* [OE-core][kirkstone 00/30] Patch review
@ 2022-07-03 19:35 Steve Sakoman
0 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2022-07-03 19:35 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for kirkstone and have comments back by end
of day Wednesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3856
The following changes since commit eea52e0c3d24c79464f4afdbc3c397e1cb982231:
build-appliance-image: Update to kirkstone head revision (2022-06-29 07:48:24 +0100)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Ahmed Hossam (1):
insane.bbclass: host-user-contaminated: Correct per package home path
Alexander Kanavin (3):
wireless-regdb: upgrade 2022.04.08 -> 2022.06.06
oeqa/sdk: drop the nativesdk-python 2.x test
at: take tarballs from debian
David Bagonyi (1):
sanity.bbclass: Add ftps to accepted URI protocols for mirrors sanity
Jose Quaresma (1):
curl: backport openssl fix CN check error code
Kai Kang (1):
glibc-tests: not clear BBCLASSEXTEND
Lee Chee Yang (1):
ghostscript: fix CVE-2022-2085
Lucas Stach (1):
perf: sort-pmuevents: really keep array terminators
Martin Jansa (1):
wic: fix WicError message
Maxime Roussin-Bélanger (1):
libffi: fix native build being not portable
Muhammad Hamza (1):
initramfs-framework: move storage mounts to actual rootfs
Peter Bergin (1):
rust: fix issue building cross-canadian tools for aarch64 on x86_64
Peter Kjellerstedt (1):
base.bbclass: Correct the test for obsolete license exceptions
Pgowda (1):
binutils : CVE-2019-1010204
Raju Kumar Pothuraju (1):
kernel-uboot.bbclass: Use vmlinux.initramfs when
INITRAMFS_IMAGE_BUNDLE set
Richard Purdie (8):
unzip: Port debian fixes for two CVEs
cve-extra-exclusions: Clean up and ignore three CVEs (2xqemu and nasm)
vim: 8.2.5083 -> 9.0.0005
openssl: Upgrade 3.0.3 -> 3.0.4
coreutils: Tweak packaging variable names for coreutils-dev
oeqa/runtime/scp: Disable scp test for dropbear
packagegroup-core-ssh-dropbear: Add openssh-sftp-server recommendation
oe-selftest-image: Ensure the image has sftp as well as dropbear
Ross Burton (3):
cups: ignore CVE-2022-26691
busybox: fix CVE-2022-30065
cve-check: hook cleanup to the BuildCompleted event, not CookerExit
Steve Sakoman (2):
openssh: break dependency on base package for -dev package
dropbear: break dependency on base package for -dev package
Thomas Roos (1):
recipetool/devtool: Fix python egg whitespace issues in PACKAGECONFIG
.../recipes-test/images/oe-selftest-image.bb | 2 +-
meta/classes/base.bbclass | 4 +-
meta/classes/cve-check.bbclass | 2 +-
meta/classes/insane.bbclass | 2 +-
meta/classes/kernel-uboot.bbclass | 6 ++
meta/classes/sanity.bbclass | 2 +-
.../distro/include/cve-extra-exclusions.inc | 30 +++++-----
meta/lib/oeqa/runtime/cases/scp.py | 2 +-
meta/lib/oeqa/sdk/cases/python.py | 11 ----
meta/lib/oeqa/selftest/cases/devtool.py | 15 ++++-
.../openssh/openssh_8.9p1.bb | 5 ++
...1-Configure-do-not-tweak-mips-cflags.patch | 10 ++--
...sysroot-and-debug-prefix-map-from-co.patch | 20 +++----
...ea88c3888cc5cb3ebc94ffcef706c68bc1d2.patch | 55 -------------------
.../openssl/openssl/afalg.patch | 10 ++--
.../{openssl_3.0.3.bb => openssl_3.0.4.bb} | 3 +-
.../busybox/busybox/CVE-2022-30065.patch | 29 ++++++++++
meta/recipes-core/busybox/busybox_1.35.0.bb | 1 +
meta/recipes-core/coreutils/coreutils_9.0.bb | 3 +-
meta/recipes-core/dropbear/dropbear.inc | 5 ++
meta/recipes-core/glibc/glibc-tests_2.35.bb | 5 +-
.../initrdscripts/initramfs-framework/finish | 9 +++
.../packagegroup-core-ssh-dropbear.bb | 1 +
.../binutils/binutils-2.38.inc | 1 +
.../binutils/0014-CVE-2019-1010204.patch | 49 +++++++++++++++++
meta/recipes-devtools/rust/rust-common.inc | 5 +-
meta/recipes-extended/at/at_3.2.5.bb | 2 +-
meta/recipes-extended/cups/cups.inc | 2 +
.../ghostscript/CVE-2022-2085.patch | 44 +++++++++++++++
.../ghostscript/ghostscript_9.55.0.bb | 1 +
.../unzip/unzip/CVE-2022-0529.patch | 39 +++++++++++++
.../unzip/unzip/CVE-2022-0530.patch | 33 +++++++++++
meta/recipes-extended/unzip/unzip_6.0.bb | 2 +
.../perf/perf/sort-pmuevents.py | 5 +-
....04.08.bb => wireless-regdb_2022.06.06.bb} | 2 +-
...0001-openssl-fix-CN-check-error-code.patch | 38 +++++++++++++
meta/recipes-support/curl/curl_7.82.0.bb | 1 +
meta/recipes-support/libffi/libffi_3.4.2.bb | 2 +-
.../vim/{vim-tiny_8.2.bb => vim-tiny_9.0.bb} | 0
meta/recipes-support/vim/vim.inc | 6 +-
.../vim/{vim_8.2.bb => vim_9.0.bb} | 0
.../lib/recipetool/create_buildsys_python.py | 13 +++++
scripts/wic | 2 +-
43 files changed, 353 insertions(+), 126 deletions(-)
delete mode 100644 meta/recipes-connectivity/openssl/openssl/770aea88c3888cc5cb3ebc94ffcef706c68bc1d2.patch
rename meta/recipes-connectivity/openssl/{openssl_3.0.3.bb => openssl_3.0.4.bb} (98%)
create mode 100644 meta/recipes-core/busybox/busybox/CVE-2022-30065.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0014-CVE-2019-1010204.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2022-2085.patch
create mode 100644 meta/recipes-extended/unzip/unzip/CVE-2022-0529.patch
create mode 100644 meta/recipes-extended/unzip/unzip/CVE-2022-0530.patch
rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2022.04.08.bb => wireless-regdb_2022.06.06.bb} (94%)
create mode 100644 meta/recipes-support/curl/curl/0001-openssl-fix-CN-check-error-code.patch
rename meta/recipes-support/vim/{vim-tiny_8.2.bb => vim-tiny_9.0.bb} (100%)
rename meta/recipes-support/vim/{vim_8.2.bb => vim_9.0.bb} (100%)
--
2.25.1
^ permalink raw reply [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 00/30] Patch review
@ 2023-07-30 18:00 Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 01/30] libjpeg-turbo: patch CVE-2023-2804 Steve Sakoman
` (30 more replies)
0 siblings, 31 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Tuesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5667
The following changes since commit e7d3e02a624f7ce23d012bb11ad1df2049066b37:
package.bbclass: moving field data process before variable process in process_pkgconfig (2023-07-21 07:14:06 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alexander Kanavin (1):
diffutils: update 3.9 -> 3.10
Andrej Valek (1):
kernel: add missing path to search for debug files
Archana Polampalli (1):
openssh: fix CVE-2023-38408
Benjamin Bouvier (1):
util-linux: add alternative links for ipcs,ipcrm
Hitendra Prajapati (3):
tiff: fix multiple CVEs
tiff: fix multiple CVEs
libtiff: fix CVE-2023-26965 heap-based use after free
Jose Quaresma (2):
openssl: add PERLEXTERNAL path to test its existence
openssl: use a glob on the PERLEXTERNAL to track updates on the path
Khem Raj (1):
meson.bbclass: Point to llvm-config from native sysroot
Martin Jansa (1):
libxcrypt: fix build with perl-5.38 and use master branch
Ovidiu Panait (4):
mdadm: fix util-linux ptest dependency
mdadm: fix 07revert-inplace ptest
mdadm: fix segfaults when running ptests
mdadm: skip running known broken ptests
Peter Marko (2):
libjpeg-turbo: patch CVE-2023-2804
python3: ignore CVE-2023-36632
Quentin Schulz (1):
uboot-extlinux-config.bbclass: fix old override syntax in comment
Ross Burton (2):
python3: fix missing comma in get_module_deps3.py
oeqa/runtime/cases/rpm: fix wait_for_no_process_for_user failure case
Sundeep KOKKONDA (1):
gcc : upgrade to v11.4
Tim Orling (1):
python3: upgrade 3.10.9 -> 3.10.12
Vivek Kumbhar (1):
go: fix CVE-2023-29406 net/http insufficient sanitization of Host
header
Wang Mingyu (3):
libassuan: upgrade 2.5.5 -> 2.5.6
libksba: upgrade 1.6.3 -> 1.6.4
lttng-ust: upgrade 2.13.5 -> 2.13.6
Yoann Congal (2):
recipetool: Fix inherit in created -native* recipes
oeqa/selftest/devtool: add unit test for "devtool add -b"
Yogita Urade (1):
dmidecode: fix CVE-2023-30630
Yuta Hayama (1):
systemd-systemctl: fix errors in instance name expansion
meta/classes/kernel.bbclass | 1 +
meta/classes/meson.bbclass | 1 +
meta/classes/uboot-extlinux-config.bbclass | 8 +-
meta/conf/distro/include/maintainers.inc | 2 +-
meta/lib/oeqa/runtime/cases/rpm.py | 4 +-
meta/lib/oeqa/selftest/cases/devtool.py | 32 +
.../openssh/openssh/CVE-2023-38408-0001.patch | 585 ++++++++++++++++++
.../openssh/openssh/CVE-2023-38408-0002.patch | 173 ++++++
.../openssh/openssh/CVE-2023-38408-0003.patch | 36 ++
.../openssh/openssh/CVE-2023-38408-0004.patch | 114 ++++
.../openssh/openssh_8.9p1.bb | 4 +
.../openssl/openssl_3.0.9.bb | 4 +-
...ommon.pm-compatible-with-latest-perl.patch | 50 ++
...ve-smartmatch-usage-from-gen-crypt-h.patch | 62 ++
meta/recipes-core/libxcrypt/libxcrypt.inc | 7 +-
.../systemd/systemd-systemctl/systemctl | 2 +-
.../util-linux/util-linux_2.37.4.bb | 2 +
.../dmidecode/CVE-2023-30630_1.patch | 237 +++++++
.../dmidecode/CVE-2023-30630_2.patch | 80 +++
.../dmidecode/CVE-2023-30630_3.patch | 69 +++
.../dmidecode/CVE-2023-30630_4.patch | 137 ++++
.../dmidecode/dmidecode_3.3.bb | 4 +
.../gcc/{gcc-11.3.inc => gcc-11.4.inc} | 6 +-
...ian_11.3.bb => gcc-cross-canadian_11.4.bb} | 0
.../{gcc-cross_11.3.bb => gcc-cross_11.4.bb} | 0
...-crosssdk_11.3.bb => gcc-crosssdk_11.4.bb} | 0
...cc-runtime_11.3.bb => gcc-runtime_11.4.bb} | 0
...itizers_11.3.bb => gcc-sanitizers_11.4.bb} | 0
...{gcc-source_11.3.bb => gcc-source_11.4.bb} | 0
...rch64-Update-Neoverse-N2-core-defini.patch | 20 +-
...rm-add-armv9-a-architecture-to-march.patch | 54 +-
...AMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch | 102 +--
...s-fix-v4bx-to-linker-to-support-EABI.patch | 6 +-
.../gcc/{gcc_11.3.bb => gcc_11.4.bb} | 0
...initial_11.3.bb => libgcc-initial_11.4.bb} | 0
.../gcc/{libgcc_11.3.bb => libgcc_11.4.bb} | 0
...ibgfortran_11.3.bb => libgfortran_11.4.bb} | 0
meta/recipes-devtools/go/go-1.17.13.inc | 1 +
.../go/go-1.18/CVE-2023-29406.patch | 210 +++++++
.../python/python3/cve-2023-24329.patch | 50 --
.../python/python3/get_module_deps3.py | 2 +-
.../{python3_3.10.9.bb => python3_3.10.12.bb} | 7 +-
...001-Skip-strip-trailing-cr-test-case.patch | 19 +-
.../{diffutils_3.9.bb => diffutils_3.10.bb} | 2 +-
...anup-validate_geometry_ddf_container.patch | 148 +++++
...nter-dereference-in-validate_geometr.patch | 56 ++
...se-after-close-bug-by-closing-after-.patch | 91 +++
...gfault-when-calling-NULL-get_bad_blo.patch | 42 ++
...Mark-and-ignore-broken-test-failures.patch | 128 ++++
...dd-broken-files-for-all-broken-tests.patch | 454 ++++++++++++++
meta/recipes-extended/mdadm/files/run-ptest | 2 +-
meta/recipes-extended/mdadm/mdadm_4.2.bb | 9 +-
.../jpeg/files/CVE-2023-2804-1.patch | 103 +++
.../jpeg/files/CVE-2023-2804-2.patch | 75 +++
.../jpeg/libjpeg-turbo_2.1.5.1.bb | 2 +
...ttng-ust_2.13.5.bb => lttng-ust_2.13.6.bb} | 2 +-
.../CVE-2023-0795_0796_0797_0798_0799.patch | 162 +++++
.../libtiff/tiff/CVE-2023-25433.patch | 195 ++++++
.../tiff/CVE-2023-25434-CVE-2023-25435.patch | 94 +++
.../libtiff/tiff/CVE-2023-26965.patch | 97 +++
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 4 +
...{libassuan_2.5.5.bb => libassuan_2.5.6.bb} | 2 +-
.../{libksba_1.6.3.bb => libksba_1.6.4.bb} | 2 +-
scripts/lib/recipetool/create.py | 4 +
64 files changed, 3585 insertions(+), 180 deletions(-)
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0001.patch
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0002.patch
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0003.patch
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0004.patch
create mode 100644 meta/recipes-core/libxcrypt/files/0001-Make-BuildCommon.pm-compatible-with-latest-perl.patch
create mode 100644 meta/recipes-core/libxcrypt/files/0002-Remove-smartmatch-usage-from-gen-crypt-h.patch
create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1.patch
create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch
create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_3.patch
create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch
rename meta/recipes-devtools/gcc/{gcc-11.3.inc => gcc-11.4.inc} (97%)
rename meta/recipes-devtools/gcc/{gcc-cross-canadian_11.3.bb => gcc-cross-canadian_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-cross_11.3.bb => gcc-cross_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-crosssdk_11.3.bb => gcc-crosssdk_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-runtime_11.3.bb => gcc-runtime_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-sanitizers_11.3.bb => gcc-sanitizers_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-source_11.3.bb => gcc-source_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc_11.3.bb => gcc_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{libgcc-initial_11.3.bb => libgcc-initial_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{libgcc_11.3.bb => libgcc_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{libgfortran_11.3.bb => libgfortran_11.4.bb} (100%)
create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2023-29406.patch
delete mode 100644 meta/recipes-devtools/python/python3/cve-2023-24329.patch
rename meta/recipes-devtools/python/{python3_3.10.9.bb => python3_3.10.12.bb} (98%)
rename meta/recipes-extended/diffutils/{diffutils_3.9.bb => diffutils_3.10.bb} (93%)
create mode 100644 meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch
create mode 100644 meta/recipes-extended/mdadm/files/0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch
create mode 100644 meta/recipes-extended/mdadm/files/0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch
create mode 100644 meta/recipes-extended/mdadm/files/0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch
create mode 100644 meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch
create mode 100644 meta/recipes-extended/mdadm/files/0006-tests-Add-broken-files-for-all-broken-tests.patch
create mode 100644 meta/recipes-graphics/jpeg/files/CVE-2023-2804-1.patch
create mode 100644 meta/recipes-graphics/jpeg/files/CVE-2023-2804-2.patch
rename meta/recipes-kernel/lttng/{lttng-ust_2.13.5.bb => lttng-ust_2.13.6.bb} (95%)
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-0795_0796_0797_0798_0799.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-25433.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-25434-CVE-2023-25435.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-26965.patch
rename meta/recipes-support/libassuan/{libassuan_2.5.5.bb => libassuan_2.5.6.bb} (93%)
rename meta/recipes-support/libksba/{libksba_1.6.3.bb => libksba_1.6.4.bb} (94%)
--
2.34.1
^ permalink raw reply [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 01/30] libjpeg-turbo: patch CVE-2023-2804
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 02/30] python3: ignore CVE-2023-36632 Steve Sakoman
` (29 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Relevant links:
* linked fronm NVD:
* https://github.com/libjpeg-turbo/libjpeg-turbo/issues/668#issuecomment-1492586118
* follow-up analysis:
* https://github.com/libjpeg-turbo/libjpeg-turbo/issues/668#issuecomment-1496473989
* picked commits fix all issues mentioned in this analysis
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../jpeg/files/CVE-2023-2804-1.patch | 103 ++++++++++++++++++
.../jpeg/files/CVE-2023-2804-2.patch | 75 +++++++++++++
.../jpeg/libjpeg-turbo_2.1.5.1.bb | 2 +
3 files changed, 180 insertions(+)
create mode 100644 meta/recipes-graphics/jpeg/files/CVE-2023-2804-1.patch
create mode 100644 meta/recipes-graphics/jpeg/files/CVE-2023-2804-2.patch
diff --git a/meta/recipes-graphics/jpeg/files/CVE-2023-2804-1.patch b/meta/recipes-graphics/jpeg/files/CVE-2023-2804-1.patch
new file mode 100644
index 0000000000..fd8a66bca7
--- /dev/null
+++ b/meta/recipes-graphics/jpeg/files/CVE-2023-2804-1.patch
@@ -0,0 +1,103 @@
+From 42ce199c9cfe129e5e21afd48dfe757a6acf87c4 Mon Sep 17 00:00:00 2001
+From: DRC <information@libjpeg-turbo.org>
+Date: Tue, 4 Apr 2023 19:06:20 -0500
+Subject: [PATCH] Decomp: Don't enable 2-pass color quant w/ RGB565
+
+The 2-pass color quantization algorithm assumes 3-sample pixels. RGB565
+is the only 3-component colorspace that doesn't have 3-sample pixels, so
+we need to treat it as a special case when determining whether to enable
+2-pass color quantization. Otherwise, attempting to initialize 2-pass
+color quantization with an RGB565 output buffer could cause
+prescan_quantize() to read from uninitialized memory and subsequently
+underflow/overflow the histogram array.
+
+djpeg is supposed to fail gracefully if both -rgb565 and -colors are
+specified, because none of its destination managers (image writers)
+support color quantization with RGB565. However, prescan_quantize() was
+called before that could occur. It is possible but very unlikely that
+these issues could have been reproduced in applications other than
+djpeg. The issues involve the use of two features (12-bit precision and
+RGB565) that are incompatible, and they also involve the use of two
+rarely-used legacy features (RGB565 and color quantization) that don't
+make much sense when combined.
+
+Fixes #668
+Fixes #671
+Fixes #680
+
+CVE: CVE-2023-2804
+Upstream-Status: Backport [https://github.com/libjpeg-turbo/libjpeg-turbo/commit/42ce199c9cfe129e5e21afd48dfe757a6acf87c4]
+
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ ChangeLog.md | 12 ++++++++++++
+ jdmaster.c | 5 +++--
+ jquant2.c | 5 +++--
+ 3 files changed, 18 insertions(+), 4 deletions(-)
+
+diff --git a/ChangeLog.md b/ChangeLog.md
+index 1c1e6538a..f1bfb3d87 100644
+--- a/ChangeLog.md
++++ b/ChangeLog.md
+@@ -1,3 +1,15 @@
++2.1.6
++=====
++
++### Significant changes relative to 2.1.5.1:
++
++1. Fixed an oversight in 1.4 beta1[8] that caused various segfaults and buffer
++overruns when attempting to decompress various specially-crafted malformed
++12-bit-per-component JPEG images using a 12-bit-per-component build of djpeg
++(`-DWITH_12BIT=1`) with both color quantization and RGB565 color conversion
++enabled.
++
++
+ 2.1.5.1
+ =======
+
+diff --git a/jdmaster.c b/jdmaster.c
+index a3690bf56..a9446adfd 100644
+--- a/jdmaster.c
++++ b/jdmaster.c
+@@ -5,7 +5,7 @@
+ * Copyright (C) 1991-1997, Thomas G. Lane.
+ * Modified 2002-2009 by Guido Vollbeding.
+ * libjpeg-turbo Modifications:
+- * Copyright (C) 2009-2011, 2016, 2019, 2022, D. R. Commander.
++ * Copyright (C) 2009-2011, 2016, 2019, 2022-2023, D. R. Commander.
+ * Copyright (C) 2013, Linaro Limited.
+ * Copyright (C) 2015, Google, Inc.
+ * For conditions of distribution and use, see the accompanying README.ijg
+@@ -480,7 +480,8 @@ master_selection(j_decompress_ptr cinfo)
+ if (cinfo->raw_data_out)
+ ERREXIT(cinfo, JERR_NOTIMPL);
+ /* 2-pass quantizer only works in 3-component color space. */
+- if (cinfo->out_color_components != 3) {
++ if (cinfo->out_color_components != 3 ||
++ cinfo->out_color_space == JCS_RGB565) {
+ cinfo->enable_1pass_quant = TRUE;
+ cinfo->enable_external_quant = FALSE;
+ cinfo->enable_2pass_quant = FALSE;
+diff --git a/jquant2.c b/jquant2.c
+index 44efb18ca..1c14ef763 100644
+--- a/jquant2.c
++++ b/jquant2.c
+@@ -4,7 +4,7 @@
+ * This file was part of the Independent JPEG Group's software:
+ * Copyright (C) 1991-1996, Thomas G. Lane.
+ * libjpeg-turbo Modifications:
+- * Copyright (C) 2009, 2014-2015, 2020, D. R. Commander.
++ * Copyright (C) 2009, 2014-2015, 2020, 2023, D. R. Commander.
+ * For conditions of distribution and use, see the accompanying README.ijg
+ * file.
+ *
+@@ -1230,7 +1230,8 @@ jinit_2pass_quantizer(j_decompress_ptr cinfo)
+ cquantize->error_limiter = NULL;
+
+ /* Make sure jdmaster didn't give me a case I can't handle */
+- if (cinfo->out_color_components != 3)
++ if (cinfo->out_color_components != 3 ||
++ cinfo->out_color_space == JCS_RGB565)
+ ERREXIT(cinfo, JERR_NOTIMPL);
+
+ /* Allocate the histogram/inverse colormap storage */
diff --git a/meta/recipes-graphics/jpeg/files/CVE-2023-2804-2.patch b/meta/recipes-graphics/jpeg/files/CVE-2023-2804-2.patch
new file mode 100644
index 0000000000..af955a72f6
--- /dev/null
+++ b/meta/recipes-graphics/jpeg/files/CVE-2023-2804-2.patch
@@ -0,0 +1,75 @@
+From 2e1b8a462f7f9f9bf6cd25a8516caa8203cc4593 Mon Sep 17 00:00:00 2001
+From: DRC <information@libjpeg-turbo.org>
+Date: Thu, 6 Apr 2023 18:33:41 -0500
+Subject: [PATCH] jpeg_crop_scanline: Fix calc w/sclg + 2x4,4x2 samp
+
+When computing the downsampled width for a particular component,
+jpeg_crop_scanline() needs to take into account the fact that the
+libjpeg code uses a combination of IDCT scaling and upsampling to
+implement 4x2 and 2x4 upsampling with certain decompression scaling
+factors. Failing to account for that led to incomplete upsampling of
+4x2- or 2x4-subsampled components, which caused the color converter to
+read from uninitialized memory. With 12-bit data precision, this caused
+a buffer overrun or underrun and subsequent segfault if the
+uninitialized memory contained a value that was outside of the valid
+sample range (because the color converter uses the value as an array
+index.)
+
+Fixes #669
+
+CVE: CVE-2023-2804
+Upstream-Status: Backport [https://github.com/libjpeg-turbo/libjpeg-turbo/commit/2e1b8a462f7f9f9bf6cd25a8516caa8203cc4593]
+
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ ChangeLog.md | 8 ++++++++
+ jdapistd.c | 10 ++++++----
+ 2 files changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/ChangeLog.md b/ChangeLog.md
+index f1bfb3d87..0a075c3c5 100644
+--- a/ChangeLog.md
++++ b/ChangeLog.md
+@@ -9,6 +9,14 @@ overruns when attempting to decompress various specially-crafted malformed
+ (`-DWITH_12BIT=1`) with both color quantization and RGB565 color conversion
+ enabled.
+
++2. Fixed an issue whereby `jpeg_crop_scanline()` sometimes miscalculated the
++downsampled width for components with 4x2 or 2x4 subsampling factors if
++decompression scaling was enabled. This caused the components to be upsampled
++incompletely, which caused the color converter to read from uninitialized
++memory. With 12-bit data precision, this caused a buffer overrun or underrun
++and subsequent segfault if the sample value read from unitialized memory was
++outside of the valid sample range.
++
+
+ 2.1.5.1
+ =======
+diff --git a/jdapistd.c b/jdapistd.c
+index 02cd0cb93..96cded112 100644
+--- a/jdapistd.c
++++ b/jdapistd.c
+@@ -4,7 +4,7 @@
+ * This file was part of the Independent JPEG Group's software:
+ * Copyright (C) 1994-1996, Thomas G. Lane.
+ * libjpeg-turbo Modifications:
+- * Copyright (C) 2010, 2015-2020, 2022, D. R. Commander.
++ * Copyright (C) 2010, 2015-2020, 2022-2023, D. R. Commander.
+ * Copyright (C) 2015, Google, Inc.
+ * For conditions of distribution and use, see the accompanying README.ijg
+ * file.
+@@ -236,9 +236,11 @@ jpeg_crop_scanline(j_decompress_ptr cinfo, JDIMENSION *xoffset,
+ /* Set downsampled_width to the new output width. */
+ orig_downsampled_width = compptr->downsampled_width;
+ compptr->downsampled_width =
+- (JDIMENSION)jdiv_round_up((long)(cinfo->output_width *
+- compptr->h_samp_factor),
+- (long)cinfo->max_h_samp_factor);
++ (JDIMENSION)jdiv_round_up((long)cinfo->output_width *
++ (long)(compptr->h_samp_factor *
++ compptr->_DCT_scaled_size),
++ (long)(cinfo->max_h_samp_factor *
++ cinfo->_min_DCT_scaled_size));
+ if (compptr->downsampled_width < 2 && orig_downsampled_width >= 2)
+ reinit_upsampler = TRUE;
+
diff --git a/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.5.1.bb b/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.5.1.bb
index e086830c02..86bf471eea 100644
--- a/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.5.1.bb
+++ b/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.5.1.bb
@@ -12,6 +12,8 @@ DEPENDS:append:x86:class-target = " nasm-native"
SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz \
file://0001-libjpeg-turbo-fix-package_qa-error.patch \
+ file://CVE-2023-2804-1.patch \
+ file://CVE-2023-2804-2.patch \
"
SRC_URI[sha256sum] = "2fdc3feb6e9deb17adec9bafa3321419aa19f8f4e5dea7bf8486844ca22207bf"
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 02/30] python3: ignore CVE-2023-36632
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 01/30] libjpeg-turbo: patch CVE-2023-2804 Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 03/30] tiff: fix multiple CVEs Steve Sakoman
` (28 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
This CVE shouldn't have been filed as the "exploit" is described in the
documentation as how the library behaves.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c652f094d86c4efb7ff99accba63b8169493ab18)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/python/python3_3.10.9.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-devtools/python/python3_3.10.9.bb b/meta/recipes-devtools/python/python3_3.10.9.bb
index 867958c0fb..4ecc7614bb 100644
--- a/meta/recipes-devtools/python/python3_3.10.9.bb
+++ b/meta/recipes-devtools/python/python3_3.10.9.bb
@@ -61,6 +61,8 @@ CVE_CHECK_IGNORE += "CVE-2020-15523 CVE-2022-26488"
# The mailcap module is insecure by design, so this can't be fixed in a meaningful way.
# The module will be removed in the future and flaws documented.
CVE_CHECK_IGNORE += "CVE-2015-20107"
+# Not an issue, in fact expected behaviour
+CVE_CHECK_IGNORE += "CVE-2023-36632"
PYTHON_MAJMIN = "3.10"
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 03/30] tiff: fix multiple CVEs
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 01/30] libjpeg-turbo: patch CVE-2023-2804 Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 02/30] python3: ignore CVE-2023-36632 Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 04/30] go: fix CVE-2023-29406 net/http insufficient sanitization of Host header Steve Sakoman
` (27 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Bug-Debian: https://bugs.debian.org/1031632
Origin: https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68
import from debian http://security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.1.0+git191117-2~deb10u7.debian.tar.xz
fix multiple CVEs:
CVE-2023-0795
CVE-2023-0796
CVE-2023-0797
CVE-2023-0798
CVE-2023-0799
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../CVE-2023-0795_0796_0797_0798_0799.patch | 162 ++++++++++++++++++
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 1 +
2 files changed, 163 insertions(+)
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-0795_0796_0797_0798_0799.patch
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-0795_0796_0797_0798_0799.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-0795_0796_0797_0798_0799.patch
new file mode 100644
index 0000000000..498d5ec8ab
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-0795_0796_0797_0798_0799.patch
@@ -0,0 +1,162 @@
+From 7808740e100ba30ffb791044f3b14dec3e85ed6f Mon Sep 17 00:00:00 2001
+From: Markus Koschany <apo@debian.org>
+Date: Tue, 21 Feb 2023 14:26:43 +0100
+Subject: [PATCH] CVE-2023-0795
+
+This is also the fix for CVE-2023-0796, CVE-2023-0797, CVE-2023-0798,
+CVE-2023-0799.
+
+Bug-Debian: https://bugs.debian.org/1031632
+Origin: https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68
+
+Upstream-Status: Backport [import from debian http://security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.1.0+git191117-2~deb10u7.debian.tar.xz ]
+CVE: CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ tools/tiffcrop.c | 51 ++++++++++++++++++++++++++++--------------------
+ 1 file changed, 30 insertions(+), 21 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index adf0f84..deba170 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -269,7 +269,6 @@ struct region {
+ uint32_t width; /* width in pixels */
+ uint32_t length; /* length in pixels */
+ uint32_t buffsize; /* size of buffer needed to hold the cropped region */
+- unsigned char *buffptr; /* address of start of the region */
+ };
+
+ /* Cropping parameters from command line and image data
+@@ -524,7 +523,7 @@ static int rotateContigSamples24bits(uint16_t, uint16_t, uint16_t, uint32_t,
+ static int rotateContigSamples32bits(uint16_t, uint16_t, uint16_t, uint32_t,
+ uint32_t, uint32_t, uint8_t *, uint8_t *);
+ static int rotateImage(uint16_t, struct image_data *, uint32_t *, uint32_t *,
+- unsigned char **);
++ unsigned char **, int);
+ static int mirrorImage(uint16_t, uint16_t, uint16_t, uint32_t, uint32_t,
+ unsigned char *);
+ static int invertImage(uint16_t, uint16_t, uint16_t, uint32_t, uint32_t,
+@@ -5219,7 +5218,6 @@ initCropMasks (struct crop_mask *cps)
+ cps->regionlist[i].width = 0;
+ cps->regionlist[i].length = 0;
+ cps->regionlist[i].buffsize = 0;
+- cps->regionlist[i].buffptr = NULL;
+ cps->zonelist[i].position = 0;
+ cps->zonelist[i].total = 0;
+ }
+@@ -6511,8 +6509,13 @@ static int correct_orientation(struct image_data *image, unsigned char **work_b
+ (uint16_t) (image->adjustments & ROTATE_ANY));
+ return (-1);
+ }
+-
+- if (rotateImage(rotation, image, &image->width, &image->length, work_buff_ptr))
++
++ /* Dummy variable in order not to switch two times the
++ * image->width,->length within rotateImage(),
++ * but switch xres, yres there. */
++ uint32_t width = image->width;
++ uint32_t length = image->length;
++ if (rotateImage(rotation, image, &width, &length, work_buff_ptr, TRUE))
+ {
+ TIFFError ("correct_orientation", "Unable to rotate image");
+ return (-1);
+@@ -6580,7 +6583,6 @@ extractCompositeRegions(struct image_data *image, struct crop_mask *crop,
+ /* These should not be needed for composite images */
+ crop->regionlist[i].width = crop_width;
+ crop->regionlist[i].length = crop_length;
+- crop->regionlist[i].buffptr = crop_buff;
+
+ src_rowsize = ((img_width * bps * spp) + 7) / 8;
+ dst_rowsize = (((crop_width * bps * count) + 7) / 8);
+@@ -6817,7 +6819,6 @@ extractSeparateRegion(struct image_data *image, struct crop_mask *crop,
+
+ crop->regionlist[region].width = crop_width;
+ crop->regionlist[region].length = crop_length;
+- crop->regionlist[region].buffptr = crop_buff;
+
+ src = read_buff;
+ dst = crop_buff;
+@@ -7695,7 +7696,7 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
+ if (crop->crop_mode & CROP_ROTATE) /* rotate should be last as it can reallocate the buffer */
+ {
+ if (rotateImage(crop->rotation, image, &crop->combined_width,
+- &crop->combined_length, &crop_buff))
++ &crop->combined_length, &crop_buff, FALSE))
+ {
+ TIFFError("processCropSelections",
+ "Failed to rotate composite regions by %"PRIu32" degrees", crop->rotation);
+@@ -7805,7 +7806,7 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
+ * ToDo: Therefore rotateImage() and its usage has to be reworked (e.g. like mirrorImage()) !!
+ */
+ if (rotateImage(crop->rotation, image, &crop->regionlist[i].width,
+- &crop->regionlist[i].length, &crop_buff))
++ &crop->regionlist[i].length, &crop_buff, FALSE))
+ {
+ TIFFError("processCropSelections",
+ "Failed to rotate crop region by %"PRIu16" degrees", crop->rotation);
+@@ -7937,7 +7938,7 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop,
+ if (crop->crop_mode & CROP_ROTATE) /* rotate should be last as it can reallocate the buffer */
+ {
+ if (rotateImage(crop->rotation, image, &crop->combined_width,
+- &crop->combined_length, crop_buff_ptr))
++ &crop->combined_length, crop_buff_ptr, TRUE))
+ {
+ TIFFError("createCroppedImage",
+ "Failed to rotate image or cropped selection by %"PRIu16" degrees", crop->rotation);
+@@ -8600,7 +8601,7 @@ rotateContigSamples32bits(uint16_t rotation, uint16_t spp, uint16_t bps, uint32_
+ /* Rotate an image by a multiple of 90 degrees clockwise */
+ static int
+ rotateImage(uint16_t rotation, struct image_data *image, uint32_t *img_width,
+- uint32_t *img_length, unsigned char **ibuff_ptr)
++ uint32_t *img_length, unsigned char **ibuff_ptr, int rot_image_params)
+ {
+ int shift_width;
+ uint32_t bytes_per_pixel, bytes_per_sample;
+@@ -8791,11 +8792,15 @@ rotateImage(uint16_t rotation, struct image_data *image, uint32_t *img_width,
+
+ *img_width = length;
+ *img_length = width;
+- image->width = length;
+- image->length = width;
+- res_temp = image->xres;
+- image->xres = image->yres;
+- image->yres = res_temp;
++ /* Only toggle image parameters if whole input image is rotated. */
++ if (rot_image_params)
++ {
++ image->width = length;
++ image->length = width;
++ res_temp = image->xres;
++ image->xres = image->yres;
++ image->yres = res_temp;
++ }
+ break;
+
+ case 270: if ((bps % 8) == 0) /* byte aligned data */
+@@ -8868,11 +8873,15 @@ rotateImage(uint16_t rotation, struct image_data *image, uint32_t *img_width,
+
+ *img_width = length;
+ *img_length = width;
+- image->width = length;
+- image->length = width;
+- res_temp = image->xres;
+- image->xres = image->yres;
+- image->yres = res_temp;
++ /* Only toggle image parameters if whole input image is rotated. */
++ if (rot_image_params)
++ {
++ image->width = length;
++ image->length = width;
++ res_temp = image->xres;
++ image->xres = image->yres;
++ image->yres = res_temp;
++ }
+ break;
+ default:
+ break;
+--
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
index 4bd485a10a..2be25756bc 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -34,6 +34,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
file://0001-tiffcrop-subroutines-require-a-larger-buffer-fixes-2.patch \
file://CVE-2022-48281.patch \
file://CVE-2023-0800_0801_0802_0803_0804.patch \
+ file://CVE-2023-0795_0796_0797_0798_0799.patch \
"
SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 04/30] go: fix CVE-2023-29406 net/http insufficient sanitization of Host header
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (2 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 03/30] tiff: fix multiple CVEs Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 05/30] tiff: fix multiple CVEs Steve Sakoman
` (26 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/go/go-1.17.13.inc | 1 +
.../go/go-1.18/CVE-2023-29406.patch | 210 ++++++++++++++++++
2 files changed, 211 insertions(+)
create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2023-29406.patch
diff --git a/meta/recipes-devtools/go/go-1.17.13.inc b/meta/recipes-devtools/go/go-1.17.13.inc
index 73921852fc..36904a92fb 100644
--- a/meta/recipes-devtools/go/go-1.17.13.inc
+++ b/meta/recipes-devtools/go/go-1.17.13.inc
@@ -36,6 +36,7 @@ SRC_URI += "\
file://CVE-2023-29405.patch \
file://CVE-2023-29402.patch \
file://CVE-2023-29400.patch \
+ file://CVE-2023-29406.patch \
"
SRC_URI[main.sha256sum] = "a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784ada0cd300fd"
diff --git a/meta/recipes-devtools/go/go-1.18/CVE-2023-29406.patch b/meta/recipes-devtools/go/go-1.18/CVE-2023-29406.patch
new file mode 100644
index 0000000000..a326cda5c4
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.18/CVE-2023-29406.patch
@@ -0,0 +1,210 @@
+From 5fa6923b1ea891400153d04ddf1545e23b40041b Mon Sep 17 00:00:00 2001
+From: Damien Neil <dneil@google.com>
+Date: Wed, 28 Jun 2023 13:20:08 -0700
+Subject: [PATCH] [release-branch.go1.19] net/http: validate Host header before
+ sending
+
+Verify that the Host header we send is valid.
