcp/imDefIc.c
+index 7564dbad..d552aa9e 100644
+--- a/modules/im/ximcp/imDefIc.c
++++ b/modules/im/ximcp/imDefIc.c
+@@ -350,7 +350,7 @@ _XimProtoGetICValues(
+ + sizeof(INT16)
+ + XIM_PAD(2 + buf_size);
+
+- if (!(buf = Xmalloc(buf_size)))
++ if (!(buf = Xcalloc(buf_size, 1)))
+ return arg->name;
+ buf_s = (CARD16 *)&buf[XIM_HEADER_SIZE];
+
+@@ -708,6 +708,7 @@ _XimProtoSetICValues(
+ #endif /* XIM_CONNECTABLE */
+
+ _XimGetCurrentICValues(ic, &ic_values);
++ memset(tmp_buf, 0, sizeof(tmp_buf32));
+ buf = tmp_buf;
+ buf_size = XIM_HEADER_SIZE
+ + sizeof(CARD16) + sizeof(CARD16) + sizeof(INT16) + sizeof(CARD16);
+@@ -730,7 +731,7 @@ _XimProtoSetICValues(
+
+ buf_size += ret_len;
+ if (buf == tmp_buf) {
+- if (!(tmp = Xmalloc(buf_size + data_len))) {
++ if (!(tmp = Xcalloc(buf_size + data_len, 1))) {
+ return tmp_name;
+ }
+ memcpy(tmp, buf, buf_size);
+@@ -740,6 +741,7 @@ _XimProtoSetICValues(
+ Xfree(buf);
+ return tmp_name;
+ }
++ memset(&tmp[buf_size], 0, data_len);
+ buf = tmp;
+ }
+ }
+diff --git a/modules/im/ximcp/imDefIm.c b/modules/im/ximcp/imDefIm.c
+index cf922e48..d0329b54 100644
+--- a/modules/im/ximcp/imDefIm.c
++++ b/modules/im/ximcp/imDefIm.c
+@@ -62,6 +62,7 @@ PERFORMANCE OF THIS SOFTWARE.
+ #include "XimTrInt.h"
+ #include "Ximint.h"
+
++#include <limits.h>
+
+ int
+ _XimCheckDataSize(
+@@ -807,12 +808,16 @@ _XimOpen(
+ int buf_size;
+ int ret_code;
+ char *locale_name;
++ size_t locale_len;
+
+ locale_name = im->private.proto.locale_name;
+- len = strlen(locale_name);
+- buf_b[0] = (BYTE)len; /* length of locale name */
+- (void)strcpy((char *)&buf_b[1], locale_name); /* locale name */
+- len += sizeof(BYTE); /* sizeof length */
++ locale_len = strlen(locale_name);
++ if (locale_len > UCHAR_MAX)
++ return False;
++ memset(buf32, 0, sizeof(buf32));
++ buf_b[0] = (BYTE)locale_len; /* length of locale name */
++ memcpy(&buf_b[1], locale_name, locale_len); /* locale name */
++ len = (INT16)(locale_len + sizeof(BYTE)); /* sizeof length */
+ XIM_SET_PAD(buf_b, len); /* pad */
+
+ _XimSetHeader((XPointer)buf, XIM_OPEN, 0, &len);
+@@ -1287,6 +1292,7 @@ _XimProtoSetIMValues(
+ #endif /* XIM_CONNECTABLE */
+
+ _XimGetCurrentIMValues(im, &im_values);
++ memset(tmp_buf, 0, sizeof(tmp_buf32));
+ buf = tmp_buf;
+ buf_size = XIM_HEADER_SIZE + sizeof(CARD16) + sizeof(INT16);
+ data_len = BUFSIZE - buf_size;
+@@ -1307,7 +1313,7 @@ _XimProtoSetIMValues(
+
+ buf_size += ret_len;
+ if (buf == tmp_buf) {
+- if (!(tmp = Xmalloc(buf_size + data_len))) {
++ if (!(tmp = Xcalloc(buf_size + data_len, 1))) {
+ return arg->name;
+ }
+ memcpy(tmp, buf, buf_size);
+@@ -1317,6 +1323,7 @@ _XimProtoSetIMValues(
+ Xfree(buf);
+ return arg->name;
+ }
++ memset(&tmp[buf_size], 0, data_len);
+ buf = tmp;
+ }
+ }
+@@ -1458,7 +1465,7 @@ _XimProtoGetIMValues(
+ + sizeof(INT16)
+ + XIM_PAD(buf_size);
+
+- if (!(buf = Xmalloc(buf_size)))
++ if (!(buf = Xcalloc(buf_size, 1)))
+ return arg->name;
+ buf_s = (CARD16 *)&buf[XIM_HEADER_SIZE];
+
+@@ -1720,7 +1727,7 @@ _XimEncodingNegotiation(
+ + sizeof(CARD16)
+ + detail_len;
+
+- if (!(buf = Xmalloc(XIM_HEADER_SIZE + len)))
++ if (!(buf = Xcalloc(XIM_HEADER_SIZE + len, 1)))
+ goto free_detail_ptr;
+
+ buf_s = (CARD16 *)&buf[XIM_HEADER_SIZE];
+@@ -1816,6 +1823,7 @@ _XimSendSavedIMValues(
+ int ret_code;
+
+ _XimGetCurrentIMValues(im, &im_values);
++ memset(tmp_buf, 0, sizeof(tmp_buf32));
+ buf = tmp_buf;
+ buf_size = XIM_HEADER_SIZE + sizeof(CARD16) + sizeof(INT16);
+ data_len = BUFSIZE - buf_size;
+@@ -1838,7 +1846,7 @@ _XimSendSavedIMValues(
+
+ buf_size += ret_len;
+ if (buf == tmp_buf) {
+- if (!(tmp = Xmalloc(buf_size + data_len))) {
++ if (!(tmp = Xcalloc(buf_size + data_len, 1))) {
+ return False;
+ }
+ memcpy(tmp, buf, buf_size);
+@@ -1848,6 +1856,7 @@ _XimSendSavedIMValues(
+ Xfree(buf);
+ return False;
+ }
++ memset(&tmp[buf_size], 0, data_len);
+ buf = tmp;
+ }
+ }
+diff --git a/modules/im/ximcp/imRmAttr.c b/modules/im/ximcp/imRmAttr.c
+index 9d4e4625..118f191d 100644
+--- a/modules/im/ximcp/imRmAttr.c
++++ b/modules/im/ximcp/imRmAttr.c
+@@ -29,6 +29,8 @@ PERFORMANCE OF THIS SOFTWARE.
