[OE-core][dunfell 00/18] Patch review

[OE-core][dunfell 00/18] Patch review

[Steve Sakoman]

Please review this next set of patches for dunfell and have comments back
by end of day Wednesday.

The following changes since commit ea886d57db917a41a0d106a15e1e96c72d6407b0:

  kernel-yocto: account for extracted defconfig in elements check (2020-07-23 04:07:37 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Ahmad Fatoum (1):
  core: glib-2.0: fix requested libmount/mkostemp/selinux not being
    linked in

Armin Kuster (1):
  glibc: Secruity fix for CVE-2020-6096

Bruce Ashfield (2):
  linux-yocto/5.4: update to v5.4.51
  linux-yocto-rt/5.4: fix mmdrop stress test issues

Changqing Li (1):
  gtk-immodules-cache.bbclass: fix post install scriptlet error

Chen Qi (1):
  rpm: fix nativesdk's default var location

Daniel Ammann (1):
  image.bbclass: improve wording when image size exceeds the specified
    limit

Joshua Watt (2):
  classes/cmake: Fix host detection
  classes/package: Use HOST_OS for runtime dependencies

Kevin Hao (3):
  wic/filemap: Drop the unused block_is_unmapped()
  wic/filemap: Drop the unused get_unmapped_ranges()
  wic/filemap: Fall back to standard copy when no way to get the block
    map

Kurt Kiefer (1):
  linux-firmware: add ibt-20 package

Lee Chee Yang (1):
  buildhistory: use pid for temporary txt file name

Richard Purdie (1):
  oeqa/qemurunner: Add priority/nice information for running processes

Robert Yang (1):
  openssl: openssl-bin requires openssl-conf to run

Ross Burton (1):
  startup-notification: add time_t type mismatch patch from upstream

Sakib Sajal (1):
  busybox: make hwclock compatible with glibc 2.31

 meta/classes/buildhistory.bbclass             |  11 +-
 meta/classes/cmake.bbclass                    |  19 +-
 meta/classes/gtk-immodules-cache.bbclass      |   1 +
 meta/classes/image.bbclass                    |   4 +-
 meta/classes/package.bbclass                  |  10 +-
 meta/lib/oeqa/utils/qemurunner.py             |   2 +-
 meta/lib/oeqa/utils/qemutinyrunner.py         |   2 +-
 .../openssl/openssl_1.1.1g.bb                 |   2 +
 ...1-hwclock-make-glibc-2.31-compatible.patch |  83 ++++++++
 meta/recipes-core/busybox/busybox_1.31.1.bb   |   1 +
 ...ot-hardcode-linux-as-the-host-system.patch |  49 +++++
 meta/recipes-core/glib-2.0/glib-2.0_2.62.4.bb |   1 +
 .../glibc/glibc/CVE-2020-6096.patch           | 112 ++++++++++
 .../glibc/glibc/CVE-2020-6096_2.patch         | 194 ++++++++++++++++++
 meta/recipes-core/glibc/glibc_2.31.bb         |   2 +
 meta/recipes-devtools/rpm/rpm_4.14.2.1.bb     |   2 +-
 .../startup-notification-0.12/time_t.patch    | 108 ++++++++++
 .../startup-notification_0.12.bb              |   1 +
 .../linux-firmware/linux-firmware_20200619.bb |   4 +
 .../linux/linux-yocto-rt_5.4.bb               |   6 +-
 .../linux/linux-yocto-tiny_5.4.bb             |   8 +-
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  |  22 +-
 scripts/lib/wic/filemap.py                    |  75 +++----
 23 files changed, 630 insertions(+), 89 deletions(-)
 create mode 100644 meta/recipes-core/busybox/busybox/0001-hwclock-make-glibc-2.31-compatible.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/0020-meson.build-do-not-hardcode-linux-as-the-host-system.patch
 create mode 100644 meta/recipes-core/glibc/glibc/CVE-2020-6096.patch
 create mode 100644 meta/recipes-core/glibc/glibc/CVE-2020-6096_2.patch
 create mode 100644 meta/recipes-graphics/startup-notification/startup-notification-0.12/time_t.patch

-- 
2.17.1

[OE-core][dunfell 00/18] Patch review

[Steve Sakoman]

Please review this next set of changes for dunfell and have comments back
by end of day Wednesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/1350

NOTE: json-c: Fix CVE-2020-12762 has a line longer than 988 characters and thus
breaks send-pull-request.  I've truncated that line and tagged it with a <snip>

The full patch is of course  available in the git repo linked below.

The following changes since commit 0d4d0df6084cce3c3d9051db88f3199a030d3352:

  linux-firmware: update 20200721 -> 20200817 (2020-09-01 05:45:54 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Anibal Limon (1):
  recipes-kernel: linux-firmware add qcom-venus-{5.2,5.4} packages

Bruce Ashfield (1):
  kernel-yocto: checksum all modifications to available kernel fragments
    directories

Joshua Watt (1):
  oeqa: sdk: Capture stderr output

Khem Raj (3):
  json-c: Fix CVE-2020-12762
  util-linux: Allow update alternatives for additional apps
  json-glib: Backport a build fix with clang

Martin Jansa (1):
  devtool: expand SRC_URI when guessing recipe update mode

Michael Tretter (1):
  devtool: deploy-target: Fix size calculation for hard links

Nicolas Dechesne (1):
  linux-libc-headers: kernel headers are installed in
    STAGING_KERNEL_BUILDDIR

Rasmus Villemoes (1):
  cml1: Move find_cfgs() helper to cml1.bbclass

Richard Purdie (1):
  selftest/prservice: Improve test failure message

Ross Burton (2):
  package.bbclass: explode the RPROVIDES so we don't think the versions
    are provides
  insane: improve gnu-hash-style warning