+Avoids surprising behavior such as a Host of "go.dev\r\nX-Evil:oops"
+adding an X-Evil header to HTTP/1 requests.
+
+Add a test, skip the test for HTTP/2. HTTP/2 is not vulnerable to
+header injection in the way HTTP/1 is, but x/net/http2 doesn't validate
+the header and will go into a retry loop when the server rejects it.
+CL 506995 adds the necessary validation to x/net/http2.
+
+Updates #60374
+Fixes #61075
+For CVE-2023-29406
+
+Change-Id: I05cb6866a9bead043101954dfded199258c6dd04
+Reviewed-on: https://go-review.googlesource.com/c/go/+/506996
+Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
+TryBot-Result: Gopher Robot <gobot@golang.org>
+Run-TryBot: Damien Neil <dneil@google.com>
+(cherry picked from commit 499458f7ca04087958987a33c2703c3ef03e27e2)
+Reviewed-on: https://go-review.googlesource.com/c/go/+/507358
+Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
+Reviewed-by: Roland Shoemaker <roland@golang.org>
+
+Upstream-Status: Backport [https://github.com/golang/go/commit/5fa6923b1ea891400153d04ddf1545e23b40041b]
+CVE: CVE-2023-29406
+Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
+---
+ src/net/http/http_test.go | 29 ----------------------
+ src/net/http/request.go | 45 ++++++++--------------------------
+ src/net/http/request_test.go | 11 ++-------
+ src/net/http/transport_test.go | 18 ++++++++++++++
+ 4 files changed, 30 insertions(+), 73 deletions(-)
+
+diff --git a/src/net/http/http_test.go b/src/net/http/http_test.go
+index 0d92fe5..f03272a 100644
+--- a/src/net/http/http_test.go
++++ b/src/net/http/http_test.go
+@@ -48,35 +48,6 @@ func TestForeachHeaderElement(t *testing.T) {
+ }
+ }
+
+-func TestCleanHost(t *testing.T) {
+- tests := []struct {
+- in, want string
+- }{
+- {"www.google.com", "www.google.com"},
+- {"www.google.com foo", "www.google.com"},
+- {"www.google.com/foo", "www.google.com"},
+- {" first character is a space", ""},
+- {"[1::6]:8080", "[1::6]:8080"},
+-
+- // Punycode:
+- {"гофер.рф/foo", "xn--c1ae0ajs.xn--p1ai"},
+- {"bücher.de", "xn--bcher-kva.de"},
+- {"bücher.de:8080", "xn--bcher-kva.de:8080"},
+- // Verify we convert to lowercase before punycode:
+- {"BÜCHER.de", "xn--bcher-kva.de"},
+- {"BÜCHER.de:8080", "xn--bcher-kva.de:8080"},
+- // Verify we normalize to NFC before punycode:
+- {"gophér.nfc", "xn--gophr-esa.nfc"}, // NFC input; no work needed
+- {"goph\u0065\u0301r.nfd", "xn--gophr-esa.nfd"}, // NFD input
+- }
+- for _, tt := range tests {
+- got := cleanHost(tt.in)
+- if tt.want != got {
+- t.Errorf("cleanHost(%q) = %q, want %q", tt.in, got, tt.want)
+- }
+- }
+-}
+-
+ // Test that cmd/go doesn't link in the HTTP server.
+ //
+ // This catches accidental dependencies between the HTTP transport and
+diff --git a/src/net/http/request.go b/src/net/http/request.go
+index 09cb0c7..2f4e740 100644
+--- a/src/net/http/request.go
++++ b/src/net/http/request.go
+@@ -17,7 +17,6 @@ import (
+ "io"
+ "mime"
+ "mime/multipart"
+- "net"
+ "net/http/httptrace"
+ "net/http/internal/ascii"
+ "net/textproto"
+@@ -27,6 +26,7 @@ import (
+ "strings"
+ "sync"
+
++ "golang.org/x/net/http/httpguts"
+ "golang.org/x/net/idna"
+ )
+
+@@ -568,12 +568,19 @@ func (r *Request) write(w io.Writer, usingProxy bool, extraHeaders Header, waitF
+ // is not given, use the host from the request URL.
+ //
+ // Clean the host, in case it arrives with unexpected stuff in it.
+- host := cleanHost(r.Host)
++ host := r.Host
+ if host == "" {
+ if r.URL == nil {
+ return errMissingHost
+ }
+- host = cleanHost(r.URL.Host)
++ host = r.URL.Host
++ }
++ host, err = httpguts.PunycodeHostPort(host)
++ if err != nil {
++ return err
++ }
++ if !httpguts.ValidHostHeader(host) {
++ return errors.New("http: invalid Host header")
+ }
+
+ // According to RFC 6874, an HTTP client, proxy, or other
+@@ -730,38 +737,6 @@ func idnaASCII(v string) (string, error) {
+ return idna.Lookup.ToASCII(v)
+ }
+
+-// cleanHost cleans up the host sent in request's Host header.
+-//
+-// It both strips anything after '/' or ' ', and puts the value
+-// into Punycode form, if necessary.
+-//
+-// Ideally we'd clean the Host header according to the spec:
+-// https://tools.ietf.org/html/rfc7230#section-5.4 (Host = uri-host [ ":" port ]")
+-// https://tools.ietf.org/html/rfc7230#section-2.7 (uri-host -> rfc3986's host)
+-// https://tools.ietf.org/html/rfc3986#section-3.2.2 (definition of host)
+-// But practically, what we are trying to avoid is the situation in
+-// issue 11206, where a malformed Host header used in the proxy context
+-// would create a bad request. So it is enough to just truncate at the
+-// first offending character.
+-func cleanHost(in string) string {
+- if i := strings.IndexAny(in, " /"); i != -1 {
+- in = in[:i]
+- }
+- host, port, err := net.SplitHostPort(in)
+- if err != nil { // input was just a host
+- a, err := idnaASCII(in)
+- if err != nil {
+- return in // garbage in, garbage out
+- }
+- return a
+- }
+- a, err := idnaASCII(host)
+- if err != nil {
+- return in // garbage in, garbage out
+- }
+- return net.JoinHostPort(a, port)
+-}
+-
+ // removeZone removes IPv6 zone identifier from host.
+ // E.g., "[fe80::1%en0]:8080" to "[fe80::1]:8080"
+ func removeZone(host string) string {
+diff --git a/src/net/http/request_test.go b/src/net/http/request_test.go
+index fac12b7..368e87a 100644
+--- a/src/net/http/request_test.go
++++ b/src/net/http/request_test.go
+@@ -776,15 +776,8 @@ func TestRequestBadHost(t *testing.T) {
+ }
+ req.Host = "foo.com with spaces"
+ req.URL.Host = "foo.com with spaces"
+- req.Write(logWrites{t, &got})
+- want := []string{
+- "GET /after HTTP/1.1\r\n",
+- "Host: foo.com\r\n",
+- "User-Agent: " + DefaultUserAgent + "\r\n",
+- "\r\n",
+- }
+- if !reflect.DeepEqual(got, want) {
+- t.Errorf("Writes = %q\n Want = %q", got, want)
++ if err := req.Write(logWrites{t, &got}); err == nil {
++ t.Errorf("Writing request with invalid Host: succeded, want error")
+ }
+ }
+
+diff --git a/src/net/http/transport_test.go b/src/net/http/transport_test.go
+index eeaa492..58f12af 100644
+--- a/src/net/http/transport_test.go
++++ b/src/net/http/transport_test.go
+@@ -6512,3 +6512,21 @@ func TestCancelRequestWhenSharingConnection(t *testing.T) {
+ close(r2c)
+ wg.Wait()
+ }
++
++func TestRequestSanitization(t *testing.T) {
++ setParallel(t)
++ defer afterTest(t)
++
++ ts := newClientServerTest(t, h1Mode, HandlerFunc(func(rw ResponseWriter, req *Request) {
++ if h, ok := req.Header["X-Evil"]; ok {
++ t.Errorf("request has X-Evil header: %q", h)
++ }
++ })).ts
++ defer ts.Close()
++ req, _ := NewRequest("GET", ts.URL, nil)
++ req.Host = "go.dev\r\nX-Evil:evil"
++ resp, _ := ts.Client().Do(req)
++ if resp != nil {
++ resp.Body.Close()
++ }
++}
+--
+2.25.1
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 05/30] tiff: fix multiple CVEs
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (3 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 04/30] go: fix CVE-2023-29406 net/http insufficient sanitization of Host header Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 06/30] libtiff: fix CVE-2023-26965 heap-based use after free Steve Sakoman
` (25 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Backport fixes for:
* CVE-2023-25433 - Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/9c22495e5eeeae9e00a1596720c969656bb8d678 && https://gitlab.com/libtiff/libtiff/-/commit/688012dca2c39033aa2dc7bcea9796787cfd1b44
* CVE-2023-25434 & CVE-2023-25435 - Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/69818e2f2d246e6631ac2a2da692c3706b849c38
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libtiff/tiff/CVE-2023-25433.patch | 195 ++++++++++++++++++
.../tiff/CVE-2023-25434-CVE-2023-25435.patch | 94 +++++++++
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 2 +
3 files changed, 291 insertions(+)
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-25433.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-25434-CVE-2023-25435.patch
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-25433.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-25433.patch
new file mode 100644
index 0000000000..285aa3d1c4
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-25433.patch
@@ -0,0 +1,195 @@
+From 9c22495e5eeeae9e00a1596720c969656bb8d678 Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Fri, 3 Feb 2023 15:31:31 +0100
+Subject: [PATCH] CVE-2023-25433
+
+tiffcrop correctly update buffersize after rotateImage()
+fix#520 rotateImage() set up a new buffer and calculates its size
+individually. Therefore, seg_buffs[] size needs to be updated accordingly.
+Before this fix, the seg_buffs buffer size was calculated with a different
+formula than within rotateImage().
+
+Closes #520.
+
+Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/9c22495e5eeeae9e00a1596720c969656bb8d678 && https://gitlab.com/libtiff/libtiff/-/commit/688012dca2c39033aa2dc7bcea9796787cfd1b44]
+CVE: CVE-2023-25433
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ tools/tiffcrop.c | 78 +++++++++++++++++++++++++++++++++++++-----------
+ 1 file changed, 60 insertions(+), 18 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index eee26bf..cbd24cc 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -523,7 +523,7 @@ static int rotateContigSamples24bits(uint16_t, uint16_t, uint16_t, uint32_t,
+ static int rotateContigSamples32bits(uint16_t, uint16_t, uint16_t, uint32_t,
+ uint32_t, uint32_t, uint8_t *, uint8_t *);
+ static int rotateImage(uint16_t, struct image_data *, uint32_t *, uint32_t *,
+- unsigned char **, int);
++ unsigned char **, size_t *);
+ static int mirrorImage(uint16_t, uint16_t, uint16_t, uint32_t, uint32_t,
+ unsigned char *);
+ static int invertImage(uint16_t, uint16_t, uint16_t, uint32_t, uint32_t,
+@@ -6515,7 +6515,7 @@ static int correct_orientation(struct image_data *image, unsigned char **work_b
+ * but switch xres, yres there. */
+ uint32_t width = image->width;
+ uint32_t length = image->length;
+- if (rotateImage(rotation, image, &width, &length, work_buff_ptr, TRUE))
++ if (rotateImage(rotation, image, &width, &length, work_buff_ptr, NULL))
+ {
+ TIFFError ("correct_orientation", "Unable to rotate image");
+ return (-1);
+@@ -7695,16 +7695,19 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
+
+ if (crop->crop_mode & CROP_ROTATE) /* rotate should be last as it can reallocate the buffer */
+ {
++ /* rotateImage() set up a new buffer and calculates its size
++ * individually. Therefore, seg_buffs size needs to be updated
++ * accordingly. */
++ size_t rot_buf_size = 0;
+ if (rotateImage(crop->rotation, image, &crop->combined_width,
+- &crop->combined_length, &crop_buff, FALSE))
++ &crop->combined_length, &crop_buff, &rot_buf_size))
+ {
+ TIFFError("processCropSelections",
+ "Failed to rotate composite regions by %"PRIu32" degrees", crop->rotation);
+ return (-1);
+ }
+ seg_buffs[0].buffer = crop_buff;
+- seg_buffs[0].size = (((crop->combined_width * image->bps + 7 ) / 8)
+- * image->spp) * crop->combined_length;
++ seg_buffs[0].size = rot_buf_size;
+ }
+ }
+ else /* Separated Images */
+@@ -7804,9 +7807,13 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
+ {
+ /* rotateImage() changes image->width, ->length, ->xres and ->yres, what it schouldn't do here, when more than one section is processed.
+ * ToDo: Therefore rotateImage() and its usage has to be reworked (e.g. like mirrorImage()) !!
+- */
+- if (rotateImage(crop->rotation, image, &crop->regionlist[i].width,
+- &crop->regionlist[i].length, &crop_buff, FALSE))
++ * Furthermore, rotateImage() set up a new buffer and calculates
++ * its size individually. Therefore, seg_buffs size needs to be
++ * updated accordingly. */
++ size_t rot_buf_size = 0;
++ if (rotateImage(
++ crop->rotation, image, &crop->regionlist[i].width,
++ &crop->regionlist[i].length, &crop_buff, &rot_buf_size))
+ {
+ TIFFError("processCropSelections",
+ "Failed to rotate crop region by %"PRIu16" degrees", crop->rotation);
+@@ -7817,8 +7824,7 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
+ crop->combined_width = total_width;
+ crop->combined_length = total_length;
+ seg_buffs[i].buffer = crop_buff;
+- seg_buffs[i].size = (((crop->regionlist[i].width * image->bps + 7 ) / 8)
+- * image->spp) * crop->regionlist[i].length;
++ seg_buffs[i].size = rot_buf_size;
+ }
+ } /* for crop->selections loop */
+ } /* Separated Images (else case) */
+@@ -7827,7 +7833,6 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
+
+ /* Copy the crop section of the data from the current image into a buffer
+ * and adjust the IFD values to reflect the new size. If no cropping is
+- * required, use the original read buffer as the crop buffer.
+ *
+ * There is quite a bit of redundancy between this routine and the more
+ * specialized processCropSelections, but this provides
+@@ -7938,7 +7943,7 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop,
+ if (crop->crop_mode & CROP_ROTATE) /* rotate should be last as it can reallocate the buffer */
+ {
+ if (rotateImage(crop->rotation, image, &crop->combined_width,
+- &crop->combined_length, crop_buff_ptr, TRUE))
++ &crop->combined_length, crop_buff_ptr, NULL))
+ {
+ TIFFError("createCroppedImage",
+ "Failed to rotate image or cropped selection by %"PRIu16" degrees", crop->rotation);
+@@ -8600,14 +8605,16 @@ rotateContigSamples32bits(uint16_t rotation, uint16_t spp, uint16_t bps, uint32_
+
+ /* Rotate an image by a multiple of 90 degrees clockwise */
+ static int
+-rotateImage(uint16_t rotation, struct image_data *image, uint32_t *img_width,
+- uint32_t *img_length, unsigned char **ibuff_ptr, int rot_image_params)
++rotateImage(uint16_t rotation, struct image_data *image,
++ uint32_t *img_width,uint32_t *img_length,
++ unsigned char **ibuff_ptr, size_t *rot_buf_size)
+ {
+ int shift_width;
+ uint32_t bytes_per_pixel, bytes_per_sample;
+ uint32_t row, rowsize, src_offset, dst_offset;
+ uint32_t i, col, width, length;
+- uint32_t colsize, buffsize, col_offset, pix_offset;
++ uint32_t colsize, col_offset, pix_offset;
++ tmsize_t buffsize;
+ unsigned char *ibuff;
+ unsigned char *src;
+ unsigned char *dst;
+@@ -8620,12 +8627,41 @@ rotateImage(uint16_t rotation, struct image_data *image, uint32_t *img_width,
+ spp = image->spp;
+ bps = image->bps;
+
++ if ((spp != 0 && bps != 0 &&
++ width > (uint32_t)((UINT32_MAX - 7) / spp / bps)) ||
++ (spp != 0 && bps != 0 &&
++ length > (uint32_t)((UINT32_MAX - 7) / spp / bps)))
++ {
++ TIFFError("rotateImage", "Integer overflow detected.");
++ return (-1);
++ }
++
+ rowsize = ((bps * spp * width) + 7) / 8;
+ colsize = ((bps * spp * length) + 7) / 8;
+ if ((colsize * width) > (rowsize * length))
+- buffsize = (colsize + 1) * width;
++{
++ if (((tmsize_t)colsize + 1) != 0 &&
++ (tmsize_t)width > ((TIFF_TMSIZE_T_MAX - NUM_BUFF_OVERSIZE_BYTES) /
++ ((tmsize_t)colsize + 1)))
++ {
++ TIFFError("rotateImage",
++ "Integer overflow when calculating buffer size.");
++ return (-1);
++ }
++ buffsize = ((tmsize_t)colsize + 1) * width;
++ }
+ else
+- buffsize = (rowsize + 1) * length;
++ {
++ if (((tmsize_t)rowsize + 1) != 0 &&
++ (tmsize_t)length > ((TIFF_TMSIZE_T_MAX - NUM_BUFF_OVERSIZE_BYTES) /
++ ((tmsize_t)rowsize + 1)))
++ {
++ TIFFError("rotateImage",
++ "Integer overflow when calculating buffer size.");
++ return (-1);
++ }
++ buffsize = (rowsize + 1) * length;
++ }
+
+ bytes_per_sample = (bps + 7) / 8;
+ bytes_per_pixel = ((bps * spp) + 7) / 8;
+@@ -8648,11 +8684,17 @@ rotateImage(uint16_t rotation, struct image_data *image, uint32_t *img_width,
+ /* Add 3 padding bytes for extractContigSamplesShifted32bits */
+ if (!(rbuff = (unsigned char *)limitMalloc(buffsize + NUM_BUFF_OVERSIZE_BYTES)))
+ {
+- TIFFError("rotateImage", "Unable to allocate rotation buffer of %1u bytes", buffsize + NUM_BUFF_OVERSIZE_BYTES);
++ TIFFError("rotateImage",
++ "Unable to allocate rotation buffer of %" TIFF_SSIZE_FORMAT
++ " bytes ",
++ buffsize + NUM_BUFF_OVERSIZE_BYTES);
+ return (-1);
+ }
+ _TIFFmemset(rbuff, '\0', buffsize + NUM_BUFF_OVERSIZE_BYTES);
+
++ if (rot_buf_size != NULL)
++ *rot_buf_size = buffsize;
++
+ ibuff = *ibuff_ptr;
+ switch (rotation)
+ {
+--
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-25434-CVE-2023-25435.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-25434-CVE-2023-25435.patch
new file mode 100644
index 0000000000..e214277504
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-25434-CVE-2023-25435.patch
@@ -0,0 +1,94 @@
+From 69818e2f2d246e6631ac2a2da692c3706b849c38 Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Sun, 29 Jan 2023 11:09:26 +0100
+Subject: [PATCH] CVE-2023-25434 & CVE-2023-25435
+
+tiffcrop: Amend rotateImage() not to toggle the input (main)
+image width and length parameters when only cropped image sections are
+rotated. Remove buffptr from region structure because never used.
+
+Closes #492 #493 #494 #495 #499 #518 #519
+
+Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/69818e2f2d246e6631ac2a2da692c3706b849c38]
+CVE: CVE-2023-25434 & CVE-2023-25435
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ tools/tiffcrop.c | 27 ++++++++++++++++-----------
+ 1 file changed, 16 insertions(+), 11 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index cbd24cc..b811fbb 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -523,7 +523,7 @@ static int rotateContigSamples24bits(uint16_t, uint16_t, uint16_t, uint32_t,
+ static int rotateContigSamples32bits(uint16_t, uint16_t, uint16_t, uint32_t,
+ uint32_t, uint32_t, uint8_t *, uint8_t *);
+ static int rotateImage(uint16_t, struct image_data *, uint32_t *, uint32_t *,
+- unsigned char **, size_t *);
++ unsigned char **, size_t *, int);
+ static int mirrorImage(uint16_t, uint16_t, uint16_t, uint32_t, uint32_t,
+ unsigned char *);
+ static int invertImage(uint16_t, uint16_t, uint16_t, uint32_t, uint32_t,
+@@ -6513,10 +6513,11 @@ static int correct_orientation(struct image_data *image, unsigned char **work_b
+ /* Dummy variable in order not to switch two times the
+ * image->width,->length within rotateImage(),
+ * but switch xres, yres there. */
+- uint32_t width = image->width;
+- uint32_t length = image->length;
+- if (rotateImage(rotation, image, &width, &length, work_buff_ptr, NULL))
+- {
++ uint32_t width = image->width;
++ uint32_t length = image->length;
++ if (rotateImage(rotation, image, &width, &length, work_buff_ptr, NULL,
++ TRUE))
++ {
+ TIFFError ("correct_orientation", "Unable to rotate image");
+ return (-1);
+ }
+@@ -7700,7 +7701,8 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
+ * accordingly. */
+ size_t rot_buf_size = 0;
+ if (rotateImage(crop->rotation, image, &crop->combined_width,
+- &crop->combined_length, &crop_buff, &rot_buf_size))
++ &crop->combined_length, &crop_buff, &rot_buf_size,
++ FALSE))
+ {
+ TIFFError("processCropSelections",
+ "Failed to rotate composite regions by %"PRIu32" degrees", crop->rotation);
+@@ -7811,9 +7813,10 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
+ * its size individually. Therefore, seg_buffs size needs to be
+ * updated accordingly. */
+ size_t rot_buf_size = 0;
+- if (rotateImage(
+- crop->rotation, image, &crop->regionlist[i].width,
+- &crop->regionlist[i].length, &crop_buff, &rot_buf_size))
++ if (rotateImage(crop->rotation, image,
++ &crop->regionlist[i].width,
++ &crop->regionlist[i].length, &crop_buff,
++ &rot_buf_size, FALSE))
+ {
+ TIFFError("processCropSelections",
+ "Failed to rotate crop region by %"PRIu16" degrees", crop->rotation);
+@@ -7943,7 +7946,7 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop,
+ if (crop->crop_mode & CROP_ROTATE) /* rotate should be last as it can reallocate the buffer */
+ {
+ if (rotateImage(crop->rotation, image, &crop->combined_width,
+- &crop->combined_length, crop_buff_ptr, NULL))
++ &crop->combined_length, crop_buff_ptr, NULL, TRUE))
+ {
+ TIFFError("createCroppedImage",
+ "Failed to rotate image or cropped selection by %"PRIu16" degrees", crop->rotation);
+@@ -8607,7 +8610,9 @@ rotateContigSamples32bits(uint16_t rotation, uint16_t spp, uint16_t bps, uint32_
+ static int
+ rotateImage(uint16_t rotation, struct image_data *image,
+ uint32_t *img_width,uint32_t *img_length,
+- unsigned char **ibuff_ptr, size_t *rot_buf_size)
++ unsigned char **ibuff_ptr, size_t *rot_buf_size,
++ int rot_image_params)
++
+ {
+ int shift_width;
+ uint32_t bytes_per_pixel, bytes_per_sample;
+--
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
index 2be25756bc..2ee10fca72 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -35,6 +35,8 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
file://CVE-2022-48281.patch \
file://CVE-2023-0800_0801_0802_0803_0804.patch \
file://CVE-2023-0795_0796_0797_0798_0799.patch \
+ file://CVE-2023-25433.patch \
+ file://CVE-2023-25434-CVE-2023-25435.patch \
"
SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 06/30] libtiff: fix CVE-2023-26965 heap-based use after free
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (4 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 05/30] tiff: fix multiple CVEs Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 07/30] openssh: fix CVE-2023-38408 Steve Sakoman
` (24 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/ec8ef90c1f573c9eb1f17d6a056aa0015f184acf
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libtiff/tiff/CVE-2023-26965.patch | 97 +++++++++++++++++++
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 1 +
2 files changed, 98 insertions(+)
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-26965.patch
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-26965.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-26965.patch
new file mode 100644
index 0000000000..2162493e34
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-26965.patch
@@ -0,0 +1,97 @@
+From ec8ef90c1f573c9eb1f17d6a056aa0015f184acf Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Tue, 14 Feb 2023 20:43:43 +0100
+Subject: [PATCH] tiffcrop: Do not reuse input buffer for subsequent images.
+ Fix issue 527
+
+Reuse of read_buff within loadImage() from previous image is quite unsafe, because other functions (like rotateImage() etc.) reallocate that buffer with different size without updating the local prev_readsize value.
+
+Closes #527
+
+Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/ec8ef90c1f573c9eb1f17d6a056aa0015f184acf]
+CVE: CVE-2023-26965
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ tools/tiffcrop.c | 47 +++++++++++++++--------------------------------
+ 1 file changed, 15 insertions(+), 32 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index b811fbb..ce77c74 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -6066,9 +6066,7 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c
+ uint32_t tw = 0, tl = 0; /* Tile width and length */
+ tmsize_t tile_rowsize = 0;
+ unsigned char *read_buff = NULL;
+- unsigned char *new_buff = NULL;
+ int readunit = 0;
+- static tmsize_t prev_readsize = 0;
+
+ TIFFGetFieldDefaulted(in, TIFFTAG_BITSPERSAMPLE, &bps);
+ TIFFGetFieldDefaulted(in, TIFFTAG_SAMPLESPERPIXEL, &spp);
+@@ -6361,47 +6359,32 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c
+ }
+
+ read_buff = *read_ptr;
+- /* +3 : add a few guard bytes since reverseSamples16bits() can read a bit */
+- /* outside buffer */
+- if (!read_buff)
+- {
+- if( buffsize > 0xFFFFFFFFU - 3 )
++ /* +3 : add a few guard bytes since reverseSamples16bits() can read a bit
++ * outside buffer */
++ /* Reuse of read_buff from previous image is quite unsafe, because other
++ * functions (like rotateImage() etc.) reallocate that buffer with different
++ * size without updating the local prev_readsize value. */
++ if (read_buff)
+ {
+- TIFFError("loadImage", "Unable to allocate/reallocate read buffer");
+- return (-1);
++ _TIFFfree(read_buff);
+ }
+- read_buff = (unsigned char *)limitMalloc(buffsize + NUM_BUFF_OVERSIZE_BYTES);
+- }
+- else
++ if (buffsize > 0xFFFFFFFFU - 3)
+ {
+- if (prev_readsize < buffsize)
+- {
+- if( buffsize > 0xFFFFFFFFU - 3 )
+- {
+- TIFFError("loadImage", "Unable to allocate/reallocate read buffer");
+- return (-1);
+- }
+- new_buff = _TIFFrealloc(read_buff, buffsize + NUM_BUFF_OVERSIZE_BYTES);
+- if (!new_buff)
+- {
+- free (read_buff);
+- read_buff = (unsigned char *)limitMalloc(buffsize + NUM_BUFF_OVERSIZE_BYTES);
+- }
+- else
+- read_buff = new_buff;
+- }
++ TIFFError("loadImage", "Required read buffer size too large");
++ return (-1);
+ }
+- if (!read_buff)
++ read_buff =
++ (unsigned char *)limitMalloc(buffsize + NUM_BUFF_OVERSIZE_BYTES);
++ if (!read_buff)
+ {
+- TIFFError("loadImage", "Unable to allocate/reallocate read buffer");
+- return (-1);
++ TIFFError("loadImage", "Unable to allocate read buffer");
++ return (-1);
+ }
+
+ read_buff[buffsize] = 0;
+ read_buff[buffsize+1] = 0;
+ read_buff[buffsize+2] = 0;
+
+- prev_readsize = buffsize;
+ *read_ptr = read_buff;
+
+ /* N.B. The read functions used copy separate plane data into a buffer as interleaved
+--
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
index 2ee10fca72..4796dfde24 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -37,6 +37,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
file://CVE-2023-0795_0796_0797_0798_0799.patch \
file://CVE-2023-25433.patch \
file://CVE-2023-25434-CVE-2023-25435.patch \
+ file://CVE-2023-26965.patch \
"
SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 07/30] openssh: fix CVE-2023-38408
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (5 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 06/30] libtiff: fix CVE-2023-26965 heap-based use after free Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 08/30] dmidecode: fix CVE-2023-30630 Steve Sakoman
` (23 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Archana Polampalli <archana.polampalli@windriver.com>
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an
insufficiently trustworthy search path, leading to remote code
execution if an agent is forwarded to an attacker-controlled system.
(Code in /usr/lib is not necessarily safe for loading into ssh-agent.)
NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-38408
Upstream patches:
https://github.com/openssh/openssh-portable/commit/892506b13654301f69f9545f48213fc210e5c5cc
https://github.com/openssh/openssh-portable/commit/1f2731f5d7a8f8a8385c6031667ed29072c0d92a
https://github.com/openssh/openssh-portable/commit/29ef8a04866ca14688d5b7fed7b8b9deab851f77
https://github.com/openssh/openssh-portable/commit/099cdf59ce1e72f55d421c8445bf6321b3004755
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../openssh/openssh/CVE-2023-38408-0001.patch | 585 ++++++++++++++++++
.../openssh/openssh/CVE-2023-38408-0002.patch | 173 ++++++
.../openssh/openssh/CVE-2023-38408-0003.patch | 36 ++
.../openssh/openssh/CVE-2023-38408-0004.patch | 114 ++++
.../openssh/openssh_8.9p1.bb | 4 +
5 files changed, 912 insertions(+)
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0001.patch
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0002.patch
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0003.patch
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0004.patch
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0001.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0001.patch
new file mode 100644
index 0000000000..2ee344cb27
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0001.patch
@@ -0,0 +1,585 @@
+From 099cdf59ce1e72f55d421c8445bf6321b3004755 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Wed, 19 Jul 2023 14:03:45 +0000
+Subject: [PATCH 1/4] upstream: Separate ssh-pkcs11-helpers for each p11 module
+
+Make ssh-pkcs11-client start an independent helper for each provider,
+providing better isolation between modules and reliability if a single
+module misbehaves.
+
+This also implements reference counting of PKCS#11-hosted keys,
+allowing ssh-pkcs11-helper subprocesses to be automatically reaped
+when no remaining keys reference them. This fixes some bugs we have
+that make PKCS11 keys unusable after they have been deleted, e.g.
+https://bugzilla.mindrot.org/show_bug.cgi?id=3125
+
+ok markus@
+
+OpenBSD-Commit-ID: 0ce188b14fe271ab0568f4500070d96c5657244e
+
+Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/099cdf59ce1e72f55d421c8445bf6321b3004755]
+
+CVE: CVE-2023-38408
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ ssh-pkcs11-client.c | 378 +++++++++++++++++++++++++++++++++-----------
+ 1 file changed, 285 insertions(+), 93 deletions(-)
+
+diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c
+index cfd833d..7db6c6c 100644
+--- a/ssh-pkcs11-client.c
++++ b/ssh-pkcs11-client.c
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: ssh-pkcs11-client.c,v 1.17 2020/10/18 11:32:02 djm Exp $ */
++/* $OpenBSD: ssh-pkcs11-client.c,v 1.18 2023/07/19 14:03:45 djm Exp $ */
+ /*
+ * Copyright (c) 2010 Markus Friedl. All rights reserved.
+ * Copyright (c) 2014 Pedro Martelletto. All rights reserved.
+@@ -30,12 +30,11 @@
+ #include <string.h>
+ #include <unistd.h>
+ #include <errno.h>
++#include <limits.h>
+
+ #include <openssl/ecdsa.h>
+ #include <openssl/rsa.h>
+
+-#include "openbsd-compat/openssl-compat.h"
+-
+ #include "pathnames.h"
+ #include "xmalloc.h"
+ #include "sshbuf.h"
+@@ -47,18 +46,140 @@
+ #include "ssh-pkcs11.h"
+ #include "ssherr.h"
+
++#include "openbsd-compat/openssl-compat.h"
++
+ /* borrows code from sftp-server and ssh-agent */
+
+-static int fd = -1;
+-static pid_t pid = -1;
++/*
++ * Maintain a list of ssh-pkcs11-helper subprocesses. These may be looked up
++ * by provider path or their unique EC/RSA METHOD pointers.
++ */
++struct helper {
++ char *path;
++ pid_t pid;
++ int fd;
++ RSA_METHOD *rsa_meth;
++ EC_KEY_METHOD *ec_meth;
++ int (*rsa_finish)(RSA *rsa);
++ void (*ec_finish)(EC_KEY *key);
++ size_t nrsa, nec; /* number of active keys of each type */
++};
++static struct helper **helpers;
++static size_t nhelpers;
++
++static struct helper *
++helper_by_provider(const char *path)
++{
++ size_t i;
++
++ for (i = 0; i < nhelpers; i++) {
++ if (helpers[i] == NULL || helpers[i]->path == NULL ||
++ helpers[i]->fd == -1)
++ continue;
++ if (strcmp(helpers[i]->path, path) == 0)
++ return helpers[i];
++ }
++ return NULL;
++}
++
++static struct helper *
++helper_by_rsa(const RSA *rsa)
++{
++ size_t i;
++ const RSA_METHOD *meth;
++
++ if ((meth = RSA_get_method(rsa)) == NULL)
++ return NULL;
++ for (i = 0; i < nhelpers; i++) {
++ if (helpers[i] != NULL && helpers[i]->rsa_meth == meth)
++ return helpers[i];
++ }
++ return NULL;
++
++}
++
++static struct helper *
++helper_by_ec(const EC_KEY *ec)
++{
++ size_t i;
++ const EC_KEY_METHOD *meth;
++
++ if ((meth = EC_KEY_get_method(ec)) == NULL)
++ return NULL;
++ for (i = 0; i < nhelpers; i++) {
++ if (helpers[i] != NULL && helpers[i]->ec_meth == meth)
++ return helpers[i];
++ }
++ return NULL;
++
++}
++
++static void
++helper_free(struct helper *helper)
++{
++ size_t i;
++ int found = 0;
++
++ if (helper == NULL)
++ return;
++ if (helper->path == NULL || helper->ec_meth == NULL ||
++ helper->rsa_meth == NULL)
++ fatal_f("inconsistent helper");
++ debug3_f("free helper for provider %s", helper->path);
++ for (i = 0; i < nhelpers; i++) {
++ if (helpers[i] == helper) {
++ if (found)
++ fatal_f("helper recorded more than once");
++ found = 1;
++ }
++ else if (found)
++ helpers[i - 1] = helpers[i];
++ }
++ if (found) {
++ helpers = xrecallocarray(helpers, nhelpers,
++ nhelpers - 1, sizeof(*helpers));
++ nhelpers--;
++ }
++ free(helper->path);
++ EC_KEY_METHOD_free(helper->ec_meth);
++ RSA_meth_free(helper->rsa_meth);
++ free(helper);
++}
++
++static void
++helper_terminate(struct helper *helper)
++{
++ if (helper == NULL) {
++ return;
++ } else if (helper->fd == -1) {
++ debug3_f("already terminated");
++ } else {
++ debug3_f("terminating helper for %s; "
++ "remaining %zu RSA %zu ECDSA",
++ helper->path, helper->nrsa, helper->nec);
++ close(helper->fd);
++ /* XXX waitpid() */
++ helper->fd = -1;
++ helper->pid = -1;
++ }
++ /*
++ * Don't delete the helper entry until there are no remaining keys
++ * that reference it. Otherwise, any signing operation would call
++ * a free'd METHOD pointer and that would be bad.