+ #ifdef HAVE_CONFIG_H
+ #include <config.h>
+ #endif
++#include <limits.h>
++
+ #include "Xlibint.h"
+ #include "Xlcint.h"
+ #include "Ximint.h"
+@@ -214,7 +216,7 @@ _XimAttributeToValue(
+ Xic ic,
+ XIMResourceList res,
+ CARD16 *data,
+- INT16 data_len,
++ CARD16 data_len,
+ XPointer value,
+ BITMASK32 mode)
+ {
+@@ -250,18 +252,24 @@ _XimAttributeToValue(
+
+ case XimType_XIMStyles:
+ {
+- INT16 num = data[0];
++ CARD16 num = data[0];
+ register CARD32 *style_list = (CARD32 *)&data[2];
+ XIMStyle *style;
+ XIMStyles *rep;
+ register int i;
+ char *p;
+- int alloc_len;
++ unsigned int alloc_len;
+
+ if (!(value))
+ return False;
+
++ if (num > (USHRT_MAX / sizeof(XIMStyle)))
++ return False;
++ if ((2 * sizeof(CARD16) + (num * sizeof(CARD32))) > data_len)
++ return False;
+ alloc_len = sizeof(XIMStyles) + sizeof(XIMStyle) * num;
++ if (alloc_len < sizeof(XIMStyles))
++ return False;
+ if (!(p = Xmalloc(alloc_len)))
+ return False;
+
+@@ -313,7 +321,7 @@ _XimAttributeToValue(
+
+ case XimType_XFontSet:
+ {
+- INT16 len = data[0];
++ CARD16 len = data[0];
+ char *base_name;
+ XFontSet rep = (XFontSet)NULL;
+ char **missing_list = NULL;
+@@ -324,11 +332,12 @@ _XimAttributeToValue(
+ return False;
+ if (!ic)
+ return False;
+-
++ if (len > data_len)
++ return False;
+ if (!(base_name = Xmalloc(len + 1)))
+ return False;
+
+- (void)strncpy(base_name, (char *)&data[1], (int)len);
++ (void)strncpy(base_name, (char *)&data[1], (size_t)len);
+ base_name[len] = '\0';
+
+ if (mode & XIM_PREEDIT_ATTR) {
+@@ -357,19 +366,25 @@ _XimAttributeToValue(
+
+ case XimType_XIMHotKeyTriggers:
+ {
+- INT32 num = *((CARD32 *)data);
++ CARD32 num = *((CARD32 *)data);
+ register CARD32 *key_list = (CARD32 *)&data[2];
+ XIMHotKeyTrigger *key;
+ XIMHotKeyTriggers *rep;
+ register int i;
+ char *p;
+- int alloc_len;
++ unsigned int alloc_len;
+
+ if (!(value))
+ return False;
+
++ if (num > (UINT_MAX / sizeof(XIMHotKeyTrigger)))
++ return False;
++ if ((2 * sizeof(CARD16) + (num * 3 * sizeof(CARD32))) > data_len)
++ return False;
+ alloc_len = sizeof(XIMHotKeyTriggers)
+ + sizeof(XIMHotKeyTrigger) * num;
++ if (alloc_len < sizeof(XIMHotKeyTriggers))
++ return False;
+ if (!(p = Xmalloc(alloc_len)))
+ return False;
+
+--
+2.17.1
+
diff --git a/meta/recipes-graphics/xorg-lib/libx11_1.6.9.bb b/meta/recipes-graphics/xorg-lib/libx11_1.6.9.bb
index ff60a4240c..84e0e4457e 100644
--- a/meta/recipes-graphics/xorg-lib/libx11_1.6.9.bb
+++ b/meta/recipes-graphics/xorg-lib/libx11_1.6.9.bb
@@ -12,7 +12,9 @@ PE = "1"
SRC_URI += "file://Fix-hanging-issue-in-_XReply.patch \
file://disable_tests.patch \
- file://libx11-whitespace.patch"
+ file://libx11-whitespace.patch \
+ file://CVE-2020-14344.patch \
+"
SRC_URI[md5sum] = "55adbfb6d4370ecac5e70598c4e7eed2"
SRC_URI[sha256sum] = "9cc7e8d000d6193fa5af580d50d689380b8287052270f5bb26a5fb6b58b2bed1"
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch
new file mode 100644
index 0000000000..cf3f5f9417
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14347.patch
@@ -0,0 +1,38 @@
+From aac28e162e5108510065ad4c323affd6deffd816 Mon Sep 17 00:00:00 2001
+From: Matthieu Herrb <matthieu@herrb.eu>
+Date: Sat, 25 Jul 2020 19:33:50 +0200
+Subject: [PATCH] fix for ZDI-11426
+
+Avoid leaking un-initalized memory to clients by zeroing the
+whole pixmap on initial allocation.
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
+Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/aac28e162e5108510065ad4c323affd6deffd816]
+CVE: CVE-2020-14347
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ dix/pixmap.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/dix/pixmap.c b/dix/pixmap.c
+index 1186d7dbbf..5a0146bbb6 100644
+--- a/dix/pixmap.c
++++ b/dix/pixmap.c
+@@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize)
+ if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize)
+ return NullPixmap;
+
+- pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize);
++ pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize);
+ if (!pPixmap)
+ return NullPixmap;
+
+--
+GitLab
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.7.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.8.bb
index 998b98a76c..5101134538 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.7.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.8.bb
@@ -5,9 +5,10 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
file://0001-test-xtest-Initialize-array-with-braces.patch \
file://sdksyms-no-build-path.patch \
file://0001-drmmode_display.c-add-missing-mi.h-include.patch \
+ file://CVE-2020-14347.patch \
"
-SRC_URI[md5sum] = "d2e96355ad47244c675bce38db2b48a9"
-SRC_URI[sha256sum] = "bd5986f010f34f5b3d6bc99fe395ecb1e0dead15a26807e0c832701809a06ea1"
+SRC_URI[md5sum] = "a770aec600116444a953ff632f51f839"
+SRC_URI[sha256sum] = "d17b646bee4ba0fb7850c1cc55b18e3e8513ed5c02bdf38da7e107f84e2d0146"
CFLAGS += "-fcommon"
diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20200619.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20200817.bb
index bf25ff8b70..ffeb8e6926 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20200619.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20200817.bb
@@ -126,7 +126,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
file://LICENCE.xc4000;md5=0ff51d2dc49fce04814c9155081092f0 \
file://LICENCE.xc5000;md5=1e170c13175323c32c7f4d0998d53f66 \