Steve Sakoman (1):
  sanity.conf: update BB_MIN_VERSION to 1.46.0

Sumit Garg (1):
  insane: fix gnu-hash-style check

Vijai Kumar K (1):
  wic: misc: Add /bin to the list of searchpaths

Yann Dirson (1):
  package: get_package_mapping: avoid dependency mapping if renamed
    package provides original name

hongxu (1):
  sysstat: fix installed-vs-shipped QA Issue in systemd

 meta/classes/cml1.bbclass                     |  10 +
 meta/classes/insane.bbclass                   |   5 +-
 meta/classes/kernel-yocto.bbclass             |  16 ++
 meta/classes/package.bbclass                  |  18 +-
 meta/conf/sanity.conf                         |   2 +-
 meta/lib/oeqa/sdk/case.py                     |   2 +-
 meta/lib/oeqa/sdk/cases/assimp.py             |   2 +-
 meta/lib/oeqa/sdk/cases/buildcpio.py          |   2 +-
 meta/lib/oeqa/sdk/cases/buildepoxy.py         |   2 +-
 meta/lib/oeqa/sdk/cases/buildgalculator.py    |   2 +-
 meta/lib/oeqa/sdk/cases/buildlzip.py          |   2 +-
 meta/lib/oeqa/selftest/cases/prservice.py     |   4 +-
 meta/recipes-bsp/u-boot/u-boot.inc            |  10 -
 meta/recipes-core/busybox/busybox.inc         |  10 -
 meta/recipes-core/util-linux/util-linux.inc   |   3 +
 .../json-c/json-c/CVE-2020-12762.patch        | 231 ++++++++++++++++++
 meta/recipes-devtools/json-c/json-c_0.13.1.bb |   1 +
 meta/recipes-extended/sysstat/sysstat.inc     |   2 +-
 ...o-instead-of-cast-to-convert-pointer.patch |  33 +++
 .../json-glib/json-glib_1.4.4.bb              |   4 +-
 .../linux-firmware/linux-firmware_20200817.bb |   6 +-
 .../linux-libc-headers/linux-libc-headers.inc |   2 +-
 scripts/lib/devtool/deploy.py                 |   8 +-
 scripts/lib/devtool/standard.py               |   2 +-
 scripts/lib/wic/misc.py                       |   5 +-
 25 files changed, 341 insertions(+), 43 deletions(-)
 create mode 100644 meta/recipes-devtools/json-c/json-c/CVE-2020-12762.patch
 create mode 100644 meta/recipes-gnome/json-glib/json-glib/0001-scanner-use-macro-instead-of-cast-to-convert-pointer.patch

-- 
2.17.1

[OE-core][dunfell 01/18] package.bbclass: explode the RPROVIDES so we don't think the versions are provides

[Steve Sakoman]

From: Ross Burton <ross.burton@arm.com>

emit_pkgdata() creates symlinks for each of the RPROVIDES in
pkgdata/MACHINE/runtime-rprovides.  However this string can contain
versions which results in directories called (=2.32), so pass the
RPROVIDES string through bb.utils.explode_deps() to strip the versions
out.

Helps mitigate - but not solve - #13999.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6a5395dec34192db233bfb2a060e5ccc99708f03)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/package.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/package.bbclass b/meta/classes/package.bbclass
index 2d96e646da..23ff4772fa 100644
--- a/meta/classes/package.bbclass
+++ b/meta/classes/package.bbclass
@@ -1544,7 +1544,7 @@ fi
         # Symlinks needed for rprovides lookup
         rprov = d.getVar('RPROVIDES_%s' % pkg) or d.getVar('RPROVIDES')
         if rprov:
-            for p in rprov.strip().split():
+            for p in bb.utils.explode_deps(rprov):
                 subdata_sym = pkgdatadir + "/runtime-rprovides/%s/%s" % (p, pkg)
                 bb.utils.mkdirhier(os.path.dirname(subdata_sym))
                 oe.path.symlink("../../runtime/%s" % pkg, subdata_sym, True)
-- 
2.17.1

[OE-core][dunfell 02/18] devtool: expand SRC_URI when guessing recipe update mode

[Steve Sakoman]

From: Martin Jansa <Martin.Jansa@gmail.com>

* I have recipes which use variable inside SRC_URI, e.g.:
  ROS_BRANCH ?= "branch=release/melodic/swri_nodelet"
  SRC_URI = "git://github.com/swri-robotics-gbp/marti_common-release;${ROS_BRANCH};protocol=https"

  and devtool modify works fine, but devtool finish fails with:

  $ devtool finish --force-patch-refresh swri-nodelet meta-ros/meta-ros1-melodic/
  ...
  Traceback (most recent call last):
    File "/OE/openembedded-core/scripts/devtool", line 334, in <module>
      ret = main()
    File "/OE/openembedded-core/scripts/devtool", line 321, in main
      ret = args.func(args, config, basepath, workspace)
    File "/OE/openembedded-core/scripts/lib/devtool/standard.py", line 2082, in finish
      updated, appendfile, removed = _update_recipe(args.recipename, workspace, rd, args.mode, appendlayerdir, wildcard_version=True, no_remove=False, no_report_remove=removing_original, initial_rev=args.initial_rev, dry_run_outdir=dry_run_outdir, no_overrides=args.no_overrides, force_patch_refresh=args.force_patch_refresh)
    File "/OE/openembedded-core/scripts/lib/devtool/standard.py", line 1737, in _update_recipe
      mode = _guess_recipe_update_mode(srctree, rd)
    File "/OE/openembedded-core/scripts/lib/devtool/standard.py", line 1721, in _guess_recipe_update_mode
      params = bb.fetch.decodeurl(uri)[5]
    File "/OE/bitbake/lib/bb/fetch2/__init__.py", line 390, in decodeurl
      raise MalformedUrl(url, "The URL: '%s' is invalid: parameter %s does not specify a value (missing '=')" % (url, s))
  bb.fetch2.MalformedUrl: The URL: 'git://github.com/swri-robotics-gbp/marti_common-release;${ROS_BRANCH};protocol=https' is invalid: parameter ${ROS_BRANCH} does not specify a value (missing '=')

  let it expand the SRC_URI before trying to decode it.

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3535cfdbf3d77f550b804276f957acf859da484f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 scripts/lib/devtool/standard.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/lib/devtool/standard.py b/scripts/lib/devtool/standard.py
index bab644b83a..d140b97de1 100644
--- a/scripts/lib/devtool/standard.py
+++ b/scripts/lib/devtool/standard.py
@@ -1711,7 +1711,7 @@ def _update_recipe_patch(recipename, workspace, srctree, rd, appendlayerdir, wil
 
 def _guess_recipe_update_mode(srctree, rdata):
     """Guess the recipe update mode to use"""
-    src_uri = (rdata.getVar('SRC_URI', False) or '').split()
+    src_uri = (rdata.getVar('SRC_URI') or '').split()
     git_uris = [uri for uri in src_uri if uri.startswith('git://')]
     if not git_uris:
         return 'patch'
-- 
2.17.1

[OE-core][dunfell 03/18] kernel-yocto: checksum all modifications to available kernel fragments directories

[Steve Sakoman]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

This is based on the patch from Zhaolong Zhang <zhangzl2013@126.com>
[kernel-yocto: checksum indirect cfg and scc files]

While the recommended manner to share/reuse feature fragments is to
maintain them in a kernel-meta repository and track the changes via the
standard SRCREV fetcher mechanism, that method is not always practical
for small sets of features or for quick testing of changes.