++ */
++ if (helper->nrsa == 0 && helper->nec == 0)
++ helper_free(helper);
++}
+
+ static void
+-send_msg(struct sshbuf *m)
++send_msg(int fd, struct sshbuf *m)
+ {
+ u_char buf[4];
+ size_t mlen = sshbuf_len(m);
+ int r;
+
++ if (fd == -1)
++ return;
+ POKE_U32(buf, mlen);
+ if (atomicio(vwrite, fd, buf, 4) != 4 ||
+ atomicio(vwrite, fd, sshbuf_mutable_ptr(m),
+@@ -69,12 +190,15 @@ send_msg(struct sshbuf *m)
+ }
+
+ static int
+-recv_msg(struct sshbuf *m)
++recv_msg(int fd, struct sshbuf *m)
+ {
+ u_int l, len;
+ u_char c, buf[1024];
+ int r;
+
++ sshbuf_reset(m);
++ if (fd == -1)
++ return 0; /* XXX */
+ if ((len = atomicio(read, fd, buf, 4)) != 4) {
+ error("read from helper failed: %u", len);
+ return (0); /* XXX */
+@@ -83,7 +207,6 @@ recv_msg(struct sshbuf *m)
+ if (len > 256 * 1024)
+ fatal("response too long: %u", len);
+ /* read len bytes into m */
+- sshbuf_reset(m);
+ while (len > 0) {
+ l = len;
+ if (l > sizeof(buf))
+@@ -104,14 +227,17 @@ recv_msg(struct sshbuf *m)
+ int
+ pkcs11_init(int interactive)
+ {
+- return (0);
++ return 0;
+ }
+
+ void
+ pkcs11_terminate(void)
+ {
+- if (fd >= 0)
+- close(fd);
++ size_t i;
++
++ debug3_f("terminating %zu helpers", nhelpers);
++ for (i = 0; i < nhelpers; i++)
++ helper_terminate(helpers[i]);
+ }
+
+ static int
+@@ -122,7 +248,11 @@ rsa_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, int padding)
+ u_char *blob = NULL, *signature = NULL;
+ size_t blen, slen = 0;
+ int r, ret = -1;
++ struct helper *helper;
+
++ if ((helper = helper_by_rsa(rsa)) == NULL || helper->fd == -1)
++ fatal_f("no helper for PKCS11 key");
++ debug3_f("signing with PKCS11 provider %s", helper->path);
+ if (padding != RSA_PKCS1_PADDING)
+ goto fail;
+ key = sshkey_new(KEY_UNSPEC);
+@@ -144,10 +274,10 @@ rsa_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, int padding)
+ (r = sshbuf_put_string(msg, from, flen)) != 0 ||
+ (r = sshbuf_put_u32(msg, 0)) != 0)
+ fatal_fr(r, "compose");
+- send_msg(msg);
++ send_msg(helper->fd, msg);
+ sshbuf_reset(msg);
+
+- if (recv_msg(msg) == SSH2_AGENT_SIGN_RESPONSE) {
++ if (recv_msg(helper->fd, msg) == SSH2_AGENT_SIGN_RESPONSE) {
+ if ((r = sshbuf_get_string(msg, &signature, &slen)) != 0)
+ fatal_fr(r, "parse");
+ if (slen <= (size_t)RSA_size(rsa)) {
+@@ -163,7 +293,26 @@ rsa_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, int padding)
+ return (ret);
+ }
+
+-#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW)
++static int
++rsa_finish(RSA *rsa)
++{
++ struct helper *helper;
++
++ if ((helper = helper_by_rsa(rsa)) == NULL)
++ fatal_f("no helper for PKCS11 key");
++ debug3_f("free PKCS11 RSA key for provider %s", helper->path);
++ if (helper->rsa_finish != NULL)
++ helper->rsa_finish(rsa);
++ if (helper->nrsa == 0)
++ fatal_f("RSA refcount error");
++ helper->nrsa--;
++ debug3_f("provider %s remaining keys: %zu RSA %zu ECDSA",
++ helper->path, helper->nrsa, helper->nec);
++ if (helper->nrsa == 0 && helper->nec == 0)
++ helper_terminate(helper);
++ return 1;
++}
++
+ static ECDSA_SIG *
+ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
+ const BIGNUM *rp, EC_KEY *ec)
+@@ -175,7 +324,11 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
+ u_char *blob = NULL, *signature = NULL;
+ size_t blen, slen = 0;
+ int r, nid;
++ struct helper *helper;
+
++ if ((helper = helper_by_ec(ec)) == NULL || helper->fd == -1)
++ fatal_f("no helper for PKCS11 key");
++ debug3_f("signing with PKCS11 provider %s", helper->path);
+ nid = sshkey_ecdsa_key_to_nid(ec);
+ if (nid < 0) {
+ error_f("couldn't get curve nid");
+@@ -203,10 +356,10 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
+ (r = sshbuf_put_string(msg, dgst, dgst_len)) != 0 ||
+ (r = sshbuf_put_u32(msg, 0)) != 0)
+ fatal_fr(r, "compose");
+- send_msg(msg);
++ send_msg(helper->fd, msg);
+ sshbuf_reset(msg);
+
+- if (recv_msg(msg) == SSH2_AGENT_SIGN_RESPONSE) {
++ if (recv_msg(helper->fd, msg) == SSH2_AGENT_SIGN_RESPONSE) {
+ if ((r = sshbuf_get_string(msg, &signature, &slen)) != 0)
+ fatal_fr(r, "parse");
+ cp = signature;
+@@ -220,75 +373,110 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
+ sshbuf_free(msg);
+ return (ret);
+ }
+-#endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */
+
+-static RSA_METHOD *helper_rsa;
+-#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW)
+-static EC_KEY_METHOD *helper_ecdsa;
+-#endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */
++static void
++ecdsa_do_finish(EC_KEY *ec)
++{
++ struct helper *helper;
++
++ if ((helper = helper_by_ec(ec)) == NULL)
++ fatal_f("no helper for PKCS11 key");
++ debug3_f("free PKCS11 ECDSA key for provider %s", helper->path);
++ if (helper->ec_finish != NULL)
++ helper->ec_finish(ec);
++ if (helper->nec == 0)
++ fatal_f("ECDSA refcount error");
++ helper->nec--;
++ debug3_f("provider %s remaining keys: %zu RSA %zu ECDSA",
++ helper->path, helper->nrsa, helper->nec);
++ if (helper->nrsa == 0 && helper->nec == 0)
++ helper_terminate(helper);
++}
+
+ /* redirect private key crypto operations to the ssh-pkcs11-helper */
+ static void
+-wrap_key(struct sshkey *k)
++wrap_key(struct helper *helper, struct sshkey *k)
+ {
+- if (k->type == KEY_RSA)
+- RSA_set_method(k->rsa, helper_rsa);
+-#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW)
+- else if (k->type == KEY_ECDSA)
+- EC_KEY_set_method(k->ecdsa, helper_ecdsa);
+-#endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */
+- else
++ debug3_f("wrap %s for provider %s", sshkey_type(k), helper->path);
++ if (k->type == KEY_RSA) {
++ RSA_set_method(k->rsa, helper->rsa_meth);
++ if (helper->nrsa++ >= INT_MAX)
++ fatal_f("RSA refcount error");
++ } else if (k->type == KEY_ECDSA) {
++ EC_KEY_set_method(k->ecdsa, helper->ec_meth);
++ if (helper->nec++ >= INT_MAX)
++ fatal_f("EC refcount error");
++ } else
+ fatal_f("unknown key type");
++ k->flags |= SSHKEY_FLAG_EXT;
++ debug3_f("provider %s remaining keys: %zu RSA %zu ECDSA",
++ helper->path, helper->nrsa, helper->nec);
+ }
+
+ static int
+-pkcs11_start_helper_methods(void)
++pkcs11_start_helper_methods(struct helper *helper)
+ {
+- if (helper_rsa != NULL)
+- return (0);
+-
+-#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW)
+- int (*orig_sign)(int, const unsigned char *, int, unsigned char *,
++ int (*ec_init)(EC_KEY *key);
++ int (*ec_copy)(EC_KEY *dest, const EC_KEY *src);
++ int (*ec_set_group)(EC_KEY *key, const EC_GROUP *grp);
++ int (*ec_set_private)(EC_KEY *key, const BIGNUM *priv_key);
++ int (*ec_set_public)(EC_KEY *key, const EC_POINT *pub_key);
++ int (*ec_sign)(int, const unsigned char *, int, unsigned char *,
+ unsigned int *, const BIGNUM *, const BIGNUM *, EC_KEY *) = NULL;
+- if (helper_ecdsa != NULL)
+- return (0);
+- helper_ecdsa = EC_KEY_METHOD_new(EC_KEY_OpenSSL());
+- if (helper_ecdsa == NULL)
+- return (-1);
+- EC_KEY_METHOD_get_sign(helper_ecdsa, &orig_sign, NULL, NULL);
+- EC_KEY_METHOD_set_sign(helper_ecdsa, orig_sign, NULL, ecdsa_do_sign);
+-#endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */
+-
+- if ((helper_rsa = RSA_meth_dup(RSA_get_default_method())) == NULL)
++ RSA_METHOD *rsa_meth;
++ EC_KEY_METHOD *ec_meth;
++
++ if ((ec_meth = EC_KEY_METHOD_new(EC_KEY_OpenSSL())) == NULL)
++ return -1;
++ EC_KEY_METHOD_get_sign(ec_meth, &ec_sign, NULL, NULL);
++ EC_KEY_METHOD_set_sign(ec_meth, ec_sign, NULL, ecdsa_do_sign);
++ EC_KEY_METHOD_get_init(ec_meth, &ec_init, &helper->ec_finish,
++ &ec_copy, &ec_set_group, &ec_set_private, &ec_set_public);
++ EC_KEY_METHOD_set_init(ec_meth, ec_init, ecdsa_do_finish,
++ ec_copy, ec_set_group, ec_set_private, ec_set_public);
++
++ if ((rsa_meth = RSA_meth_dup(RSA_get_default_method())) == NULL)
+ fatal_f("RSA_meth_dup failed");
+- if (!RSA_meth_set1_name(helper_rsa, "ssh-pkcs11-helper") ||
+- !RSA_meth_set_priv_enc(helper_rsa, rsa_encrypt))
++ helper->rsa_finish = RSA_meth_get_finish(rsa_meth);
++ if (!RSA_meth_set1_name(rsa_meth, "ssh-pkcs11-helper") ||
++ !RSA_meth_set_priv_enc(rsa_meth, rsa_encrypt) ||
++ !RSA_meth_set_finish(rsa_meth, rsa_finish))
+ fatal_f("failed to prepare method");
+
+- return (0);
++ helper->ec_meth = ec_meth;
++ helper->rsa_meth = rsa_meth;
++ return 0;
+ }
+
+-static int
+-pkcs11_start_helper(void)
++static struct helper *
++pkcs11_start_helper(const char *path)
+ {
+ int pair[2];
+- char *helper, *verbosity = NULL;
+-
+- if (log_level_get() >= SYSLOG_LEVEL_DEBUG1)
+- verbosity = "-vvv";
+-
+- if (pkcs11_start_helper_methods() == -1) {
+- error("pkcs11_start_helper_methods failed");
+- return (-1);
+- }
++ char *prog, *verbosity = NULL;
++ struct helper *helper;
++ pid_t pid;
+
++ if (nhelpers >= INT_MAX)
++ fatal_f("too many helpers");
++ debug3_f("start helper for %s", path);
+ if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1) {
+- error("socketpair: %s", strerror(errno));
+- return (-1);
++ error_f("socketpair: %s", strerror(errno));
++ return NULL;
++ }
++ helper = xcalloc(1, sizeof(*helper));
++ if (pkcs11_start_helper_methods(helper) == -1) {
++ error_f("pkcs11_start_helper_methods failed");
++ goto fail;
+ }
+ if ((pid = fork()) == -1) {
+- error("fork: %s", strerror(errno));
+- return (-1);
++ error_f("fork: %s", strerror(errno));
++ fail:
++ close(pair[0]);
++ close(pair[1]);
++ RSA_meth_free(helper->rsa_meth);
++ EC_KEY_METHOD_free(helper->ec_meth);
++ free(helper);
++ return NULL;
+ } else if (pid == 0) {
+ if ((dup2(pair[1], STDIN_FILENO) == -1) ||
+ (dup2(pair[1], STDOUT_FILENO) == -1)) {
+@@ -297,18 +485,27 @@ pkcs11_start_helper(void)
+ }
+ close(pair[0]);
+ close(pair[1]);
+- helper = getenv("SSH_PKCS11_HELPER");
+- if (helper == NULL || strlen(helper) == 0)
+- helper = _PATH_SSH_PKCS11_HELPER;
+- debug_f("starting %s %s", helper,
++ prog = getenv("SSH_PKCS11_HELPER");
++ if (prog == NULL || strlen(prog) == 0)
++ prog = _PATH_SSH_PKCS11_HELPER;
++ if (log_level_get() >= SYSLOG_LEVEL_DEBUG1)
++ verbosity = "-vvv";
++ debug_f("starting %s %s", prog,
+ verbosity == NULL ? "" : verbosity);
+- execlp(helper, helper, verbosity, (char *)NULL);
+- fprintf(stderr, "exec: %s: %s\n", helper, strerror(errno));
++ execlp(prog, prog, verbosity, (char *)NULL);
++ fprintf(stderr, "exec: %s: %s\n", prog, strerror(errno));
+ _exit(1);
+ }
+ close(pair[1]);
+- fd = pair[0];
+- return (0);
++ helper->fd = pair[0];
++ helper->path = xstrdup(path);
++ helper->pid = pid;
++ debug3_f("helper %zu for \"%s\" on fd %d pid %ld", nhelpers,
++ helper->path, helper->fd, (long)helper->pid);
++ helpers = xrecallocarray(helpers, nhelpers,
++ nhelpers + 1, sizeof(*helpers));
++ helpers[nhelpers++] = helper;
++ return helper;
+ }
+
+ int
+@@ -322,9 +519,11 @@ pkcs11_add_provider(char *name, char *pin, struct sshkey ***keysp,
+ size_t blen;
+ u_int nkeys, i;
+ struct sshbuf *msg;
++ struct helper *helper;
+
+- if (fd < 0 && pkcs11_start_helper() < 0)
+- return (-1);
++ if ((helper = helper_by_provider(name)) == NULL &&
++ (helper = pkcs11_start_helper(name)) == NULL)
++ return -1;
+
+ if ((msg = sshbuf_new()) == NULL)
+ fatal_f("sshbuf_new failed");
+@@ -332,10 +531,10 @@ pkcs11_add_provider(char *name, char *pin, struct sshkey ***keysp,
+ (r = sshbuf_put_cstring(msg, name)) != 0 ||
+ (r = sshbuf_put_cstring(msg, pin)) != 0)
+ fatal_fr(r, "compose");
+- send_msg(msg);
++ send_msg(helper->fd, msg);
+ sshbuf_reset(msg);
+
+- type = recv_msg(msg);
++ type = recv_msg(helper->fd, msg);
+ if (type == SSH2_AGENT_IDENTITIES_ANSWER) {
+ if ((r = sshbuf_get_u32(msg, &nkeys)) != 0)
+ fatal_fr(r, "parse nkeys");
+@@ -349,7 +548,7 @@ pkcs11_add_provider(char *name, char *pin, struct sshkey ***keysp,
+ fatal_fr(r, "parse key");
+ if ((r = sshkey_from_blob(blob, blen, &k)) != 0)
+ fatal_fr(r, "decode key");
+- wrap_key(k);
++ wrap_key(helper, k);
+ (*keysp)[i] = k;
+ if (labelsp)
+ (*labelsp)[i] = label;
+@@ -370,22 +569,15 @@ pkcs11_add_provider(char *name, char *pin, struct sshkey ***keysp,
+ int
+ pkcs11_del_provider(char *name)
+ {
+- int r, ret = -1;
+- struct sshbuf *msg;
+-
+- if ((msg = sshbuf_new()) == NULL)
+- fatal_f("sshbuf_new failed");
+- if ((r = sshbuf_put_u8(msg, SSH_AGENTC_REMOVE_SMARTCARD_KEY)) != 0 ||
+- (r = sshbuf_put_cstring(msg, name)) != 0 ||
+- (r = sshbuf_put_cstring(msg, "")) != 0)
+- fatal_fr(r, "compose");
+- send_msg(msg);
+- sshbuf_reset(msg);
+-
+- if (recv_msg(msg) == SSH_AGENT_SUCCESS)
+- ret = 0;
+- sshbuf_free(msg);
+- return (ret);
++ struct helper *helper;
++
++ /*
++ * ssh-agent deletes keys before calling this, so the helper entry
++ * should be gone before we get here.
++ */
++ debug3_f("delete %s", name);
++ if ((helper = helper_by_provider(name)) != NULL)
++ helper_terminate(helper);
++ return 0;
+ }
+-
+ #endif /* ENABLE_PKCS11 */
+--
+2.40.0
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0002.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0002.patch
new file mode 100644
index 0000000000..81f4cc5fba
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0002.patch
@@ -0,0 +1,173 @@
+From 29ef8a04866ca14688d5b7fed7b8b9deab851f77 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Wed, 19 Jul 2023 14:02:27 +0000
+Subject: [PATCH 2/4] upstream: Ensure FIDO/PKCS11 libraries contain expected
+ symbols
+
+This checks via nlist(3) that candidate provider libraries contain one
+of the symbols that we will require prior to dlopen(), which can cause
+a number of side effects, including execution of constructors.
+
+Feedback deraadt; ok markus
+
+OpenBSD-Commit-ID: 1508a5fbd74e329e69a55b56c453c292029aefbe
+
+Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/29ef8a04866ca14688d5b7fed7b8b9deab851f77]
+
+CVE: CVE-2023-38408
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ misc.c | 77 ++++++++++++++++++++++++++++++++++++++++++++++++++++
+ misc.h | 1 +
+ ssh-pkcs11.c | 4 +++
+ ssh-sk.c | 6 ++--
+ 4 files changed, 86 insertions(+), 2 deletions(-)
+
+diff --git a/misc.c b/misc.c
+index 417498d..d0270e7 100644
+--- a/misc.c
++++ b/misc.c
+@@ -22,6 +22,7 @@
+
+ #include <sys/types.h>
+ #include <sys/ioctl.h>
++#include <sys/mman.h>
+ #include <sys/socket.h>
+ #include <sys/stat.h>
+ #include <sys/time.h>
+@@ -35,6 +36,9 @@
+ #ifdef HAVE_POLL_H
+ #include <poll.h>
+ #endif
++#ifdef HAVE_NLIST_H
++#include <nlist.h>
++#endif
+ #include <signal.h>
+ #include <stdarg.h>
+ #include <stdio.h>
+@@ -2784,3 +2788,76 @@ lookup_env_in_list(const char *env, char * const *envs, size_t nenvs)
+ }
+ return NULL;
+ }
++
++
++/*
++ * Returns zero if the library at 'path' contains symbol 's', nonzero
++ * otherwise.
++ */
++int
++lib_contains_symbol(const char *path, const char *s)
++{
++#ifdef HAVE_NLIST_H
++ struct nlist nl[2];
++ int ret = -1, r;
++
++ memset(nl, 0, sizeof(nl));
++ nl[0].n_name = xstrdup(s);
++ nl[1].n_name = NULL;
++ if ((r = nlist(path, nl)) == -1) {
++ error_f("nlist failed for %s", path);
++ goto out;
++ }
++ if (r != 0 || nl[0].n_value == 0 || nl[0].n_type == 0) {
++ error_f("library %s does not contain symbol %s", path, s);
++ goto out;
++ }
++ /* success */
++ ret = 0;
++ out:
++ free(nl[0].n_name);
++ return ret;
++#else /* HAVE_NLIST_H */
++ int fd, ret = -1;
++ struct stat st;
++ void *m = NULL;
++ size_t sz = 0;
++
++ memset(&st, 0, sizeof(st));
++ if ((fd = open(path, O_RDONLY)) < 0) {
++ error_f("open %s: %s", path, strerror(errno));
++ return -1;
++ }
++ if (fstat(fd, &st) != 0) {
++ error_f("fstat %s: %s", path, strerror(errno));
++ goto out;
++ }
++ if (!S_ISREG(st.st_mode)) {
++ error_f("%s is not a regular file", path);
++ goto out;
++ }
++ if (st.st_size < 0 ||
++ (size_t)st.st_size < strlen(s) ||
++ st.st_size >= INT_MAX/2) {
++ error_f("%s bad size %lld", path, (long long)st.st_size);
++ goto out;
++ }
++ sz = (size_t)st.st_size;
++ if ((m = mmap(NULL, sz, PROT_READ, MAP_PRIVATE, fd, 0)) == MAP_FAILED ||
++ m == NULL) {
++ error_f("mmap %s: %s", path, strerror(errno));
++ goto out;
++ }
++ if (memmem(m, sz, s, strlen(s)) == NULL) {
++ error_f("%s does not contain expected string %s", path, s);
++ goto out;
++ }
++ /* success */
++ ret = 0;
++ out:
++ if (m != NULL && m != MAP_FAILED)
++ munmap(m, sz);
++ close(fd);
++ return ret;
++#endif /* HAVE_NLIST_H */
++}
+diff --git a/misc.h b/misc.h
+index 2e1b5fe..3f48315 100644
+--- a/misc.h
++++ b/misc.h
+@@ -96,6 +96,7 @@ int parse_absolute_time(const char *, uint64_t *);
+ void format_absolute_time(uint64_t, char *, size_t);
+ int path_absolute(const char *);
+ int stdfd_devnull(int, int, int);
++int lib_contains_symbol(const char *, const char *);
+
+ void sock_set_v6only(int);
+
+diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
+index b2e2b32..5eb28e9 100644
+--- a/ssh-pkcs11.c
++++ b/ssh-pkcs11.c
+@@ -1532,6 +1532,10 @@ pkcs11_register_provider(char *provider_id, char *pin,
+ debug_f("provider already registered: %s", provider_id);
+ goto fail;
+ }
++ if (lib_contains_symbol(provider_id, "C_GetFunctionList") != 0) {
++ error("provider %s is not a PKCS11 library", provider_id);
++ goto fail;
++ }
+ /* open shared pkcs11-library */
+ if ((handle = dlopen(provider_id, RTLD_NOW)) == NULL) {
+ error("dlopen %s failed: %s", provider_id, dlerror());
+diff --git a/ssh-sk.c b/ssh-sk.c
+index a1ff5cc..1042bf6 100644
+--- a/ssh-sk.c
++++ b/ssh-sk.c
+@@ -132,10 +132,12 @@ sshsk_open(const char *path)
+ #endif
+ return ret;
+ }
+- if ((ret->dlhandle = dlopen(path, RTLD_NOW)) == NULL) {
+- error("Provider \"%s\" dlopen failed: %s", path, dlerror());
++ if (lib_contains_symbol(path, "sk_api_version") != 0) {
++ error("provider %s is not an OpenSSH FIDO library", path);
+ goto fail;
+ }
++ if ((ret->dlhandle = dlopen(path, RTLD_NOW)) == NULL)
++ fatal("Provider \"%s\" dlopen failed: %s", path, dlerror());
+ if ((ret->sk_api_version = dlsym(ret->dlhandle,
+ "sk_api_version")) == NULL) {
+ error("Provider \"%s\" dlsym(sk_api_version) failed: %s",
+--
+2.40.0
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0003.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0003.patch
new file mode 100644
index 0000000000..f226f12edc
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0003.patch
@@ -0,0 +1,36 @@
+From 892506b13654301f69f9545f48213fc210e5c5cc Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Wed, 19 Jul 2023 13:55:53 +0000
+Subject: [PATCH 3/4] upstream: terminate process if requested to load a
+ PKCS#11 provider that isn't a PKCS#11 provider; from / ok markus@
+
+OpenBSD-Commit-ID: 39532cf18b115881bb4cfaee32084497aadfa05c
+
+Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/892506b13654301f69f9545f48213fc210e5c5cc]
+
+CVE: CVE-2023-38408
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ ssh-pkcs11.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
+index 5eb28e9..0aef379 100644
+--- a/ssh-pkcs11.c
++++ b/ssh-pkcs11.c
+@@ -1541,10 +1541,8 @@ pkcs11_register_provider(char *provider_id, char *pin,
+ error("dlopen %s failed: %s", provider_id, dlerror());
+ goto fail;
+ }
+- if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) {
+- error("dlsym(C_GetFunctionList) failed: %s", dlerror());
+- goto fail;
+- }
++ if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL)
++ fatal("dlsym(C_GetFunctionList) failed: %s", dlerror());
+ p = xcalloc(1, sizeof(*p));
+ p->name = xstrdup(provider_id);
+ p->handle = handle;
+--
+2.40.0
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0004.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0004.patch
new file mode 100644
index 0000000000..1ff8505938
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0004.patch
@@ -0,0 +1,114 @@
+From 1f2731f5d7a8f8a8385c6031667ed29072c0d92a Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Wed, 19 Jul 2023 13:56:33 +0000
+Subject: [PATCH 4/4] upstream: Disallow remote addition of FIDO/PKCS11
+ provider libraries to ssh-agent by default.
+
+The old behaviour of allowing remote clients from loading providers
+can be restored using `ssh-agent -O allow-remote-pkcs11`.
+
+Detection of local/remote clients requires a ssh(1) that supports
+the `session-bind@openssh.com` extension. Forwarding access to a
+ssh-agent socket using non-OpenSSH tools may circumvent this control.
+
+ok markus@
+
+OpenBSD-Commit-ID: 4c2bdf79b214ae7e60cc8c39a45501344fa7bd7c
+
+Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/1f2731f5d7a8f8a8385c6031667ed29072c0d92a]
+
+CVE: CVE-2023-38408
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ ssh-agent.1 | 21 +++++++++++++++++++++
+ ssh-agent.c | 21 ++++++++++++++++++++-
+ 2 files changed, 41 insertions(+), 1 deletion(-)
+
+diff --git a/ssh-agent.1 b/ssh-agent.1
+index ed8c870..15d0a47 100644
+--- a/ssh-agent.1
++++ b/ssh-agent.1
+@@ -102,6 +102,27 @@ The default is
+ Kill the current agent (given by the
+ .Ev SSH_AGENT_PID
+ environment variable).
++Currently two options are supported:
++.Cm allow-remote-pkcs11
++and
++.Cm no-restrict-websafe .
++.Pp
++The
++.Cm allow-remote-pkcs11
++option allows clients of a forwarded
++.Nm
++to load PKCS#11 or FIDO provider libraries.
++By default only local clients may perform this operation.
++Note that signalling that a
++.Nm
++client remote is performed by
++.Xr ssh 1 ,
++and use of other tools to forward access to the agent socket may circumvent
++this restriction.
++.Pp
++The
++.Cm no-restrict-websafe ,
++instructs
+ .It Fl P Ar allowed_providers
+ Specify a pattern-list of acceptable paths for PKCS#11 provider and FIDO
+ authenticator middleware shared libraries that may be used with the
+diff --git a/ssh-agent.c b/ssh-agent.c
+index 03ae2b0..19eeaae 100644
+--- a/ssh-agent.c
++++ b/ssh-agent.c
+@@ -171,6 +171,12 @@ char socket_dir[PATH_MAX];
+ /* Pattern-list of allowed PKCS#11/Security key paths */
+ static char *allowed_providers;
+
++/*
++ * Allows PKCS11 providers or SK keys that use non-internal providers to
++ * be added over a remote connection (identified by session-bind@openssh.com).
++ */
++static int remote_add_provider;
++
+ /* locking */
+ #define LOCK_SIZE 32
+ #define LOCK_SALT_SIZE 16
+@@ -1239,6 +1245,12 @@ process_add_identity(SocketEntry *e)
+ if (strcasecmp(sk_provider, "internal") == 0) {
+ debug_f("internal provider");
+ } else {
++ if (e->nsession_ids != 0 && !remote_add_provider) {
++ verbose("failed add of SK provider \"%.100s\": "
++ "remote addition of providers is disabled",
++ sk_provider);
++ goto out;
++ }
+ if (realpath(sk_provider, canonical_provider) == NULL) {
+ verbose("failed provider \"%.100s\": "
+ "realpath: %s", sk_provider,
+@@ -1402,6 +1414,11 @@ process_add_smartcard_key(SocketEntry *e)
+ error_f("failed to parse constraints");
+ goto send;
+ }
++ if (e->nsession_ids != 0 && !remote_add_provider) {
++ verbose("failed PKCS#11 add of \"%.100s\": remote addition of "
++ "providers is disabled", provider);
++ goto send;
++ }
+ if (realpath(provider, canonical_provider) == NULL) {
+ verbose("failed PKCS#11 add of \"%.100s\": realpath: %s",
+ provider, strerror(errno));
+@@ -2061,7 +2078,9 @@ main(int ac, char **av)
+ break;
+ case 'O':
+ if (strcmp(optarg, "no-restrict-websafe") == 0)
+- restrict_websafe = 0;
++ restrict_websafe = 0;
++ else if (strcmp(optarg, "allow-remote-pkcs11") == 0)
++ remote_add_provider = 1;
+ else
+ fatal("Unknown -O option");
+ break;
+--
+2.40.0
diff --git a/meta/recipes-connectivity/openssh/openssh_8.9p1.bb b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb
index b403b355a6..da7ab7716c 100644
--- a/meta/recipes-connectivity/openssh/openssh_8.9p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb
@@ -28,6 +28,10 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
file://0001-Default-to-not-using-sandbox-when-cross-compiling.patch \
file://7280401bdd77ca54be6867a154cc01e0d72612e0.patch \
file://0001-upstream-include-destination-constraints-for-smartca.patch \
+ file://CVE-2023-38408-0001.patch \
+ file://CVE-2023-38408-0002.patch \
+ file://CVE-2023-38408-0003.patch \
+ file://CVE-2023-38408-0004.patch \
"
SRC_URI[sha256sum] = "fd497654b7ab1686dac672fb83dfb4ba4096e8b5ffcdaccd262380ae58bec5e7"
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 08/30] dmidecode: fix CVE-2023-30630
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (6 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 07/30] openssh: fix CVE-2023-38408 Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 09/30] python3: upgrade 3.10.9 -> 3.10.12 Steve Sakoman
` (22 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Yogita Urade <yogita.urade@windriver.com>
Dmidecode before 3.5 allows -dump-bin to overwrite a local file.
This has security relevance because, for example, execution of
Dmidecode via Sudo is plausible.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-30630
https://lists.nongnu.org/archive/html/dmidecode-devel/2023-04/msg00016.html
https://lists.nongnu.org/archive/html/dmidecode-devel/2023-04/msg00017.html
Backport: fixes fuzz in the CVE-2023-30630_2.patch in kirkstone
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit f92e59a0894145a828dc9ac74bf8c7a9355e0587)
Signed-off-by: Dhairya Nagodra <dnagodra@cisco.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../dmidecode/CVE-2023-30630_1.patch | 237 ++++++++++++++++++
.../dmidecode/CVE-2023-30630_2.patch | 80 ++++++
.../dmidecode/CVE-2023-30630_3.patch | 69 +++++
.../dmidecode/CVE-2023-30630_4.patch | 137 ++++++++++
.../dmidecode/dmidecode_3.3.bb | 4 +
5 files changed, 527 insertions(+)
create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1.patch
create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch
create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_3.patch
create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch
diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1.patch
new file mode 100644
index 0000000000..53480d6299
--- /dev/null
+++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1.patch
@@ -0,0 +1,237 @@
+From d8cfbc808f387e87091c25e7d5b8c2bb348bb206 Mon Sep 17 00:00:00 2001
+From: Jean Delvare <jdelvare@suse.de>
+Date: Tue, 27 Jun 2023 09:40:23 +0000
+Subject: [PATCH] dmidecode: Write the whole dump file at once
+
+When option --dump-bin is used, write the whole dump file at once,
+instead of opening and closing the file separately for the table
+and then for the entry point.
+
+As the file writing function is no longer generic, it gets moved
+from util.c to dmidecode.c.
+
+One minor functional change resulting from the new implementation is
+that the entry point is written first now, so the messages printed
+are swapped.
+
+Signed-off-by: Jean Delvare <jdelvare@suse.de>
+Reviewed-by: Jerry Hoemann <jerry.hoemann@hpe.com>
+
+CVE: CVE-2023-30630
+
+Reference: https://github.com/mirror/dmidecode/commit/39b2dd7b6ab719b920e96ed832cfb4bdd664e808
+
+Upstream-Status: Backport [https://github.com/mirror/dmidecode/commit/d8cfbc808f387e87091c25e7d5b8c2bb348bb206]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ dmidecode.c | 79 +++++++++++++++++++++++++++++++++++++++--------------
+ util.c | 40 ---------------------------
+ util.h | 1 -
+ 3 files changed, 58 insertions(+), 62 deletions(-)
+
+diff --git a/dmidecode.c b/dmidecode.c
+index 9aeff91..5477309 100644
+--- a/dmidecode.c
++++ b/dmidecode.c
+@@ -5427,11 +5427,56 @@ static void dmi_table_string(const struct dmi_header *h, const u8 *data, u16 ver
+ }
+ }
+
+-static void dmi_table_dump(const u8 *buf, u32 len)
++static int dmi_table_dump(const u8 *ep, u32 ep_len, const u8 *table,
++ u32 table_len)
+ {
++ FILE *f;
++
++ f = fopen(opt.dumpfile, "wb");
++ if (!f)
++ {
++ fprintf(stderr, "%s: ", opt.dumpfile);
++ perror("fopen");
++ return -1;
++ }
++
++ if (!(opt.flags & FLAG_QUIET))
++ pr_comment("Writing %d bytes to %s.", ep_len, opt.dumpfile);
++ if (fwrite(ep, ep_len, 1, f) != 1)
++ {
++ fprintf(stderr, "%s: ", opt.dumpfile);
++ perror("fwrite");
++ goto err_close;
++ }
++
++ if (fseek(f, 32, SEEK_SET) != 0)
++ {
++ fprintf(stderr, "%s: ", opt.dumpfile);
++ perror("fseek");
++ goto err_close;
++ }
++
+ if (!(opt.flags & FLAG_QUIET))
+- pr_comment("Writing %d bytes to %s.", len, opt.dumpfile);
+- write_dump(32, len, buf, opt.dumpfile, 0);
++ pr_comment("Writing %d bytes to %s.", table_len, opt.dumpfile);
++ if (fwrite(table, table_len, 1, f) != 1)
++ {
++ fprintf(stderr, "%s: ", opt.dumpfile);
++ perror("fwrite");
++ goto err_close;
++ }
++
++ if (fclose(f))
++ {
++ fprintf(stderr, "%s: ", opt.dumpfile);
++ perror("fclose");
++ return -1;
++ }
++
++ return 0;
++
++err_close:
++ fclose(f);
++ return -1;
+ }
+
+ static void dmi_table_decode(u8 *buf, u32 len, u16 num, u16 ver, u32 flags)
+@@ -5648,11 +5693,6 @@ static void dmi_table(off_t base, u32 len, u16 num, u32 ver, const char *devmem,
+ return;
+ }
+
+- if (opt.flags & FLAG_DUMP_BIN)
+- dmi_table_dump(buf, len);
+- else
+- dmi_table_decode(buf, len, num, ver >> 8, flags);
+-
+ free(buf);
+ }
+
+@@ -5688,8 +5728,9 @@ static void overwrite_smbios3_address(u8 *buf)
+
+ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
+ {
+- u32 ver;
++ u32 ver, len;
+ u64 offset;
++ u8 *table;
+
+ /* Don't let checksum run beyond the buffer */
+ if (buf[0x06] > 0x20)
+@@ -5725,10 +5766,7 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
+ memcpy(crafted, buf, 32);
+ overwrite_smbios3_address(crafted);
+
+- if (!(opt.flags & FLAG_QUIET))
+- pr_comment("Writing %d bytes to %s.", crafted[0x06],
+- opt.dumpfile);
+- write_dump(0, crafted[0x06], crafted, opt.dumpfile, 1);
++ dmi_table_dump(crafted, crafted[0x06], table, len);
+ }
+
+ return 1;
+@@ -5737,6 +5775,8 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
+ static int smbios_decode(u8 *buf, const char *devmem, u32 flags)
+ {
+ u16 ver;
++ u32 len;
++ u8 *table;
+
+ /* Don't let checksum run beyond the buffer */
+ if (buf[0x05] > 0x20)
+@@ -5786,10 +5826,7 @@ static int smbios_decode(u8 *buf, const char *devmem, u32 flags)
+ memcpy(crafted, buf, 32);
+ overwrite_dmi_address(crafted + 0x10);
+
+- if (!(opt.flags & FLAG_QUIET))
+- pr_comment("Writing %d bytes to %s.", crafted[0x05],
+- opt.dumpfile);
+- write_dump(0, crafted[0x05], crafted, opt.dumpfile, 1);
++ dmi_table_dump(crafted, crafted[0x05], table, len);
+ }
+
+ return 1;
+@@ -5797,6 +5834,9 @@ static int smbios_decode(u8 *buf, const char *devmem, u32 flags)
+
+ static int legacy_decode(u8 *buf, const char *devmem, u32 flags)
+ {
++ u32 len;
++ u8 *table;
++
+ if (!checksum(buf, 0x0F))
+ return 0;
+
+@@ -5815,10 +5855,7 @@ static int legacy_decode(u8 *buf, const char *devmem, u32 flags)
+ memcpy(crafted, buf, 16);
+ overwrite_dmi_address(crafted);
+
+- if (!(opt.flags & FLAG_QUIET))
+- pr_comment("Writing %d bytes to %s.", 0x0F,
+- opt.dumpfile);
+- write_dump(0, 0x0F, crafted, opt.dumpfile, 1);
++ dmi_table_dump(crafted, 0x0F, table, len);
+ }
+
+ return 1;
+diff --git a/util.c b/util.c
+index 04aaadd..1547096 100644
+--- a/util.c
++++ b/util.c
+@@ -259,46 +259,6 @@ out:
+ return p;
+ }
+
+-int write_dump(size_t base, size_t len, const void *data, const char *dumpfile, int add)
+-{
+- FILE *f;
+-
+- f = fopen(dumpfile, add ? "r+b" : "wb");
+- if (!f)
+- {
+- fprintf(stderr, "%s: ", dumpfile);
+- perror("fopen");
+- return -1;
+- }
+-
+- if (fseek(f, base, SEEK_SET) != 0)
+- {
+- fprintf(stderr, "%s: ", dumpfile);
+- perror("fseek");
+- goto err_close;
+- }
+-
+- if (fwrite(data, len, 1, f) != 1)
+- {
+- fprintf(stderr, "%s: ", dumpfile);
+- perror("fwrite");
+- goto err_close;
+- }
+-
+- if (fclose(f))
+- {
+- fprintf(stderr, "%s: ", dumpfile);
+- perror("fclose");
+- return -1;
+- }
+-
+- return 0;
+-
+-err_close:
+- fclose(f);
+- return -1;
+-}
+-
+ /* Returns end - start + 1, assuming start < end */
+ u64 u64_range(u64 start, u64 end)
+ {
+diff --git a/util.h b/util.h
+index 3094cf8..ef24eb9 100644
+--- a/util.h
++++ b/util.h
+@@ -27,5 +27,4 @@
+ int checksum(const u8 *buf, size_t len);
+ void *read_file(off_t base, size_t *len, const char *filename);
+ void *mem_chunk(off_t base, size_t len, const char *devmem);
+-int write_dump(size_t base, size_t len, const void *data, const char *dumpfile, int add);
+ u64 u64_range(u64 start, u64 end);
+--
+2.35.5
diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch
new file mode 100644
index 0000000000..9f53a205ac
--- /dev/null
+++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch
@@ -0,0 +1,80 @@
+From 47101389dd52b50123a3ec59fed4d2021752e489 Mon Sep 17 00:00:00 2001
+From: Jean Delvare <jdelvare@suse.de>
+Date: Tue, 27 Jun 2023 10:03:53 +0000
+Subject: [PATCH] dmidecode: Do not let --dump-bin overwrite an existing file
+
+Make sure that the file passed to option --dump-bin does not already
+exist. In practice, it is rather unlikely that an honest user would
+want to overwrite an existing dump file, while this possibility
+could be used by a rogue user to corrupt a system file.