file://LICENCE.xc5000c;md5=12b02efa3049db65d524aeb418dd87ca \
- file://WHENCE;md5=d373d30188c38dabffec0d3cc87abbfd \
+ file://WHENCE;md5=4d229f79f8770b5b2c4aac655b9fabef \
"
# These are not common licenses, set NO_GENERIC_LICENSE for them
@@ -198,7 +198,7 @@ PE = "1"
SRC_URI = "${KERNELORG_MIRROR}/linux/kernel/firmware/${BPN}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "962d3ae197d226c8259f9cc7746f7ef12a9d23787cd56bd27302021ba6339722"
+SRC_URI[sha256sum] = "76d05d5f1eff268d3b80675245fa596f557bd55ee2e16ddd54d18ffeae943887"
inherit allarch
@@ -291,7 +291,7 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \
${PN}-netronome-license ${PN}-netronome \
${PN}-qat ${PN}-qat-license \
${PN}-qcom-license \
- ${PN}-qcom-venus-1.8 ${PN}-qcom-venus-4.2 \
+ ${PN}-qcom-venus-1.8 ${PN}-qcom-venus-4.2 ${PN}-qcom-venus-5.2 ${PN}-qcom-venus-5.4 \
${PN}-qcom-adreno-a3xx ${PN}-qcom-adreno-a530 ${PN}-qcom-adreno-a630 \
${PN}-qcom-sdm845-audio ${PN}-qcom-sdm845-compute ${PN}-qcom-sdm845-modem \
${PN}-whence-license \
@@ -860,6 +860,8 @@ LICENSE_${PN}-qcom-license = "Firmware-qcom"
FILES_${PN}-qcom-license = "${nonarch_base_libdir}/firmware/LICENSE.qcom ${nonarch_base_libdir}/firmware/qcom/NOTICE.txt"
FILES_${PN}-qcom-venus-1.8 = "${nonarch_base_libdir}/firmware/qcom/venus-1.8/*"
FILES_${PN}-qcom-venus-4.2 = "${nonarch_base_libdir}/firmware/qcom/venus-4.2/*"
+FILES_${PN}-qcom-venus-5.2 = "${nonarch_base_libdir}/firmware/qcom/venus-5.2/*"
+FILES_${PN}-qcom-venus-5.4 = "${nonarch_base_libdir}/firmware/qcom/venus-5.4/*"
FILES_${PN}-qcom-adreno-a3xx = "${nonarch_base_libdir}/firmware/qcom/a300_*.fw ${nonarch_base_libdir}/firmware/a300_*.fw"
FILES_${PN}-qcom-adreno-a530 = "${nonarch_base_libdir}/firmware/qcom/a530*.*"
FILES_${PN}-qcom-adreno-a630 = "${nonarch_base_libdir}/firmware/qcom/a630*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/a630*.*"
@@ -868,6 +870,8 @@ FILES_${PN}-qcom-sdm845-compute = "${nonarch_base_libdir}/firmware/qcom/sdm845/c
FILES_${PN}-qcom-sdm845-modem = "${nonarch_base_libdir}/firmware/qcom/sdm845/mba.mbn ${nonarch_base_libdir}/firmware/qcom/sdm845/modem*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/wlanmdsp.mbn"
RDEPENDS_${PN}-qcom-venus-1.8 = "${PN}-qcom-license"
RDEPENDS_${PN}-qcom-venus-4.2 = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-venus-5.2 = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-venus-5.4 = "${PN}-qcom-license"
RDEPENDS_${PN}-qcom-adreno-a3xx = "${PN}-qcom-license"
RDEPENDS_${PN}-qcom-adreno-a530 = "${PN}-qcom-license"
RDEPENDS_${PN}-qcom-adreno-a630 = "${PN}-qcom-license"
diff --git a/meta/recipes-kernel/linux-libc-headers/linux-libc-headers.inc b/meta/recipes-kernel/linux-libc-headers/linux-libc-headers.inc
index 4481aa430c..4ad74a27e9 100644
--- a/meta/recipes-kernel/linux-libc-headers/linux-libc-headers.inc
+++ b/meta/recipes-kernel/linux-libc-headers/linux-libc-headers.inc
@@ -16,7 +16,7 @@ LICENSE = "GPLv2"
# and have a machine specific libc.
#
# But you have some kernel headers you need for some driver? That is fine
-# but get them from STAGING_KERNEL_DIR where the kernel installs itself.
+# but get them from STAGING_KERNEL_BUILDDIR where the kernel installs itself.
# This will make the package using them machine specific but this is much
# better than having a machine specific C library. This does mean your
# recipe needs a
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index caa5b4ef53..a0324f0304 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "508b4e6ada7f78b3ef5a9dbdd182d13dffe00123"
-SRCREV_meta ?= "caafbdfe382bf22a4786d871af097acd49d0867a"
+SRCREV_machine ?= "e65e9ff22c5c42c9ae57a4cce45fbf91a7e7ae3b"
+SRCREV_meta ?= "7ed307f65171d331a784ceecb6f56b9f8ecadb10"
SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
-LINUX_VERSION ?= "5.4.51"
+LINUX_VERSION ?= "5.4.61"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index 86e133f9f2..f835a45870 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
require recipes-kernel/linux/linux-yocto.inc
-LINUX_VERSION ?= "5.4.51"
+LINUX_VERSION ?= "5.4.61"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-SRCREV_machine_qemuarm ?= "d4c9ad88abadd22f7b2785e8a101523fe9a74dc0"
-SRCREV_machine ?= "fed60f1c8e56095647fa8497270ecacea4c45dbc"
-SRCREV_meta ?= "caafbdfe382bf22a4786d871af097acd49d0867a"
+SRCREV_machine_qemuarm ?= "f30ce7653a038eb05ef0503d0d15c7c6ec33cdc5"
+SRCREV_machine ?= "00809fdaf65b24fcd0347f3d3e489e2890f7ed44"
+SRCREV_meta ?= "7ed307f65171d331a784ceecb6f56b9f8ecadb10"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index e79793b5f0..070486c8aa 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86 ?= "v5.4/standard/base"
KBRANCH_qemux86-64 ?= "v5.4/standard/base"
KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
-SRCREV_machine_qemuarm ?= "601e67d37274e4a0890bcdbe6660c2dbd08d3b97"
-SRCREV_machine_qemuarm64 ?= "fed60f1c8e56095647fa8497270ecacea4c45dbc"
-SRCREV_machine_qemumips ?= "c8543a84037b88da45d0d825216187b42d0c509a"
-SRCREV_machine_qemuppc ?= "fed60f1c8e56095647fa8497270ecacea4c45dbc"
-SRCREV_machine_qemuriscv64 ?= "fed60f1c8e56095647fa8497270ecacea4c45dbc"
-SRCREV_machine_qemux86 ?= "fed60f1c8e56095647fa8497270ecacea4c45dbc"
-SRCREV_machine_qemux86-64 ?= "fed60f1c8e56095647fa8497270ecacea4c45dbc"
-SRCREV_machine_qemumips64 ?= "c741fec6daabb449d08c9f96052be1477fe3c968"