These other flows use .scc files on the SRC_URI. It has been noted that
config fragments or other features indirectly included by those .scc
files will not trigger the kernel meta-data to be re-run and hence a
build can continue with stale data (or not be triggered at all).

To solve this issue, we can collect the directories that are searchable
via FILESEXTRAPATHS and add them to the do_kernel_metadata task
checksum.

This allows modifications, additions and removals from the potential
kernel feature directories to trigger a re-execution of the meta data
task.

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 09f4db415fb6a1398e9e9b359630043c833f6118)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/kernel-yocto.bbclass | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/meta/classes/kernel-yocto.bbclass b/meta/classes/kernel-yocto.bbclass
index 3311f6e84e..cc8bcb909a 100644
--- a/meta/classes/kernel-yocto.bbclass
+++ b/meta/classes/kernel-yocto.bbclass
@@ -85,6 +85,21 @@ def get_machine_branch(d, default):
 	    
     return default
 
+# returns a list of all directories that are on FILESEXTRAPATHS (and
+# hence available to the build) that contain .scc or .cfg files
+def get_dirs_with_fragments(d):
+    extrapaths = []
+    extrafiles = []
+    extrapathsvalue = (d.getVar("FILESEXTRAPATHS") or "")
+    # Remove default flag which was used for checking
+    extrapathsvalue = extrapathsvalue.replace("__default:", "")
+    extrapaths = extrapathsvalue.split(":")
+    for path in extrapaths:
+        if path + ":True" not in extrafiles:
+            extrafiles.append(path + ":" + str(os.path.exists(path)))
+
+    return " ".join(extrafiles)
+
 do_kernel_metadata() {
 	set +e
 	cd ${S}
@@ -330,6 +345,7 @@ do_kernel_checkout[dirs] = "${S}"
 addtask kernel_checkout before do_kernel_metadata after do_symlink_kernsrc
 addtask kernel_metadata after do_validate_branches do_unpack before do_patch
 do_kernel_metadata[depends] = "kern-tools-native:do_populate_sysroot"
+do_kernel_metadata[file-checksums] = " ${@get_dirs_with_fragments(d)}"
 do_validate_branches[depends] = "kern-tools-native:do_populate_sysroot"
 
 do_kernel_configme[depends] += "virtual/${TARGET_PREFIX}binutils:do_populate_sysroot"
-- 
2.17.1

[OE-core][dunfell 04/18] json-c: Fix CVE-2020-12762

[Steve Sakoman]

From: Khem Raj <raj.khem@gmail.com>

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../json-c/json-c/CVE-2020-12762.patch        | 231 ++++++++++++++++++
 meta/recipes-devtools/json-c/json-c_0.13.1.bb |   1 +
 2 files changed, 232 insertions(+)
 create mode 100644 meta/recipes-devtools/json-c/json-c/CVE-2020-12762.patch