+
+Signed-off-by: Jean Delvare <jdelvare@suse.de>
+Reviewed-by: Jerry Hoemann <jerry.hoemann@hpe.com>
+
+CVE: CVE-2023-30630
+
+Upstream-Status: Backport
+[https://github.com/mirror/dmidecode/commit/6ca381c1247c81f74e1ca4e7706f70bdda72e6f2]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+
+---
+ dmidecode.c | 14 ++++++++++++--
+ man/dmidecode.8 | 3 ++-
+ 2 files changed, 14 insertions(+), 3 deletions(-)
+
+diff --git a/dmidecode.c b/dmidecode.c
+index ae461de..6446040 100644
+--- a/dmidecode.c
++++ b/dmidecode.c
+@@ -60,6 +60,7 @@
+ * https://www.dmtf.org/sites/default/files/DSP0270_1.0.1.pdf
+ */
+
++#include <fcntl.h>
+ #include <stdio.h>
+ #include <string.h>
+ #include <strings.h>
+@@ -5133,13 +5134,22 @@ static void dmi_table_string(const struct dmi_header *h, const u8 *data, u16 ver
+ static int dmi_table_dump(const u8 *ep, u32 ep_len, const u8 *table,
+ u32 table_len)
+ {
++ int fd;
+ FILE *f;
+
+- f = fopen(opt.dumpfile, "wb");
++ fd = open(opt.dumpfile, O_WRONLY|O_CREAT|O_EXCL, 0666);
++ if (fd == -1)
++ {
++ fprintf(stderr, "%s: ", opt.dumpfile);
++ perror("open");
++ return -1;
++ }
++
++ f = fdopen(fd, "wb");
+ if (!f)
+ {
+ fprintf(stderr, "%s: ", opt.dumpfile);
+- perror("fopen");
++ perror("fdopen");
+ return -1;
+ }
+
+diff --git a/man/dmidecode.8 b/man/dmidecode.8
+index 64dc7e7..d5b7f01 100644
+--- a/man/dmidecode.8
++++ b/man/dmidecode.8
+@@ -1,4 +1,4 @@
+-.TH DMIDECODE 8 "January 2019" "dmidecode"
++.TH DMIDECODE 8 "February 2023" "dmidecode"
+ .\"
+ .SH NAME
+ dmidecode \- \s-1DMI\s0 table decoder
+@@ -132,6 +132,7 @@ hexadecimal and \s-1ASCII\s0. This option is mainly useful for debugging.
+ Do not decode the entries, instead dump the DMI data to a file in binary
+ form. The generated file is suitable to pass to \fB--from-dump\fR
+ later.
++\fIFILE\fP must not exist.
+ .TP
+ .BR " " " " "--from-dump FILE"
+ Read the DMI data from a binary file previously generated using
diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_3.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_3.patch
new file mode 100644
index 0000000000..01d0d1f867
--- /dev/null
+++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_3.patch
@@ -0,0 +1,69 @@
+From c76ddda0ba0aa99a55945e3290095c2ec493c892 Mon Sep 17 00:00:00 2001
+From: Jean Delvare <jdelvare@suse.de>
+Date: Tue, 27 Jun 2023 10:25:50 +0000
+Subject: [PATCH] Consistently use read_file() when reading from a dump file
+
+Use read_file() instead of mem_chunk() to read the entry point from a
+dump file. This is faster, and consistent with how we then read the
+actual DMI table from that dump file.
+
+This made no functional difference so far, which is why it went
+unnoticed for years. But now that a file type check was added to the
+mem_chunk() function, we must stop using it to read from regular
+files.
+
+This will again allow root to use the --from-dump option.
+
+Signed-off-by: Jean Delvare <jdelvare@suse.de>
+Tested-by: Jerry Hoemann <jerry.hoemann@hpe.com>
+
+CVE: CVE-2023-30630
+
+Upstream-Status: Backport [https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=c76ddda0ba0aa99a55945e3290095c2ec493c892]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ dmidecode.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/dmidecode.c b/dmidecode.c
+index 98f9692..b4dbc9d 100644
+--- a/dmidecode.c
++++ b/dmidecode.c
+@@ -5997,17 +5997,25 @@ int main(int argc, char * const argv[])
+ pr_comment("dmidecode %s", VERSION);
+
+ /* Read from dump if so instructed */
++ size = 0x20;
+ if (opt.flags & FLAG_FROM_DUMP)
+ {
+ if (!(opt.flags & FLAG_QUIET))
+ pr_info("Reading SMBIOS/DMI data from file %s.",
+ opt.dumpfile);
+- if ((buf = mem_chunk(0, 0x20, opt.dumpfile)) == NULL)
++ if ((buf = read_file(0, &size, opt.dumpfile)) == NULL)
+ {
+ ret = 1;
+ goto exit_free;
+ }
+
++ /* Truncated entry point can't be processed */
++ if (size < 0x20)
++ {
++ ret = 1;
++ goto done;
++ }
++
+ if (memcmp(buf, "_SM3_", 5) == 0)
+ {
+ if (smbios3_decode(buf, opt.dumpfile, 0))
+@@ -6031,7 +6039,6 @@ int main(int argc, char * const argv[])
+ * contain one of several types of entry points, so read enough for
+ * the largest one, then determine what type it contains.
+ */
+- size = 0x20;
+ if (!(opt.flags & FLAG_NO_SYSFS)
+ && (buf = read_file(0, &size, SYS_ENTRY_FILE)) != NULL)
+ {
+--
+2.40.0
diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch
new file mode 100644
index 0000000000..5fa72b4f9b
--- /dev/null
+++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch
@@ -0,0 +1,137 @@
+From 2b83c4b898f8325313162f588765411e8e3e5561 Mon Sep 17 00:00:00 2001
+From: Jean Delvare <jdelvare@suse.de>
+Date: Tue, 27 Jun 2023 10:58:11 +0000
+Subject: [PATCH] Don't read beyond sysfs entry point buffer
+
+Functions smbios_decode() and smbios3_decode() include a check
+against buffer overrun. This check assumes that the buffer length is
+always 32 bytes. This is true when reading from /dev/mem or from a
+dump file, however when reading from sysfs, the buffer length is the
+size of the actual sysfs attribute file, typically 31 bytes for an
+SMBIOS 2.x entry point and 24 bytes for an SMBIOS 3.x entry point.
+
+In the unlikely event of a malformed entry point, with encoded length
+larger than expected but smaller than or equal to 32, we would hit a
+buffer overrun. So properly pass the actual buffer length as an
+argument and perform the check against it.
+
+In practice, this will never happen, because on the Linux kernel
+side, the size of the sysfs attribute file is decided from the entry
+point length field. So it is technically impossible for them not to
+match. But user-space code should not make such assumptions.
+
+Signed-off-by: Jean Delvare <jdelvare@suse.de>
+
+CVE: CVE-2023-30630
+
+Upstream-Status: Backport
+[https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=2b83c4b898f8325313162f588765411e8e3e5561]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ dmidecode.c | 24 ++++++++++++------------
+ 1 file changed, 12 insertions(+), 12 deletions(-)
+
+diff --git a/dmidecode.c b/dmidecode.c
+index b4dbc9d..870d94e 100644
+--- a/dmidecode.c
++++ b/dmidecode.c
+@@ -5736,14 +5736,14 @@ static void overwrite_smbios3_address(u8 *buf)
+ buf[0x17] = 0;
+ }
+
+-static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
++static int smbios3_decode(u8 *buf, size_t buf_len, const char *devmem, u32 flags)
+ {
+ u32 ver, len;
+ u64 offset;
+ u8 *table;
+
+ /* Don't let checksum run beyond the buffer */
+- if (buf[0x06] > 0x20)
++ if (buf[0x06] > buf_len)
+ {
+ fprintf(stderr,
+ "Entry point length too large (%u bytes, expected %u).\n",
+@@ -5782,14 +5782,14 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
+ return 1;
+ }
+
+-static int smbios_decode(u8 *buf, const char *devmem, u32 flags)
++static int smbios_decode(u8 *buf, size_t buf_len, const char *devmem, u32 flags)
+ {
+ u16 ver;
+ u32 len;
+ u8 *table;
+
+ /* Don't let checksum run beyond the buffer */
+- if (buf[0x05] > 0x20)
++ if (buf[0x05] > buf_len)
+ {
+ fprintf(stderr,
+ "Entry point length too large (%u bytes, expected %u).\n",
+@@ -6018,12 +6018,12 @@ int main(int argc, char * const argv[])
+
+ if (memcmp(buf, "_SM3_", 5) == 0)
+ {
+- if (smbios3_decode(buf, opt.dumpfile, 0))
++ if (smbios3_decode(buf, size, opt.dumpfile, 0))
+ found++;
+ }
+ else if (memcmp(buf, "_SM_", 4) == 0)
+ {
+- if (smbios_decode(buf, opt.dumpfile, 0))
++ if (smbios_decode(buf, size, opt.dumpfile, 0))
+ found++;
+ }
+ else if (memcmp(buf, "_DMI_", 5) == 0)
+@@ -6046,12 +6046,12 @@ int main(int argc, char * const argv[])
+ pr_info("Getting SMBIOS data from sysfs.");
+ if (size >= 24 && memcmp(buf, "_SM3_", 5) == 0)
+ {
+- if (smbios3_decode(buf, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
++ if (smbios3_decode(buf, size, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
+ found++;
+ }
+ else if (size >= 31 && memcmp(buf, "_SM_", 4) == 0)
+ {
+- if (smbios_decode(buf, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
++ if (smbios_decode(buf, size, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
+ found++;
+ }
+ else if (size >= 15 && memcmp(buf, "_DMI_", 5) == 0)
+@@ -6088,12 +6088,12 @@ int main(int argc, char * const argv[])
+
+ if (memcmp(buf, "_SM3_", 5) == 0)
+ {
+- if (smbios3_decode(buf, opt.devmem, 0))
++ if (smbios3_decode(buf, 0x20, opt.devmem, 0))
+ found++;
+ }
+ else if (memcmp(buf, "_SM_", 4) == 0)
+ {
+- if (smbios_decode(buf, opt.devmem, 0))
++ if (smbios_decode(buf, 0x20, opt.devmem, 0))
+ found++;
+ }
+ goto done;
+@@ -6114,7 +6114,7 @@ memory_scan:
+ {
+ if (memcmp(buf + fp, "_SM3_", 5) == 0)
+ {
+- if (smbios3_decode(buf + fp, opt.devmem, 0))
++ if (smbios3_decode(buf + fp, 0x20, opt.devmem, 0))
+ {
+ found++;
+ goto done;
+@@ -6127,7 +6127,7 @@ memory_scan:
+ {
+ if (memcmp(buf + fp, "_SM_", 4) == 0 && fp <= 0xFFE0)
+ {
+- if (smbios_decode(buf + fp, opt.devmem, 0))
++ if (smbios_decode(buf + fp, 0x20, opt.devmem, 0))
+ {
+ found++;
+ goto done;
+--
+2.35.5
diff --git a/meta/recipes-devtools/dmidecode/dmidecode_3.3.bb b/meta/recipes-devtools/dmidecode/dmidecode_3.3.bb
index 23540b2703..b99c2ea99d 100644
--- a/meta/recipes-devtools/dmidecode/dmidecode_3.3.bb
+++ b/meta/recipes-devtools/dmidecode/dmidecode_3.3.bb
@@ -6,6 +6,10 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263"
SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/dmidecode/${BP}.tar.xz \
file://0001-Committing-changes-from-do_unpack_extra.patch \
+ file://CVE-2023-30630_1.patch \
+ file://CVE-2023-30630_2.patch \
+ file://CVE-2023-30630_3.patch \
+ file://CVE-2023-30630_4.patch \
"
COMPATIBLE_HOST = "(i.86|x86_64|aarch64|arm|powerpc|powerpc64).*-linux"
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 09/30] python3: upgrade 3.10.9 -> 3.10.12
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (7 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 08/30] dmidecode: fix CVE-2023-30630 Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 10/30] diffutils: update 3.9 -> 3.10 Steve Sakoman
` (21 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Tim Orling <ticotimo@gmail.com>
Security and bugfix updates.
* Drop cve-2023-24329.patch as it is merged in 3.10.12
CVE: CVE-2023-24329
Includes openssl 1.1.1u which addresses:
CVE: CVE-2023-0286
CVE: CVE-2022-4304
CVE: CVE-2022-4203
https://docs.python.org/release/3.10.12/whatsnew/changelog.html#python-3-10-12-final
https://docs.python.org/release/3.10.12/whatsnew/changelog.html#python-3-10-11-final
https://docs.python.org/release/3.10.12/whatsnew/changelog.html#python-3-10-10-final
License-Update: Update Copyright years to include 2023
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../python/python3/cve-2023-24329.patch | 50 -------------------
.../{python3_3.10.9.bb => python3_3.10.12.bb} | 5 +-
2 files changed, 2 insertions(+), 53 deletions(-)
delete mode 100644 meta/recipes-devtools/python/python3/cve-2023-24329.patch
rename meta/recipes-devtools/python/{python3_3.10.9.bb => python3_3.10.12.bb} (98%)
diff --git a/meta/recipes-devtools/python/python3/cve-2023-24329.patch b/meta/recipes-devtools/python/python3/cve-2023-24329.patch
deleted file mode 100644
index d47425d239..0000000000
--- a/meta/recipes-devtools/python/python3/cve-2023-24329.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 72d356e3584ebfb8e813a8e9f2cd3dccf233c0d9 Mon Sep 17 00:00:00 2001
-From: "Miss Islington (bot)"
- <31488909+miss-islington@users.noreply.github.com>
-Date: Sun, 13 Nov 2022 11:00:25 -0800
-Subject: [PATCH] gh-99418: Make urllib.parse.urlparse enforce that a scheme
- must begin with an alphabetical ASCII character. (GH-99421)
-
-Prevent urllib.parse.urlparse from accepting schemes that don't begin with an alphabetical ASCII character.
-
-RFC 3986 defines a scheme like this: `scheme = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )`
-RFC 2234 defines an ALPHA like this: `ALPHA = %x41-5A / %x61-7A`
-
-The WHATWG URL spec defines a scheme like this:
-`"A URL-scheme string must be one ASCII alpha, followed by zero or more of ASCII alphanumeric, U+002B (+), U+002D (-), and U+002E (.)."`
-(cherry picked from commit 439b9cfaf43080e91c4ad69f312f21fa098befc7)
-
-Co-authored-by: Ben Kallus <49924171+kenballus@users.noreply.github.com>
---- end original header ---
-
-CVE: CVE-2023-24329
-
-Upstream-Status: Backport [see below]
-
-Taken from https://github.com/python/cpython.git
-commit 72d356e3584ebfb8e813a8e9f2cd3dccf233c0d9
-
-CVE fix extracted; test case and update to NEWS abandoned.
-Defuzzed.
-
-Signed-off-by: Joe Slater <joe.slater@windriver.com>
----
- Lib/urllib/parse.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Lib/urllib/parse.py b/Lib/urllib/parse.py
-index 26ddf30..1c53acb 100644
---- a/Lib/urllib/parse.py
-+++ b/Lib/urllib/parse.py
-@@ -469,7 +469,7 @@ def urlsplit(url, scheme='', allow_fragments=True):
- clear_cache()
- netloc = query = fragment = ''
- i = url.find(':')
-- if i > 0:
-+ if i > 0 and url[0].isascii() and url[0].isalpha():
- for c in url[:i]:
- if c not in scheme_chars:
- break
---
-2.25.1
-
diff --git a/meta/recipes-devtools/python/python3_3.10.9.bb b/meta/recipes-devtools/python/python3_3.10.12.bb
similarity index 98%
rename from meta/recipes-devtools/python/python3_3.10.9.bb
rename to meta/recipes-devtools/python/python3_3.10.12.bb
index 4ecc7614bb..74f1defc95 100644
--- a/meta/recipes-devtools/python/python3_3.10.9.bb
+++ b/meta/recipes-devtools/python/python3_3.10.12.bb
@@ -4,7 +4,7 @@ DESCRIPTION = "Python is a programming language that lets you work more quickly
LICENSE = "PSF-2.0"
SECTION = "devel/python"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=a1822df8d0f068628ca6090aedc5bfc8"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=fcf6b249c2641540219a727f35d8d2c2"
SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
file://run-ptest \
@@ -35,7 +35,6 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
file://0001-setup.py-Do-not-detect-multiarch-paths-when-cross-co.patch \
file://deterministic_imports.patch \
file://0001-Avoid-shebang-overflow-on-python-config.py.patch \
- file://cve-2023-24329.patch \
"
SRC_URI:append:class-native = " \
@@ -44,7 +43,7 @@ SRC_URI:append:class-native = " \
file://12-distutils-prefix-is-inside-staging-area.patch \
file://0001-Don-t-search-system-for-headers-libraries.patch \
"
-SRC_URI[sha256sum] = "5ae03e308260164baba39921fdb4dbf8e6d03d8235a939d4582b33f0b5e46a83"
+SRC_URI[sha256sum] = "afb74bf19130e7a47d10312c8f5e784f24e0527981eab68e20546cfb865830b8"
# exclude pre-releases for both python 2.x and 3.x
UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 10/30] diffutils: update 3.9 -> 3.10
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (8 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 09/30] python3: upgrade 3.10.9 -> 3.10.12 Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 11/30] libassuan: upgrade 2.5.5 -> 2.5.6 Steve Sakoman
` (20 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Alexander Kanavin <alex.kanavin@gmail.com>
* Noteworthy changes in release 3.10 (2023-05-21) [stable]
** Bug fixes
cmp/diff can again work with file dates past Y2K38
[bug introduced in 3.9]
diff -D no longer fails to output #ifndef lines.
[bug#61193 introduced in 3.9]
Remove the comment addition from the patch body, as it
increases likelyhood of rebase conflicts, and repeats what
the commit says.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 925155acc6922f7e9df2afa45e79ad1b2c57ba24)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 21e40166870fadee986fb36be80019d3bcdb69e5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...001-Skip-strip-trailing-cr-test-case.patch | 19 +++++++------------
.../{diffutils_3.9.bb => diffutils_3.10.bb} | 2 +-
2 files changed, 8 insertions(+), 13 deletions(-)
rename meta/recipes-extended/diffutils/{diffutils_3.9.bb => diffutils_3.10.bb} (93%)
diff --git a/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch b/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch
index 8b88c308f2..32793233f9 100644
--- a/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch
+++ b/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch
@@ -1,4 +1,4 @@
-From 027229d25392b22d7280c0abbc3efde4f467d167 Mon Sep 17 00:00:00 2001
+From f31395c931bc633206eccfcfaaaa5d15021a3e86 Mon Sep 17 00:00:00 2001
From: Peiran Hong <peiran.hong@windriver.com>
Date: Thu, 5 Sep 2019 15:42:22 -0400
Subject: [PATCH] Skip strip-trailing-cr test case
@@ -12,23 +12,18 @@ Upstream-Status: Inappropriate [embedded specific]
Signed-off-by: Peiran Hong <peiran.hong@windriver.com>
---
- tests/Makefile.am | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
+ tests/Makefile.am | 1 -
+ 1 file changed, 1 deletion(-)
diff --git a/tests/Makefile.am b/tests/Makefile.am
-index d98df82..757ea52 100644
+index 79bacfb..4adb4d7 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
-@@ -21,9 +21,11 @@ TESTS = \
+@@ -22,7 +22,6 @@ TESTS = \
stdin \
strcoll-0-names \
filename-quoting \
- strip-trailing-cr \
timezone \
- colors
-+# Skipping this test since it requires valgrind
-+# and thus is too heavy for diffutils package
-+# strip-trailing-cr
-
- XFAIL_TESTS = large-subopt
-
+ colors \
+ y2038-vs-32bit
diff --git a/meta/recipes-extended/diffutils/diffutils_3.9.bb b/meta/recipes-extended/diffutils/diffutils_3.10.bb
similarity index 93%
rename from meta/recipes-extended/diffutils/diffutils_3.9.bb
rename to meta/recipes-extended/diffutils/diffutils_3.10.bb
index 2bb9e6f32d..08e8305612 100644
--- a/meta/recipes-extended/diffutils/diffutils_3.9.bb
+++ b/meta/recipes-extended/diffutils/diffutils_3.10.bb
@@ -8,7 +8,7 @@ SRC_URI = "${GNU_MIRROR}/diffutils/diffutils-${PV}.tar.xz \
file://0001-Skip-strip-trailing-cr-test-case.patch \
"
-SRC_URI[sha256sum] = "d80d3be90a201868de83d78dad3413ad88160cc53bcc36eb9eaf7c20dbf023f1"
+SRC_URI[sha256sum] = "90e5e93cc724e4ebe12ede80df1634063c7a855692685919bfe60b556c9bd09e"
EXTRA_OECONF += "ac_cv_path_PR_PROGRAM=${bindir}/pr --without-libsigsegv-prefix"
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 11/30] libassuan: upgrade 2.5.5 -> 2.5.6
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (9 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 10/30] diffutils: update 3.9 -> 3.10 Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 12/30] libksba: upgrade 1.6.3 -> 1.6.4 Steve Sakoman
` (19 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Wang Mingyu <wangmy@fujitsu.com>
Changelog:
===========
* Fix logging of confidential data. [rA0fc31770fa]
* Fix memory wiping. [T5977]
* Fix macOS build problem. [T5440,T5610]
* Upgrade autoconf stuff.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 90126be6dc32170c08eb90223b6a6cc06c2133ce)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libassuan/{libassuan_2.5.5.bb => libassuan_2.5.6.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-support/libassuan/{libassuan_2.5.5.bb => libassuan_2.5.6.bb} (93%)
diff --git a/meta/recipes-support/libassuan/libassuan_2.5.5.bb b/meta/recipes-support/libassuan/libassuan_2.5.6.bb
similarity index 93%
rename from meta/recipes-support/libassuan/libassuan_2.5.5.bb
rename to meta/recipes-support/libassuan/libassuan_2.5.6.bb
index 2bab3ac955..7e899e7399 100644
--- a/meta/recipes-support/libassuan/libassuan_2.5.5.bb
+++ b/meta/recipes-support/libassuan/libassuan_2.5.6.bb
@@ -20,7 +20,7 @@ SRC_URI = "${GNUPG_MIRROR}/libassuan/libassuan-${PV}.tar.bz2 \
file://libassuan-add-pkgconfig-support.patch \
"
-SRC_URI[sha256sum] = "8e8c2fcc982f9ca67dcbb1d95e2dc746b1739a4668bc20b3a3c5be632edb34e4"
+SRC_URI[sha256sum] = "e9fd27218d5394904e4e39788f9b1742711c3e6b41689a31aa3380bd5aa4f426"
BINCONFIG = "${bindir}/libassuan-config"
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 12/30] libksba: upgrade 1.6.3 -> 1.6.4
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (10 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 11/30] libassuan: upgrade 2.5.5 -> 2.5.6 Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 13/30] lttng-ust: upgrade 2.13.5 -> 2.13.6 Steve Sakoman
` (18 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Wang Mingyu <wangmy@fujitsu.com>
Changelog:
Correctly detect CMS write errors.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0296cf63007542c1cb209a4288be1c82aa2ba843)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libksba/{libksba_1.6.3.bb => libksba_1.6.4.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-support/libksba/{libksba_1.6.3.bb => libksba_1.6.4.bb} (94%)
diff --git a/meta/recipes-support/libksba/libksba_1.6.3.bb b/meta/recipes-support/libksba/libksba_1.6.4.bb
similarity index 94%
rename from meta/recipes-support/libksba/libksba_1.6.3.bb
rename to meta/recipes-support/libksba/libksba_1.6.4.bb
index dc39693be4..f9636f9433 100644
--- a/meta/recipes-support/libksba/libksba_1.6.3.bb
+++ b/meta/recipes-support/libksba/libksba_1.6.4.bb
@@ -24,7 +24,7 @@ UPSTREAM_CHECK_URI = "https://gnupg.org/download/index.html"
SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
file://ksba-add-pkgconfig-support.patch"
-SRC_URI[sha256sum] = "3f72c68db30971ebbf14367527719423f0a4d5f8103fc9f4a1c01a9fa440de5c"
+SRC_URI[sha256sum] = "bbb43f032b9164d86c781ffe42213a83bf4f2fee91455edfa4654521b8b03b6b"
do_configure:prepend () {
# Else these could be used in preference to those in aclocal-copy
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 13/30] lttng-ust: upgrade 2.13.5 -> 2.13.6
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (11 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 12/30] libksba: upgrade 1.6.3 -> 1.6.4 Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 14/30] gcc : upgrade to v11.4 Steve Sakoman
` (17 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Wang Mingyu <wangmy@fujitsu.com>
Changelog:
===========
* Fix: segmentation fault on filter interpretation in "switch" mode
* Fix: `ip` context is expressed as a base-10 field
* Fix: c99: use __asm__ __volatile__
* Fix: c99: static assert: clang build fails due to multiple typedef
* Fix: Reevaluate LTTNG_UST_TRACEPOINT_DEFINE each time tracepoint.h is included
* Fix: trace events in C++ constructors/destructors
* Fix: trace events in C constructors/destructors
* Fix: use unaligned pointer accesses for lttng_inline_memcpy
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 656470b4b0db579308d218d1ece77bdacd168d14)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../lttng/{lttng-ust_2.13.5.bb => lttng-ust_2.13.6.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-kernel/lttng/{lttng-ust_2.13.5.bb => lttng-ust_2.13.6.bb} (95%)
diff --git a/meta/recipes-kernel/lttng/lttng-ust_2.13.5.bb b/meta/recipes-kernel/lttng/lttng-ust_2.13.6.bb
similarity index 95%
rename from meta/recipes-kernel/lttng/lttng-ust_2.13.5.bb
rename to meta/recipes-kernel/lttng/lttng-ust_2.13.6.bb
index 916408bff0..424b0fa645 100644
--- a/meta/recipes-kernel/lttng/lttng-ust_2.13.5.bb
+++ b/meta/recipes-kernel/lttng/lttng-ust_2.13.6.bb
@@ -34,7 +34,7 @@ SRC_URI = "https://lttng.org/files/lttng-ust/lttng-ust-${PV}.tar.bz2 \
file://0001-Makefile.am-update-rpath-link.patch \
"
-SRC_URI[sha256sum] = "f1d7bb4984a3dc5dacd3b7bcb4c10c04b041b0eecd7cba1fef3d8f86aff02bd6"
+SRC_URI[sha256sum] = "e7e04596dd73ac7aa99e27cd000f949dbb0fed51bd29099f9b08a25c1df0ced5"
CVE_PRODUCT = "ust"
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 14/30] gcc : upgrade to v11.4
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (12 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 13/30] lttng-ust: upgrade 2.13.5 -> 2.13.6 Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 15/30] libxcrypt: fix build with perl-5.38 and use master branch Steve Sakoman
` (16 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Sundeep KOKKONDA <sundeep.kokkonda@windriver.com>
gcc stable version upgraded from v11.3 to v11.4
For changes in v11.4 see - https://gcc.gnu.org/gcc-11/changes.html
Below is the bug fix list for v11.4
https://gcc.gnu.org/bugzilla/buglist.cgi?bug_status=RESOLVED&order=short_desc%2Cbug_status%2Cpriority%2Cassigned_to%2Cbug_id&query_format=advanced&resolution=FIXED&target_milestone=11.4
There are a total 115 bugs are fixed in this release, below is the list of bugs fixed excluding the regression fixes.
ID Product Comp Resolution Summary▲
108199 gcc tree-opt FIXE Bitfields, unions and SRA and storage_order_attribute
107801 gcc libstdc+ FIXE Building cross compiler for H8 family fails in libstdc++ (c++17/memory_resource.cc)
108265 gcc libstdc+ FIXE chrono::hh_mm_ss can't be constructed from unsigned durations
104443 gcc libstdc+ FIXE common_iterator<I, S>::operator-> is not correctly implemented
98056 gcc c++ FIXE coroutines: ICE tree check: expected record_type or union_type or qual_union_type, have array_type since r11-2183-g0f66b8486cea8668
107061 gcc target FIXE ENCODEKEY128 clobbers xmm4-xmm6
105433 gcc testsuit FIXE FAIL: gcc.target/i386/iamcu/test_3_element_struct_and_unions.c
105095 gcc testsuit FIXE gcc.dg/vect/complex/fast-math-complex-* tests are not executed
100474 gcc c++ FIXE ICE: in diagnose_trait_expr, at cp/constraint.cc:3706
105854 gcc target FIXE ICE: in extract_constrain_insn, at recog.cc:2692 (insn does not satisfy its constraints: sse2_lshrv1ti3)
104462 gcc target FIXE ICE: in extract_constrain_insn_cached, at recog.cc:2682 with -mavx512fp16 -mno-xsave
106045 gcc libgomp FIXE Incorrect testcase in libgomp.c/target-31.c at -O0
56189 gcc c++ FIXE Infinite recursion with noexcept when instantiating function template
100295 gcc c++ FIXE Internal compiler error from generic lambda capturing parameter pack and expanding it in if constexpr
100613 gcc jit FIXE libgccjit should produce dylib on macOS
104875 gcc libstdc+ FIXE libstdc++-v3/src/c++11/codecvt.cc:312:24: warning: left shift count >= width of type
107471 gcc libstdc+ FIXE mismatching constraints in common_iterator
105284 gcc libstdc+ FIXE missing syncstream and spanstream forward decl. in <iosfwd>
98821 gcc c++ FIXE modules : c++tools configures with CC but code fragments assume CXX.
109846 gcc fortran FIXE Pointer-valued function reference rejected as actual argument
101324 gcc target FIXE powerpc64le: hashst appears before mflr at -O1 or higher
102479 gcc c++ FIXE segfault when deducing class template arguments for tuple with libc++-14
105128 gcc libstdc+ FIXE source_location compile error for latest clang 15
106183 gcc libstdc+ FIXE std::atomic::wait might fail to be unblocked by notify_one/all on platforms without platform_wait()
102994 gcc libstdc+ FIXE std::atomic<ptr>::wait is not marked const
105324 gcc libstdc+ FIXE std::from_chars() assertion at floating_from_chars.cc:78 when parsing 1.11111111....
105375 gcc libstdc+ FIXE std::packaged_task has no deduction guide.