-SRCREV_machine ?= "fed60f1c8e56095647fa8497270ecacea4c45dbc"
-SRCREV_meta ?= "caafbdfe382bf22a4786d871af097acd49d0867a"
+SRCREV_machine_qemuarm ?= "487ecd38aaa59c22302930e8a9697c62c9d85fe5"
+SRCREV_machine_qemuarm64 ?= "00809fdaf65b24fcd0347f3d3e489e2890f7ed44"
+SRCREV_machine_qemumips ?= "ad1d747e7343bc9851bff62c4279060094c6eb59"
+SRCREV_machine_qemuppc ?= "00809fdaf65b24fcd0347f3d3e489e2890f7ed44"
+SRCREV_machine_qemuriscv64 ?= "00809fdaf65b24fcd0347f3d3e489e2890f7ed44"
+SRCREV_machine_qemux86 ?= "00809fdaf65b24fcd0347f3d3e489e2890f7ed44"
+SRCREV_machine_qemux86-64 ?= "00809fdaf65b24fcd0347f3d3e489e2890f7ed44"
+SRCREV_machine_qemumips64 ?= "4fe8438e9dea8d0a00f82003277f36785aac9e3d"
+SRCREV_machine ?= "00809fdaf65b24fcd0347f3d3e489e2890f7ed44"
+SRCREV_meta ?= "7ed307f65171d331a784ceecb6f56b9f8ecadb10"
# remap qemuarm to qemuarma15 for the 5.4 kernel
# KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.51"
+LINUX_VERSION ?= "5.4.61"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
diff --git a/meta/recipes-kernel/perf/perf.bb b/meta/recipes-kernel/perf/perf.bb
index c4b7b77e99..578b871e9e 100644
--- a/meta/recipes-kernel/perf/perf.bb
+++ b/meta/recipes-kernel/perf/perf.bb
@@ -68,6 +68,7 @@ SPDX_S = "${S}/tools/perf"
LDFLAGS="-ldl -lutil"
EXTRA_OEMAKE = '\
+ V=1 \
-C ${S}/tools/perf \
O=${B} \
CROSS_COMPILE=${TARGET_PREFIX} \
@@ -199,6 +200,9 @@ do_configure_prepend () {
${S}/tools/perf/Makefile.perf
sed -i -e "s,prefix='\$(DESTDIR_SQ)/usr'$,prefix='\$(DESTDIR_SQ)/usr' --install-lib='\$(DESTDIR)\$(PYTHON_SITEPACKAGES_DIR)',g" \
${S}/tools/perf/Makefile.perf
+ # backport https://github.com/torvalds/linux/commit/e4ffd066ff440a57097e9140fa9e16ceef905de8
+ sed -i -e 's,\($(Q)$(SHELL) .$(arch_errno_tbl).\) $(CC) $(arch_errno_hdr_dir),\1 $(firstword $(CC)) $(arch_errno_hdr_dir),g' \
+ ${S}/tools/perf/Makefile.perf
fi
sed -i -e "s,--root='/\$(DESTDIR_SQ)',--prefix='\$(DESTDIR_SQ)/usr' --install-lib='\$(DESTDIR)\$(PYTHON_SITEPACKAGES_DIR)',g" \
${S}/tools/perf/Makefile*
diff --git a/meta/recipes-multimedia/alsa/alsa-topology-conf_1.2.1.bb b/meta/recipes-multimedia/alsa/alsa-topology-conf_1.2.1.bb
index add1f309ec..5101cc7b7a 100644
--- a/meta/recipes-multimedia/alsa/alsa-topology-conf_1.2.1.bb
+++ b/meta/recipes-multimedia/alsa/alsa-topology-conf_1.2.1.bb
@@ -13,8 +13,8 @@ SRC_URI[sha256sum] = "354a43f4031c98bef1349ac722d83b2603ef439f81a1ab1eba8814c282
inherit allarch
do_install() {
- install -d ${D}/usr/share/alsa
- cp -r ${S}/topology ${D}/usr/share/alsa
+ install -d "${D}${datadir}/alsa"
+ cp -r "${S}/topology" "${D}${datadir}/alsa"
}
PACKAGES = "${PN}"
diff --git a/meta/recipes-multimedia/alsa/alsa-ucm-conf_1.2.1.2.bb b/meta/recipes-multimedia/alsa/alsa-ucm-conf_1.2.1.2.bb
index 469d1f7a95..a432d5de07 100644
--- a/meta/recipes-multimedia/alsa/alsa-ucm-conf_1.2.1.2.bb
+++ b/meta/recipes-multimedia/alsa/alsa-ucm-conf_1.2.1.2.bb
@@ -13,9 +13,9 @@ SRC_URI[sha256sum] = "ea8a86875f4cf430d49a662a04a6d6c606c5c9d67e54cb944c4d77b245
inherit allarch
do_install() {
- install -d ${D}/usr/share/alsa
- cp -r ${S}/ucm ${D}/usr/share/alsa
- cp -r ${S}/ucm2 ${D}/usr/share/alsa
+ install -d "${D}${datadir}/alsa"
+ cp -r "${S}/ucm" "${D}${datadir}/alsa"
+ cp -r "${S}/ucm2" "${D}${datadir}/alsa"
}
PACKAGES = "${PN}"
diff --git a/meta/recipes-sato/webkit/webkitgtk/CVE-2020-13753.patch b/meta/recipes-sato/webkit/webkitgtk/CVE-2020-13753.patch
new file mode 100644
index 0000000000..d8504c2b36
--- /dev/null
+++ b/meta/recipes-sato/webkit/webkitgtk/CVE-2020-13753.patch
@@ -0,0 +1,15 @@
+Upstream-Status: Backport [https://trac.webkit.org/changeset/262368/webkit?format=diff&new=262368]
+CVE: CVE-2020-13753
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+
+Index: a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
+===================================================================
+--- a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp (revision 262367)
++++ b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp (revision 262368)
+@@ -642,5 +642,5 @@
+ int r;
+ if (rule.arg)
+- r = seccomp_rule_add(seccomp, SCMP_ACT_ERRNO(EPERM), scall, 1, rule.arg);
++ r = seccomp_rule_add(seccomp, SCMP_ACT_ERRNO(EPERM), scall, 1, *rule.arg);
+ else
+ r = seccomp_rule_add(seccomp, SCMP_ACT_ERRNO(EPERM), scall, 0);
diff --git a/meta/recipes-sato/webkit/webkitgtk_2.28.2.bb b/meta/recipes-sato/webkit/webkitgtk_2.28.2.bb
index 288c715cc3..9cfec83ec7 100644
--- a/meta/recipes-sato/webkit/webkitgtk_2.28.2.bb
+++ b/meta/recipes-sato/webkit/webkitgtk_2.28.2.bb
@@ -19,6 +19,7 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \
file://cross-compile.patch \
file://0001-Fix-build-with-musl.patch \
file://include_array.patch \
+ file://CVE-2020-13753.patch \
"
SRC_URI[md5sum] = "ec0ef870ca37e3a5ebbead2f268a28ec"
SRC_URI[sha256sum] = "b9d23525cfd8d22c37b5d964a9fe9a8ce7583042a2f8d3922e71e6bbc68c30bd"
diff --git a/meta/recipes-support/curl/curl_7.69.1.bb b/meta/recipes-support/curl/curl_7.69.1.bb
index 8b5170f021..dfcd533c80 100644
--- a/meta/recipes-support/curl/curl_7.69.1.bb
+++ b/meta/recipes-support/curl/curl_7.69.1.bb
@@ -14,7 +14,9 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42"
SRC_URI[sha256sum] = "2ff5e5bd507adf6aa88ff4bbafd4c7af464867ffb688be93b9930717a56c4de8"
-CVE_PRODUCT = "curl libcurl"
+# Curl has used many names over the years...
+CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"
+
inherit autotools pkgconfig binconfig multilib_header
PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} gnutls libidn proxy threaded-resolver verbose zlib"
diff --git a/meta/recipes-support/fribidi/fribidi_1.0.9.bb b/meta/recipes-support/fribidi/fribidi_1.0.9.bb
index 21217aba5e..0654b07dc7 100644
--- a/meta/recipes-support/fribidi/fribidi_1.0.9.bb
+++ b/meta/recipes-support/fribidi/fribidi_1.0.9.bb
@@ -12,6 +12,6 @@ UPSTREAM_CHECK_URI = "https://github.com/${BPN}/${BPN}/releases"
inherit meson lib_package pkgconfig
-CVE_PRODUCT = "gnu_fribidi"
+CVE_PRODUCT = "gnu_fribidi fribidi"
BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2020-24659.patch b/meta/recipes-support/gnutls/gnutls/CVE-2020-24659.patch
new file mode 100644
index 0000000000..1702325e66
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2020-24659.patch
@@ -0,0 +1,117 @@
+From 29ee67c205855e848a0a26e6d0e4f65b6b943e0a Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Sat, 22 Aug 2020 17:19:39 +0200
+Subject: [PATCH] handshake: reject no_renegotiation alert if handshake is
+ incomplete
+
+If the initial handshake is incomplete and the server sends a
+no_renegotiation alert, the client should treat it as a fatal error
+even if its level is warning. Otherwise the same handshake
+state (e.g., DHE parameters) are reused in the next gnutls_handshake
+call, if it is called in the loop idiom:
+
+ do {
+ ret = gnutls_handshake(session);
+ } while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+CVE: CVE-2020-24659
+Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls.git]
+Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
+---
+ lib/gnutls_int.h | 1 +
+ lib/handshake.c | 48 +++++++++++++-----
+ 2 files changed, 36 insertions(+), 13 deletions(-)
+
+diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
+index bb6c19713..31cec5c0c 100644
+--- a/lib/gnutls_int.h
++++ b/lib/gnutls_int.h
+@@ -1370,6 +1370,7 @@ typedef struct {
+ #define HSK_RECORD_SIZE_LIMIT_RECEIVED (1<<26) /* server: record_size_limit extension was seen but not accepted yet */
+ #define HSK_OCSP_REQUESTED (1<<27) /* server: client requested OCSP stapling */
+ #define HSK_CLIENT_OCSP_REQUESTED (1<<28) /* client: server requested OCSP stapling */
++#define HSK_SERVER_HELLO_RECEIVED (1<<29) /* client: Server Hello message has been received */
+
+ /* The hsk_flags are for use within the ongoing handshake;
+ * they are reset to zero prior to handshake start by gnutls_handshake. */
+diff --git a/lib/handshake.c b/lib/handshake.c
+index b40f84b3d..ce2d160e2 100644
+--- a/lib/handshake.c
++++ b/lib/handshake.c
+@@ -2051,6 +2051,8 @@ read_server_hello(gnutls_session_t session,
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
++ session->internals.hsk_flags |= HSK_SERVER_HELLO_RECEIVED;
++
+ return 0;
+ }
+
+@@ -2575,16 +2577,42 @@ int gnutls_rehandshake(gnutls_session_t session)
+ return 0;
+ }
+
++/* This function checks whether the error code should be treated fatal
++ * or not, and also does the necessary state transition. In
++ * particular, in the case of a rehandshake abort it resets the
++ * handshake's internal state.
++ */
+ inline static int
+ _gnutls_abort_handshake(gnutls_session_t session, int ret)
+ {
+- if (((ret == GNUTLS_E_WARNING_ALERT_RECEIVED) &&
+- (gnutls_alert_get(session) == GNUTLS_A_NO_RENEGOTIATION))
+- || ret == GNUTLS_E_GOT_APPLICATION_DATA)
+- return 0;
++ switch (ret) {
++ case GNUTLS_E_WARNING_ALERT_RECEIVED:
++ if (gnutls_alert_get(session) == GNUTLS_A_NO_RENEGOTIATION) {
++ /* The server always toleretes a "no_renegotiation" alert. */
++ if (session->security_parameters.entity == GNUTLS_SERVER) {
++ STATE = STATE0;
++ return ret;
++ }
++
++ /* The client should tolerete a "no_renegotiation" alert only if:
++ * - the initial handshake has completed, or
++ * - a Server Hello is not yet received
++ */
++ if (session->internals.initial_negotiation_completed ||
++ !(session->internals.hsk_flags & HSK_SERVER_HELLO_RECEIVED)) {
++ STATE = STATE0;
++ return ret;
++ }
+
+- /* this doesn't matter */
+- return GNUTLS_E_INTERNAL_ERROR;
++ return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
++ }
++ return ret;
++ case GNUTLS_E_GOT_APPLICATION_DATA:
++ STATE = STATE0;
++ return ret;
++ default:
++ return ret;
++ }
+ }
+
+
+@@ -2747,13 +2774,7 @@ int gnutls_handshake(gnutls_session_t session)
+ }
+
+ if (ret < 0) {
+- /* In the case of a rehandshake abort
+- * we should reset the handshake's internal state.