diff --git a/meta/recipes-devtools/json-c/json-c/CVE-2020-12762.patch b/meta/recipes-devtools/json-c/json-c/CVE-2020-12762.patch
new file mode 100644
index 0000000000..50674f0c5c
--- /dev/null
+++ b/meta/recipes-devtools/json-c/json-c/CVE-2020-12762.patch
@@ -0,0 +1,231 @@
+From 865b5a65199973bb63dff8e47a2f57e04fec9736 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
+Date: Thu, 14 May 2020 12:32:30 +0200
+Subject: [PATCH] Fix CVE-2020-12762.
+
+This commit is a squashed backport of the following commits
+on the master branch:
+
+  * 099016b7e8d70a6d5dd814e788bba08d33d48426
+  * 77d935b7ae7871a1940cd827e850e6063044ec45
+  * d07b91014986900a3a75f306d302e13e005e9d67
+  * 519dfe1591d85432986f9762d41d1a883198c157
+  * a59d5acfab4485d5133114df61785b1fc633e0c6
+---
+CVE: CVE-2020-12762
+Upstream-Status: Backport [https://github.com/json-c/json-c/commit/865b5a65199973bb63dff8e47a2f57e04fec9736]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+ arraylist.c          |  3 +++
+ linkhash.c           | 21 ++++++++++++++-------
+ printbuf.c           | 38 ++++++++++++++++++++++++++------------
+ tests/test4.c        | 30 +++++++++++++++++++++++++++++-
+ tests/test4.expected |  1 +
+ 5 files changed, 73 insertions(+), 20 deletions(-)
+
+diff --git a/arraylist.c b/arraylist.c
+index ddeb8d4eb4..e737052e32 100644
+--- a/arraylist.c
++++ b/arraylist.c
+@@ -135,6 +135,9 @@ array_list_del_idx( struct array_list *arr, size_t idx, size_t count )
+ {
+ 	size_t i, stop;
+ 
++	/* Avoid overflow in calculation with large indices. */
++	if (idx > SIZE_T_MAX - count)
++		return -1;
+ 	stop = idx + count;
+ 	if ( idx >= arr->length || stop > arr->length ) return -1;
+ 	for ( i = idx; i < stop; ++i ) {
+diff --git a/linkhash.c b/linkhash.c
+index 5497061a8a..6435a154ac 100644
+--- a/linkhash.c
++++ b/linkhash.c
+@@ -12,12 +12,13 @@
+ 
+ #include "config.h"
+ 
+-#include <stdio.h>
+-#include <string.h>
+-#include <stdlib.h>
++#include <assert.h>
++#include <limits.h>
+ #include <stdarg.h>
+ #include <stddef.h>
+-#include <limits.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
+ 
+ #ifdef HAVE_ENDIAN_H
+ # include <endian.h>    /* attempt to define endianness */
+@@ -28,8 +29,8 @@
+ # include <windows.h>   /* Get InterlockedCompareExchange */
+ #endif
+ 
+-#include "random_seed.h"
+ #include "linkhash.h"
++#include "random_seed.h"
+ 
+ /* hash functions */
+ static unsigned long lh_char_hash(const void *k);
+@@ -498,7 +499,9 @@ struct lh_table* lh_table_new(int size,
+ 	int i;
+ 	struct lh_table *t;
+ 
+-	t = (struct lh_table*)calloc(1, sizeof(struct lh_table));
++	/* Allocate space for elements to avoid divisions by zero. */
++	assert(size > 0);
++	t = (struct lh_table *)calloc(1, sizeof(struct lh_table));
+ 	if (!t)
+ 		return NULL;
+ 
+@@ -577,8 +580,12 @@ int lh_table_insert_w_hash(struct lh_table *t, const void *k, const void *v, con
+ 	unsigned long n;
+ 
+ 	if (t->count >= t->size * LH_LOAD_FACTOR)
+-		if (lh_table_resize(t, t->size * 2) != 0)
++	{
++		/* Avoid signed integer overflow with large tables. */
++		int new_size = (t->size > INT_MAX / 2) ? INT_MAX : (t->size * 2);
++		if (t->size == INT_MAX || lh_table_resize(t, new_size) != 0)
+ 			return -1;
++	}
+ 
+ 	n = h % t->size;
+ 
+diff --git a/printbuf.c b/printbuf.c
+index 6c77b5defd..6fc56de455 100644
+--- a/printbuf.c
++++ b/printbuf.c
+@@ -15,6 +15,7 @@
+ 
+ #include "config.h"
+ 
++#include <limits.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
+@@ -64,10 +65,16 @@ static int printbuf_extend(struct printbuf *p, int min_size)
+ 
+ 	if (p->size >= min_size)
+ 		return 0;
+-
+-	new_size = p->size * 2;
+-	if (new_size < min_size + 8)
+-		new_size =  min_size + 8;
++	/* Prevent signed integer overflows with large buffers. */
++	if (min_size > INT_MAX - 8)
++		return -1;
++	if (p->size > INT_MAX / 2)
++		new_size = min_size + 8;
++	else {
++		new_size = p->size * 2;
++		if (new_size < min_size + 8)
++			new_size = min_size + 8;
++	}
+ #ifdef PRINTBUF_DEBUG
+ 	MC_DEBUG("printbuf_memappend: realloc "
+ 	  "bpos=%d min_size=%d old_size=%d new_size=%d\n",
+@@ -82,14 +89,18 @@ static int printbuf_extend(struct printbuf *p, int min_size)
+ 
+ int printbuf_memappend(struct printbuf *p, const char *buf, int size)
+ {
+-  if (p->size <= p->bpos + size + 1) {
+-    if (printbuf_extend(p, p->bpos + size + 1) < 0)
+-      return -1;
+-  }
+-  memcpy(p->buf + p->bpos, buf, size);
+-  p->bpos += size;
+-  p->buf[p->bpos]= '\0';
+-  return size;
++	/* Prevent signed integer overflows with large buffers. */
++	if (size > INT_MAX - p->bpos - 1)
++		return -1;
++	if (p->size <= p->bpos + size + 1)
++	{
++		if (printbuf_extend(p, p->bpos + size + 1) < 0)
++			return -1;
++	}
++	memcpy(p->buf + p->bpos, buf, size);
++	p->bpos += size;
++	p->buf[p->bpos] = '\0';
++	return size;
+ }
+ 
+ int printbuf_memset(struct printbuf *pb, int offset, int charvalue, int len)
+@@ -98,6 +109,9 @@ int printbuf_memset(struct printbuf *pb, int offset, int charvalue, int len)
+ 
+ 	if (offset == -1)
+ 		offset = pb->bpos;
++	/* Prevent signed integer overflows with large buffers. */
++	if (len > INT_MAX - offset)
++		return -1;
+ 	size_needed = offset + len;
+ 	if (pb->size < size_needed)
+ 	{
+diff --git a/tests/test4.c b/tests/test4.c
+index fc8b79dbf4..82d3f494de 100644
+--- a/tests/test4.c
++++ b/tests/test4.c
+@@ -2,9 +2,11 @@
+  * gcc -o utf8 utf8.c -I/home/y/include -L./.libs -ljson
+  */
+ 
++#include "config.h"
++#include <assert.h>
+ #include <stdio.h>
++#include <stdlib.h>
+ #include <string.h>
+-#include "config.h"
+ 
+ #include "json_inttypes.h"
+ #include "json_object.h"
+@@ -24,6 +26,29 @@ void print_hex(const char* s)
+ 	putchar('\n');
+ }
+ 
++static void test_lot_of_adds(void);
++static void test_lot_of_adds()
++{
++	int ii;
++	char key[50];
++	json_object *jobj = json_object_new_object();
++	assert(jobj != NULL);
++	for (ii = 0; ii < 500; ii++)
++	{
++		snprintf(key, sizeof(key), "k%d", ii);
++		json_object *iobj = json_object_new_int(ii);
++		assert(iobj != NULL);
++		if (json_object_object_add(jobj, key, iobj))
++		{
++			fprintf(stderr, "FAILED to add object #%d\n", ii);
++			abort();
++		}
++	}
++	printf("%s\n", json_object_to_json_string(jobj));
++	assert(json_object_object_length(jobj) == 500);
++	json_object_put(jobj);
++}
++
+ int main(void)
+ {
+ 	const char *input = "\"\\ud840\\udd26,\\ud840\\udd27,\\ud800\\udd26,\\ud800\\udd27\"";
+@@ -49,5 +74,8 @@ int main(void)
+ 		retval = 1;
+ 	}
+ 	json_object_put(parse_result);
++
++	test_lot_of_adds();
++
+ 	return retval;
+ }
+diff --git a/tests/test4.expected b/tests/test4.expected
+index 68d4336d90..cb2744012b 100644
+--- a/tests/test4.expected
++++ b/tests/test4.expected
+@@ -1,3 +1,4 @@
+ input: "\ud840\udd26,\ud840\udd27,\ud800\udd26,\ud800\udd27"
+ JSON parse result is correct: 𠄦,𠄧,𐄦,𐄧
+ PASS
++{ "k0": 0, "k1": 1, "k2": 2, "k3": 3, "k4": 4, "k5": 5, "k6": 6, "k7": 7, "k8": 8, "k9": 9, "k10": 10, "k11": 11, "k12": 12, "k13": 13, "k14": 14, "k15": 15, "k16": 16, "k17": 17, "k18": 18, "k19": 19, "k20": 20, "k21": 21, "k22": 22, "k23": 23, "k24": 24, "k25": 25, "k26": 26, "k27": 27, "k28": 28, "k29": 29, "k30": 30, "k31": 31, "k32": 32, "k33": 33, "k34": 34, "k35": 35, "k36": 36, "k37": 37, "k38": 38, "k39": 39, "k40": 40, "k41": 41, "k42": 42, "k43": 43, "k44": 44, "k45": 45, <snip> }
diff --git a/meta/recipes-devtools/json-c/json-c_0.13.1.bb b/meta/recipes-devtools/json-c/json-c_0.13.1.bb
index 522879f21f..c7c755bb16 100644
--- a/meta/recipes-devtools/json-c/json-c_0.13.1.bb
+++ b/meta/recipes-devtools/json-c/json-c_0.13.1.bb
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=de54b60fbbc35123ba193fea8ee216f2"
 
 SRC_URI = "https://s3.amazonaws.com/json-c_releases/releases/${BP}.tar.gz \
            file://add-disable-werror-option-to-configure.patch \
+           file://CVE-2020-12762.patch \
            "
 SRC_URI[md5sum] = "04969ad59cc37bddd83741a08b98f350"
 SRC_URI[sha256sum] = "b87e608d4d3f7bfdd36ef78d56d53c74e66ab278d318b71e6002a369d36f4873"
-- 
2.17.1

[OE-core][dunfell 05/18] cml1: Move find_cfgs() helper to cml1.bbclass

[Steve Sakoman]

From: Rasmus Villemoes <rasmus.villemoes@prevas.dk>

u-boot.inc and busybox.inc contain identical copies of this little
helper. They both inherit the cml1 class and use cml1_do_configure
right after having used this helper, and other recipes that want to
write similar logic for doing Kconfig via fragments will also need it
or something equivalent.