104602 gcc libstdc+ FIXE std::source_location::current uses cast from void*
106808 gcc libstdc+ FIXE std::string_view range concept requirement causes compile error with Boost.Filesystem
105725 gcc c++ FIXE [ICE] segfault with `-Wmismatched-tags`
105920 gcc target FIXE __builtin_cpu_supports ("f16c") should check AVX
Signed-off-by: Sundeep KOKKONDA <sundeep.kokkonda@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/conf/distro/include/maintainers.inc | 2 +-
.../gcc/{gcc-11.3.inc => gcc-11.4.inc} | 6 +-
...ian_11.3.bb => gcc-cross-canadian_11.4.bb} | 0
.../{gcc-cross_11.3.bb => gcc-cross_11.4.bb} | 0
...-crosssdk_11.3.bb => gcc-crosssdk_11.4.bb} | 0
...cc-runtime_11.3.bb => gcc-runtime_11.4.bb} | 0
...itizers_11.3.bb => gcc-sanitizers_11.4.bb} | 0
...{gcc-source_11.3.bb => gcc-source_11.4.bb} | 0
...rch64-Update-Neoverse-N2-core-defini.patch | 20 ++--
...rm-add-armv9-a-architecture-to-march.patch | 54 +++++-----
...AMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch | 102 +++++++++---------
...s-fix-v4bx-to-linker-to-support-EABI.patch | 6 +-
.../gcc/{gcc_11.3.bb => gcc_11.4.bb} | 0
...initial_11.3.bb => libgcc-initial_11.4.bb} | 0
.../gcc/{libgcc_11.3.bb => libgcc_11.4.bb} | 0
...ibgfortran_11.3.bb => libgfortran_11.4.bb} | 0
16 files changed, 93 insertions(+), 97 deletions(-)
rename meta/recipes-devtools/gcc/{gcc-11.3.inc => gcc-11.4.inc} (97%)
rename meta/recipes-devtools/gcc/{gcc-cross-canadian_11.3.bb => gcc-cross-canadian_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-cross_11.3.bb => gcc-cross_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-crosssdk_11.3.bb => gcc-crosssdk_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-runtime_11.3.bb => gcc-runtime_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-sanitizers_11.3.bb => gcc-sanitizers_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-source_11.3.bb => gcc-source_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc_11.3.bb => gcc_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{libgcc-initial_11.3.bb => libgcc-initial_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{libgcc_11.3.bb => libgcc_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{libgfortran_11.3.bb => libgfortran_11.4.bb} (100%)
diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc
index 1d5e070223..bfc14951fe 100644
--- a/meta/conf/distro/include/maintainers.inc
+++ b/meta/conf/distro/include/maintainers.inc
@@ -189,7 +189,7 @@ RECIPE_MAINTAINER:pn-gcc-cross-canadian-${TRANSLATED_TARGET_ARCH} = "Khem Raj <r
RECIPE_MAINTAINER:pn-gcc-crosssdk-${SDK_SYS} = "Khem Raj <raj.khem@gmail.com>"
RECIPE_MAINTAINER:pn-gcc-runtime = "Khem Raj <raj.khem@gmail.com>"
RECIPE_MAINTAINER:pn-gcc-sanitizers = "Khem Raj <raj.khem@gmail.com>"
-RECIPE_MAINTAINER:pn-gcc-source-11.3.0 = "Khem Raj <raj.khem@gmail.com>"
+RECIPE_MAINTAINER:pn-gcc-source-11.4.0 = "Khem Raj <raj.khem@gmail.com>"
RECIPE_MAINTAINER:pn-gconf = "Ross Burton <ross.burton@arm.com>"
RECIPE_MAINTAINER:pn-gcr = "Alexander Kanavin <alex.kanavin@gmail.com>"
RECIPE_MAINTAINER:pn-gdb = "Khem Raj <raj.khem@gmail.com>"
diff --git a/meta/recipes-devtools/gcc/gcc-11.3.inc b/meta/recipes-devtools/gcc/gcc-11.4.inc
similarity index 97%
rename from meta/recipes-devtools/gcc/gcc-11.3.inc
rename to meta/recipes-devtools/gcc/gcc-11.4.inc
index ab2ece3cce..a907661df4 100644
--- a/meta/recipes-devtools/gcc/gcc-11.3.inc
+++ b/meta/recipes-devtools/gcc/gcc-11.4.inc
@@ -2,11 +2,11 @@ require gcc-common.inc
# Third digit in PV should be incremented after a minor release
-PV = "11.3.0"
+PV = "11.4.0"
# BINV should be incremented to a revision after a minor gcc release
-BINV = "11.3.0"
+BINV = "11.4.0"
FILESEXTRAPATHS =. "${FILE_DIRNAME}/gcc:${FILE_DIRNAME}/gcc/backport:"
@@ -70,7 +70,7 @@ SRC_URI = "\
file://0004-arm-add-armv9-a-architecture-to-march.patch \
"
-SRC_URI[sha256sum] = "b47cf2818691f5b1e21df2bb38c795fac2cfbd640ede2d0a5e1c89e338a3ac39"
+SRC_URI[sha256sum] = "3f2db222b007e8a4a23cd5ba56726ef08e8b1f1eb2055ee72c1402cea73a8dd9"
S = "${TMPDIR}/work-shared/gcc-${PV}-${PR}/gcc-${PV}"
diff --git a/meta/recipes-devtools/gcc/gcc-cross-canadian_11.3.bb b/meta/recipes-devtools/gcc/gcc-cross-canadian_11.4.bb
similarity index 100%
rename from meta/recipes-devtools/gcc/gcc-cross-canadian_11.3.bb
rename to meta/recipes-devtools/gcc/gcc-cross-canadian_11.4.bb
diff --git a/meta/recipes-devtools/gcc/gcc-cross_11.3.bb b/meta/recipes-devtools/gcc/gcc-cross_11.4.bb
similarity index 100%
rename from meta/recipes-devtools/gcc/gcc-cross_11.3.bb
rename to meta/recipes-devtools/gcc/gcc-cross_11.4.bb
diff --git a/meta/recipes-devtools/gcc/gcc-crosssdk_11.3.bb b/meta/recipes-devtools/gcc/gcc-crosssdk_11.4.bb
similarity index 100%
rename from meta/recipes-devtools/gcc/gcc-crosssdk_11.3.bb
rename to meta/recipes-devtools/gcc/gcc-crosssdk_11.4.bb
diff --git a/meta/recipes-devtools/gcc/gcc-runtime_11.3.bb b/meta/recipes-devtools/gcc/gcc-runtime_11.4.bb
similarity index 100%
rename from meta/recipes-devtools/gcc/gcc-runtime_11.3.bb
rename to meta/recipes-devtools/gcc/gcc-runtime_11.4.bb
diff --git a/meta/recipes-devtools/gcc/gcc-sanitizers_11.3.bb b/meta/recipes-devtools/gcc/gcc-sanitizers_11.4.bb
similarity index 100%
rename from meta/recipes-devtools/gcc/gcc-sanitizers_11.3.bb
rename to meta/recipes-devtools/gcc/gcc-sanitizers_11.4.bb
diff --git a/meta/recipes-devtools/gcc/gcc-source_11.3.bb b/meta/recipes-devtools/gcc/gcc-source_11.4.bb
similarity index 100%
rename from meta/recipes-devtools/gcc/gcc-source_11.3.bb
rename to meta/recipes-devtools/gcc/gcc-source_11.4.bb
diff --git a/meta/recipes-devtools/gcc/gcc/0001-aarch64-Update-Neoverse-N2-core-defini.patch b/meta/recipes-devtools/gcc/gcc/0001-aarch64-Update-Neoverse-N2-core-defini.patch
index 8429242348..a0c9db72e1 100644
--- a/meta/recipes-devtools/gcc/gcc/0001-aarch64-Update-Neoverse-N2-core-defini.patch
+++ b/meta/recipes-devtools/gcc/gcc/0001-aarch64-Update-Neoverse-N2-core-defini.patch
@@ -19,24 +19,20 @@ diff --git a/gcc/config/aarch64/aarch64-cores.def b/gcc/config/aarch64/aarch64-c
index 4643e0e27..3478e567a 100644
--- a/gcc/config/aarch64/aarch64-cores.def
+++ b/gcc/config/aarch64/aarch64-cores.def
-@@ -145,9 +145,6 @@ AARCH64_CORE("neoverse-512tvb", neoverse512tvb, cortexa57, 8_4A, AARCH64_FL_FOR
- /* Qualcomm ('Q') cores. */
- AARCH64_CORE("saphira", saphira, saphira, 8_4A, AARCH64_FL_FOR_ARCH8_4 | AARCH64_FL_CRYPTO | AARCH64_FL_RCPC, saphira, 0x51, 0xC01, -1)
-
--/* Armv8.5-A Architecture Processors. */
+@@ -147,7 +147,6 @@
+ AARCH64_CORE("saphira", saphira, saphira, 8_4A, AARCH64_FL_FOR_ARCH8_4 | AARCH64_FL_CRYPTO, saphira, 0x51, 0xC01, -1)
+
+ /* Armv8.5-A Architecture Processors. */
-AARCH64_CORE("neoverse-n2", neoversen2, cortexa57, 8_5A, AARCH64_FL_FOR_ARCH8_5 | AARCH64_FL_I8MM | AARCH64_FL_BF16 | AARCH64_FL_F16 | AARCH64_FL_SVE | AARCH64_FL_SVE2 | AARCH64_FL_SVE2_BITPERM | AARCH64_FL_RNG | AARCH64_FL_MEMTAG, neoversen2, 0x41, 0xd49, -1)
--
+ AARCH64_CORE("neoverse-v2", neoversev2, cortexa57, 8_5A, AARCH64_FL_FOR_ARCH8_5 | AARCH64_FL_I8MM | AARCH64_FL_BF16 | AARCH64_FL_F16 | AARCH64_FL_SVE | AARCH64_FL_SVE2 | AARCH64_FL_SVE2_BITPERM | AARCH64_FL_RNG | AARCH64_FL_MEMTAG, neoverse512tvb, 0x41, 0xd4f, -1)
+
/* ARMv8-A big.LITTLE implementations. */
-
- AARCH64_CORE("cortex-a57.cortex-a53", cortexa57cortexa53, cortexa53, 8A, AARCH64_FL_FOR_ARCH8 | AARCH64_FL_CRC, cortexa57, 0x41, AARCH64_BIG_LITTLE (0xd07, 0xd03), -1)
-@@ -163,4 +160,7 @@ AARCH64_CORE("cortex-a76.cortex-a55", cortexa76cortexa55, cortexa53, 8_2A, AAR
+@@ -165,4 +164,7 @@
/* Armv8-R Architecture Processors. */
AARCH64_CORE("cortex-r82", cortexr82, cortexa53, 8R, AARCH64_FL_FOR_ARCH8_R, cortexa53, 0x41, 0xd15, -1)
-
+
+/* Armv9-A Architecture Processors. */
+AARCH64_CORE("neoverse-n2", neoversen2, cortexa57, 9A, AARCH64_FL_FOR_ARCH9 | AARCH64_FL_I8MM | AARCH64_FL_BF16 | AARCH64_FL_SVE2_BITPERM | AARCH64_FL_RNG | AARCH64_FL_MEMTAG | AARCH64_FL_PROFILE, neoversen2, 0x41, 0xd49, -1)
+
#undef AARCH64_CORE
---
-2.32.0
diff --git a/meta/recipes-devtools/gcc/gcc/0004-arm-add-armv9-a-architecture-to-march.patch b/meta/recipes-devtools/gcc/gcc/0004-arm-add-armv9-a-architecture-to-march.patch
index 864c8b3017..b9b0988d5a 100644
--- a/meta/recipes-devtools/gcc/gcc/0004-arm-add-armv9-a-architecture-to-march.patch
+++ b/meta/recipes-devtools/gcc/gcc/0004-arm-add-armv9-a-architecture-to-march.patch
@@ -43,10 +43,10 @@ Signed-off-by: Ruiqiang Hao <Ruiqiang.Hao@windriver.com>
gcc/testsuite/lib/target-supports.exp | 3 ++-
9 files changed, 79 insertions(+), 8 deletions(-)
-Index: gcc-11.3.0/gcc/config/arm/arm-cpus.in
+Index: gcc/gcc/config/arm/arm-cpus.in
===================================================================
---- gcc-11.3.0.orig/gcc/config/arm/arm-cpus.in
-+++ gcc-11.3.0/gcc/config/arm/arm-cpus.in
+--- a/gcc/config/arm/arm-cpus.in
++++ b/gcc/config/arm/arm-cpus.in
@@ -132,6 +132,9 @@ define feature cmse
# Architecture rel 8.1-M.
define feature armv8_1m_main
@@ -87,10 +87,10 @@ Index: gcc-11.3.0/gcc/config/arm/arm-cpus.in
begin arch iwmmxt
tune for iwmmxt
tune flags LDSCHED STRONG XSCALE
-Index: gcc-11.3.0/gcc/config/arm/arm-tables.opt
+Index: gcc/gcc/config/arm/arm-tables.opt
===================================================================
---- gcc-11.3.0.orig/gcc/config/arm/arm-tables.opt
-+++ gcc-11.3.0/gcc/config/arm/arm-tables.opt
+--- a/gcc/config/arm/arm-tables.opt
++++ b/gcc/config/arm/arm-tables.opt
@@ -380,10 +380,13 @@ EnumValue
Enum(arm_arch) String(armv8.1-m.main) Value(30)
@@ -107,10 +107,10 @@ Index: gcc-11.3.0/gcc/config/arm/arm-tables.opt
Enum
Name(arm_fpu) Type(enum fpu_type)
-Index: gcc-11.3.0/gcc/config/arm/arm.h
+Index: gcc/gcc/config/arm/arm.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/arm/arm.h
-+++ gcc-11.3.0/gcc/config/arm/arm.h
+--- a/gcc/config/arm/arm.h
++++ b/gcc/config/arm/arm.h
@@ -456,7 +456,8 @@ enum base_architecture
BASE_ARCH_8A = 8,
BASE_ARCH_8M_BASE = 8,
@@ -121,10 +121,10 @@ Index: gcc-11.3.0/gcc/config/arm/arm.h
};
/* The major revision number of the ARM Architecture implemented by the target. */
-Index: gcc-11.3.0/gcc/config/arm/t-aprofile
+Index: gcc/gcc/config/arm/t-aprofile
===================================================================
---- gcc-11.3.0.orig/gcc/config/arm/t-aprofile
-+++ gcc-11.3.0/gcc/config/arm/t-aprofile
+--- a/gcc/config/arm/t-aprofile
++++ b/gcc/config/arm/t-aprofile
@@ -26,8 +26,8 @@
# Arch and FPU variants to build libraries with
@@ -180,10 +180,10 @@ Index: gcc-11.3.0/gcc/config/arm/t-aprofile
- $(foreach ARCH, armv7-a armv8-a, \
+ $(foreach ARCH, armv7-a armv8-a armv9-a, \
mthumb/march.$(ARCH)/mfloat-abi.soft=m$(MODE)/march.$(ARCH)/mfloat-abi.softfp))
-Index: gcc-11.3.0/gcc/config/arm/t-arm-elf
+Index: gcc/gcc/config/arm/t-arm-elf
===================================================================
---- gcc-11.3.0.orig/gcc/config/arm/t-arm-elf
-+++ gcc-11.3.0/gcc/config/arm/t-arm-elf
+--- a/gcc/config/arm/t-arm-elf
++++ b/gcc/config/arm/t-arm-elf
@@ -38,6 +38,8 @@ v7ve_fps := vfpv3-d16 vfpv3 vfpv3-d16-fp
# it seems to work ok.
v8_fps := simd fp16 crypto fp16+crypto dotprod fp16fml
@@ -214,10 +214,10 @@ Index: gcc-11.3.0/gcc/config/arm/t-arm-elf
MULTILIB_MATCHES += $(foreach ARCH, armv7e-m armv8-m.mainline, \
march?armv7+fp=march?$(ARCH)+fp.dp)
-Index: gcc-11.3.0/gcc/config/arm/t-multilib
+Index: gcc/gcc/config/arm/t-multilib
===================================================================
---- gcc-11.3.0.orig/gcc/config/arm/t-multilib
-+++ gcc-11.3.0/gcc/config/arm/t-multilib
+--- a/gcc/config/arm/t-multilib
++++ b/gcc/config/arm/t-multilib
@@ -78,6 +78,8 @@ v8_4_a_simd_variants := $(call all_feat_
v8_5_a_simd_variants := $(call all_feat_combs, simd fp16 crypto i8mm bf16)
v8_6_a_simd_variants := $(call all_feat_combs, simd fp16 crypto i8mm bf16)
@@ -244,10 +244,10 @@ Index: gcc-11.3.0/gcc/config/arm/t-multilib
endif # Not APROFILE.
# Use Thumb libraries for everything.
-Index: gcc-11.3.0/gcc/doc/invoke.texi
+Index: gcc/gcc/doc/invoke.texi
===================================================================
---- gcc-11.3.0.orig/gcc/doc/invoke.texi
-+++ gcc-11.3.0/gcc/doc/invoke.texi
+--- a/gcc/doc/invoke.texi
++++ b/gcc/doc/invoke.texi
@@ -19701,6 +19701,7 @@ Permissible names are:
@samp{armv7-m}, @samp{armv7e-m},
@samp{armv8-m.base}, @samp{armv8-m.main},
@@ -256,10 +256,10 @@ Index: gcc-11.3.0/gcc/doc/invoke.texi
@samp{iwmmxt} and @samp{iwmmxt2}.
Additionally, the following architectures, which lack support for the
-Index: gcc-11.3.0/gcc/testsuite/gcc.target/arm/multilib.exp
+Index: gcc/gcc/testsuite/gcc.target/arm/multilib.exp
===================================================================
---- gcc-11.3.0.orig/gcc/testsuite/gcc.target/arm/multilib.exp
-+++ gcc-11.3.0/gcc/testsuite/gcc.target/arm/multilib.exp
+--- a/gcc/testsuite/gcc.target/arm/multilib.exp
++++ b/gcc/testsuite/gcc.target/arm/multilib.exp
@@ -135,6 +135,14 @@ if {[multilib_config "aprofile"] } {
{-march=armv8.6-a+simd+fp16 -mfloat-abi=softfp} "thumb/v8-a+simd/softfp"
{-march=armv8.6-a+simd+fp16+nofp -mfloat-abi=softfp} "thumb/v8-a/nofp"
@@ -275,10 +275,10 @@ Index: gcc-11.3.0/gcc/testsuite/gcc.target/arm/multilib.exp
{-mcpu=cortex-a53+crypto -mfloat-abi=hard} "thumb/v8-a+simd/hard"
{-mcpu=cortex-a53+nofp -mfloat-abi=softfp} "thumb/v8-a/nofp"
{-march=armv8-a+crc -mfloat-abi=hard -mfpu=vfp} "thumb/v8-a+simd/hard"
-Index: gcc-11.3.0/gcc/testsuite/lib/target-supports.exp
+Index: gcc/gcc/testsuite/lib/target-supports.exp
===================================================================
---- gcc-11.3.0.orig/gcc/testsuite/lib/target-supports.exp
-+++ gcc-11.3.0/gcc/testsuite/lib/target-supports.exp
+--- a/gcc/testsuite/lib/target-supports.exp
++++ b/gcc/testsuite/lib/target-supports.exp
@@ -4820,7 +4820,8 @@ foreach { armfunc armflag armdefs } {
v8m_base "-march=armv8-m.base -mthumb -mfloat-abi=soft"
__ARM_ARCH_8M_BASE__
diff --git a/meta/recipes-devtools/gcc/gcc/0006-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch b/meta/recipes-devtools/gcc/gcc/0006-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch
index b3515c9734..ece5873258 100644
--- a/meta/recipes-devtools/gcc/gcc/0006-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch
+++ b/meta/recipes-devtools/gcc/gcc/0006-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch
@@ -39,10 +39,10 @@ Signed-off-by: Pavel Zhukov <pavel@zhukoff.net>
gcc/config/sparc/linux64.h | 4 ++--
17 files changed, 53 insertions(+), 58 deletions(-)
-Index: gcc-11.3.0/gcc/config/aarch64/aarch64-linux.h
+Index: gcc/gcc/config/aarch64/aarch64-linux.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/aarch64/aarch64-linux.h
-+++ gcc-11.3.0/gcc/config/aarch64/aarch64-linux.h
+--- a/gcc/config/aarch64/aarch64-linux.h
++++ b/gcc/config/aarch64/aarch64-linux.h
@@ -21,10 +21,10 @@
#ifndef GCC_AARCH64_LINUX_H
#define GCC_AARCH64_LINUX_H
@@ -56,10 +56,10 @@ Index: gcc-11.3.0/gcc/config/aarch64/aarch64-linux.h
#undef ASAN_CC1_SPEC
#define ASAN_CC1_SPEC "%{%:sanitize(address):-funwind-tables}"
-Index: gcc-11.3.0/gcc/config/alpha/linux-elf.h
+Index: gcc/gcc/config/alpha/linux-elf.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/alpha/linux-elf.h
-+++ gcc-11.3.0/gcc/config/alpha/linux-elf.h
+--- a/gcc/config/alpha/linux-elf.h
++++ b/gcc/config/alpha/linux-elf.h
@@ -23,8 +23,8 @@ along with GCC; see the file COPYING3.
#define EXTRA_SPECS \
{ "elf_dynamic_linker", ELF_DYNAMIC_LINKER },
@@ -71,10 +71,10 @@ Index: gcc-11.3.0/gcc/config/alpha/linux-elf.h
#if DEFAULT_LIBC == LIBC_UCLIBC
#define CHOOSE_DYNAMIC_LINKER(G, U) "%{mglibc:" G ";:" U "}"
#elif DEFAULT_LIBC == LIBC_GLIBC
-Index: gcc-11.3.0/gcc/config/arm/linux-eabi.h
+Index: gcc/gcc/config/arm/linux-eabi.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/arm/linux-eabi.h
-+++ gcc-11.3.0/gcc/config/arm/linux-eabi.h
+--- a/gcc/config/arm/linux-eabi.h
++++ b/gcc/config/arm/linux-eabi.h
@@ -65,8 +65,8 @@
GLIBC_DYNAMIC_LINKER_DEFAULT and TARGET_DEFAULT_FLOAT_ABI. */
@@ -95,10 +95,10 @@ Index: gcc-11.3.0/gcc/config/arm/linux-eabi.h
/* At this point, bpabi.h will have clobbered LINK_SPEC. We want to
use the GNU/Linux version, not the generic BPABI version. */
-Index: gcc-11.3.0/gcc/config/arm/linux-elf.h
+Index: gcc/gcc/config/arm/linux-elf.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/arm/linux-elf.h
-+++ gcc-11.3.0/gcc/config/arm/linux-elf.h
+--- a/gcc/config/arm/linux-elf.h
++++ b/gcc/config/arm/linux-elf.h
@@ -60,7 +60,7 @@
#define LIBGCC_SPEC "%{mfloat-abi=soft*:-lfloat} -lgcc"
@@ -108,10 +108,10 @@ Index: gcc-11.3.0/gcc/config/arm/linux-elf.h
#define LINUX_TARGET_LINK_SPEC "%{h*} \
%{static:-Bstatic} \
-Index: gcc-11.3.0/gcc/config/i386/linux.h
+Index: gcc/gcc/config/i386/linux.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/i386/linux.h
-+++ gcc-11.3.0/gcc/config/i386/linux.h
+--- a/gcc/config/i386/linux.h
++++ b/gcc/config/i386/linux.h
@@ -20,7 +20,7 @@ along with GCC; see the file COPYING3.
<http://www.gnu.org/licenses/>. */
@@ -122,10 +122,10 @@ Index: gcc-11.3.0/gcc/config/i386/linux.h
#undef MUSL_DYNAMIC_LINKER
-#define MUSL_DYNAMIC_LINKER "/lib/ld-musl-i386.so.1"
+#define MUSL_DYNAMIC_LINKER SYSTEMLIBS_DIR "ld-musl-i386.so.1"
-Index: gcc-11.3.0/gcc/config/i386/linux64.h
+Index: gcc/gcc/config/i386/linux64.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/i386/linux64.h
-+++ gcc-11.3.0/gcc/config/i386/linux64.h
+--- a/gcc/config/i386/linux64.h
++++ b/gcc/config/i386/linux64.h
@@ -27,13 +27,13 @@ see the files COPYING3 and COPYING.RUNTI
#define GNU_USER_LINK_EMULATION64 "elf_x86_64"
#define GNU_USER_LINK_EMULATIONX32 "elf32_x86_64"
@@ -146,10 +146,10 @@ Index: gcc-11.3.0/gcc/config/i386/linux64.h
#undef MUSL_DYNAMIC_LINKERX32
-#define MUSL_DYNAMIC_LINKERX32 "/lib/ld-musl-x32.so.1"
+#define MUSL_DYNAMIC_LINKERX32 SYSTEMLIBS_DIR "ld-musl-x32.so.1"
-Index: gcc-11.3.0/gcc/config/linux.h
+Index: gcc/gcc/config/linux.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/linux.h
-+++ gcc-11.3.0/gcc/config/linux.h
+--- a/gcc/config/linux.h
++++ b/gcc/config/linux.h
@@ -94,10 +94,10 @@ see the files COPYING3 and COPYING.RUNTI
GLIBC_DYNAMIC_LINKER must be defined for each target using them, or
GLIBC_DYNAMIC_LINKER32 and GLIBC_DYNAMIC_LINKER64 for targets
@@ -165,10 +165,10 @@ Index: gcc-11.3.0/gcc/config/linux.h
#define BIONIC_DYNAMIC_LINKER "/system/bin/linker"
#define BIONIC_DYNAMIC_LINKER32 "/system/bin/linker"
#define BIONIC_DYNAMIC_LINKER64 "/system/bin/linker64"
-Index: gcc-11.3.0/gcc/config/microblaze/linux.h
+Index: gcc/gcc/config/microblaze/linux.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/microblaze/linux.h
-+++ gcc-11.3.0/gcc/config/microblaze/linux.h
+--- a/gcc/config/microblaze/linux.h
++++ b/gcc/config/microblaze/linux.h
@@ -28,7 +28,7 @@
#undef TLS_NEEDS_GOT
#define TLS_NEEDS_GOT 1
@@ -187,10 +187,10 @@ Index: gcc-11.3.0/gcc/config/microblaze/linux.h
#undef SUBTARGET_EXTRA_SPECS
#define SUBTARGET_EXTRA_SPECS \
-Index: gcc-11.3.0/gcc/config/mips/linux.h
+Index: gcc/gcc/config/mips/linux.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/mips/linux.h
-+++ gcc-11.3.0/gcc/config/mips/linux.h
+--- a/gcc/config/mips/linux.h
++++ b/gcc/config/mips/linux.h
@@ -22,29 +22,29 @@ along with GCC; see the file COPYING3.
#define GNU_USER_LINK_EMULATIONN32 "elf32%{EB:b}%{EL:l}tsmipn32"
@@ -230,10 +230,10 @@ Index: gcc-11.3.0/gcc/config/mips/linux.h
#define BIONIC_DYNAMIC_LINKERN32 "/system/bin/linker32"
#define GNU_USER_DYNAMIC_LINKERN32 \
-Index: gcc-11.3.0/gcc/config/nios2/linux.h
+Index: gcc/gcc/config/nios2/linux.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/nios2/linux.h
-+++ gcc-11.3.0/gcc/config/nios2/linux.h
+--- a/gcc/config/nios2/linux.h
++++ b/gcc/config/nios2/linux.h
@@ -29,7 +29,7 @@
#undef CPP_SPEC
#define CPP_SPEC "%{posix:-D_POSIX_SOURCE} %{pthread:-D_REENTRANT}"
@@ -243,10 +243,10 @@ Index: gcc-11.3.0/gcc/config/nios2/linux.h
#undef LINK_SPEC
#define LINK_SPEC LINK_SPEC_ENDIAN \
-Index: gcc-11.3.0/gcc/config/riscv/linux.h
+Index: gcc/gcc/config/riscv/linux.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/riscv/linux.h
-+++ gcc-11.3.0/gcc/config/riscv/linux.h
+--- a/gcc/config/riscv/linux.h
++++ b/gcc/config/riscv/linux.h
@@ -22,7 +22,7 @@ along with GCC; see the file COPYING3.
GNU_USER_TARGET_OS_CPP_BUILTINS(); \
} while (0)
@@ -265,10 +265,10 @@ Index: gcc-11.3.0/gcc/config/riscv/linux.h
/* Because RISC-V only has word-sized atomics, it requries libatomic where
others do not. So link libatomic by default, as needed. */
-Index: gcc-11.3.0/gcc/config/rs6000/linux64.h
+Index: gcc/gcc/config/rs6000/linux64.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/rs6000/linux64.h
-+++ gcc-11.3.0/gcc/config/rs6000/linux64.h
+--- a/gcc/config/rs6000/linux64.h
++++ b/gcc/config/rs6000/linux64.h
@@ -336,24 +336,19 @@ extern int dot_symbols;
#undef LINK_OS_DEFAULT_SPEC
#define LINK_OS_DEFAULT_SPEC "%(link_os_linux)"
@@ -299,10 +299,10 @@ Index: gcc-11.3.0/gcc/config/rs6000/linux64.h
#undef DEFAULT_ASM_ENDIAN
#if (TARGET_DEFAULT & MASK_LITTLE_ENDIAN)
-Index: gcc-11.3.0/gcc/config/rs6000/sysv4.h
+Index: gcc/gcc/config/rs6000/sysv4.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/rs6000/sysv4.h
-+++ gcc-11.3.0/gcc/config/rs6000/sysv4.h
+--- a/gcc/config/rs6000/sysv4.h
++++ b/gcc/config/rs6000/sysv4.h
@@ -780,10 +780,10 @@ GNU_USER_TARGET_CC1_SPEC
#define MUSL_DYNAMIC_LINKER_E ENDIAN_SELECT("","le","")
@@ -316,10 +316,10 @@ Index: gcc-11.3.0/gcc/config/rs6000/sysv4.h
#ifndef GNU_USER_DYNAMIC_LINKER
#define GNU_USER_DYNAMIC_LINKER GLIBC_DYNAMIC_LINKER
-Index: gcc-11.3.0/gcc/config/s390/linux.h
+Index: gcc/gcc/config/s390/linux.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/s390/linux.h
-+++ gcc-11.3.0/gcc/config/s390/linux.h
+--- a/gcc/config/s390/linux.h
++++ b/gcc/config/s390/linux.h
@@ -72,13 +72,13 @@ along with GCC; see the file COPYING3.
#define MULTILIB_DEFAULTS { "m31" }
#endif
@@ -338,10 +338,10 @@ Index: gcc-11.3.0/gcc/config/s390/linux.h
#undef LINK_SPEC
#define LINK_SPEC \
-Index: gcc-11.3.0/gcc/config/sh/linux.h
+Index: gcc/gcc/config/sh/linux.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/sh/linux.h
-+++ gcc-11.3.0/gcc/config/sh/linux.h
+--- a/gcc/config/sh/linux.h
++++ b/gcc/config/sh/linux.h
@@ -61,10 +61,10 @@ along with GCC; see the file COPYING3.
#undef MUSL_DYNAMIC_LINKER
@@ -355,10 +355,10 @@ Index: gcc-11.3.0/gcc/config/sh/linux.h
#undef SUBTARGET_LINK_EMUL_SUFFIX
#define SUBTARGET_LINK_EMUL_SUFFIX "%{mfdpic:_fd;:_linux}"
-Index: gcc-11.3.0/gcc/config/sparc/linux.h
+Index: gcc/gcc/config/sparc/linux.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/sparc/linux.h
-+++ gcc-11.3.0/gcc/config/sparc/linux.h
+--- a/gcc/config/sparc/linux.h
++++ b/gcc/config/sparc/linux.h
@@ -78,7 +78,7 @@ extern const char *host_detect_local_cpu
When the -shared link option is used a final link is not being
done. */
@@ -368,10 +368,10 @@ Index: gcc-11.3.0/gcc/config/sparc/linux.h
#undef LINK_SPEC
#define LINK_SPEC "-m elf32_sparc %{shared:-shared} \
-Index: gcc-11.3.0/gcc/config/sparc/linux64.h
+Index: gcc/gcc/config/sparc/linux64.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/sparc/linux64.h
-+++ gcc-11.3.0/gcc/config/sparc/linux64.h
+--- a/gcc/config/sparc/linux64.h
++++ b/gcc/config/sparc/linux64.h
@@ -78,8 +78,8 @@ along with GCC; see the file COPYING3.
When the -shared link option is used a final link is not being
done. */
diff --git a/meta/recipes-devtools/gcc/gcc/0009-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch b/meta/recipes-devtools/gcc/gcc/0009-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch
index 0f94936140..1ec942e977 100644
--- a/meta/recipes-devtools/gcc/gcc/0009-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch
+++ b/meta/recipes-devtools/gcc/gcc/0009-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch
@@ -18,10 +18,10 @@ Upstream-Status: Pending
gcc/config/arm/linux-eabi.h | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
-Index: gcc-11.3.0/gcc/config/arm/linux-eabi.h
+Index: gcc/gcc/config/arm/linux-eabi.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/arm/linux-eabi.h
-+++ gcc-11.3.0/gcc/config/arm/linux-eabi.h
+--- a/gcc/config/arm/linux-eabi.h
++++ b/gcc/config/arm/linux-eabi.h
@@ -91,10 +91,14 @@
#define MUSL_DYNAMIC_LINKER \
SYSTEMLIBS_DIR "ld-musl-arm" MUSL_DYNAMIC_LINKER_E "%{mfloat-abi=hard:hf}%{mfdpic:-fdpic}.so.1"
diff --git a/meta/recipes-devtools/gcc/gcc_11.3.bb b/meta/recipes-devtools/gcc/gcc_11.4.bb
similarity index 100%
rename from meta/recipes-devtools/gcc/gcc_11.3.bb
rename to meta/recipes-devtools/gcc/gcc_11.4.bb
diff --git a/meta/recipes-devtools/gcc/libgcc-initial_11.3.bb b/meta/recipes-devtools/gcc/libgcc-initial_11.4.bb
similarity index 100%
rename from meta/recipes-devtools/gcc/libgcc-initial_11.3.bb
rename to meta/recipes-devtools/gcc/libgcc-initial_11.4.bb
diff --git a/meta/recipes-devtools/gcc/libgcc_11.3.bb b/meta/recipes-devtools/gcc/libgcc_11.4.bb
similarity index 100%
rename from meta/recipes-devtools/gcc/libgcc_11.3.bb
rename to meta/recipes-devtools/gcc/libgcc_11.4.bb
diff --git a/meta/recipes-devtools/gcc/libgfortran_11.3.bb b/meta/recipes-devtools/gcc/libgfortran_11.4.bb
similarity index 100%
rename from meta/recipes-devtools/gcc/libgfortran_11.3.bb
rename to meta/recipes-devtools/gcc/libgfortran_11.4.bb
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 15/30] libxcrypt: fix build with perl-5.38 and use master branch
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (13 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 14/30] gcc : upgrade to v11.4 Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 16/30] kernel: add missing path to search for debug files Steve Sakoman
` (15 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Martin Jansa <martin.jansa@gmail.com>
* fixes do_configure failure:
checking whether all ucontext.h functions are available... yes
when is deprecated at libxcrypt/4.4.30-r0/git/build-aux/scripts/BuildCommon.pm line 522.
Compilation failed in require at ../git/build-aux/scripts/expand-selected-hashes line 28.
BEGIN failed--compilation aborted at ../git/build-aux/scripts/expand-selected-hashes line 28.
configure: error: bad value 'all' for --enable-hashes
NOTE: The following config.log files may provide further information.
* with this patch backported it works OK:
libxcrypt/4.4.30-r0/git $ perl build-aux/scripts/expand-selected-hashes
usage: expand-selected-hashes hashes.conf names,of,selected,hashes
* similarly do_compile failure:
../git/build-aux/scripts/move-if-change crypt-hashes.h.T crypt-hashes.h
../git/build-aux/scripts/move-if-change crypt-symbol-vers.h.T crypt-symbol-vers.h
given is deprecated at ../git/build-aux/scripts/gen-crypt-h line 41.
Makefile:3818: Makefile.deps: No such file or directory
make: *** [Makefile:3715: crypt.h.stamp] Error 255
* also use master branch instead of develop, the SRCREV exists in both
but stable metadata branches should track stable component branches
libxcrypt/4.4.30-r0/git $ git branch -a --contains d7fe1ac04c326dba7e0440868889d1dccb41a175 | tee
* develop
remotes/origin/HEAD -> origin/develop
remotes/origin/develop
remotes/origin/master
and oe-core master also uses master SRCBRANCH since:
https://git.openembedded.org/openembedded-core/commit/?id=d18e89bd2b46c6e266cc39dbe9fdb6c032f5f1fe
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...ommon.pm-compatible-with-latest-perl.patch | 50 +++++++++++++++
...ve-smartmatch-usage-from-gen-crypt-h.patch | 62 +++++++++++++++++++
meta/recipes-core/libxcrypt/libxcrypt.inc | 7 ++-
3 files changed, 117 insertions(+), 2 deletions(-)
create mode 100644 meta/recipes-core/libxcrypt/files/0001-Make-BuildCommon.pm-compatible-with-latest-perl.patch
create mode 100644 meta/recipes-core/libxcrypt/files/0002-Remove-smartmatch-usage-from-gen-crypt-h.patch
diff --git a/meta/recipes-core/libxcrypt/files/0001-Make-BuildCommon.pm-compatible-with-latest-perl.patch b/meta/recipes-core/libxcrypt/files/0001-Make-BuildCommon.pm-compatible-with-latest-perl.patch
new file mode 100644
index 0000000000..b3e43d5815
--- /dev/null
+++ b/meta/recipes-core/libxcrypt/files/0001-Make-BuildCommon.pm-compatible-with-latest-perl.patch
@@ -0,0 +1,50 @@
+From c3ec04f1aee68970b82e4b033bee1477e76798f9 Mon Sep 17 00:00:00 2001
+From: Leon Timmermans <fawaka@gmail.com>
+Date: Tue, 6 Jun 2023 17:03:57 +0200
+Subject: [PATCH] Make BuildCommon.pm compatible with latest perl
+
+It was previously using an experimental feature that has since been dropped.
+This removes the use of that feature.