+- */
+- if (_gnutls_abort_handshake(session, ret) == 0)
+- STATE = STATE0;
+-
+- return ret;
++ return _gnutls_abort_handshake(session, ret);
+ }
+
+ /* clear handshake buffer */
+--
+2.17.0
+
diff --git a/meta/recipes-support/gnutls/gnutls_3.6.14.bb b/meta/recipes-support/gnutls/gnutls_3.6.14.bb
index cc0454a561..51578b4b3b 100644
--- a/meta/recipes-support/gnutls/gnutls_3.6.14.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.6.14.bb
@@ -20,6 +20,7 @@ SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"
SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz \
file://arm_eabi.patch \
file://0001-Modied-the-license-to-GPLv2.1-to-keep-with-LICENSE-f.patch \
+ file://CVE-2020-24659.patch \
"
SRC_URI[sha256sum] = "5630751adec7025b8ef955af4d141d00d252a985769f51b4059e5affa3d39d63"
diff --git a/meta/recipes-support/gpgme/gpgme_1.13.1.bb b/meta/recipes-support/gpgme/gpgme_1.13.1.bb
index 9fc1ae24a4..b51534351d 100644
--- a/meta/recipes-support/gpgme/gpgme_1.13.1.bb
+++ b/meta/recipes-support/gpgme/gpgme_1.13.1.bb
@@ -59,7 +59,7 @@ EXTRA_OECONF += '--enable-languages="${LANGUAGES}" \
--disable-lang-python-test \
'
-inherit autotools texinfo binconfig-disabled pkgconfig distutils-common-base ${PYTHON_INHERIT}
+inherit autotools texinfo binconfig-disabled pkgconfig distutils-common-base ${PYTHON_INHERIT} multilib_header
export PKG_CONFIG='pkg-config'
@@ -83,3 +83,7 @@ do_configure_prepend () {
rm -f ${S}/m4/libassuan.m4
rm -f ${S}/m4/python.m4
}
+
+do_install_append() {
+ oe_multilib_header gpgme.h
+}
diff --git a/meta/recipes-support/libexif/libexif/CVE-2016-6328.patch b/meta/recipes-support/libexif/libexif/CVE-2016-6328.patch
deleted file mode 100644
index a6f307439b..0000000000
--- a/meta/recipes-support/libexif/libexif/CVE-2016-6328.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-CVE: CVE-2016-6328
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 41bd04234b104312f54d25822f68738ba8d7133d Mon Sep 17 00:00:00 2001
-From: Marcus Meissner <marcus@jet.franken.de>
-Date: Tue, 25 Jul 2017 23:44:44 +0200
-Subject: [PATCH] fixes some (not all) buffer overreads during decoding pentax
- makernote entries.
-
-This should fix:
-https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328
----
- libexif/pentax/mnote-pentax-entry.c | 16 +++++++++++++---
- 1 file changed, 13 insertions(+), 3 deletions(-)
-
-diff --git a/libexif/pentax/mnote-pentax-entry.c b/libexif/pentax/mnote-pentax-entry.c
-index d03d159..ea0429a 100644
---- a/libexif/pentax/mnote-pentax-entry.c
-+++ b/libexif/pentax/mnote-pentax-entry.c
-@@ -425,24 +425,34 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
- case EXIF_FORMAT_SHORT:
- {
- const unsigned char *data = entry->data;
-- size_t k, len = strlen(val);
-+ size_t k, len = strlen(val), sizeleft;
-+
-+ sizeleft = entry->size;
- for(k=0; k<entry->components; k++) {
-+ if (sizeleft < 2)
-+ break;
- vs = exif_get_short (data, entry->order);
- snprintf (val+len, maxlen-len, "%i ", vs);
- len = strlen(val);
- data += 2;
-+ sizeleft -= 2;
- }
- }
- break;
- case EXIF_FORMAT_LONG:
- {
- const unsigned char *data = entry->data;
-- size_t k, len = strlen(val);
-+ size_t k, len = strlen(val), sizeleft;
-+
-+ sizeleft = entry->size;
- for(k=0; k<entry->components; k++) {
-+ if (sizeleft < 4)
-+ break;
- vl = exif_get_long (data, entry->order);
- snprintf (val+len, maxlen-len, "%li", (long int) vl);
- len = strlen(val);
- data += 4;
-+ sizeleft -= 4;
- }
- }
- break;
-@@ -455,5 +465,5 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
- break;
- }
-
-- return (val);
-+ return val;
- }
diff --git a/meta/recipes-support/libexif/libexif/CVE-2017-7544.patch b/meta/recipes-support/libexif/libexif/CVE-2017-7544.patch
deleted file mode 100644
index e49481ff84..0000000000
--- a/meta/recipes-support/libexif/libexif/CVE-2017-7544.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 8a92f964a66d476ca8907234359e92a70fc1325b Mon Sep 17 00:00:00 2001
-From: Changqing Li <changqing.li@windriver.com>
-Date: Tue, 28 Aug 2018 15:12:10 +0800
-Subject: [PATCH] On saving makernotes, make sure the makernote container tags
- has a type with 1 byte components.
-
-Fixes (at least):
- https://sourceforge.net/p/libexif/bugs/130
- https://sourceforge.net/p/libexif/bugs/129
-
-Upstream-Status: Backport[https://github.com/libexif/libexif/commit/
-c39acd1692023b26290778a02a9232c873f9d71a#diff-830e348923810f00726700b083ec00cd]
-
-CVE: CVE-2017-7544
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
----
- libexif/exif-data.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/libexif/exif-data.c b/libexif/exif-data.c
-index 67df4db..6bf89eb 100644
---- a/libexif/exif-data.c
-+++ b/libexif/exif-data.c
-@@ -255,6 +255,12 @@ exif_data_save_data_entry (ExifData *data, ExifEntry *e,
- exif_mnote_data_set_offset (data->priv->md, *ds - 6);
- exif_mnote_data_save (data->priv->md, &e->data, &e->size);
- e->components = e->size;
-+ if (exif_format_get_size (e->format) != 1) {
-+ /* e->format is taken from input code,
-+ * but we need to make sure it is a 1 byte
-+ * entity due to the multiplication below. */
-+ e->format = EXIF_FORMAT_UNDEFINED;
-+ }
- }
- }
-
---
-2.7.4
-
diff --git a/meta/recipes-support/libexif/libexif/CVE-2018-20030.patch b/meta/recipes-support/libexif/libexif/CVE-2018-20030.patch
deleted file mode 100644
index 76233e6dc9..0000000000
--- a/meta/recipes-support/libexif/libexif/CVE-2018-20030.patch
+++ /dev/null
@@ -1,115 +0,0 @@
-CVE: CVE-2018-20030
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 6aa11df549114ebda520dde4cdaea2f9357b2c89 Mon Sep 17 00:00:00 2001
-From: Dan Fandrich <dan@coneharvesters.com>
-Date: Fri, 12 Oct 2018 16:01:45 +0200
-Subject: [PATCH] Improve deep recursion detection in
- exif_data_load_data_content.
-
-The existing detection was still vulnerable to pathological cases
-causing DoS by wasting CPU. The new algorithm takes the number of tags
-into account to make it harder to abuse by cases using shallow recursion
-but with a very large number of tags. This improves on commit 5d28011c
-which wasn't sufficient to counter this kind of case.
-
-The limitation in the previous fix was discovered by Laurent Delosieres,
-Secunia Research at Flexera (Secunia Advisory SA84652) and is assigned
-the identifier CVE-2018-20030.
-
-diff --git a/libexif/exif-data.c b/libexif/exif-data.c
-index 67df4db..8d9897e 100644
---- a/libexif/exif-data.c
-+++ b/libexif/exif-data.c
-@@ -35,6 +35,7 @@
- #include <libexif/olympus/exif-mnote-data-olympus.h>
- #include <libexif/pentax/exif-mnote-data-pentax.h>
-
-+#include <math.h>
- #include <stdlib.h>
- #include <stdio.h>
- #include <string.h>
-@@ -344,6 +345,20 @@ if (data->ifd[(i)]->count) { \
- break; \
- }
-
-+/*! Calculate the recursion cost added by one level of IFD loading.