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit af687c9137a3e8efe48afa6fd12866cf656ae913)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/cml1.bbclass             | 10 ++++++++++
 meta/recipes-bsp/u-boot/u-boot.inc    | 10 ----------
 meta/recipes-core/busybox/busybox.inc | 10 ----------
 3 files changed, 10 insertions(+), 20 deletions(-)

diff --git a/meta/classes/cml1.bbclass b/meta/classes/cml1.bbclass
index c7f6723cb3..8ab240589a 100644
--- a/meta/classes/cml1.bbclass
+++ b/meta/classes/cml1.bbclass
@@ -1,3 +1,13 @@
+# returns all the elements from the src uri that are .cfg files
+def find_cfgs(d):
+    sources=src_patches(d, True)
+    sources_list=[]
+    for s in sources:
+        if s.endswith('.cfg'):
+            sources_list.append(s)
+
+    return sources_list
+
 cml1_do_configure() {
 	set -e
 	unset CFLAGS CPPFLAGS CXXFLAGS LDFLAGS
diff --git a/meta/recipes-bsp/u-boot/u-boot.inc b/meta/recipes-bsp/u-boot/u-boot.inc
index 23cc795cab..a88a7a1120 100644
--- a/meta/recipes-bsp/u-boot/u-boot.inc
+++ b/meta/recipes-bsp/u-boot/u-boot.inc
@@ -70,16 +70,6 @@ UBOOT_EXTLINUX_INSTALL_DIR ?= "/boot/extlinux"
 UBOOT_EXTLINUX_CONF_NAME ?= "extlinux.conf"
 UBOOT_EXTLINUX_SYMLINK ?= "${UBOOT_EXTLINUX_CONF_NAME}-${MACHINE}-${PR}"
 
-# returns all the elements from the src uri that are .cfg files
-def find_cfgs(d):
-    sources=src_patches(d, True)
-    sources_list=[]
-    for s in sources:
-        if s.endswith('.cfg'):
-            sources_list.append(s)
-
-    return sources_list
-
 do_configure () {
     if [ -n "${UBOOT_CONFIG}" ]; then
         unset i j
diff --git a/meta/recipes-core/busybox/busybox.inc b/meta/recipes-core/busybox/busybox.inc
index 6cfdcd7344..45aaa2b41c 100644
--- a/meta/recipes-core/busybox/busybox.inc
+++ b/meta/recipes-core/busybox/busybox.inc
@@ -133,16 +133,6 @@ do_prepare_config () {
 	fi
 }
 
-# returns all the elements from the src uri that are .cfg files
-def find_cfgs(d):
-    sources=src_patches(d, True)
-    sources_list=[]
-    for s in sources:
-        if s.endswith('.cfg'):
-            sources_list.append(s)
-
-    return sources_list
-
 do_configure () {
 	set -x
 	do_prepare_config
-- 
2.17.1

[OE-core][dunfell 06/18] sanity.conf: update BB_MIN_VERSION to 1.46.0

[Steve Sakoman]

npm changes were merged that require bitbake 1.46.0,
you can't do a recipetool newappend on dunfell otherwise

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/conf/sanity.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/conf/sanity.conf b/meta/conf/sanity.conf
index 8b2f655394..e2a18a16fa 100644
--- a/meta/conf/sanity.conf
+++ b/meta/conf/sanity.conf
@@ -3,7 +3,7 @@
 # See sanity.bbclass
 #
 # Expert users can confirm their sanity with "touch conf/sanity.conf"
-BB_MIN_VERSION = "1.43.2"
+BB_MIN_VERSION = "1.46.0"
 
 SANITY_ABIFILE = "${TMPDIR}/abi_version"
 
-- 
2.17.1

[OE-core][dunfell 07/18] sysstat: fix installed-vs-shipped QA Issue in systemd

[Steve Sakoman]

From: hongxu <hongxu.jia@windriver.com>

While enabling systemd, there is QA issue:
...
|ERROR: sysstat-12.4.0-r0 do_package: QA Issue: sysstat: Files/directories
were installed but not shipped in any package:
|  /lib/systemd/system-sleep
|  /lib/systemd/system-sleep/sysstat.sleep
...

https://www.freedesktop.org/software/systemd/man/systemd-sleep.html
says the files should be dropped into /usr/lib/systemd/system-sleep
(that would be /lib/systemd/system-sleep in our configuration).  By
moving the files to another directory they'll be packaged but not
loaded by systemd.

Suggested-by Ross Burton <ross@burtonini.com>

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3bdd40ea09e50067f11c12290ab465a9ef229fc4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-extended/sysstat/sysstat.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-extended/sysstat/sysstat.inc b/meta/recipes-extended/sysstat/sysstat.inc
index 8fd87b943b..e5e134c038 100644
--- a/meta/recipes-extended/sysstat/sysstat.inc
+++ b/meta/recipes-extended/sysstat/sysstat.inc
@@ -62,6 +62,6 @@ pkg_postinst_${PN} () {
 	fi
 }
 
-FILES_${PN} += "${systemd_system_unitdir}"
+FILES_${PN} += "${systemd_system_unitdir} ${nonarch_base_libdir}/systemd"
 
 TARGET_CC_ARCH += "${LDFLAGS}"
-- 
2.17.1

[OE-core][dunfell 08/18] wic: misc: Add /bin to the list of searchpaths

[Steve Sakoman]

From: Vijai Kumar K <vijaikumar.kanagarajan@gmail.com>

/bin is also a valid path where one can find executables. Add
that to the search path.