+
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+Upstream-Status: Backport [v4.4.35 https://github.com/besser82/libxcrypt/commit/ce562f4d33dc090fcd8f6ea1af3ba32cdc2b3c9c]
+---
+ build-aux/scripts/BuildCommon.pm | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/build-aux/scripts/BuildCommon.pm b/build-aux/scripts/BuildCommon.pm
+index 0e6f2a3..c38ba21 100644
+--- a/build-aux/scripts/BuildCommon.pm
++++ b/build-aux/scripts/BuildCommon.pm
+@@ -11,7 +11,6 @@ use v5.14; # implicit use strict, use feature ':5.14'
+ use warnings FATAL => 'all';
+ use utf8;
+ use open qw(:utf8);
+-no if $] >= 5.018, warnings => 'experimental::smartmatch';
+ no if $] >= 5.022, warnings => 'experimental::re_strict';
+ use if $] >= 5.022, re => 'strict';
+
+@@ -519,19 +518,19 @@ sub parse_symver_args {
+ my $COMPAT_ABI;
+ local $_;
+ for (@args) {
+- when (/^SYMVER_MIN=(.+)$/) {
++ if (/^SYMVER_MIN=(.+)$/) {
+ $usage_error->() if defined $SYMVER_MIN;
+ $SYMVER_MIN = $1;
+ }
+- when (/^SYMVER_FLOOR=(.+)$/) {
++ elsif (/^SYMVER_FLOOR=(.+)$/) {
+ $usage_error->() if defined $SYMVER_FLOOR;
+ $SYMVER_FLOOR = $1;
+ }
+- when (/^COMPAT_ABI=(.+)$/) {
++ elsif (/^COMPAT_ABI=(.+)$/) {
+ $usage_error->() if defined $COMPAT_ABI;
+ $COMPAT_ABI = $1;
+ }
+- default {
++ else {
+ $usage_error->() if defined $map_in;
+ $map_in = $_;
+ }
diff --git a/meta/recipes-core/libxcrypt/files/0002-Remove-smartmatch-usage-from-gen-crypt-h.patch b/meta/recipes-core/libxcrypt/files/0002-Remove-smartmatch-usage-from-gen-crypt-h.patch
new file mode 100644
index 0000000000..603f52f792
--- /dev/null
+++ b/meta/recipes-core/libxcrypt/files/0002-Remove-smartmatch-usage-from-gen-crypt-h.patch
@@ -0,0 +1,62 @@
+From 95d6e03ae37f4ec948474d111105bbdd2938aba2 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Andreas=20K=2E=20H=C3=BCttel?= <dilfridge@gentoo.org>
+Date: Sun, 25 Jun 2023 01:35:08 +0200
+Subject: [PATCH] Remove smartmatch usage from gen-crypt-h
+
+Needed for Perl 5.38
+
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+Upstream-Status: Backport [v4.4.36 https://github.com/besser82/libxcrypt/commit/95d6e03ae37f4ec948474d111105bbdd2938aba2]
+---
+ build-aux/scripts/gen-crypt-h | 31 ++++++++++++++-----------------
+ 1 file changed, 14 insertions(+), 17 deletions(-)
+
+diff --git a/build-aux/scripts/gen-crypt-h b/build-aux/scripts/gen-crypt-h
+index 12aecf6..b113b79 100644
+--- a/build-aux/scripts/gen-crypt-h
++++ b/build-aux/scripts/gen-crypt-h
+@@ -12,7 +12,6 @@ use v5.14; # implicit use strict, use feature ':5.14'
+ use warnings FATAL => 'all';
+ use utf8;
+ use open qw(:std :utf8);
+-no if $] >= 5.018, warnings => 'experimental::smartmatch';
+ no if $] >= 5.022, warnings => 'experimental::re_strict';
+ use if $] >= 5.022, re => 'strict';
+
+@@ -37,22 +36,20 @@ sub process_config_h {
+ local $_;
+ while (<$fh>) {
+ chomp;
+- # Yes, 'given $_' is really required here.
+- given ($_) {
+- when ('#define HAVE_SYS_CDEFS_H 1') {
+- $have_sys_cdefs_h = 1;
+- }
+- when ('#define HAVE_SYS_CDEFS_BEGIN_END_DECLS 1') {
+- $have_sys_cdefs_begin_end_decls = 1;
+- }
+- when ('#define HAVE_SYS_CDEFS_THROW 1') {
+- $have_sys_cdefs_throw = 1;
+- }
+- when (/^#define PACKAGE_VERSION "((\d+)\.(\d+)\.\d+)"$/) {
+- $substs{XCRYPT_VERSION_STR} = $1;
+- $substs{XCRYPT_VERSION_MAJOR} = $2;
+- $substs{XCRYPT_VERSION_MINOR} = $3;
+- }
++
++ if ($_ eq '#define HAVE_SYS_CDEFS_H 1') {
++ $have_sys_cdefs_h = 1;
++ }
++ elsif ($_ eq '#define HAVE_SYS_CDEFS_BEGIN_END_DECLS 1') {
++ $have_sys_cdefs_begin_end_decls = 1;
++ }
++ elsif ($_ eq '#define HAVE_SYS_CDEFS_THROW 1') {
++ $have_sys_cdefs_throw = 1;
++ }
++ elsif (/^#define PACKAGE_VERSION "((\d+)\.(\d+)\.\d+)"$/) {
++ $substs{XCRYPT_VERSION_STR} = $1;
++ $substs{XCRYPT_VERSION_MAJOR} = $2;
++ $substs{XCRYPT_VERSION_MINOR} = $3;
+ }
+ }
+
diff --git a/meta/recipes-core/libxcrypt/libxcrypt.inc b/meta/recipes-core/libxcrypt/libxcrypt.inc
index 454a55d73d..342cbd0d06 100644
--- a/meta/recipes-core/libxcrypt/libxcrypt.inc
+++ b/meta/recipes-core/libxcrypt/libxcrypt.inc
@@ -11,9 +11,12 @@ inherit autotools pkgconfig
SRC_URI = "git://github.com/besser82/libxcrypt.git;branch=${SRCBRANCH};protocol=https"
SRCREV = "d7fe1ac04c326dba7e0440868889d1dccb41a175"
-SRCBRANCH ?= "develop"
+SRCBRANCH ?= "master"
-SRC_URI += "file://fix_cflags_handling.patch"
+SRC_URI += "file://fix_cflags_handling.patch \
+ file://0001-Make-BuildCommon.pm-compatible-with-latest-perl.patch \
+ file://0002-Remove-smartmatch-usage-from-gen-crypt-h.patch \
+"
PROVIDES = "virtual/crypt"
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 16/30] kernel: add missing path to search for debug files
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (14 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 15/30] libxcrypt: fix build with perl-5.38 and use master branch Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 17/30] recipetool: Fix inherit in created -native* recipes Steve Sakoman
` (14 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Andrej Valek <andrej.valek@siemens.com>
Since explicit debug package creation via ${KERNEL_PACKAGE_NAME}-dbg has
been added to kernel, it has to cover all PACKAGE_DEBUG_SPLIT_STYLE
options. For ex. when the variable "debug-file-directory" package search
path has to be set explicitly, otherwise it will not find any files.
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9c39da147683dcaaa244b3ddc4531c4408ad5c9e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/kernel.bbclass | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/classes/kernel.bbclass b/meta/classes/kernel.bbclass
index fc48737869..a82e4cf942 100644
--- a/meta/classes/kernel.bbclass
+++ b/meta/classes/kernel.bbclass
@@ -672,6 +672,7 @@ FILES:${KERNEL_PACKAGE_NAME}-image = ""
FILES:${KERNEL_PACKAGE_NAME}-dev = "/${KERNEL_IMAGEDEST}/System.map* /${KERNEL_IMAGEDEST}/Module.symvers* /${KERNEL_IMAGEDEST}/config* ${KERNEL_SRC_PATH} ${nonarch_base_libdir}/modules/${KERNEL_VERSION}/build"
FILES:${KERNEL_PACKAGE_NAME}-vmlinux = "/${KERNEL_IMAGEDEST}/vmlinux-${KERNEL_VERSION_NAME}"
FILES:${KERNEL_PACKAGE_NAME}-modules = ""
+FILES:${KERNEL_PACKAGE_NAME}-dbg = "/usr/lib/debug /usr/src/debug"
RDEPENDS:${KERNEL_PACKAGE_NAME} = "${KERNEL_PACKAGE_NAME}-base (= ${EXTENDPKGV})"
# Allow machines to override this dependency if kernel image files are
# not wanted in images as standard
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 17/30] recipetool: Fix inherit in created -native* recipes
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (15 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 16/30] kernel: add missing path to search for debug files Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 18/30] systemd-systemctl: fix errors in instance name expansion Steve Sakoman
` (13 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Yoann Congal <yoann.congal@smile.fr>
native and nativesdk classes are special and must be inherited last :
put them at the end of the gathered classes to inherit.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a6614fd800cbe791264aeb102d379ba79bd145c2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
scripts/lib/recipetool/create.py | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/scripts/lib/recipetool/create.py b/scripts/lib/recipetool/create.py
index 220465ed2f..67894fb4d0 100644
--- a/scripts/lib/recipetool/create.py
+++ b/scripts/lib/recipetool/create.py
@@ -745,6 +745,10 @@ def create_recipe(args):
for handler in handlers:
handler.process(srctree_use, classes, lines_before, lines_after, handled, extravalues)
+ # native and nativesdk classes are special and must be inherited last
+ # If present, put them at the end of the classes list
+ classes.sort(key=lambda c: c in ("native", "nativesdk"))
+
extrafiles = extravalues.pop('extrafiles', {})
extra_pn = extravalues.pop('PN', None)
extra_pv = extravalues.pop('PV', None)
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 18/30] systemd-systemctl: fix errors in instance name expansion
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (16 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 17/30] recipetool: Fix inherit in created -native* recipes Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 19/30] uboot-extlinux-config.bbclass: fix old override syntax in comment Steve Sakoman
` (12 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Yuta Hayama <hayama@lineo.co.jp>
If the instance name indicated by %i begins with a number, the meaning of the
replacement string "\\1{}".format(instance) is ambiguous.
To indicate group number 1 regardless of the instance name, use "\g<1>".
Signed-off-by: Yuta Hayama <hayama@lineo.co.jp>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d18b939fb08b37380ce95934da38e6522392621c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-core/systemd/systemd-systemctl/systemctl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-core/systemd/systemd-systemctl/systemctl b/meta/recipes-core/systemd/systemd-systemctl/systemctl
index c8b5c9efe3..0fd7e24085 100755
--- a/meta/recipes-core/systemd/systemd-systemctl/systemctl
+++ b/meta/recipes-core/systemd/systemd-systemctl/systemctl
@@ -191,7 +191,7 @@ class SystemdUnit():
try:
for dependent in config.get('Install', prop):
# expand any %i to instance (ignoring escape sequence %%)
- dependent = re.sub("([^%](%%)*)%i", "\\1{}".format(instance), dependent)
+ dependent = re.sub("([^%](%%)*)%i", "\\g<1>{}".format(instance), dependent)
wants = systemdir / "{}.{}".format(dependent, dirstem) / service
add_link(wants, target)
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 19/30] uboot-extlinux-config.bbclass: fix old override syntax in comment
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (17 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 18/30] systemd-systemctl: fix errors in instance name expansion Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 20/30] mdadm: fix util-linux ptest dependency Steve Sakoman
` (11 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Quentin Schulz <quentin.schulz@theobroma-systems.com>
The comment specifies how to use the variables but uses the older and
now unsupported override syntax. Let's update to match the newer syntax.
Cc: Quentin Schulz <foss+yocto@0leil.net>
(From OE-Core rev: 0a381eea4d50ff1c6e7c7d0d4df62eb581454b48)
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bb64f3fed29b9532e6ddc9a2ba0283d373622d87)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/uboot-extlinux-config.bbclass | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/meta/classes/uboot-extlinux-config.bbclass b/meta/classes/uboot-extlinux-config.bbclass
index dcebe7ff31..5495ba0256 100644
--- a/meta/classes/uboot-extlinux-config.bbclass
+++ b/meta/classes/uboot-extlinux-config.bbclass
@@ -33,11 +33,11 @@
# UBOOT_EXTLINUX_DEFAULT_LABEL ??= "Linux Default"
# UBOOT_EXTLINUX_TIMEOUT ??= "30"
#
-# UBOOT_EXTLINUX_KERNEL_IMAGE_default ??= "../zImage"
-# UBOOT_EXTLINUX_MENU_DESCRIPTION_default ??= "Linux Default"
+# UBOOT_EXTLINUX_KERNEL_IMAGE:default ??= "../zImage"
+# UBOOT_EXTLINUX_MENU_DESCRIPTION:default ??= "Linux Default"
#
-# UBOOT_EXTLINUX_KERNEL_IMAGE_fallback ??= "../zImage-fallback"
-# UBOOT_EXTLINUX_MENU_DESCRIPTION_fallback ??= "Linux Fallback"
+# UBOOT_EXTLINUX_KERNEL_IMAGE:fallback ??= "../zImage-fallback"
+# UBOOT_EXTLINUX_MENU_DESCRIPTION:fallback ??= "Linux Fallback"
#
# Results:
#
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 20/30] mdadm: fix util-linux ptest dependency
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (18 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 19/30] uboot-extlinux-config.bbclass: fix old override syntax in comment Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 21/30] mdadm: fix 07revert-inplace ptest Steve Sakoman
` (10 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Ovidiu Panait <ovidiu.panait@windriver.com>
Trying to run mdadm-ptest in a core-image-minimal build will result in:
root@qemux86-64:~# ptest-runner mdadm
START: ptest-runner
BEGIN: /usr/lib/mdadm/ptest
which: no lsblk in (/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin)
lsblk command not found!
DURATION: 0
END: /usr/lib/mdadm/ptest
2023-06-28T10:14
STOP: ptest-runner
TOTAL: 1 FAIL: 0
Remove util-linux from RRECOMMENDS and only add util-linux-lsblk and
util-linux-losetup to RDEPENDS.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3004f7589974c135cc82630d980ea281b97ecd83)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-extended/mdadm/mdadm_4.2.bb | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/meta/recipes-extended/mdadm/mdadm_4.2.bb b/meta/recipes-extended/mdadm/mdadm_4.2.bb
index 4aa3737562..af486e6d9c 100644
--- a/meta/recipes-extended/mdadm/mdadm_4.2.bb
+++ b/meta/recipes-extended/mdadm/mdadm_4.2.bb
@@ -99,10 +99,9 @@ do_install_ptest() {
}
RDEPENDS:${PN} += "bash"
-RDEPENDS:${PN}-ptest += "bash e2fsprogs-mke2fs"
+RDEPENDS:${PN}-ptest += "bash e2fsprogs-mke2fs util-linux-lsblk util-linux-losetup"
RRECOMMENDS:${PN}-ptest += " \
coreutils \
- util-linux \
kernel-module-loop \
kernel-module-linear \
kernel-module-raid0 \
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 21/30] mdadm: fix 07revert-inplace ptest
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (19 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 20/30] mdadm: fix util-linux ptest dependency Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 22/30] mdadm: fix segfaults when running ptests Steve Sakoman
` (9 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Ovidiu Panait <ovidiu.panait@windriver.com>
Testcase 07revert-inplace fails if strace is not installed:
...
strace -o /tmp/str ./mdadm -A /dev/md0 --update=revert-reshape /dev/<...>
tests/07revert-inplace: line 40: strace: command not found
Add strace to mdadm-ptest RDEPENDS to make sure the testcase passes even with
a core-image-minimal build.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7d9386663ac52ab69812867a0823c6055aedbc18)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-extended/mdadm/mdadm_4.2.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-extended/mdadm/mdadm_4.2.bb b/meta/recipes-extended/mdadm/mdadm_4.2.bb
index af486e6d9c..aa97eef3ce 100644
--- a/meta/recipes-extended/mdadm/mdadm_4.2.bb
+++ b/meta/recipes-extended/mdadm/mdadm_4.2.bb
@@ -99,7 +99,7 @@ do_install_ptest() {
}
RDEPENDS:${PN} += "bash"
-RDEPENDS:${PN}-ptest += "bash e2fsprogs-mke2fs util-linux-lsblk util-linux-losetup"
+RDEPENDS:${PN}-ptest += "bash e2fsprogs-mke2fs util-linux-lsblk util-linux-losetup strace"
RRECOMMENDS:${PN}-ptest += " \
coreutils \
kernel-module-loop \
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 22/30] mdadm: fix segfaults when running ptests
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (20 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 21/30] mdadm: fix 07revert-inplace ptest Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 23/30] mdadm: skip running known broken ptests Steve Sakoman
` (8 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Ovidiu Panait <ovidiu.panait@windriver.com>
Currently, some segfaults are reported when running ptest:
mdadm[12333]: segfault at 0 ip 00007fe855924060 sp 00007ffc4d6caf88 error 4 in libc.so.6[7f)
Code: d2 0f 84 b7 0f 00 00 48 83 fa 01 0f 84 b9 0f 00 00 49 89 d3 89 f1 89 f8 48 83 e1 3f 4f
Backport the following upstream commits to fix them:
679bd9508a30 ("DDF: Cleanup validate_geometry_ddf_container()")
2b93288a5650 ("DDF: Fix NULL pointer dereference in validate_geometry_ddf()")
548e9b916f86 ("mdadm/Grow: Fix use after close bug by closing after fork")
9ae62977b51d ("monitor: Avoid segfault when calling NULL get_bad_blocks")
The fixes are part of the "Bug fixes and testing improvments" patchset [1].
[1] https://www.spinics.net/lists/raid/msg70621.html
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9585009e3e505b361cd32b14e0e85e77e7822878)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...anup-validate_geometry_ddf_container.patch | 148 ++++++++++++++++++
...nter-dereference-in-validate_geometr.patch | 56 +++++++
...se-after-close-bug-by-closing-after-.patch | 91 +++++++++++
...gfault-when-calling-NULL-get_bad_blo.patch | 42 +++++
meta/recipes-extended/mdadm/mdadm_4.2.bb | 4 +
5 files changed, 341 insertions(+)
create mode 100644 meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch
create mode 100644 meta/recipes-extended/mdadm/files/0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch
create mode 100644 meta/recipes-extended/mdadm/files/0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch
create mode 100644 meta/recipes-extended/mdadm/files/0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch
diff --git a/meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch b/meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch
new file mode 100644
index 0000000000..cea435f83b
--- /dev/null
+++ b/meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch
@@ -0,0 +1,148 @@
+From ca458f4dcc4de9403298f67543466ce4bbc8f8ae Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe <logang@deltatee.com>
+Date: Wed, 22 Jun 2022 14:25:07 -0600
+Subject: [PATCH 1/4] DDF: Cleanup validate_geometry_ddf_container()
+
+Move the function up so that the function declaration is not necessary
+and remove the unused arguments to the function.
+
+No functional changes are intended but will help with a bug fix in the
+next patch.
+
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=679bd9508a30
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ super-ddf.c | 88 ++++++++++++++++++++++++-----------------------------
+ 1 file changed, 39 insertions(+), 49 deletions(-)
+
+diff --git a/super-ddf.c b/super-ddf.c
+index 3f304cd..65cf727 100644
+--- a/super-ddf.c
++++ b/super-ddf.c
+@@ -503,13 +503,6 @@ struct ddf_super {
+ static int load_super_ddf_all(struct supertype *st, int fd,
+ void **sbp, char *devname);
+ static int get_svd_state(const struct ddf_super *, const struct vcl *);
+-static int
+-validate_geometry_ddf_container(struct supertype *st,
+- int level, int layout, int raiddisks,
+- int chunk, unsigned long long size,
+- unsigned long long data_offset,
+- char *dev, unsigned long long *freesize,
+- int verbose);
+
+ static int validate_geometry_ddf_bvd(struct supertype *st,
+ int level, int layout, int raiddisks,
+@@ -3322,6 +3315,42 @@ static int reserve_space(struct supertype *st, int raiddisks,
+ return 1;
+ }
+
++static int
++validate_geometry_ddf_container(struct supertype *st,
++ int level, int raiddisks,
++ unsigned long long data_offset,
++ char *dev, unsigned long long *freesize,
++ int verbose)
++{
++ int fd;
++ unsigned long long ldsize;
++
++ if (level != LEVEL_CONTAINER)
++ return 0;
++ if (!dev)
++ return 1;
++
++ fd = dev_open(dev, O_RDONLY|O_EXCL);
++ if (fd < 0) {
++ if (verbose)
++ pr_err("ddf: Cannot open %s: %s\n",
++ dev, strerror(errno));
++ return 0;
++ }
++ if (!get_dev_size(fd, dev, &ldsize)) {
++ close(fd);
++ return 0;
++ }
++ close(fd);
++ if (freesize) {
++ *freesize = avail_size_ddf(st, ldsize >> 9, INVALID_SECTORS);
++ if (*freesize == 0)
++ return 0;
++ }
++
++ return 1;
++}
++
+ static int validate_geometry_ddf(struct supertype *st,
+ int level, int layout, int raiddisks,
+ int *chunk, unsigned long long size,
+@@ -3347,11 +3376,9 @@ static int validate_geometry_ddf(struct supertype *st,
+ level = LEVEL_CONTAINER;
+ if (level == LEVEL_CONTAINER) {
+ /* Must be a fresh device to add to a container */
+- return validate_geometry_ddf_container(st, level, layout,
+- raiddisks, *chunk,
+- size, data_offset, dev,
+- freesize,
+- verbose);
++ return validate_geometry_ddf_container(st, level, raiddisks,
++ data_offset, dev,
++ freesize, verbose);
+ }
+
+ if (!dev) {
+@@ -3449,43 +3476,6 @@ static int validate_geometry_ddf(struct supertype *st,
+ return 1;
+ }
+
+-static int
+-validate_geometry_ddf_container(struct supertype *st,
+- int level, int layout, int raiddisks,
+- int chunk, unsigned long long size,
+- unsigned long long data_offset,
+- char *dev, unsigned long long *freesize,
+- int verbose)
+-{
+- int fd;
+- unsigned long long ldsize;
+-
+- if (level != LEVEL_CONTAINER)
+- return 0;
+- if (!dev)
+- return 1;
+-
+- fd = dev_open(dev, O_RDONLY|O_EXCL);
+- if (fd < 0) {
+- if (verbose)
+- pr_err("ddf: Cannot open %s: %s\n",
+- dev, strerror(errno));
+- return 0;
+- }
+- if (!get_dev_size(fd, dev, &ldsize)) {
+- close(fd);
+- return 0;
+- }
+- close(fd);
+- if (freesize) {
+- *freesize = avail_size_ddf(st, ldsize >> 9, INVALID_SECTORS);
+- if (*freesize == 0)
+- return 0;
+- }
+-
+- return 1;
+-}
+-
+ static int validate_geometry_ddf_bvd(struct supertype *st,
+ int level, int layout, int raiddisks,
+ int *chunk, unsigned long long size,
+--
+2.39.1
+
diff --git a/meta/recipes-extended/mdadm/files/0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch b/meta/recipes-extended/mdadm/files/0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch
new file mode 100644
index 0000000000..fafe88b49c
--- /dev/null
+++ b/meta/recipes-extended/mdadm/files/0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch
@@ -0,0 +1,56 @@
+From 14f110f0286d38e29ef5e51d7f72e049c2f18323 Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe <logang@deltatee.com>
+Date: Wed, 22 Jun 2022 14:25:08 -0600
+Subject: [PATCH 2/4] DDF: Fix NULL pointer dereference in
+ validate_geometry_ddf()
+
+A relatively recent patch added a call to validate_geometry() in
+Manage_add() that has level=LEVEL_CONTAINER and chunk=NULL.
+
+This causes some ddf tests to segfault which aborts the test suite.
+
+To fix this, avoid dereferencing chunk when the level is
+LEVEL_CONTAINER or LEVEL_NONE.
+
+Fixes: 1f5d54a06df0 ("Manage: Call validate_geometry when adding drive to external container")
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=2b93288a5650
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ super-ddf.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/super-ddf.c b/super-ddf.c
+index 65cf727..3ef1293 100644
+--- a/super-ddf.c
++++ b/super-ddf.c
+@@ -3369,9 +3369,6 @@ static int validate_geometry_ddf(struct supertype *st,
+ * If given BVDs, we make an SVD, changing all the GUIDs in the process.
+ */
+
+- if (*chunk == UnSet)
+- *chunk = DEFAULT_CHUNK;
+-
+ if (level == LEVEL_NONE)
+ level = LEVEL_CONTAINER;
+ if (level == LEVEL_CONTAINER) {
+@@ -3381,6 +3378,9 @@ static int validate_geometry_ddf(struct supertype *st,
+ freesize, verbose);
+ }
+
++ if (*chunk == UnSet)
++ *chunk = DEFAULT_CHUNK;
++
+ if (!dev) {
+ mdu_array_info_t array = {
+ .level = level,
+--
+2.39.1
+
diff --git a/meta/recipes-extended/mdadm/files/0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch b/meta/recipes-extended/mdadm/files/0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch
new file mode 100644
index 0000000000..a954ab027a
--- /dev/null
+++ b/meta/recipes-extended/mdadm/files/0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch
@@ -0,0 +1,91 @@
+From bd064da1469a6a07331b076a0294a8c6c3c38526 Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe <logang@deltatee.com>
+Date: Wed, 22 Jun 2022 14:25:09 -0600
+Subject: [PATCH 3/4] mdadm/Grow: Fix use after close bug by closing after fork
+
+The test 07reshape-grow fails most of the time. But it succeeds around
+1 in 5 times. When it does succeed, it causes the tests to die because
+mdadm has segfaulted.
+
+The segfault was caused by mdadm attempting to repoen a file
+descriptor that was already closed. The backtrace of the segfault
+was:
+
+ #0 __strncmp_avx2 () at ../sysdeps/x86_64/multiarch/strcmp-avx2.S:101
+ #1 0x000056146e31d44b in devnm2devid (devnm=0x0) at util.c:956
+ #2 0x000056146e31dab4 in open_dev_flags (devnm=0x0, flags=0)
+ at util.c:1072
+ #3 0x000056146e31db22 in open_dev (devnm=0x0) at util.c:1079
+ #4 0x000056146e3202e8 in reopen_mddev (mdfd=4) at util.c:2244
+ #5 0x000056146e329f36 in start_array (mdfd=4,
+ mddev=0x7ffc55342450 "/dev/md0", content=0x7ffc55342860,
+ st=0x56146fc78660, ident=0x7ffc55342f70, best=0x56146fc6f5d0,
+ bestcnt=10, chosen_drive=0, devices=0x56146fc706b0, okcnt=5,
+ sparecnt=0, rebuilding_cnt=0, journalcnt=0, c=0x7ffc55342e90,
+ clean=1, avail=0x56146fc78720 "\001\001\001\001\001",
+ start_partial_ok=0, err_ok=0, was_forced=0)
+ at Assemble.c:1206
+ #6 0x000056146e32c36e in Assemble (st=0x56146fc78660,
+ mddev=0x7ffc55342450 "/dev/md0", ident=0x7ffc55342f70,
+ devlist=0x56146fc6e2d0, c=0x7ffc55342e90)
+ at Assemble.c:1914
+ #7 0x000056146e312ac9 in main (argc=11, argv=0x7ffc55343238)
+ at mdadm.c:1510
+
+The file descriptor was closed early in Grow_continue(). The noted commit
+moved the close() call to close the fd above the fork which caused the
+parent process to return with a closed fd.
+
+This meant reshape_array() and Grow_continue() would return in the parent
+with the fd forked. The fd would eventually be passed to reopen_mddev()
+which returned an unhandled NULL from fd2devnm() which would then be
+dereferenced in devnm2devid.
+
+Fix this by moving the close() call below the fork. This appears to
+fix the 07revert-grow test. While we're at it, switch to using
+close_fd() to invalidate the file descriptor.
+
+Fixes: 77b72fa82813 ("mdadm/Grow: prevent md's fd from being occupied during delayed time")
+Cc: Alex Wu <alexwu@synology.com>
+Cc: BingJing Chang <bingjingc@synology.com>
+Cc: Danny Shih <dannyshih@synology.com>
+Cc: ChangSyun Peng <allenpeng@synology.com>
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=548e9b916f86
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ Grow.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/Grow.c b/Grow.c
+index 9c6fc95..a8e4e83 100644
+--- a/Grow.c
++++ b/Grow.c
+@@ -3501,7 +3501,6 @@ started:
+ return 0;
+ }
+
+- close(fd);
+ /* Now we just need to kick off the reshape and watch, while
+ * handling backups of the data...
+ * This is all done by a forked background process.
+@@ -3522,6 +3521,9 @@ started:
+ break;
+ }
+
++ /* Close unused file descriptor in the forked process */
++ close_fd(&fd);
++
+ /* If another array on the same devices is busy, the
+ * reshape will wait for them. This would mean that
+ * the first section that we suspend will stay suspended
+--
+2.39.1
+
diff --git a/meta/recipes-extended/mdadm/files/0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch b/meta/recipes-extended/mdadm/files/0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch
new file mode 100644
index 0000000000..72cb40f782
--- /dev/null
+++ b/meta/recipes-extended/mdadm/files/0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch
@@ -0,0 +1,42 @@
+From 2296a4a441b4b8546e2eb32403930f1bb8f3ee4a Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe <logang@deltatee.com>
+Date: Wed, 22 Jun 2022 14:25:10 -0600
+Subject: [PATCH 4/4] monitor: Avoid segfault when calling NULL get_bad_blocks
+
+Not all struct superswitch implement a get_bad_blocks() function,
+yet mdmon seems to call it without checking for NULL and thus
+occasionally segfaults in the test 10ddf-geometry.
+
+Fix this by checking for NULL before calling it.
+
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=9ae62977b51d
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ monitor.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/monitor.c b/monitor.c
+index afc3e50..8e43c0d 100644
+--- a/monitor.c
++++ b/monitor.c
+@@ -312,6 +312,9 @@ static int check_for_cleared_bb(struct active_array *a, struct mdinfo *mdi)
+ struct md_bb *bb;
+ int i;
+
++ if (!ss->get_bad_blocks)
++ return -1;
++
+ /*
+ * Get a list of bad blocks for an array, then read list of
+ * acknowledged bad blocks from kernel and compare it against metadata
+--
+2.39.1
+
diff --git a/meta/recipes-extended/mdadm/mdadm_4.2.bb b/meta/recipes-extended/mdadm/mdadm_4.2.bb
index aa97eef3ce..1851e058fd 100644
--- a/meta/recipes-extended/mdadm/mdadm_4.2.bb
+++ b/meta/recipes-extended/mdadm/mdadm_4.2.bb
@@ -30,6 +30,10 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/raid/mdadm/${BPN}-${PV}.tar.xz \
file://0001-tests-fix-raid0-tests-for-0.90-metadata.patch \
file://0001-tests-00readonly-Run-udevadm-settle-before-setting-r.patch \
file://0001-tests-04update-metadata-avoid-passing-chunk-size-to.patch \
+ file://0001-DDF-Cleanup-validate_geometry_ddf_container.patch \
+ file://0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch \
+ file://0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch \
+ file://0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch \
"
SRC_URI[sha256sum] = "461c215670864bb74a4d1a3620684aa2b2f8296dffa06743f26dda5557acf01d"
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 23/30] mdadm: skip running known broken ptests
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (21 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 22/30] mdadm: fix segfaults when running ptests Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 24/30] python3: fix missing comma in get_module_deps3.py Steve Sakoman
` (7 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Ovidiu Panait <ovidiu.panait@windriver.com>
Upstream marked some testcases as "KNOWN BROKEN" and introduced the
"--skip-broken" flag to ignore them when running the testsuite (commits [1]
and [2]). Backport these two commits to get rid of the last remaining ptest
failures.
Also, add the "--skip-broken" option to the run-ptest script.
[1] https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=28520bf114b3
[2] https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=daa86d663476
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 62148b978b26b5fcd1a2fa3a0ff82ef814f4e7ec)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...Mark-and-ignore-broken-test-failures.patch | 128 +++++
...dd-broken-files-for-all-broken-tests.patch | 454 ++++++++++++++++++
meta/recipes-extended/mdadm/files/run-ptest | 2 +-
meta/recipes-extended/mdadm/mdadm_4.2.bb | 2 +
4 files changed, 585 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch
create mode 100644 meta/recipes-extended/mdadm/files/0006-tests-Add-broken-files-for-all-broken-tests.patch
diff --git a/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch b/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch
new file mode 100644
index 0000000000..c55bfb125b
--- /dev/null
+++ b/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch
@@ -0,0 +1,128 @@
+From feab1f72fcf032a4d21d0a69eb61b23a5ddb3352 Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe <logang@deltatee.com>
+Date: Wed, 22 Jun 2022 14:25:18 -0600
+Subject: [PATCH 5/6] mdadm/test: Mark and ignore broken test failures
+
+Add functionality to continue if a test marked as broken fails.
+
+To mark a test as broken, a file with the same name but with the suffix
+'.broken' should exist. The first line in the file will be printed with
+a KNOWN BROKEN message; the rest of the file can describe the how the
+test is broken.
+
+Also adds --skip-broken and --skip-always-broken to skip all the tests
+that have a .broken file or to skip all tests whose .broken file's first
+line contains the keyword always.
+
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=28520bf114b3
+
+[OP: adjusted context for mdadm-4.2]
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ test | 37 +++++++++++++++++++++++++++++++++++--
+ 1 file changed, 35 insertions(+), 2 deletions(-)
+
+diff --git a/test b/test
+index 8f189d9..ee8fba1 100755
+--- a/test
++++ b/test
+@@ -10,6 +10,8 @@ devlist=
+
+ savelogs=0
+ exitonerror=1
++ctrl_c_error=0
++skipbroken=0
+ prefix='[0-9][0-9]'
+
+ # use loop devices by default if doesn't specify --dev
+@@ -35,6 +37,7 @@ die() {
+
+ ctrl_c() {
+ exitonerror=1
++ ctrl_c_error=1
+ }
+
+ # mdadm always adds --quiet, and we want to see any unexpected messages
+@@ -79,8 +82,21 @@ mdadm() {
+ do_test() {
+ _script=$1
+ _basename=`basename $_script`
++ _broken=0
++
+ if [ -f "$_script" ]
+ then
++ if [ -f "${_script}.broken" ]; then
++ _broken=1
++ _broken_msg=$(head -n1 "${_script}.broken" | tr -d '\n')
++ if [ "$skipbroken" == "all" ]; then
++ return
++ elif [ "$skipbroken" == "always" ] &&
++ [[ "$_broken_msg" == *always* ]]; then
++ return
++ fi
++ fi
++
+ rm -f $targetdir/stderr
+ # this might have been reset: restore the default.
+ echo 2000 > /proc/sys/dev/raid/speed_limit_max
+@@ -97,10 +113,15 @@ do_test() {
+ else
+ save_log fail
+ _fail=1
++ if [ "$_broken" == "1" ]; then
++ echo " (KNOWN BROKEN TEST: $_broken_msg)"
++ fi
+ fi
+ [ "$savelogs" == "1" ] &&
+ mv -f $targetdir/log $logdir/$_basename.log
+- [ "$_fail" == "1" -a "$exitonerror" == "1" ] && exit 1
++ [ "$ctrl_c_error" == "1" ] && exit 1
++ [ "$_fail" == "1" -a "$exitonerror" == "1" \
++ -a "$_broken" == "0" ] && exit 1
+ fi
+ }
+
+@@ -117,6 +138,8 @@ do_help() {
+ --logdir=directory Directory to save all logfiles in
+ --save-logs Usually use with --logdir together
+ --keep-going | --no-error Don't stop on error, ie. run all tests
++ --skip-broken Skip tests that are known to be broken
++ --skip-always-broken Skip tests that are known to always fail
+ --dev=loop|lvm|ram|disk Use loop devices (default), LVM, RAM or disk
+ --disks= Provide a bunch of physical devices for test
+ --volgroup=name LVM volume group for LVM test
+@@ -211,6 +234,12 @@ parse_args() {
+ --keep-going | --no-error )
+ exitonerror=0
+ ;;
++ --skip-broken )
++ skipbroken=all
++ ;;
++ --skip-always-broken )
++ skipbroken=always
++ ;;
+ --disable-multipath )
+ unset MULTIPATH
+ ;;
+@@ -275,7 +304,11 @@ main() {
+ if [ $script == "$testdir/11spare-migration" ];then
+ continue
+ fi
+- do_test $script
++ case $script in
++ *.broken) ;;
++ *)
++ do_test $script
++ esac
+ done
+ fi
+
+--
+2.39.1
+
diff --git a/meta/recipes-extended/mdadm/files/0006-tests-Add-broken-files-for-all-broken-tests.patch b/meta/recipes-extended/mdadm/files/0006-tests-Add-broken-files-for-all-broken-tests.patch
new file mode 100644
index 0000000000..115b23bac5
--- /dev/null
+++ b/meta/recipes-extended/mdadm/files/0006-tests-Add-broken-files-for-all-broken-tests.patch
@@ -0,0 +1,454 @@
+From fd1c26ba129b069d9f73afaefdbe53683de3814a Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe <logang@deltatee.com>
+Date: Wed, 22 Jun 2022 14:25:19 -0600
+Subject: [PATCH 6/6] tests: Add broken files for all broken tests
+
+Each broken file contains the rough frequency of brokeness as well
+as a brief explanation of what happens when it breaks. Estimates
+of failure rates are not statistically significant and can vary
+run to run.
+
+This is really just a view from my window. Tests were done on a
+small VM with the default loop devices, not real hardware. We've
+seen different kernel configurations can cause bugs to appear as well
+(ie. different block schedulers). It may also be that different race
+conditions will be seen on machines with different performance
+characteristics.