-+ *
-+ * The work performed is related to the cost in the exponential relation
-+ * work=1.1**cost
-+ */
-+static unsigned int
-+level_cost(unsigned int n)
-+{
-+ static const double log_1_1 = 0.09531017980432493;
-+
-+ /* Adding 0.1 protects against the case where n==1 */
-+ return ceil(log(n + 0.1)/log_1_1);
-+}
-+
- /*! Load data for an IFD.
- *
- * \param[in,out] data #ExifData
-@@ -351,13 +366,13 @@ if (data->ifd[(i)]->count) { \
- * \param[in] d pointer to buffer containing raw IFD data
- * \param[in] ds size of raw data in buffer at \c d
- * \param[in] offset offset into buffer at \c d at which IFD starts
-- * \param[in] recursion_depth number of times this function has been
-- * recursively called without returning
-+ * \param[in] recursion_cost factor indicating how expensive this recursive
-+ * call could be
- */
- static void
- exif_data_load_data_content (ExifData *data, ExifIfd ifd,
- const unsigned char *d,
-- unsigned int ds, unsigned int offset, unsigned int recursion_depth)
-+ unsigned int ds, unsigned int offset, unsigned int recursion_cost)
- {
- ExifLong o, thumbnail_offset = 0, thumbnail_length = 0;
- ExifShort n;
-@@ -372,9 +387,20 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
- if ((((int)ifd) < 0) || ( ((int)ifd) >= EXIF_IFD_COUNT))
- return;
-
-- if (recursion_depth > 30) {
-+ if (recursion_cost > 170) {
-+ /*
-+ * recursion_cost is a logarithmic-scale indicator of how expensive this
-+ * recursive call might end up being. It is an indicator of the depth of
-+ * recursion as well as the potential for worst-case future recursive
-+ * calls. Since it's difficult to tell ahead of time how often recursion
-+ * will occur, this assumes the worst by assuming every tag could end up
-+ * causing recursion.
-+ * The value of 170 was chosen to limit typical EXIF structures to a
-+ * recursive depth of about 6, but pathological ones (those with very
-+ * many tags) to only 2.
-+ */
- exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData",
-- "Deep recursion detected!");
-+ "Deep/expensive recursion detected!");
- return;
- }
-
-@@ -416,15 +442,18 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
- switch (tag) {
- case EXIF_TAG_EXIF_IFD_POINTER:
- CHECK_REC (EXIF_IFD_EXIF);
-- exif_data_load_data_content (data, EXIF_IFD_EXIF, d, ds, o, recursion_depth + 1);
-+ exif_data_load_data_content (data, EXIF_IFD_EXIF, d, ds, o,
-+ recursion_cost + level_cost(n));
- break;
- case EXIF_TAG_GPS_INFO_IFD_POINTER:
- CHECK_REC (EXIF_IFD_GPS);
-- exif_data_load_data_content (data, EXIF_IFD_GPS, d, ds, o, recursion_depth + 1);
-+ exif_data_load_data_content (data, EXIF_IFD_GPS, d, ds, o,
-+ recursion_cost + level_cost(n));
- break;
- case EXIF_TAG_INTEROPERABILITY_IFD_POINTER:
- CHECK_REC (EXIF_IFD_INTEROPERABILITY);
-- exif_data_load_data_content (data, EXIF_IFD_INTEROPERABILITY, d, ds, o, recursion_depth + 1);
-+ exif_data_load_data_content (data, EXIF_IFD_INTEROPERABILITY, d, ds, o,
-+ recursion_cost + level_cost(n));
- break;
- case EXIF_TAG_JPEG_INTERCHANGE_FORMAT:
- thumbnail_offset = o;
diff --git a/meta/recipes-support/libexif/libexif_0.6.21.bb b/meta/recipes-support/libexif/libexif_0.6.21.bb
deleted file mode 100644
index 3f6fa32b25..0000000000
--- a/meta/recipes-support/libexif/libexif_0.6.21.bb
+++ /dev/null
@@ -1,19 +0,0 @@
-SUMMARY = "Library for reading extended image information (EXIF) from JPEG files"
-HOMEPAGE = "http://sourceforge.net/projects/libexif"
-SECTION = "libs"
-LICENSE = "LGPLv2.1"
-LIC_FILES_CHKSUM = "file://COPYING;md5=243b725d71bb5df4a1e5920b344b86ad"
-
-SRC_URI = "${SOURCEFORGE_MIRROR}/libexif/libexif-${PV}.tar.bz2 \
- file://CVE-2017-7544.patch \
- file://CVE-2016-6328.patch \
- file://CVE-2018-20030.patch \
- file://CVE-2020-13114.patch \
-"
-
-SRC_URI[md5sum] = "27339b89850f28c8f1c237f233e05b27"
-SRC_URI[sha256sum] = "16cdaeb62eb3e6dfab2435f7d7bccd2f37438d21c5218ec4e58efa9157d4d41a"
-
-inherit autotools gettext
-
-EXTRA_OECONF += "--disable-docs"
diff --git a/meta/recipes-support/libexif/libexif_0.6.22.bb b/meta/recipes-support/libexif/libexif_0.6.22.bb
new file mode 100644
index 0000000000..a520d5c9f9
--- /dev/null
+++ b/meta/recipes-support/libexif/libexif_0.6.22.bb
@@ -0,0 +1,19 @@
+SUMMARY = "Library for reading extended image information (EXIF) from JPEG files"
+HOMEPAGE = "https://libexif.github.io/"
+SECTION = "libs"
+LICENSE = "LGPLv2.1"
+LIC_FILES_CHKSUM = "file://COPYING;md5=243b725d71bb5df4a1e5920b344b86ad"
+
+def version_underscore(v):
+ return "_".join(v.split("."))