Signed-off-by: Vijai Kumar K <vijaikumar.kanagarajan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ca0a6025351cb2135e87cecf828633cf12aa34c6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 scripts/lib/wic/misc.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/scripts/lib/wic/misc.py b/scripts/lib/wic/misc.py
index 1f199b9f23..fe4abe8115 100644
--- a/scripts/lib/wic/misc.py
+++ b/scripts/lib/wic/misc.py
@@ -128,8 +128,9 @@ def exec_native_cmd(cmd_and_args, native_sysroot, pseudo=""):
     if pseudo:
         cmd_and_args = pseudo + cmd_and_args
 
-    native_paths = "%s/sbin:%s/usr/sbin:%s/usr/bin" % \
-                   (native_sysroot, native_sysroot, native_sysroot)
+    native_paths = "%s/sbin:%s/usr/sbin:%s/usr/bin:%s/bin" % \
+                   (native_sysroot, native_sysroot,
+                    native_sysroot, native_sysroot)
 
     native_cmd_and_args = "export PATH=%s:$PATH;%s" % \
                    (native_paths, cmd_and_args)
-- 
2.17.1

[OE-core][dunfell 09/18] recipes-kernel: linux-firmware add qcom-venus-{5.2,5.4} packages

[Steve Sakoman]

From: Anibal Limon <anibal.limon@linaro.org>

Signed-off-by: Aníbal Limón <anibal.limon@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e20c1e07a807f66f028104d8491d974a36734192)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux-firmware/linux-firmware_20200817.bb               | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20200817.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20200817.bb
index 22e71059d8..ffeb8e6926 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20200817.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20200817.bb
@@ -291,7 +291,7 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \
              ${PN}-netronome-license ${PN}-netronome \
              ${PN}-qat ${PN}-qat-license \
              ${PN}-qcom-license \
-             ${PN}-qcom-venus-1.8 ${PN}-qcom-venus-4.2 \
+             ${PN}-qcom-venus-1.8 ${PN}-qcom-venus-4.2 ${PN}-qcom-venus-5.2 ${PN}-qcom-venus-5.4 \
              ${PN}-qcom-adreno-a3xx ${PN}-qcom-adreno-a530 ${PN}-qcom-adreno-a630 \
              ${PN}-qcom-sdm845-audio ${PN}-qcom-sdm845-compute ${PN}-qcom-sdm845-modem \
              ${PN}-whence-license \
@@ -860,6 +860,8 @@ LICENSE_${PN}-qcom-license = "Firmware-qcom"
 FILES_${PN}-qcom-license   = "${nonarch_base_libdir}/firmware/LICENSE.qcom ${nonarch_base_libdir}/firmware/qcom/NOTICE.txt"
 FILES_${PN}-qcom-venus-1.8 = "${nonarch_base_libdir}/firmware/qcom/venus-1.8/*"
 FILES_${PN}-qcom-venus-4.2 = "${nonarch_base_libdir}/firmware/qcom/venus-4.2/*"
+FILES_${PN}-qcom-venus-5.2 = "${nonarch_base_libdir}/firmware/qcom/venus-5.2/*"
+FILES_${PN}-qcom-venus-5.4 = "${nonarch_base_libdir}/firmware/qcom/venus-5.4/*"
 FILES_${PN}-qcom-adreno-a3xx = "${nonarch_base_libdir}/firmware/qcom/a300_*.fw ${nonarch_base_libdir}/firmware/a300_*.fw"
 FILES_${PN}-qcom-adreno-a530 = "${nonarch_base_libdir}/firmware/qcom/a530*.*"
 FILES_${PN}-qcom-adreno-a630 = "${nonarch_base_libdir}/firmware/qcom/a630*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/a630*.*"
@@ -868,6 +870,8 @@ FILES_${PN}-qcom-sdm845-compute = "${nonarch_base_libdir}/firmware/qcom/sdm845/c
 FILES_${PN}-qcom-sdm845-modem = "${nonarch_base_libdir}/firmware/qcom/sdm845/mba.mbn ${nonarch_base_libdir}/firmware/qcom/sdm845/modem*.* ${nonarch_base_libdir}/firmware/qcom/sdm845/wlanmdsp.mbn"
 RDEPENDS_${PN}-qcom-venus-1.8 = "${PN}-qcom-license"
 RDEPENDS_${PN}-qcom-venus-4.2 = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-venus-5.2 = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-venus-5.4 = "${PN}-qcom-license"
 RDEPENDS_${PN}-qcom-adreno-a3xx = "${PN}-qcom-license"
 RDEPENDS_${PN}-qcom-adreno-a530 = "${PN}-qcom-license"
 RDEPENDS_${PN}-qcom-adreno-a630 = "${PN}-qcom-license"
-- 
2.17.1

[OE-core][dunfell 10/18] util-linux: Allow update alternatives for additional apps

[Steve Sakoman]

From: Khem Raj <raj.khem@gmail.com>

mcookie/prlimit/uuidgen are also provided by toybox

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b6135777799de531e2cb4017e91a8c41749d1fd5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/util-linux/util-linux.inc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/recipes-core/util-linux/util-linux.inc b/meta/recipes-core/util-linux/util-linux.inc
index 532cceb935..248dfc1b6e 100644
--- a/meta/recipes-core/util-linux/util-linux.inc
+++ b/meta/recipes-core/util-linux/util-linux.inc
@@ -247,12 +247,14 @@ ALTERNATIVE_LINK_NAME[logger] = "${bindir}/logger"
 ALTERNATIVE_LINK_NAME[losetup] = "${base_sbindir}/losetup"
 ALTERNATIVE_LINK_NAME[mesg] = "${bindir}/mesg"
 ALTERNATIVE_LINK_NAME[mkswap] = "${base_sbindir}/mkswap"
+ALTERNATIVE_LINK_NAME[mcookie] = "${bindir}/mcookie"
 ALTERNATIVE_LINK_NAME[more] = "${base_bindir}/more"
 ALTERNATIVE_LINK_NAME[mount] = "${base_bindir}/mount"
 ALTERNATIVE_LINK_NAME[mountpoint] = "${base_bindir}/mountpoint"
 ALTERNATIVE_LINK_NAME[nologin] = "${base_sbindir}/nologin"
 ALTERNATIVE_LINK_NAME[nsenter] = "${bindir}/nsenter"
 ALTERNATIVE_LINK_NAME[pivot_root] = "${base_sbindir}/pivot_root"
+ALTERNATIVE_LINK_NAME[prlimit] = "${bindir}/prlimit"
 ALTERNATIVE_LINK_NAME[readprofile] = "${sbindir}/readprofile"
 ALTERNATIVE_LINK_NAME[renice] = "${bindir}/renice"
 ALTERNATIVE_LINK_NAME[rev] = "${bindir}/rev"
@@ -269,6 +271,7 @@ ALTERNATIVE_LINK_NAME[taskset] = "${bindir}/taskset"
 ALTERNATIVE_LINK_NAME[umount] = "${base_bindir}/umount"
 ALTERNATIVE_LINK_NAME[unshare] = "${bindir}/unshare"
 ALTERNATIVE_LINK_NAME[utmpdump] = "${bindir}/utmpdump"
+ALTERNATIVE_LINK_NAME[uuidgen] = "${bindir}/uuidgen"
 ALTERNATIVE_LINK_NAME[wall] = "${bindir}/wall"
 
 ALTERNATIVE_${PN}-doc = "\
-- 
2.17.1

[OE-core][dunfell 11/18] oeqa: sdk: Capture stderr output

[Steve Sakoman]

From: Joshua Watt <JPEWhacker@gmail.com>

Redirect stderr to stdout when running subcommands while doing the SDK
tests. The tests will show stdout when CalledProcessError is raised,
but any output to stderr was lost.