+
+These annotations were done with the kernel currently in md/md-next:
+
+ facef3b96c5b ("md: Notify sysfs sync_completed in md_reap_sync_thread()")
+
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=daa86d663476
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ tests/01r5integ.broken | 7 ++++
+ tests/01raid6integ.broken | 7 ++++
+ tests/04r5swap.broken | 7 ++++
+ tests/07autoassemble.broken | 8 ++++
+ tests/07autodetect.broken | 5 +++
+ tests/07changelevelintr.broken | 9 +++++
+ tests/07changelevels.broken | 9 +++++
+ tests/07reshape5intr.broken | 45 ++++++++++++++++++++++
+ tests/07revert-grow.broken | 31 +++++++++++++++
+ tests/07revert-shrink.broken | 9 +++++
+ tests/07testreshape5.broken | 12 ++++++
+ tests/09imsm-assemble.broken | 6 +++
+ tests/09imsm-create-fail-rebuild.broken | 5 +++
+ tests/09imsm-overlap.broken | 7 ++++
+ tests/10ddf-assemble-missing.broken | 6 +++
+ tests/10ddf-fail-create-race.broken | 7 ++++
+ tests/10ddf-fail-two-spares.broken | 5 +++
+ tests/10ddf-incremental-wrong-order.broken | 9 +++++
+ tests/14imsm-r1_2d-grow-r1_3d.broken | 5 +++
+ tests/14imsm-r1_2d-takeover-r0_2d.broken | 6 +++
+ tests/18imsm-r10_4d-takeover-r0_2d.broken | 5 +++
+ tests/18imsm-r1_2d-takeover-r0_1d.broken | 6 +++
+ tests/19raid6auto-repair.broken | 5 +++
+ tests/19raid6repair.broken | 5 +++
+ 24 files changed, 226 insertions(+)
+ create mode 100644 tests/01r5integ.broken
+ create mode 100644 tests/01raid6integ.broken
+ create mode 100644 tests/04r5swap.broken
+ create mode 100644 tests/07autoassemble.broken
+ create mode 100644 tests/07autodetect.broken
+ create mode 100644 tests/07changelevelintr.broken
+ create mode 100644 tests/07changelevels.broken
+ create mode 100644 tests/07reshape5intr.broken
+ create mode 100644 tests/07revert-grow.broken
+ create mode 100644 tests/07revert-shrink.broken
+ create mode 100644 tests/07testreshape5.broken
+ create mode 100644 tests/09imsm-assemble.broken
+ create mode 100644 tests/09imsm-create-fail-rebuild.broken
+ create mode 100644 tests/09imsm-overlap.broken
+ create mode 100644 tests/10ddf-assemble-missing.broken
+ create mode 100644 tests/10ddf-fail-create-race.broken
+ create mode 100644 tests/10ddf-fail-two-spares.broken
+ create mode 100644 tests/10ddf-incremental-wrong-order.broken
+ create mode 100644 tests/14imsm-r1_2d-grow-r1_3d.broken
+ create mode 100644 tests/14imsm-r1_2d-takeover-r0_2d.broken
+ create mode 100644 tests/18imsm-r10_4d-takeover-r0_2d.broken
+ create mode 100644 tests/18imsm-r1_2d-takeover-r0_1d.broken
+ create mode 100644 tests/19raid6auto-repair.broken
+ create mode 100644 tests/19raid6repair.broken
+
+diff --git a/tests/01r5integ.broken b/tests/01r5integ.broken
+new file mode 100644
+index 0000000..2073763
+--- /dev/null
++++ b/tests/01r5integ.broken
+@@ -0,0 +1,7 @@
++fails rarely
++
++Fails about 1 in every 30 runs with a sha mismatch error:
++
++ c49ab26e1b01def7874af9b8a6d6d0c29fdfafe6 /dev/md0 does not match
++ 15dc2f73262f811ada53c65e505ceec9cf025cb9 /dev/md0 with /dev/loop3
++ missing
+diff --git a/tests/01raid6integ.broken b/tests/01raid6integ.broken
+new file mode 100644
+index 0000000..1df735f
+--- /dev/null
++++ b/tests/01raid6integ.broken
+@@ -0,0 +1,7 @@
++fails infrequently
++
++Fails about 1 in 5 with a sha mismatch:
++
++ 8286c2bc045ae2cfe9f8b7ae3a898fa25db6926f /dev/md0 does not match
++ a083a0738b58caab37fd568b91b177035ded37df /dev/md0 with /dev/loop2 and
++ /dev/loop3 missing
+diff --git a/tests/04r5swap.broken b/tests/04r5swap.broken
+new file mode 100644
+index 0000000..e38987d
+--- /dev/null
++++ b/tests/04r5swap.broken
+@@ -0,0 +1,7 @@
++always fails
++
++Fails with errors:
++
++ mdadm: /dev/loop0 has no superblock - assembly aborted
++
++ ERROR: no recovery happening
+diff --git a/tests/07autoassemble.broken b/tests/07autoassemble.broken
+new file mode 100644
+index 0000000..8be0940
+--- /dev/null
++++ b/tests/07autoassemble.broken
+@@ -0,0 +1,8 @@
++always fails
++
++Prints lots of messages, but the array doesn't assemble. Error
++possibly related to:
++
++ mdadm: /dev/md/1 is busy - skipping
++ mdadm: no recogniseable superblock on /dev/md/testing:0
++ mdadm: /dev/md/2 is busy - skipping
+diff --git a/tests/07autodetect.broken b/tests/07autodetect.broken
+new file mode 100644
+index 0000000..294954a
+--- /dev/null
++++ b/tests/07autodetect.broken
+@@ -0,0 +1,5 @@
++always fails
++
++Fails with error:
++
++ ERROR: no resync happening
+diff --git a/tests/07changelevelintr.broken b/tests/07changelevelintr.broken
+new file mode 100644
+index 0000000..284b490
+--- /dev/null
++++ b/tests/07changelevelintr.broken
+@@ -0,0 +1,9 @@
++always fails
++
++Fails with errors:
++
++ mdadm: this change will reduce the size of the array.
++ use --grow --array-size first to truncate array.
++ e.g. mdadm --grow /dev/md0 --array-size 56832
++
++ ERROR: no reshape happening
+diff --git a/tests/07changelevels.broken b/tests/07changelevels.broken
+new file mode 100644
+index 0000000..9b930d9
+--- /dev/null
++++ b/tests/07changelevels.broken
+@@ -0,0 +1,9 @@
++always fails
++
++Fails with errors:
++
++ mdadm: /dev/loop0 is smaller than given size. 18976K < 19968K + metadata
++ mdadm: /dev/loop1 is smaller than given size. 18976K < 19968K + metadata
++ mdadm: /dev/loop2 is smaller than given size. 18976K < 19968K + metadata
++
++ ERROR: /dev/md0 isn't a block device.
+diff --git a/tests/07reshape5intr.broken b/tests/07reshape5intr.broken
+new file mode 100644
+index 0000000..efe52a6
+--- /dev/null
++++ b/tests/07reshape5intr.broken
+@@ -0,0 +1,45 @@
++always fails
++
++This patch, recently added to md-next causes the test to always fail:
++
++7e6ba434cc60 ("md: don't unregister sync_thread with reconfig_mutex
++held")
++
++The new error is simply:
++
++ ERROR: no reshape happening
++
++Before the patch, the error seen is below.
++
++--
++
++fails infrequently
++
++Fails roughly 1 in 4 runs with errors:
++
++ mdadm: Merging with already-assembled /dev/md/0
++ mdadm: cannot re-read metadata from /dev/loop6 - aborting
++
++ ERROR: no reshape happening
++
++Also have seen a random deadlock:
++
++ INFO: task mdadm:109702 blocked for more than 30 seconds.
++ Not tainted 5.18.0-rc3-eid-vmlocalyes-dbg-00095-g3c2b5427979d #2040
++ "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
++ task:mdadm state:D stack: 0 pid:109702 ppid: 1 flags:0x00004000
++ Call Trace:
++ <TASK>
++ __schedule+0x67e/0x13b0
++ schedule+0x82/0x110
++ mddev_suspend+0x2e1/0x330
++ suspend_lo_store+0xbd/0x140
++ md_attr_store+0xcb/0x130
++ sysfs_kf_write+0x89/0xb0
++ kernfs_fop_write_iter+0x202/0x2c0
++ new_sync_write+0x222/0x330
++ vfs_write+0x3bc/0x4d0
++ ksys_write+0xd9/0x180
++ __x64_sys_write+0x43/0x50
++ do_syscall_64+0x3b/0x90
++ entry_SYSCALL_64_after_hwframe+0x44/0xae
+diff --git a/tests/07revert-grow.broken b/tests/07revert-grow.broken
+new file mode 100644
+index 0000000..9b6db86
+--- /dev/null
++++ b/tests/07revert-grow.broken
+@@ -0,0 +1,31 @@
++always fails
++
++This patch, recently added to md-next causes the test to always fail:
++
++7e6ba434cc60 ("md: don't unregister sync_thread with reconfig_mutex held")
++
++The errors are:
++
++ mdadm: No active reshape to revert on /dev/loop0
++ ERROR: active raid5 not found
++
++Before the patch, the error seen is below.
++
++--
++
++fails rarely
++
++Fails about 1 in every 30 runs with errors:
++
++ mdadm: Merging with already-assembled /dev/md/0
++ mdadm: backup file /tmp/md-backup inaccessible: No such file or directory
++ mdadm: failed to add /dev/loop1 to /dev/md/0: Invalid argument
++ mdadm: failed to add /dev/loop2 to /dev/md/0: Invalid argument
++ mdadm: failed to add /dev/loop3 to /dev/md/0: Invalid argument
++ mdadm: failed to add /dev/loop0 to /dev/md/0: Invalid argument
++ mdadm: /dev/md/0 assembled from 1 drive - need all 5 to start it
++ (use --run to insist).
++
++ grep: /sys/block/md*/md/sync_action: No such file or directory
++
++ ERROR: active raid5 not found
+diff --git a/tests/07revert-shrink.broken b/tests/07revert-shrink.broken
+new file mode 100644
+index 0000000..c33c39e
+--- /dev/null
++++ b/tests/07revert-shrink.broken
+@@ -0,0 +1,9 @@
++always fails
++
++Fails with errors:
++
++ mdadm: this change will reduce the size of the array.
++ use --grow --array-size first to truncate array.
++ e.g. mdadm --grow /dev/md0 --array-size 53760
++
++ ERROR: active raid5 not found
+diff --git a/tests/07testreshape5.broken b/tests/07testreshape5.broken
+new file mode 100644
+index 0000000..a8ce03e
+--- /dev/null
++++ b/tests/07testreshape5.broken
+@@ -0,0 +1,12 @@
++always fails
++
++Test seems to run 'test_stripe' at $dir directory, but $dir is never
++set. If $dir is adjusted to $PWD, the test still fails with:
++
++ mdadm: /dev/loop2 is not suitable for this array.
++ mdadm: create aborted
++ ++ return 1
++ ++ cmp -s -n 8192 /dev/md0 /tmp/RandFile
++ ++ echo cmp failed
++ cmp failed
++ ++ exit 2
+diff --git a/tests/09imsm-assemble.broken b/tests/09imsm-assemble.broken
+new file mode 100644
+index 0000000..a6d4d5c
+--- /dev/null
++++ b/tests/09imsm-assemble.broken
+@@ -0,0 +1,6 @@
++fails infrequently
++
++Fails roughly 1 in 10 runs with errors:
++
++ mdadm: /dev/loop2 is still in use, cannot remove.
++ /dev/loop2 removal from /dev/md/container should have succeeded
+diff --git a/tests/09imsm-create-fail-rebuild.broken b/tests/09imsm-create-fail-rebuild.broken
+new file mode 100644
+index 0000000..40c4b29
+--- /dev/null
++++ b/tests/09imsm-create-fail-rebuild.broken
+@@ -0,0 +1,5 @@
++always fails
++
++Fails with error:
++
++ **Error**: Array size mismatch - expected 3072, actual 16384
+diff --git a/tests/09imsm-overlap.broken b/tests/09imsm-overlap.broken
+new file mode 100644
+index 0000000..e7ccab7
+--- /dev/null
++++ b/tests/09imsm-overlap.broken
+@@ -0,0 +1,7 @@
++always fails
++
++Fails with errors:
++
++ **Error**: Offset mismatch - expected 15360, actual 0
++ **Error**: Offset mismatch - expected 15360, actual 0
++ /dev/md/vol3 failed check
+diff --git a/tests/10ddf-assemble-missing.broken b/tests/10ddf-assemble-missing.broken
+new file mode 100644
+index 0000000..bfd8d10
+--- /dev/null
++++ b/tests/10ddf-assemble-missing.broken
+@@ -0,0 +1,6 @@
++always fails
++
++Fails with errors:
++
++ ERROR: /dev/md/vol0 has unexpected state on /dev/loop10
++ ERROR: unexpected number of online disks on /dev/loop10
+diff --git a/tests/10ddf-fail-create-race.broken b/tests/10ddf-fail-create-race.broken
+new file mode 100644
+index 0000000..6c0df02
+--- /dev/null
++++ b/tests/10ddf-fail-create-race.broken
+@@ -0,0 +1,7 @@
++usually fails
++
++Fails about 9 out of 10 times with many errors:
++
++ mdadm: cannot open MISSING: No such file or directory
++ ERROR: non-degraded array found
++ ERROR: disk 0 not marked as failed in meta data
+diff --git a/tests/10ddf-fail-two-spares.broken b/tests/10ddf-fail-two-spares.broken
+new file mode 100644
+index 0000000..eeea56d
+--- /dev/null
++++ b/tests/10ddf-fail-two-spares.broken
+@@ -0,0 +1,5 @@
++fails infrequently
++
++Fails roughly 1 in 3 with error:
++
++ ERROR: /dev/md/vol1 should be optimal in meta data
+diff --git a/tests/10ddf-incremental-wrong-order.broken b/tests/10ddf-incremental-wrong-order.broken
+new file mode 100644
+index 0000000..a5af3ba
+--- /dev/null
++++ b/tests/10ddf-incremental-wrong-order.broken
+@@ -0,0 +1,9 @@
++always fails
++
++Fails with errors:
++ ERROR: sha1sum of /dev/md/vol0 has changed
++ ERROR: /dev/md/vol0 has unexpected state on /dev/loop10
++ ERROR: unexpected number of online disks on /dev/loop10
++ ERROR: /dev/md/vol0 has unexpected state on /dev/loop8
++ ERROR: unexpected number of online disks on /dev/loop8
++ ERROR: sha1sum of /dev/md/vol0 has changed
+diff --git a/tests/14imsm-r1_2d-grow-r1_3d.broken b/tests/14imsm-r1_2d-grow-r1_3d.broken
+new file mode 100644
+index 0000000..4ef1d40
+--- /dev/null
++++ b/tests/14imsm-r1_2d-grow-r1_3d.broken
+@@ -0,0 +1,5 @@
++always fails
++
++Fails with error:
++
++ mdadm/tests/func.sh: line 325: dvsize/chunk: division by 0 (error token is "chunk")
+diff --git a/tests/14imsm-r1_2d-takeover-r0_2d.broken b/tests/14imsm-r1_2d-takeover-r0_2d.broken
+new file mode 100644
+index 0000000..89cd4e5
+--- /dev/null
++++ b/tests/14imsm-r1_2d-takeover-r0_2d.broken
+@@ -0,0 +1,6 @@
++always fails
++
++Fails with error:
++
++ tests/func.sh: line 325: dvsize/chunk: division by 0 (error token
++ is "chunk")
+diff --git a/tests/18imsm-r10_4d-takeover-r0_2d.broken b/tests/18imsm-r10_4d-takeover-r0_2d.broken
+new file mode 100644
+index 0000000..a27399f
+--- /dev/null
++++ b/tests/18imsm-r10_4d-takeover-r0_2d.broken
+@@ -0,0 +1,5 @@
++fails rarely
++
++Fails about 1 run in 100 with message:
++
++ ERROR: size is wrong for /dev/md/vol0: 2 * 5120 (chunk=128) = 20480, not 0
+diff --git a/tests/18imsm-r1_2d-takeover-r0_1d.broken b/tests/18imsm-r1_2d-takeover-r0_1d.broken
+new file mode 100644
+index 0000000..aa1982e
+--- /dev/null
++++ b/tests/18imsm-r1_2d-takeover-r0_1d.broken
+@@ -0,0 +1,6 @@
++always fails
++
++Fails with error:
++
++ tests/func.sh: line 325: dvsize/chunk: division by 0 (error token
++ is "chunk")
+diff --git a/tests/19raid6auto-repair.broken b/tests/19raid6auto-repair.broken
+new file mode 100644
+index 0000000..e91a142
+--- /dev/null
++++ b/tests/19raid6auto-repair.broken
+@@ -0,0 +1,5 @@
++always fails
++
++Fails with:
++
++ "should detect errors"
+diff --git a/tests/19raid6repair.broken b/tests/19raid6repair.broken
+new file mode 100644
+index 0000000..e91a142
+--- /dev/null
++++ b/tests/19raid6repair.broken
+@@ -0,0 +1,5 @@
++always fails
++
++Fails with:
++
++ "should detect errors"
+--
+2.39.1
+
diff --git a/meta/recipes-extended/mdadm/files/run-ptest b/meta/recipes-extended/mdadm/files/run-ptest
index fae8071d43..2380c322a9 100644
--- a/meta/recipes-extended/mdadm/files/run-ptest
+++ b/meta/recipes-extended/mdadm/files/run-ptest
@@ -2,6 +2,6 @@
mkdir -p /mdadm-testing-dir
# make the test continue to execute even one fail
-dir=. ./test --keep-going --disable-integrity
+dir=. ./test --keep-going --disable-integrity --skip-broken
rm -rf /mdadm-testing-dir/*
diff --git a/meta/recipes-extended/mdadm/mdadm_4.2.bb b/meta/recipes-extended/mdadm/mdadm_4.2.bb
index 1851e058fd..307e7abd9e 100644
--- a/meta/recipes-extended/mdadm/mdadm_4.2.bb
+++ b/meta/recipes-extended/mdadm/mdadm_4.2.bb
@@ -34,6 +34,8 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/raid/mdadm/${BPN}-${PV}.tar.xz \
file://0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch \
file://0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch \
file://0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch \
+ file://0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch \
+ file://0006-tests-Add-broken-files-for-all-broken-tests.patch \
"
SRC_URI[sha256sum] = "461c215670864bb74a4d1a3620684aa2b2f8296dffa06743f26dda5557acf01d"
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 24/30] python3: fix missing comma in get_module_deps3.py
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (22 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 23/30] mdadm: skip running known broken ptests Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 25/30] meson.bbclass: Point to llvm-config from native sysroot Steve Sakoman
` (6 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
Wes Tarro <wes.tarro@azuresummit.com> noticed a missing comma in a
preplace() call, add it.
That said, calling replace() with one argument results in a TypeError,
so this is obviously dead code.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9b2e2c8d809e7ca34451ec9702b029a00dfb410b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/python/python3/get_module_deps3.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/python/python3/get_module_deps3.py b/meta/recipes-devtools/python/python3/get_module_deps3.py
index 0ca687d2eb..8e432b49af 100644
--- a/meta/recipes-devtools/python/python3/get_module_deps3.py
+++ b/meta/recipes-devtools/python/python3/get_module_deps3.py
@@ -32,7 +32,7 @@ def fix_path(dep_path):
dep_path = dep_path[dep_path.find(pivot)+len(pivot):]
if '/usr/bin' in dep_path:
- dep_path = dep_path.replace('/usr/bin''${bindir}')
+ dep_path = dep_path.replace('/usr/bin','${bindir}')
# Handle multilib, is there a better way?
if '/usr/lib32' in dep_path:
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 25/30] meson.bbclass: Point to llvm-config from native sysroot
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (23 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 24/30] python3: fix missing comma in get_module_deps3.py Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 26/30] oeqa/runtime/cases/rpm: fix wait_for_no_process_for_user failure case Steve Sakoman
` (5 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Khem Raj <raj.khem@gmail.com>
Default search in meson would grok /usr/bin for llvm-config and if found
will use it, which might add wrong paths into cflags/ldflags, since we
depend on llvm-native when building gallium support ( thats when
llvm-config is effective), its better to point llvm-config into native
sysroot so it can add correct paths into compiler/linker cmdline
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cc73360b9728812ed6123e30559b77d8e89cc21c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/meson.bbclass | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/classes/meson.bbclass b/meta/classes/meson.bbclass
index 19b54e0fdc..fb6660c1a2 100644
--- a/meta/classes/meson.bbclass
+++ b/meta/classes/meson.bbclass
@@ -105,6 +105,7 @@ nm = ${@meson_array('BUILD_NM', d)}
strip = ${@meson_array('BUILD_STRIP', d)}
readelf = ${@meson_array('BUILD_READELF', d)}
objcopy = ${@meson_array('BUILD_OBJCOPY', d)}
+llvm-config = '${STAGING_BINDIR_NATIVE}/llvm-config'
pkgconfig = 'pkg-config-native'
${@rust_tool(d, "BUILD_SYS")}
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 26/30] oeqa/runtime/cases/rpm: fix wait_for_no_process_for_user failure case
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (24 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 25/30] meson.bbclass: Point to llvm-config from native sysroot Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 27/30] oeqa/selftest/devtool: add unit test for "devtool add -b" Steve Sakoman
` (4 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
str.format() doesn't use % notation, update the formatting to work.
assertTrue() is a member of self not a global, and assertTrue(True) will
always pass. Change this to just self.fail() as this is the failure case.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 017f3a0b1265c1a3b69c20bdb56bbf446111977e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oeqa/runtime/cases/rpm.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/lib/oeqa/runtime/cases/rpm.py b/meta/lib/oeqa/runtime/cases/rpm.py
index 5bdce3d522..7226b8af6a 100644
--- a/meta/lib/oeqa/runtime/cases/rpm.py
+++ b/meta/lib/oeqa/runtime/cases/rpm.py
@@ -57,8 +57,8 @@ class RpmBasicTest(OERuntimeTestCase):
return
time.sleep(1)
user_pss = [ps for ps in output.split("\n") if u + ' ' in ps]
- msg = "There're %s 's process(es) still running: %s".format(u, "\n".join(user_pss))
- assertTrue(True, msg=msg)
+ msg = "User %s has processes still running: %s" % (u, "\n".join(user_pss))
+ self.fail(msg=msg)
def unset_up_test_user(u):
# ensure no test1 process in running
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 27/30] oeqa/selftest/devtool: add unit test for "devtool add -b"
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (25 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 26/30] oeqa/runtime/cases/rpm: fix wait_for_no_process_for_user failure case Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 28/30] openssl: add PERLEXTERNAL path to test its existence Steve Sakoman
` (3 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Yoann Congal <yoann.congal@smile.fr>
Fix [Yocto #15085]
Co-authored-by: Fawzi KHABER <fawzi.khaber@smile.fr>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d5eedf8ca689ccb433c2f5d0b324378f966dd627)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oeqa/selftest/cases/devtool.py | 32 +++++++++++++++++++++++++
1 file changed, 32 insertions(+)
diff --git a/meta/lib/oeqa/selftest/cases/devtool.py b/meta/lib/oeqa/selftest/cases/devtool.py
index 64179d4004..aea2ad6561 100644
--- a/meta/lib/oeqa/selftest/cases/devtool.py
+++ b/meta/lib/oeqa/selftest/cases/devtool.py
@@ -348,6 +348,38 @@ class DevtoolAddTests(DevtoolBase):
bindir = bindir[1:]
self.assertTrue(os.path.isfile(os.path.join(installdir, bindir, 'pv')), 'pv binary not found in D')
+ def test_devtool_add_binary(self):
+ # Create a binary package containing a known test file
+ tempdir = tempfile.mkdtemp(prefix='devtoolqa')
+ self.track_for_cleanup(tempdir)
+ pn = 'tst-bin'
+ pv = '1.0'
+ test_file_dir = "var/lib/%s/" % pn
+ test_file_name = "test_file"
+ test_file_content = "TEST CONTENT"
+ test_file_package_root = os.path.join(tempdir, pn)
+ test_file_dir_full = os.path.join(test_file_package_root, test_file_dir)
+ bb.utils.mkdirhier(test_file_dir_full)
+ with open(os.path.join(test_file_dir_full, test_file_name), "w") as f:
+ f.write(test_file_content)
+ bin_package_path = os.path.join(tempdir, "%s.tar.gz" % pn)
+ runCmd("tar czf %s -C %s ." % (bin_package_path, test_file_package_root))
+
+ # Test devtool add -b on the binary package
+ self.track_for_cleanup(self.workspacedir)
+ self.add_command_to_tearDown('bitbake -c cleansstate %s' % pn)
+ self.add_command_to_tearDown('bitbake-layers remove-layer */workspace')
+ result = runCmd('devtool add -b %s %s' % (pn, bin_package_path))
+ self.assertExists(os.path.join(self.workspacedir, 'conf', 'layer.conf'), 'Workspace directory not created')
+
+ # Build the resulting recipe
+ result = runCmd('devtool build %s' % pn)
+ installdir = get_bb_var('D', pn)
+ self.assertTrue(installdir, 'Could not query installdir variable')
+
+ # Check that a known file from the binary package has indeed been installed
+ self.assertTrue(os.path.isfile(os.path.join(installdir, test_file_dir, test_file_name)), '%s not found in D' % test_file_name)
+
def test_devtool_add_git_local(self):
# We need dbus built so that DEPENDS recognition works
bitbake('dbus')
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 28/30] openssl: add PERLEXTERNAL path to test its existence
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (26 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 27/30] oeqa/selftest/devtool: add unit test for "devtool add -b" Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 29/30] openssl: use a glob on the PERLEXTERNAL to track updates on the path Steve Sakoman
` (2 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Jose Quaresma <quaresma.jose@gmail.com>
When upstream change is better to fail or removing the PERL5LIB
if they are not need anymore.
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 337ac1159644678508990927923ef8af30f34cd7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-connectivity/openssl/openssl_3.0.9.bb | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.9.bb b/meta/recipes-connectivity/openssl/openssl_3.0.9.bb
index 849bd7e5a6..ba31418b4a 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.0.9.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.0.9.bb
@@ -137,7 +137,9 @@ do_configure () {
fi
# WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the
# environment variables set by bitbake. Adjust the environment variables instead.
- HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \
+ PERLEXTERNAL="${S}/external/perl/Text-Template-1.46/lib"
+ test -d "$PERLEXTERNAL" || bberror "PERLEXTERNAL '$PERLEXTERNAL' not found!"
+ HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="$PERLEXTERNAL" \
perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=$useprefix --openssldir=${libdir}/ssl-3 --libdir=${libdir} $target
perl ${B}/configdata.pm --dump
}
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 29/30] openssl: use a glob on the PERLEXTERNAL to track updates on the path
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (27 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 28/30] openssl: add PERLEXTERNAL path to test its existence Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 30/30] util-linux: add alternative links for ipcs,ipcrm Steve Sakoman
[not found] ` <1776B726C0E12BA1.27447@lists.openembedded.org>
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Jose Quaresma <quaresma.jose@gmail.com>
The Text-Template was updated from 1.46 to 1.56
| ERROR: openssl-native-3.1.1-r0 do_configure: PERLEXTERNAL '/build/tmp/work/x86_64-linux/openssl-native/3.1.1-r0/openssl-3.1.1/external/perl/Text-Template-1.46/lib' not found!
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b9a7739b01e31d0cc8358d99255e3e1b02a0a1a8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-connectivity/openssl/openssl_3.0.9.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.9.bb b/meta/recipes-connectivity/openssl/openssl_3.0.9.bb
index ba31418b4a..9738d36902 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.0.9.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.0.9.bb
@@ -137,7 +137,7 @@ do_configure () {
fi
# WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the
# environment variables set by bitbake. Adjust the environment variables instead.
- PERLEXTERNAL="${S}/external/perl/Text-Template-1.46/lib"
+ PERLEXTERNAL="$(realpath ${S}/external/perl/Text-Template-*/lib)"
test -d "$PERLEXTERNAL" || bberror "PERLEXTERNAL '$PERLEXTERNAL' not found!"
HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="$PERLEXTERNAL" \
perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=$useprefix --openssldir=${libdir}/ssl-3 --libdir=${libdir} $target
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 30/30] util-linux: add alternative links for ipcs,ipcrm
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (28 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 29/30] openssl: use a glob on the PERLEXTERNAL to track updates on the path Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
[not found] ` <1776B726C0E12BA1.27447@lists.openembedded.org>
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Benjamin Bouvier <benjamin.bouvier@ekinops.com>
When enabling ipcs and ipcrm configuration into busybox, both tools are
built and then deployed during do_rootfs. These operation lead to below
issue (similar behavior happens for ipcs):
do_rootfs: Postinstall scriptlets of ['busybox'] have failed. If the intention is to defer them to first boot,
then please place them into pkg_postinst_ontarget:${PN} ().
update-alternatives: Error: not linking .../build/tmp/work/board-poky-linux/board-image/1.0-r0/rootfs/usr/bin/ipcrm
to /bin/busybox since .../build/tmp/work/board-poky-linux/board-image/1.0-r0/rootfs/usr/bin/ipcrm exists and is not a link
Binaries enter in conflict with same named util-linux utilities during
do_rootfs step.
Adding ALTERNATIVE_LINK_NAME for both tools fix the issue.
Signed-off-by: Benjamin Bouvier <benjamin.bouvier@ekinops.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e4d60408b869c9cc2ccff794d4e271d993ec8a97)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-core/util-linux/util-linux_2.37.4.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-core/util-linux/util-linux_2.37.4.bb b/meta/recipes-core/util-linux/util-linux_2.37.4.bb
index f6d3ea2bc1..8866120eed 100644
--- a/meta/recipes-core/util-linux/util-linux_2.37.4.bb
+++ b/meta/recipes-core/util-linux/util-linux_2.37.4.bb
@@ -233,6 +233,8 @@ ALTERNATIVE_TARGET[getty] = "${base_sbindir}/agetty"
ALTERNATIVE_LINK_NAME[hexdump] = "${bindir}/hexdump"
ALTERNATIVE_LINK_NAME[hwclock] = "${base_sbindir}/hwclock"
ALTERNATIVE_LINK_NAME[ionice] = "${bindir}/ionice"
+ALTERNATIVE_LINK_NAME[ipcrm] = "${bindir}/ipcrm"
+ALTERNATIVE_LINK_NAME[ipcs] = "${bindir}/ipcs"
ALTERNATIVE_LINK_NAME[kill] = "${base_bindir}/kill"
ALTERNATIVE:${PN}-last = "last lastb"
ALTERNATIVE_LINK_NAME[last] = "${bindir}/last"
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* Re: [OE-core][kirkstone 14/30] gcc : upgrade to v11.4
[not found] ` <1776B726C0E12BA1.27447@lists.openembedded.org>
@ 2023-07-31 18:11 ` Steve Sakoman
0 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-31 18:11 UTC (permalink / raw)
To: steve; +Cc: openembedded-core
I see that there is some discussion on the list about possible
regressions from this patch, so I will remove it from this patch set
until the issues are resolved.
Steve
On Sun, Jul 30, 2023 at 8:01 AM Steve Sakoman via
lists.openembedded.org <steve=sakoman.com@lists.openembedded.org>
wrote:
>
> From: Sundeep KOKKONDA <sundeep.kokkonda@windriver.com>
>
> gcc stable version upgraded from v11.3 to v11.4
>
> For changes in v11.4 see - https://gcc.gnu.org/gcc-11/changes.html
>
> Below is the bug fix list for v11.4
> https://gcc.gnu.org/bugzilla/buglist.cgi?bug_status=RESOLVED&order=short_desc%2Cbug_status%2Cpriority%2Cassigned_to%2Cbug_id&query_format=advanced&resolution=FIXED&target_milestone=11.4
>
> There are a total 115 bugs are fixed in this release, below is the list of bugs fixed excluding the regression fixes.
>
> ID Product Comp Resolution Summary▲
> 108199 gcc tree-opt FIXE Bitfields, unions and SRA and storage_order_attribute
> 107801 gcc libstdc+ FIXE Building cross compiler for H8 family fails in libstdc++ (c++17/memory_resource.cc)
> 108265 gcc libstdc+ FIXE chrono::hh_mm_ss can't be constructed from unsigned durations
> 104443 gcc libstdc+ FIXE common_iterator<I, S>::operator-> is not correctly implemented
> 98056 gcc c++ FIXE coroutines: ICE tree check: expected record_type or union_type or qual_union_type, have array_type since r11-2183-g0f66b8486cea8668
> 107061 gcc target FIXE ENCODEKEY128 clobbers xmm4-xmm6
> 105433 gcc testsuit FIXE FAIL: gcc.target/i386/iamcu/test_3_element_struct_and_unions.c
> 105095 gcc testsuit FIXE gcc.dg/vect/complex/fast-math-complex-* tests are not executed
> 100474 gcc c++ FIXE ICE: in diagnose_trait_expr, at cp/constraint.cc:3706
> 105854 gcc target FIXE ICE: in extract_constrain_insn, at recog.cc:2692 (insn does not satisfy its constraints: sse2_lshrv1ti3)
> 104462 gcc target FIXE ICE: in extract_constrain_insn_cached, at recog.cc:2682 with -mavx512fp16 -mno-xsave
> 106045 gcc libgomp FIXE Incorrect testcase in libgomp.c/target-31.c at -O0
> 56189 gcc c++ FIXE Infinite recursion with noexcept when instantiating function template
> 100295 gcc c++ FIXE Internal compiler error from generic lambda capturing parameter pack and expanding it in if constexpr
> 100613 gcc jit FIXE libgccjit should produce dylib on macOS
> 104875 gcc libstdc+ FIXE libstdc++-v3/src/c++11/codecvt.cc:312:24: warning: left shift count >= width of type
> 107471 gcc libstdc+ FIXE mismatching constraints in common_iterator
> 105284 gcc libstdc+ FIXE missing syncstream and spanstream forward decl. in <iosfwd>
> 98821 gcc c++ FIXE modules : c++tools configures with CC but code fragments assume CXX.
> 109846 gcc fortran FIXE Pointer-valued function reference rejected as actual argument
> 101324 gcc target FIXE powerpc64le: hashst appears before mflr at -O1 or higher
> 102479 gcc c++ FIXE segfault when deducing class template arguments for tuple with libc++-14
> 105128 gcc libstdc+ FIXE source_location compile error for latest clang 15
> 106183 gcc libstdc+ FIXE std::atomic::wait might fail to be unblocked by notify_one/all on platforms without platform_wait()
> 102994 gcc libstdc+ FIXE std::atomic<ptr>::wait is not marked const
> 105324 gcc libstdc+ FIXE std::from_chars() assertion at floating_from_chars.cc:78 when parsing 1.11111111....
> 105375 gcc libstdc+ FIXE std::packaged_task has no deduction guide.