+
+SRC_URI = "https://github.com/libexif/libexif/releases/download/libexif-${@version_underscore("${PV}")}-release/libexif-${PV}.tar.xz \
+ "
+
+SRC_URI[sha256sum] = "5048f1c8fc509cc636c2f97f4b40c293338b6041a5652082d5ee2cf54b530c56"
+
+UPSTREAM_CHECK_URI = "https://github.com/libexif/libexif/releases/"
+
+inherit autotools gettext
+
+EXTRA_OECONF += "--disable-docs"
diff --git a/meta/recipes-support/libffi/libffi_3.3.bb b/meta/recipes-support/libffi/libffi_3.3.bb
index e5beb985c6..9dfdb9e39b 100644
--- a/meta/recipes-support/libffi/libffi_3.3.bb
+++ b/meta/recipes-support/libffi/libffi_3.3.bb
@@ -28,7 +28,7 @@ EXTRA_OEMAKE_class-target = "LIBTOOLFLAGS='--tag=CC'"
inherit autotools texinfo multilib_header
do_install_append() {
- oe_multilib_header ffi.h
+ oe_multilib_header ffi.h ffitarget.h
}
FILES_${PN}-dev += "${libdir}/libffi-${PV}"
diff --git a/scripts/lib/devtool/deploy.py b/scripts/lib/devtool/deploy.py
index 6a997735fc..aaa25dda08 100644
--- a/scripts/lib/devtool/deploy.py
+++ b/scripts/lib/devtool/deploy.py
@@ -177,13 +177,19 @@ def deploy(args, config, basepath, workspace):
rd.getVar('base_libdir'), rd)
filelist = []
+ inodes = set({})
ftotalsize = 0
for root, _, files in os.walk(recipe_outdir):
for fn in files:
+ fstat = os.lstat(os.path.join(root, fn))
# Get the size in kiB (since we'll be comparing it to the output of du -k)
# MUST use lstat() here not stat() or getfilesize() since we don't want to
# dereference symlinks
- fsize = int(math.ceil(float(os.lstat(os.path.join(root, fn)).st_size)/1024))
+ if fstat.st_ino in inodes:
+ fsize = 0
+ else:
+ fsize = int(math.ceil(float(fstat.st_size)/1024))
+ inodes.add(fstat.st_ino)
ftotalsize += fsize
# The path as it would appear on the target
fpath = os.path.join(destdir, os.path.relpath(root, recipe_outdir), fn)
diff --git a/scripts/lib/devtool/standard.py b/scripts/lib/devtool/standard.py
index bab644b83a..d140b97de1 100644
--- a/scripts/lib/devtool/standard.py
+++ b/scripts/lib/devtool/standard.py
@@ -1711,7 +1711,7 @@ def _update_recipe_patch(recipename, workspace, srctree, rd, appendlayerdir, wil
def _guess_recipe_update_mode(srctree, rdata):
"""Guess the recipe update mode to use"""
- src_uri = (rdata.getVar('SRC_URI', False) or '').split()
+ src_uri = (rdata.getVar('SRC_URI') or '').split()
git_uris = [uri for uri in src_uri if uri.startswith('git://')]
if not git_uris:
return 'patch'
diff --git a/scripts/lib/wic/misc.py b/scripts/lib/wic/misc.py
index 1f199b9f23..fe4abe8115 100644
--- a/scripts/lib/wic/misc.py
+++ b/scripts/lib/wic/misc.py
@@ -128,8 +128,9 @@ def exec_native_cmd(cmd_and_args, native_sysroot, pseudo=""):
if pseudo:
cmd_and_args = pseudo + cmd_and_args
- native_paths = "%s/sbin:%s/usr/sbin:%s/usr/bin" % \
- (native_sysroot, native_sysroot, native_sysroot)
+ native_paths = "%s/sbin:%s/usr/sbin:%s/usr/bin:%s/bin" % \
+ (native_sysroot, native_sysroot,
+ native_sysroot, native_sysroot)
native_cmd_and_args = "export PATH=%s:$PATH;%s" % \
(native_paths, cmd_and_args)
diff --git a/scripts/oe-build-perf-report b/scripts/oe-build-perf-report
index e781f4f03f..7ed86a72f6 100755
--- a/scripts/oe-build-perf-report
+++ b/scripts/oe-build-perf-report
@@ -1,4 +1,4 @@
-#!/usr/bin/python3
+#!/usr/bin/env python3
#
# Examine build performance test results
#
diff --git a/scripts/oe-publish-sdk b/scripts/oe-publish-sdk
index 4b70f436b1..19a5d69864 100755
--- a/scripts/oe-publish-sdk
+++ b/scripts/oe-publish-sdk
@@ -106,7 +106,7 @@ def publish(args):
if not is_remote:
cmd = 'set -e; mkdir -p %s/layers; cd %s/layers; if [ ! -e .git ]; then git init .; cp .git/hooks/post-update.sample .git/hooks/post-commit; echo "*.pyc\n*.pyo\npyshtables.py" > .gitignore; fi; git add -A .; git config user.email "oe@oe.oe" && git config user.name "OE" && git commit -q -m "init repo" || true' % (destination, destination)
else:
- cmd = "ssh %s 'set -e; mkdir -p %s/layers; cd %s/layers; if [ ! -e .git ]; then git init .; cp .git/hooks/post-update.sample .git/hooks/post-commit; echo '*.pyc\n*.pyo\npyshtables.py' > .gitignore; fi; git add -A .; git config user.email 'oe@oe.oe' && git config user.name 'OE' && git commit -q -m \"init repo\" || true'" % (host, destdir, destdir)
+ cmd = "ssh %s 'set -e; mkdir -p %s/layers; cd %s/layers; if [ ! -e .git ]; then git init .; cp .git/hooks/post-update.sample .git/hooks/post-commit; echo '*.pyc' > .gitignore; echo '*.pyo' >> .gitignore; echo 'pyshtables.py' >> .gitignore; fi; git add -A .; git config user.email 'oe@oe.oe' && git config user.name 'OE' && git commit -q -m \"init repo\" || true'" % (host, destdir, destdir)
ret = subprocess.call(cmd, shell=True)
if ret == 0:
logger.info('SDK published successfully')
diff --git a/scripts/runqemu b/scripts/runqemu
index 310d79fdc5..cc87ea871a 100755
--- a/scripts/runqemu
+++ b/scripts/runqemu
@@ -436,6 +436,10 @@ class BaseConfig(object):
if arg in self.fstypes + self.vmtypes + self.wictypes:
self.check_arg_fstype(arg)
elif arg == 'nographic':
+ if ('sdl' in sys.argv):
+ raise RunQemuError('Option nographic makes no sense alongside the sdl option.' % (arg))
+ if ('gtk' in sys.argv):
+ raise RunQemuError('Option nographic makes no sense alongside the gtk option.' % (arg))
self.qemu_opt_script += ' -nographic'
self.kernel_cmdline_script += ' console=ttyS0'
elif arg == 'sdl':
@@ -454,7 +458,8 @@ class BaseConfig(object):
self.qemu_opt_script += ' -display gtk'
elif arg == 'gl' or arg == 'gl-es':
# These args are handled inside sdl or gtk blocks above
- pass
+ if ('gtk' not in sys.argv) and ('sdl' not in sys.argv):
+ raise RunQemuError('Option %s also needs gtk or sdl option.' % (arg))
elif arg == 'egl-headless':
self.qemu_opt_script += ' -vga virtio -display egl-headless'
# As runqemu can be run within bitbake (when using testimage, for example),
@@ -1502,6 +1507,11 @@ def main():
try:
config = BaseConfig()
+ renice = os.path.expanduser("~/bin/runqemu-renice")
+ if os.path.exists(renice):
+ logger.info('Using %s to renice' % renice)
+ subprocess.check_call([renice, str(os.getpid())])
+
def sigterm_handler(signum, frame):
logger.info("SIGTERM received")
os.kill(config.qemupid, signal.SIGTERM)