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7cb4e9ab8c1596281060e94a216966060103956e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/sdk/case.py                  | 2 +-
 meta/lib/oeqa/sdk/cases/assimp.py          | 2 +-
 meta/lib/oeqa/sdk/cases/buildcpio.py       | 2 +-
 meta/lib/oeqa/sdk/cases/buildepoxy.py      | 2 +-
 meta/lib/oeqa/sdk/cases/buildgalculator.py | 2 +-
 meta/lib/oeqa/sdk/cases/buildlzip.py       | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/meta/lib/oeqa/sdk/case.py b/meta/lib/oeqa/sdk/case.py
index ebb03af9eb..c45882689c 100644
--- a/meta/lib/oeqa/sdk/case.py
+++ b/meta/lib/oeqa/sdk/case.py
@@ -26,7 +26,7 @@ class OESDKTestCase(OETestCase):
                 return tarball
 
         tarball = os.path.join(workdir, archive)
-        subprocess.check_output(["wget", "-O", tarball, url])
+        subprocess.check_output(["wget", "-O", tarball, url], stderr=subprocess.STDOUT)
         return tarball
 
     def check_elf(self, path, target_os=None, target_arch=None):
diff --git a/meta/lib/oeqa/sdk/cases/assimp.py b/meta/lib/oeqa/sdk/cases/assimp.py
index f26b17f2e9..f166758e49 100644
--- a/meta/lib/oeqa/sdk/cases/assimp.py
+++ b/meta/lib/oeqa/sdk/cases/assimp.py
@@ -30,7 +30,7 @@ class BuildAssimp(OESDKTestCase):
             dirs["build"] = os.path.join(testdir, "build")
             dirs["install"] = os.path.join(testdir, "install")
 
-            subprocess.check_output(["tar", "xf", tarball, "-C", testdir])
+            subprocess.check_output(["tar", "xf", tarball, "-C", testdir], stderr=subprocess.STDOUT)
             self.assertTrue(os.path.isdir(dirs["source"]))
             os.makedirs(dirs["build"])
 
diff --git a/meta/lib/oeqa/sdk/cases/buildcpio.py b/meta/lib/oeqa/sdk/cases/buildcpio.py
index 902e93f623..681d0e750d 100644
--- a/meta/lib/oeqa/sdk/cases/buildcpio.py
+++ b/meta/lib/oeqa/sdk/cases/buildcpio.py
@@ -24,7 +24,7 @@ class BuildCpioTest(OESDKTestCase):
             dirs["build"] = os.path.join(testdir, "build")
             dirs["install"] = os.path.join(testdir, "install")
 
-            subprocess.check_output(["tar", "xf", tarball, "-C", testdir])
+            subprocess.check_output(["tar", "xf", tarball, "-C", testdir], stderr=subprocess.STDOUT)
             self.assertTrue(os.path.isdir(dirs["source"]))
             os.makedirs(dirs["build"])
 
diff --git a/meta/lib/oeqa/sdk/cases/buildepoxy.py b/meta/lib/oeqa/sdk/cases/buildepoxy.py
index 4211955f8d..385f8ccca8 100644
--- a/meta/lib/oeqa/sdk/cases/buildepoxy.py
+++ b/meta/lib/oeqa/sdk/cases/buildepoxy.py
@@ -28,7 +28,7 @@ class EpoxyTest(OESDKTestCase):
             dirs["build"] = os.path.join(testdir, "build")
             dirs["install"] = os.path.join(testdir, "install")
 
-            subprocess.check_output(["tar", "xf", tarball, "-C", testdir])
+            subprocess.check_output(["tar", "xf", tarball, "-C", testdir], stderr=subprocess.STDOUT)
             self.assertTrue(os.path.isdir(dirs["source"]))
             os.makedirs(dirs["build"])
 
diff --git a/meta/lib/oeqa/sdk/cases/buildgalculator.py b/meta/lib/oeqa/sdk/cases/buildgalculator.py
index bbaa5c55c9..4d85adcaf1 100644
--- a/meta/lib/oeqa/sdk/cases/buildgalculator.py
+++ b/meta/lib/oeqa/sdk/cases/buildgalculator.py
@@ -31,7 +31,7 @@ class GalculatorTest(OESDKTestCase):
             dirs["build"] = os.path.join(testdir, "build")
             dirs["install"] = os.path.join(testdir, "install")
 
-            subprocess.check_output(["tar", "xf", tarball, "-C", testdir])
+            subprocess.check_output(["tar", "xf", tarball, "-C", testdir], stderr=subprocess.STDOUT)
             self.assertTrue(os.path.isdir(dirs["source"]))
             os.makedirs(dirs["build"])
 
diff --git a/meta/lib/oeqa/sdk/cases/buildlzip.py b/meta/lib/oeqa/sdk/cases/buildlzip.py
index 515acd2891..49ae756bf3 100644
--- a/meta/lib/oeqa/sdk/cases/buildlzip.py
+++ b/meta/lib/oeqa/sdk/cases/buildlzip.py
@@ -20,7 +20,7 @@ class BuildLzipTest(OESDKTestCase):
             dirs["build"] = os.path.join(testdir, "build")
             dirs["install"] = os.path.join(testdir, "install")
 
-            subprocess.check_output(["tar", "xf", tarball, "-C", testdir])
+            subprocess.check_output(["tar", "xf", tarball, "-C", testdir], stderr=subprocess.STDOUT)
             self.assertTrue(os.path.isdir(dirs["source"]))
             os.makedirs(dirs["build"])
 
-- 
2.17.1

[OE-core][dunfell 12/18] insane: fix gnu-hash-style check

[Steve Sakoman]

From: Sumit Garg <sumit.garg@linaro.org>

Fix gnu-hash-style check that always returned True after commit [1]
leading to false positive presence of "GNU_HASH" in objdump output.