> 104602 gcc libstdc+ FIXE std::source_location::current uses cast from void*
> 106808 gcc libstdc+ FIXE std::string_view range concept requirement causes compile error with Boost.Filesystem
> 105725 gcc c++ FIXE [ICE] segfault with `-Wmismatched-tags`
> 105920 gcc target FIXE __builtin_cpu_supports ("f16c") should check AVX
>
> Signed-off-by: Sundeep KOKKONDA <sundeep.kokkonda@windriver.com>
> Signed-off-by: Steve Sakoman <steve@sakoman.com>
> ---
> meta/conf/distro/include/maintainers.inc | 2 +-
> .../gcc/{gcc-11.3.inc => gcc-11.4.inc} | 6 +-
> ...ian_11.3.bb => gcc-cross-canadian_11.4.bb} | 0
> .../{gcc-cross_11.3.bb => gcc-cross_11.4.bb} | 0
> ...-crosssdk_11.3.bb => gcc-crosssdk_11.4.bb} | 0
> ...cc-runtime_11.3.bb => gcc-runtime_11.4.bb} | 0
> ...itizers_11.3.bb => gcc-sanitizers_11.4.bb} | 0
> ...{gcc-source_11.3.bb => gcc-source_11.4.bb} | 0
> ...rch64-Update-Neoverse-N2-core-defini.patch | 20 ++--
> ...rm-add-armv9-a-architecture-to-march.patch | 54 +++++-----
> ...AMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch | 102 +++++++++---------
> ...s-fix-v4bx-to-linker-to-support-EABI.patch | 6 +-
> .../gcc/{gcc_11.3.bb => gcc_11.4.bb} | 0
> ...initial_11.3.bb => libgcc-initial_11.4.bb} | 0
> .../gcc/{libgcc_11.3.bb => libgcc_11.4.bb} | 0
> ...ibgfortran_11.3.bb => libgfortran_11.4.bb} | 0
> 16 files changed, 93 insertions(+), 97 deletions(-)
> rename meta/recipes-devtools/gcc/{gcc-11.3.inc => gcc-11.4.inc} (97%)
> rename meta/recipes-devtools/gcc/{gcc-cross-canadian_11.3.bb => gcc-cross-canadian_11.4.bb} (100%)
> rename meta/recipes-devtools/gcc/{gcc-cross_11.3.bb => gcc-cross_11.4.bb} (100%)
> rename meta/recipes-devtools/gcc/{gcc-crosssdk_11.3.bb => gcc-crosssdk_11.4.bb} (100%)
> rename meta/recipes-devtools/gcc/{gcc-runtime_11.3.bb => gcc-runtime_11.4.bb} (100%)
> rename meta/recipes-devtools/gcc/{gcc-sanitizers_11.3.bb => gcc-sanitizers_11.4.bb} (100%)
> rename meta/recipes-devtools/gcc/{gcc-source_11.3.bb => gcc-source_11.4.bb} (100%)
> rename meta/recipes-devtools/gcc/{gcc_11.3.bb => gcc_11.4.bb} (100%)
> rename meta/recipes-devtools/gcc/{libgcc-initial_11.3.bb => libgcc-initial_11.4.bb} (100%)
> rename meta/recipes-devtools/gcc/{libgcc_11.3.bb => libgcc_11.4.bb} (100%)
> rename meta/recipes-devtools/gcc/{libgfortran_11.3.bb => libgfortran_11.4.bb} (100%)
>
> diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc
> index 1d5e070223..bfc14951fe 100644
> --- a/meta/conf/distro/include/maintainers.inc
> +++ b/meta/conf/distro/include/maintainers.inc
> @@ -189,7 +189,7 @@ RECIPE_MAINTAINER:pn-gcc-cross-canadian-${TRANSLATED_TARGET_ARCH} = "Khem Raj <r
> RECIPE_MAINTAINER:pn-gcc-crosssdk-${SDK_SYS} = "Khem Raj <raj.khem@gmail.com>"
> RECIPE_MAINTAINER:pn-gcc-runtime = "Khem Raj <raj.khem@gmail.com>"
> RECIPE_MAINTAINER:pn-gcc-sanitizers = "Khem Raj <raj.khem@gmail.com>"
> -RECIPE_MAINTAINER:pn-gcc-source-11.3.0 = "Khem Raj <raj.khem@gmail.com>"
> +RECIPE_MAINTAINER:pn-gcc-source-11.4.0 = "Khem Raj <raj.khem@gmail.com>"
> RECIPE_MAINTAINER:pn-gconf = "Ross Burton <ross.burton@arm.com>"
> RECIPE_MAINTAINER:pn-gcr = "Alexander Kanavin <alex.kanavin@gmail.com>"
> RECIPE_MAINTAINER:pn-gdb = "Khem Raj <raj.khem@gmail.com>"
> diff --git a/meta/recipes-devtools/gcc/gcc-11.3.inc b/meta/recipes-devtools/gcc/gcc-11.4.inc
> similarity index 97%
> rename from meta/recipes-devtools/gcc/gcc-11.3.inc
> rename to meta/recipes-devtools/gcc/gcc-11.4.inc
> index ab2ece3cce..a907661df4 100644
> --- a/meta/recipes-devtools/gcc/gcc-11.3.inc
> +++ b/meta/recipes-devtools/gcc/gcc-11.4.inc
> @@ -2,11 +2,11 @@ require gcc-common.inc
>
> # Third digit in PV should be incremented after a minor release
>
> -PV = "11.3.0"
> +PV = "11.4.0"
>
> # BINV should be incremented to a revision after a minor gcc release
>
> -BINV = "11.3.0"
> +BINV = "11.4.0"
>
> FILESEXTRAPATHS =. "${FILE_DIRNAME}/gcc:${FILE_DIRNAME}/gcc/backport:"
>
> @@ -70,7 +70,7 @@ SRC_URI = "\
> file://0004-arm-add-armv9-a-architecture-to-march.patch \
> "
>
> -SRC_URI[sha256sum] = "b47cf2818691f5b1e21df2bb38c795fac2cfbd640ede2d0a5e1c89e338a3ac39"
> +SRC_URI[sha256sum] = "3f2db222b007e8a4a23cd5ba56726ef08e8b1f1eb2055ee72c1402cea73a8dd9"
>
> S = "${TMPDIR}/work-shared/gcc-${PV}-${PR}/gcc-${PV}"
>
> diff --git a/meta/recipes-devtools/gcc/gcc-cross-canadian_11.3.bb b/meta/recipes-devtools/gcc/gcc-cross-canadian_11.4.bb
> similarity index 100%
> rename from meta/recipes-devtools/gcc/gcc-cross-canadian_11.3.bb
> rename to meta/recipes-devtools/gcc/gcc-cross-canadian_11.4.bb
> diff --git a/meta/recipes-devtools/gcc/gcc-cross_11.3.bb b/meta/recipes-devtools/gcc/gcc-cross_11.4.bb
> similarity index 100%
> rename from meta/recipes-devtools/gcc/gcc-cross_11.3.bb
> rename to meta/recipes-devtools/gcc/gcc-cross_11.4.bb
> diff --git a/meta/recipes-devtools/gcc/gcc-crosssdk_11.3.bb b/meta/recipes-devtools/gcc/gcc-crosssdk_11.4.bb
> similarity index 100%
> rename from meta/recipes-devtools/gcc/gcc-crosssdk_11.3.bb
> rename to meta/recipes-devtools/gcc/gcc-crosssdk_11.4.bb
> diff --git a/meta/recipes-devtools/gcc/gcc-runtime_11.3.bb b/meta/recipes-devtools/gcc/gcc-runtime_11.4.bb
> similarity index 100%
> rename from meta/recipes-devtools/gcc/gcc-runtime_11.3.bb
> rename to meta/recipes-devtools/gcc/gcc-runtime_11.4.bb
> diff --git a/meta/recipes-devtools/gcc/gcc-sanitizers_11.3.bb b/meta/recipes-devtools/gcc/gcc-sanitizers_11.4.bb
> similarity index 100%
> rename from meta/recipes-devtools/gcc/gcc-sanitizers_11.3.bb
> rename to meta/recipes-devtools/gcc/gcc-sanitizers_11.4.bb
> diff --git a/meta/recipes-devtools/gcc/gcc-source_11.3.bb b/meta/recipes-devtools/gcc/gcc-source_11.4.bb
> similarity index 100%
> rename from meta/recipes-devtools/gcc/gcc-source_11.3.bb
> rename to meta/recipes-devtools/gcc/gcc-source_11.4.bb
> diff --git a/meta/recipes-devtools/gcc/gcc/0001-aarch64-Update-Neoverse-N2-core-defini.patch b/meta/recipes-devtools/gcc/gcc/0001-aarch64-Update-Neoverse-N2-core-defini.patch
> index 8429242348..a0c9db72e1 100644
> --- a/meta/recipes-devtools/gcc/gcc/0001-aarch64-Update-Neoverse-N2-core-defini.patch
> +++ b/meta/recipes-devtools/gcc/gcc/0001-aarch64-Update-Neoverse-N2-core-defini.patch
> @@ -19,24 +19,20 @@ diff --git a/gcc/config/aarch64/aarch64-cores.def b/gcc/config/aarch64/aarch64-c
> index 4643e0e27..3478e567a 100644
> --- a/gcc/config/aarch64/aarch64-cores.def
> +++ b/gcc/config/aarch64/aarch64-cores.def
> -@@ -145,9 +145,6 @@ AARCH64_CORE("neoverse-512tvb", neoverse512tvb, cortexa57, 8_4A, AARCH64_FL_FOR
> - /* Qualcomm ('Q') cores. */
> - AARCH64_CORE("saphira", saphira, saphira, 8_4A, AARCH64_FL_FOR_ARCH8_4 | AARCH64_FL_CRYPTO | AARCH64_FL_RCPC, saphira, 0x51, 0xC01, -1)
> -
> --/* Armv8.5-A Architecture Processors. */
> +@@ -147,7 +147,6 @@
> + AARCH64_CORE("saphira", saphira, saphira, 8_4A, AARCH64_FL_FOR_ARCH8_4 | AARCH64_FL_CRYPTO, saphira, 0x51, 0xC01, -1)
> +
> + /* Armv8.5-A Architecture Processors. */
> -AARCH64_CORE("neoverse-n2", neoversen2, cortexa57, 8_5A, AARCH64_FL_FOR_ARCH8_5 | AARCH64_FL_I8MM | AARCH64_FL_BF16 | AARCH64_FL_F16 | AARCH64_FL_SVE | AARCH64_FL_SVE2 | AARCH64_FL_SVE2_BITPERM | AARCH64_FL_RNG | AARCH64_FL_MEMTAG, neoversen2, 0x41, 0xd49, -1)
> --
> + AARCH64_CORE("neoverse-v2", neoversev2, cortexa57, 8_5A, AARCH64_FL_FOR_ARCH8_5 | AARCH64_FL_I8MM | AARCH64_FL_BF16 | AARCH64_FL_F16 | AARCH64_FL_SVE | AARCH64_FL_SVE2 | AARCH64_FL_SVE2_BITPERM | AARCH64_FL_RNG | AARCH64_FL_MEMTAG, neoverse512tvb, 0x41, 0xd4f, -1)
> +
> /* ARMv8-A big.LITTLE implementations. */
> -
> - AARCH64_CORE("cortex-a57.cortex-a53", cortexa57cortexa53, cortexa53, 8A, AARCH64_FL_FOR_ARCH8 | AARCH64_FL_CRC, cortexa57, 0x41, AARCH64_BIG_LITTLE (0xd07, 0xd03), -1)
> -@@ -163,4 +160,7 @@ AARCH64_CORE("cortex-a76.cortex-a55", cortexa76cortexa55, cortexa53, 8_2A, AAR
> +@@ -165,4 +164,7 @@
> /* Armv8-R Architecture Processors. */
> AARCH64_CORE("cortex-r82", cortexr82, cortexa53, 8R, AARCH64_FL_FOR_ARCH8_R, cortexa53, 0x41, 0xd15, -1)
> -
> +
> +/* Armv9-A Architecture Processors. */
> +AARCH64_CORE("neoverse-n2", neoversen2, cortexa57, 9A, AARCH64_FL_FOR_ARCH9 | AARCH64_FL_I8MM | AARCH64_FL_BF16 | AARCH64_FL_SVE2_BITPERM | AARCH64_FL_RNG | AARCH64_FL_MEMTAG | AARCH64_FL_PROFILE, neoversen2, 0x41, 0xd49, -1)
> +
> #undef AARCH64_CORE
> ---
> -2.32.0
>
> diff --git a/meta/recipes-devtools/gcc/gcc/0004-arm-add-armv9-a-architecture-to-march.patch b/meta/recipes-devtools/gcc/gcc/0004-arm-add-armv9-a-architecture-to-march.patch
> index 864c8b3017..b9b0988d5a 100644
> --- a/meta/recipes-devtools/gcc/gcc/0004-arm-add-armv9-a-architecture-to-march.patch
> +++ b/meta/recipes-devtools/gcc/gcc/0004-arm-add-armv9-a-architecture-to-march.patch
> @@ -43,10 +43,10 @@ Signed-off-by: Ruiqiang Hao <Ruiqiang.Hao@windriver.com>
> gcc/testsuite/lib/target-supports.exp | 3 ++-
> 9 files changed, 79 insertions(+), 8 deletions(-)
>
> -Index: gcc-11.3.0/gcc/config/arm/arm-cpus.in
> +Index: gcc/gcc/config/arm/arm-cpus.in
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/arm/arm-cpus.in
> -+++ gcc-11.3.0/gcc/config/arm/arm-cpus.in
> +--- a/gcc/config/arm/arm-cpus.in
> ++++ b/gcc/config/arm/arm-cpus.in
> @@ -132,6 +132,9 @@ define feature cmse
> # Architecture rel 8.1-M.
> define feature armv8_1m_main
> @@ -87,10 +87,10 @@ Index: gcc-11.3.0/gcc/config/arm/arm-cpus.in
> begin arch iwmmxt
> tune for iwmmxt
> tune flags LDSCHED STRONG XSCALE
> -Index: gcc-11.3.0/gcc/config/arm/arm-tables.opt
> +Index: gcc/gcc/config/arm/arm-tables.opt
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/arm/arm-tables.opt
> -+++ gcc-11.3.0/gcc/config/arm/arm-tables.opt
> +--- a/gcc/config/arm/arm-tables.opt
> ++++ b/gcc/config/arm/arm-tables.opt
> @@ -380,10 +380,13 @@ EnumValue
> Enum(arm_arch) String(armv8.1-m.main) Value(30)
>
> @@ -107,10 +107,10 @@ Index: gcc-11.3.0/gcc/config/arm/arm-tables.opt
>
> Enum
> Name(arm_fpu) Type(enum fpu_type)
> -Index: gcc-11.3.0/gcc/config/arm/arm.h
> +Index: gcc/gcc/config/arm/arm.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/arm/arm.h
> -+++ gcc-11.3.0/gcc/config/arm/arm.h
> +--- a/gcc/config/arm/arm.h
> ++++ b/gcc/config/arm/arm.h
> @@ -456,7 +456,8 @@ enum base_architecture
> BASE_ARCH_8A = 8,
> BASE_ARCH_8M_BASE = 8,
> @@ -121,10 +121,10 @@ Index: gcc-11.3.0/gcc/config/arm/arm.h
> };
>
> /* The major revision number of the ARM Architecture implemented by the target. */
> -Index: gcc-11.3.0/gcc/config/arm/t-aprofile
> +Index: gcc/gcc/config/arm/t-aprofile
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/arm/t-aprofile
> -+++ gcc-11.3.0/gcc/config/arm/t-aprofile
> +--- a/gcc/config/arm/t-aprofile
> ++++ b/gcc/config/arm/t-aprofile
> @@ -26,8 +26,8 @@
>
> # Arch and FPU variants to build libraries with
> @@ -180,10 +180,10 @@ Index: gcc-11.3.0/gcc/config/arm/t-aprofile
> - $(foreach ARCH, armv7-a armv8-a, \
> + $(foreach ARCH, armv7-a armv8-a armv9-a, \
> mthumb/march.$(ARCH)/mfloat-abi.soft=m$(MODE)/march.$(ARCH)/mfloat-abi.softfp))
> -Index: gcc-11.3.0/gcc/config/arm/t-arm-elf
> +Index: gcc/gcc/config/arm/t-arm-elf
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/arm/t-arm-elf
> -+++ gcc-11.3.0/gcc/config/arm/t-arm-elf
> +--- a/gcc/config/arm/t-arm-elf
> ++++ b/gcc/config/arm/t-arm-elf
> @@ -38,6 +38,8 @@ v7ve_fps := vfpv3-d16 vfpv3 vfpv3-d16-fp
> # it seems to work ok.
> v8_fps := simd fp16 crypto fp16+crypto dotprod fp16fml
> @@ -214,10 +214,10 @@ Index: gcc-11.3.0/gcc/config/arm/t-arm-elf
> MULTILIB_MATCHES += $(foreach ARCH, armv7e-m armv8-m.mainline, \
> march?armv7+fp=march?$(ARCH)+fp.dp)
>
> -Index: gcc-11.3.0/gcc/config/arm/t-multilib
> +Index: gcc/gcc/config/arm/t-multilib
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/arm/t-multilib
> -+++ gcc-11.3.0/gcc/config/arm/t-multilib
> +--- a/gcc/config/arm/t-multilib
> ++++ b/gcc/config/arm/t-multilib
> @@ -78,6 +78,8 @@ v8_4_a_simd_variants := $(call all_feat_
> v8_5_a_simd_variants := $(call all_feat_combs, simd fp16 crypto i8mm bf16)
> v8_6_a_simd_variants := $(call all_feat_combs, simd fp16 crypto i8mm bf16)
> @@ -244,10 +244,10 @@ Index: gcc-11.3.0/gcc/config/arm/t-multilib
> endif # Not APROFILE.
>
> # Use Thumb libraries for everything.
> -Index: gcc-11.3.0/gcc/doc/invoke.texi
> +Index: gcc/gcc/doc/invoke.texi
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/doc/invoke.texi
> -+++ gcc-11.3.0/gcc/doc/invoke.texi
> +--- a/gcc/doc/invoke.texi
> ++++ b/gcc/doc/invoke.texi
> @@ -19701,6 +19701,7 @@ Permissible names are:
> @samp{armv7-m}, @samp{armv7e-m},
> @samp{armv8-m.base}, @samp{armv8-m.main},
> @@ -256,10 +256,10 @@ Index: gcc-11.3.0/gcc/doc/invoke.texi
> @samp{iwmmxt} and @samp{iwmmxt2}.
>
> Additionally, the following architectures, which lack support for the
> -Index: gcc-11.3.0/gcc/testsuite/gcc.target/arm/multilib.exp
> +Index: gcc/gcc/testsuite/gcc.target/arm/multilib.exp
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/testsuite/gcc.target/arm/multilib.exp
> -+++ gcc-11.3.0/gcc/testsuite/gcc.target/arm/multilib.exp
> +--- a/gcc/testsuite/gcc.target/arm/multilib.exp
> ++++ b/gcc/testsuite/gcc.target/arm/multilib.exp
> @@ -135,6 +135,14 @@ if {[multilib_config "aprofile"] } {
> {-march=armv8.6-a+simd+fp16 -mfloat-abi=softfp} "thumb/v8-a+simd/softfp"
> {-march=armv8.6-a+simd+fp16+nofp -mfloat-abi=softfp} "thumb/v8-a/nofp"
> @@ -275,10 +275,10 @@ Index: gcc-11.3.0/gcc/testsuite/gcc.target/arm/multilib.exp
> {-mcpu=cortex-a53+crypto -mfloat-abi=hard} "thumb/v8-a+simd/hard"
> {-mcpu=cortex-a53+nofp -mfloat-abi=softfp} "thumb/v8-a/nofp"
> {-march=armv8-a+crc -mfloat-abi=hard -mfpu=vfp} "thumb/v8-a+simd/hard"
> -Index: gcc-11.3.0/gcc/testsuite/lib/target-supports.exp
> +Index: gcc/gcc/testsuite/lib/target-supports.exp
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/testsuite/lib/target-supports.exp
> -+++ gcc-11.3.0/gcc/testsuite/lib/target-supports.exp
> +--- a/gcc/testsuite/lib/target-supports.exp
> ++++ b/gcc/testsuite/lib/target-supports.exp
> @@ -4820,7 +4820,8 @@ foreach { armfunc armflag armdefs } {
> v8m_base "-march=armv8-m.base -mthumb -mfloat-abi=soft"
> __ARM_ARCH_8M_BASE__
> diff --git a/meta/recipes-devtools/gcc/gcc/0006-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch b/meta/recipes-devtools/gcc/gcc/0006-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch
> index b3515c9734..ece5873258 100644
> --- a/meta/recipes-devtools/gcc/gcc/0006-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch
> +++ b/meta/recipes-devtools/gcc/gcc/0006-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch
> @@ -39,10 +39,10 @@ Signed-off-by: Pavel Zhukov <pavel@zhukoff.net>
> gcc/config/sparc/linux64.h | 4 ++--
> 17 files changed, 53 insertions(+), 58 deletions(-)
>
> -Index: gcc-11.3.0/gcc/config/aarch64/aarch64-linux.h
> +Index: gcc/gcc/config/aarch64/aarch64-linux.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/aarch64/aarch64-linux.h
> -+++ gcc-11.3.0/gcc/config/aarch64/aarch64-linux.h
> +--- a/gcc/config/aarch64/aarch64-linux.h
> ++++ b/gcc/config/aarch64/aarch64-linux.h
> @@ -21,10 +21,10 @@
> #ifndef GCC_AARCH64_LINUX_H
> #define GCC_AARCH64_LINUX_H
> @@ -56,10 +56,10 @@ Index: gcc-11.3.0/gcc/config/aarch64/aarch64-linux.h
>
> #undef ASAN_CC1_SPEC
> #define ASAN_CC1_SPEC "%{%:sanitize(address):-funwind-tables}"
> -Index: gcc-11.3.0/gcc/config/alpha/linux-elf.h
> +Index: gcc/gcc/config/alpha/linux-elf.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/alpha/linux-elf.h
> -+++ gcc-11.3.0/gcc/config/alpha/linux-elf.h
> +--- a/gcc/config/alpha/linux-elf.h
> ++++ b/gcc/config/alpha/linux-elf.h
> @@ -23,8 +23,8 @@ along with GCC; see the file COPYING3.
> #define EXTRA_SPECS \
> { "elf_dynamic_linker", ELF_DYNAMIC_LINKER },
> @@ -71,10 +71,10 @@ Index: gcc-11.3.0/gcc/config/alpha/linux-elf.h
> #if DEFAULT_LIBC == LIBC_UCLIBC
> #define CHOOSE_DYNAMIC_LINKER(G, U) "%{mglibc:" G ";:" U "}"
> #elif DEFAULT_LIBC == LIBC_GLIBC
> -Index: gcc-11.3.0/gcc/config/arm/linux-eabi.h
> +Index: gcc/gcc/config/arm/linux-eabi.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/arm/linux-eabi.h
> -+++ gcc-11.3.0/gcc/config/arm/linux-eabi.h
> +--- a/gcc/config/arm/linux-eabi.h
> ++++ b/gcc/config/arm/linux-eabi.h
> @@ -65,8 +65,8 @@
> GLIBC_DYNAMIC_LINKER_DEFAULT and TARGET_DEFAULT_FLOAT_ABI. */
>
> @@ -95,10 +95,10 @@ Index: gcc-11.3.0/gcc/config/arm/linux-eabi.h
>
> /* At this point, bpabi.h will have clobbered LINK_SPEC. We want to
> use the GNU/Linux version, not the generic BPABI version. */
> -Index: gcc-11.3.0/gcc/config/arm/linux-elf.h
> +Index: gcc/gcc/config/arm/linux-elf.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/arm/linux-elf.h
> -+++ gcc-11.3.0/gcc/config/arm/linux-elf.h
> +--- a/gcc/config/arm/linux-elf.h
> ++++ b/gcc/config/arm/linux-elf.h
> @@ -60,7 +60,7 @@
>
> #define LIBGCC_SPEC "%{mfloat-abi=soft*:-lfloat} -lgcc"
> @@ -108,10 +108,10 @@ Index: gcc-11.3.0/gcc/config/arm/linux-elf.h
>
> #define LINUX_TARGET_LINK_SPEC "%{h*} \
> %{static:-Bstatic} \
> -Index: gcc-11.3.0/gcc/config/i386/linux.h
> +Index: gcc/gcc/config/i386/linux.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/i386/linux.h
> -+++ gcc-11.3.0/gcc/config/i386/linux.h
> +--- a/gcc/config/i386/linux.h
> ++++ b/gcc/config/i386/linux.h
> @@ -20,7 +20,7 @@ along with GCC; see the file COPYING3.
> <http://www.gnu.org/licenses/>. */
>
> @@ -122,10 +122,10 @@ Index: gcc-11.3.0/gcc/config/i386/linux.h
> #undef MUSL_DYNAMIC_LINKER
> -#define MUSL_DYNAMIC_LINKER "/lib/ld-musl-i386.so.1"
> +#define MUSL_DYNAMIC_LINKER SYSTEMLIBS_DIR "ld-musl-i386.so.1"
> -Index: gcc-11.3.0/gcc/config/i386/linux64.h
> +Index: gcc/gcc/config/i386/linux64.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/i386/linux64.h
> -+++ gcc-11.3.0/gcc/config/i386/linux64.h
> +--- a/gcc/config/i386/linux64.h
> ++++ b/gcc/config/i386/linux64.h
> @@ -27,13 +27,13 @@ see the files COPYING3 and COPYING.RUNTI
> #define GNU_USER_LINK_EMULATION64 "elf_x86_64"
> #define GNU_USER_LINK_EMULATIONX32 "elf32_x86_64"
> @@ -146,10 +146,10 @@ Index: gcc-11.3.0/gcc/config/i386/linux64.h
> #undef MUSL_DYNAMIC_LINKERX32
> -#define MUSL_DYNAMIC_LINKERX32 "/lib/ld-musl-x32.so.1"
> +#define MUSL_DYNAMIC_LINKERX32 SYSTEMLIBS_DIR "ld-musl-x32.so.1"
> -Index: gcc-11.3.0/gcc/config/linux.h
> +Index: gcc/gcc/config/linux.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/linux.h
> -+++ gcc-11.3.0/gcc/config/linux.h
> +--- a/gcc/config/linux.h
> ++++ b/gcc/config/linux.h
> @@ -94,10 +94,10 @@ see the files COPYING3 and COPYING.RUNTI
> GLIBC_DYNAMIC_LINKER must be defined for each target using them, or
> GLIBC_DYNAMIC_LINKER32 and GLIBC_DYNAMIC_LINKER64 for targets
> @@ -165,10 +165,10 @@ Index: gcc-11.3.0/gcc/config/linux.h
> #define BIONIC_DYNAMIC_LINKER "/system/bin/linker"
> #define BIONIC_DYNAMIC_LINKER32 "/system/bin/linker"
> #define BIONIC_DYNAMIC_LINKER64 "/system/bin/linker64"
> -Index: gcc-11.3.0/gcc/config/microblaze/linux.h
> +Index: gcc/gcc/config/microblaze/linux.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/microblaze/linux.h
> -+++ gcc-11.3.0/gcc/config/microblaze/linux.h
> +--- a/gcc/config/microblaze/linux.h
> ++++ b/gcc/config/microblaze/linux.h
> @@ -28,7 +28,7 @@
> #undef TLS_NEEDS_GOT
> #define TLS_NEEDS_GOT 1
> @@ -187,10 +187,10 @@ Index: gcc-11.3.0/gcc/config/microblaze/linux.h
>
> #undef SUBTARGET_EXTRA_SPECS
> #define SUBTARGET_EXTRA_SPECS \
> -Index: gcc-11.3.0/gcc/config/mips/linux.h
> +Index: gcc/gcc/config/mips/linux.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/mips/linux.h
> -+++ gcc-11.3.0/gcc/config/mips/linux.h
> +--- a/gcc/config/mips/linux.h
> ++++ b/gcc/config/mips/linux.h
> @@ -22,29 +22,29 @@ along with GCC; see the file COPYING3.
> #define GNU_USER_LINK_EMULATIONN32 "elf32%{EB:b}%{EL:l}tsmipn32"
>
> @@ -230,10 +230,10 @@ Index: gcc-11.3.0/gcc/config/mips/linux.h
>
> #define BIONIC_DYNAMIC_LINKERN32 "/system/bin/linker32"
> #define GNU_USER_DYNAMIC_LINKERN32 \
> -Index: gcc-11.3.0/gcc/config/nios2/linux.h
> +Index: gcc/gcc/config/nios2/linux.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/nios2/linux.h
> -+++ gcc-11.3.0/gcc/config/nios2/linux.h
> +--- a/gcc/config/nios2/linux.h
> ++++ b/gcc/config/nios2/linux.h
> @@ -29,7 +29,7 @@
> #undef CPP_SPEC
> #define CPP_SPEC "%{posix:-D_POSIX_SOURCE} %{pthread:-D_REENTRANT}"
> @@ -243,10 +243,10 @@ Index: gcc-11.3.0/gcc/config/nios2/linux.h
>
> #undef LINK_SPEC
> #define LINK_SPEC LINK_SPEC_ENDIAN \
> -Index: gcc-11.3.0/gcc/config/riscv/linux.h
> +Index: gcc/gcc/config/riscv/linux.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/riscv/linux.h
> -+++ gcc-11.3.0/gcc/config/riscv/linux.h
> +--- a/gcc/config/riscv/linux.h
> ++++ b/gcc/config/riscv/linux.h
> @@ -22,7 +22,7 @@ along with GCC; see the file COPYING3.
> GNU_USER_TARGET_OS_CPP_BUILTINS(); \
> } while (0)
> @@ -265,10 +265,10 @@ Index: gcc-11.3.0/gcc/config/riscv/linux.h
>
> /* Because RISC-V only has word-sized atomics, it requries libatomic where
> others do not. So link libatomic by default, as needed. */
> -Index: gcc-11.3.0/gcc/config/rs6000/linux64.h
> +Index: gcc/gcc/config/rs6000/linux64.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/rs6000/linux64.h
> -+++ gcc-11.3.0/gcc/config/rs6000/linux64.h
> +--- a/gcc/config/rs6000/linux64.h
> ++++ b/gcc/config/rs6000/linux64.h
> @@ -336,24 +336,19 @@ extern int dot_symbols;
> #undef LINK_OS_DEFAULT_SPEC
> #define LINK_OS_DEFAULT_SPEC "%(link_os_linux)"
> @@ -299,10 +299,10 @@ Index: gcc-11.3.0/gcc/config/rs6000/linux64.h
>
> #undef DEFAULT_ASM_ENDIAN
> #if (TARGET_DEFAULT & MASK_LITTLE_ENDIAN)
> -Index: gcc-11.3.0/gcc/config/rs6000/sysv4.h
> +Index: gcc/gcc/config/rs6000/sysv4.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/rs6000/sysv4.h
> -+++ gcc-11.3.0/gcc/config/rs6000/sysv4.h
> +--- a/gcc/config/rs6000/sysv4.h
> ++++ b/gcc/config/rs6000/sysv4.h
> @@ -780,10 +780,10 @@ GNU_USER_TARGET_CC1_SPEC
>
> #define MUSL_DYNAMIC_LINKER_E ENDIAN_SELECT("","le","")
> @@ -316,10 +316,10 @@ Index: gcc-11.3.0/gcc/config/rs6000/sysv4.h
>
> #ifndef GNU_USER_DYNAMIC_LINKER
> #define GNU_USER_DYNAMIC_LINKER GLIBC_DYNAMIC_LINKER
> -Index: gcc-11.3.0/gcc/config/s390/linux.h
> +Index: gcc/gcc/config/s390/linux.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/s390/linux.h
> -+++ gcc-11.3.0/gcc/config/s390/linux.h
> +--- a/gcc/config/s390/linux.h
> ++++ b/gcc/config/s390/linux.h
> @@ -72,13 +72,13 @@ along with GCC; see the file COPYING3.
> #define MULTILIB_DEFAULTS { "m31" }
> #endif
> @@ -338,10 +338,10 @@ Index: gcc-11.3.0/gcc/config/s390/linux.h
>
> #undef LINK_SPEC
> #define LINK_SPEC \
> -Index: gcc-11.3.0/gcc/config/sh/linux.h
> +Index: gcc/gcc/config/sh/linux.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/sh/linux.h
> -+++ gcc-11.3.0/gcc/config/sh/linux.h
> +--- a/gcc/config/sh/linux.h
> ++++ b/gcc/config/sh/linux.h
> @@ -61,10 +61,10 @@ along with GCC; see the file COPYING3.
>
> #undef MUSL_DYNAMIC_LINKER
> @@ -355,10 +355,10 @@ Index: gcc-11.3.0/gcc/config/sh/linux.h
>
> #undef SUBTARGET_LINK_EMUL_SUFFIX
> #define SUBTARGET_LINK_EMUL_SUFFIX "%{mfdpic:_fd;:_linux}"
> -Index: gcc-11.3.0/gcc/config/sparc/linux.h
> +Index: gcc/gcc/config/sparc/linux.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/sparc/linux.h
> -+++ gcc-11.3.0/gcc/config/sparc/linux.h
> +--- a/gcc/config/sparc/linux.h
> ++++ b/gcc/config/sparc/linux.h
> @@ -78,7 +78,7 @@ extern const char *host_detect_local_cpu
> When the -shared link option is used a final link is not being
> done. */
> @@ -368,10 +368,10 @@ Index: gcc-11.3.0/gcc/config/sparc/linux.h
>
> #undef LINK_SPEC
> #define LINK_SPEC "-m elf32_sparc %{shared:-shared} \
> -Index: gcc-11.3.0/gcc/config/sparc/linux64.h
> +Index: gcc/gcc/config/sparc/linux64.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/sparc/linux64.h
> -+++ gcc-11.3.0/gcc/config/sparc/linux64.h
> +--- a/gcc/config/sparc/linux64.h
> ++++ b/gcc/config/sparc/linux64.h
> @@ -78,8 +78,8 @@ along with GCC; see the file COPYING3.
> When the -shared link option is used a final link is not being
> done. */
> diff --git a/meta/recipes-devtools/gcc/gcc/0009-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch b/meta/recipes-devtools/gcc/gcc/0009-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch
> index 0f94936140..1ec942e977 100644
> --- a/meta/recipes-devtools/gcc/gcc/0009-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch
> +++ b/meta/recipes-devtools/gcc/gcc/0009-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch
> @@ -18,10 +18,10 @@ Upstream-Status: Pending
> gcc/config/arm/linux-eabi.h | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> -Index: gcc-11.3.0/gcc/config/arm/linux-eabi.h
> +Index: gcc/gcc/config/arm/linux-eabi.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/arm/linux-eabi.h
> -+++ gcc-11.3.0/gcc/config/arm/linux-eabi.h
> +--- a/gcc/config/arm/linux-eabi.h
> ++++ b/gcc/config/arm/linux-eabi.h
> @@ -91,10 +91,14 @@
> #define MUSL_DYNAMIC_LINKER \
> SYSTEMLIBS_DIR "ld-musl-arm" MUSL_DYNAMIC_LINKER_E "%{mfloat-abi=hard:hf}%{mfdpic:-fdpic}.so.1"
> diff --git a/meta/recipes-devtools/gcc/gcc_11.3.bb b/meta/recipes-devtools/gcc/gcc_11.4.bb
> similarity index 100%
> rename from meta/recipes-devtools/gcc/gcc_11.3.bb
> rename to meta/recipes-devtools/gcc/gcc_11.4.bb
> diff --git a/meta/recipes-devtools/gcc/libgcc-initial_11.3.bb b/meta/recipes-devtools/gcc/libgcc-initial_11.4.bb
> similarity index 100%
> rename from meta/recipes-devtools/gcc/libgcc-initial_11.3.bb
> rename to meta/recipes-devtools/gcc/libgcc-initial_11.4.bb
> diff --git a/meta/recipes-devtools/gcc/libgcc_11.3.bb b/meta/recipes-devtools/gcc/libgcc_11.4.bb
> similarity index 100%
> rename from meta/recipes-devtools/gcc/libgcc_11.3.bb
> rename to meta/recipes-devtools/gcc/libgcc_11.4.bb
> diff --git a/meta/recipes-devtools/gcc/libgfortran_11.3.bb b/meta/recipes-devtools/gcc/libgfortran_11.4.bb
> similarity index 100%
> rename from meta/recipes-devtools/gcc/libgfortran_11.3.bb
> rename to meta/recipes-devtools/gcc/libgfortran_11.4.bb
> --
> 2.34.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#185092): https://lists.openembedded.org/g/openembedded-core/message/185092
> Mute This Topic: https://lists.openembedded.org/mt/100447625/3620601
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 33+ messages in thread
end of thread, other threads:[~2023-07-31 18:11 UTC | newest]
Thread overview: 33+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 01/30] libjpeg-turbo: patch CVE-2023-2804 Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 02/30] python3: ignore CVE-2023-36632 Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 03/30] tiff: fix multiple CVEs Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 04/30] go: fix CVE-2023-29406 net/http insufficient sanitization of Host header Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 05/30] tiff: fix multiple CVEs Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 06/30] libtiff: fix CVE-2023-26965 heap-based use after free Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 07/30] openssh: fix CVE-2023-38408 Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 08/30] dmidecode: fix CVE-2023-30630 Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 09/30] python3: upgrade 3.10.9 -> 3.10.12 Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 10/30] diffutils: update 3.9 -> 3.10 Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 11/30] libassuan: upgrade 2.5.5 -> 2.5.6 Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 12/30] libksba: upgrade 1.6.3 -> 1.6.4 Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 13/30] lttng-ust: upgrade 2.13.5 -> 2.13.6 Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 14/30] gcc : upgrade to v11.4 Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 15/30] libxcrypt: fix build with perl-5.38 and use master branch Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 16/30] kernel: add missing path to search for debug files Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 17/30] recipetool: Fix inherit in created -native* recipes Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 18/30] systemd-systemctl: fix errors in instance name expansion Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 19/30] uboot-extlinux-config.bbclass: fix old override syntax in comment Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 20/30] mdadm: fix util-linux ptest dependency Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 21/30] mdadm: fix 07revert-inplace ptest Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 22/30] mdadm: fix segfaults when running ptests Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 23/30] mdadm: skip running known broken ptests Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 24/30] python3: fix missing comma in get_module_deps3.py Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 25/30] meson.bbclass: Point to llvm-config from native sysroot Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 26/30] oeqa/runtime/cases/rpm: fix wait_for_no_process_for_user failure case Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 27/30] oeqa/selftest/devtool: add unit test for "devtool add -b" Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 28/30] openssl: add PERLEXTERNAL path to test its existence Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 29/30] openssl: use a glob on the PERLEXTERNAL to track updates on the path Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 30/30] util-linux: add alternative links for ipcs,ipcrm Steve Sakoman
[not found] ` <1776B726C0E12BA1.27447@lists.openembedded.org>
2023-07-31 18:11 ` [OE-core][kirkstone 14/30] gcc : upgrade to v11.4 Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2022-07-03 19:35 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.