Fixes: 9ff90bf04a4c ("mips: Enable gnu-hash-style on glibc") [1]
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 996010f1b9ca98592e2c87e1adcb0c79b86517b7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/insane.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/insane.bbclass b/meta/classes/insane.bbclass
index 1d76ae7c1d..12ae44d4d1 100644
--- a/meta/classes/insane.bbclass
+++ b/meta/classes/insane.bbclass
@@ -437,7 +437,7 @@ def package_qa_hash_style(path, name, d, elf, messages):
     for line in phdrs.split("\n"):
         if "SYMTAB" in line:
             has_syms = True
-        if "GNU_HASH" or "DT_MIPS_XHASH" in line:
+        if "GNU_HASH" in line or "DT_MIPS_XHASH" in line:
             sane = True
         if ("[mips32]" in line or "[mips64]" in line) and d.getVar('TCLIBC') == "musl":
             sane = True
-- 
2.17.1

[OE-core][dunfell 13/18] insane: improve gnu-hash-style warning

[Steve Sakoman]

From: Ross Burton <ross@burtonini.com>

Instead of showing a filename under packages-split, show the package
name and filename inside the package.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4f78fc65bb0c9bff05651d9e543bab3d75998f79)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/insane.bbclass | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta/classes/insane.bbclass b/meta/classes/insane.bbclass
index 12ae44d4d1..c595080bdf 100644
--- a/meta/classes/insane.bbclass
+++ b/meta/classes/insane.bbclass
@@ -442,7 +442,8 @@ def package_qa_hash_style(path, name, d, elf, messages):
         if ("[mips32]" in line or "[mips64]" in line) and d.getVar('TCLIBC') == "musl":
             sane = True
     if has_syms and not sane:
-        package_qa_add_message(messages, "ldflags", "No GNU_HASH in the ELF binary %s, didn't pass LDFLAGS?" % path)
+        path = package_qa_clean_path(path, d, name)
+        package_qa_add_message(messages, "ldflags", "File %s in package %s doesn't have GNU_HASH (didn't pass LDFLAGS?)" % (path, name))
 
 
 QAPATHTEST[buildpaths] = "package_qa_check_buildpaths"
-- 
2.17.1

[OE-core][dunfell 14/18] devtool: deploy-target: Fix size calculation for hard links

[Steve Sakoman]

From: Michael Tretter <m.tretter@pengutronix.de>

If a package contains hard links to a file, the file size is added for
each hard link instead of once for the file. Therefore, the calculated
size may be much larger than the actual package size.

For example, the mesa-megadriver package contains several hard links to
the same library.

Keep track of the inode numbers when listing the files that are
installed and use the actual size only for the first occurrence of an
inode. All further hard links to the same inode are added to the file
list, but accounted with size 0.

All file names need to be added to the file list, because the list is
used for preserving the files/hard links on the target.

Signed-off-by: Michael Tretter <m.tretter@pengutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 17e92572278980d1a7f06de9d72c68baf57698f1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 scripts/lib/devtool/deploy.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/scripts/lib/devtool/deploy.py b/scripts/lib/devtool/deploy.py
index 6a997735fc..aaa25dda08 100644
--- a/scripts/lib/devtool/deploy.py
+++ b/scripts/lib/devtool/deploy.py
@@ -177,13 +177,19 @@ def deploy(args, config, basepath, workspace):
                         rd.getVar('base_libdir'), rd)
 
         filelist = []
+        inodes = set({})
         ftotalsize = 0
         for root, _, files in os.walk(recipe_outdir):
             for fn in files:
+                fstat = os.lstat(os.path.join(root, fn))
                 # Get the size in kiB (since we'll be comparing it to the output of du -k)
                 # MUST use lstat() here not stat() or getfilesize() since we don't want to
                 # dereference symlinks
-                fsize = int(math.ceil(float(os.lstat(os.path.join(root, fn)).st_size)/1024))
+                if fstat.st_ino in inodes:
+                    fsize = 0
+                else:
+                    fsize = int(math.ceil(float(fstat.st_size)/1024))
+                inodes.add(fstat.st_ino)
                 ftotalsize += fsize
                 # The path as it would appear on the target
                 fpath = os.path.join(destdir, os.path.relpath(root, recipe_outdir), fn)
-- 
2.17.1

[OE-core][dunfell 15/18] selftest/prservice: Improve test failure message

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

When failing, give more information about why exactly a failure is
happening such as the PR values in question.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bdd3abcc210e8f58b7b411da6bbd9c5314819908)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/selftest/cases/prservice.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/lib/oeqa/selftest/cases/prservice.py b/meta/lib/oeqa/selftest/cases/prservice.py
index fe1f24ea6d..85b534963d 100644
--- a/meta/lib/oeqa/selftest/cases/prservice.py
+++ b/meta/lib/oeqa/selftest/cases/prservice.py
@@ -63,7 +63,7 @@ class BitbakePrTests(OESelftestTestCase):
         pr_2 = self.get_pr_version(package_name)
         stamp_2 = self.get_task_stamp(package_name, track_task)
 
-        self.assertTrue(pr_2 - pr_1 == 1, "Step between same pkg. revision is greater than 1")
+        self.assertTrue(pr_2 - pr_1 == 1, "Step between pkg revisions is not 1 (was %s - %s)" % (pr_2, pr_1))
         self.assertTrue(stamp_1 != stamp_2, "Different pkg rev. but same stamp: %s" % stamp_1)
 
     def run_test_pr_export_import(self, package_name, replace_current_db=True):
@@ -89,7 +89,7 @@ class BitbakePrTests(OESelftestTestCase):
         self.increment_package_pr(package_name)
         pr_2 = self.get_pr_version(package_name)
 
-        self.assertTrue(pr_2 - pr_1 == 1, "Step between same pkg. revision is greater than 1")
+        self.assertTrue(pr_2 - pr_1 == 1, "Step between pkg revisions is not 1 (was %s - %s)" % (pr_2, pr_1))
 
     def test_import_export_replace_db(self):
         self.run_test_pr_export_import('m4')
-- 
2.17.1

[OE-core][dunfell 16/18] json-glib: Backport a build fix with clang

[Steve Sakoman]

From: Khem Raj <raj.khem@gmail.com>

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a654c916853f6ead4268282e15dc8c9ef962446e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...o-instead-of-cast-to-convert-pointer.patch | 33 +++++++++++++++++++
 .../json-glib/json-glib_1.4.4.bb              |  4 ++-
 2 files changed, 36 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-gnome/json-glib/json-glib/0001-scanner-use-macro-instead-of-cast-to-convert-pointer.patch

diff --git a/meta/recipes-gnome/json-glib/json-glib/0001-scanner-use-macro-instead-of-cast-to-convert-pointer.patch b/meta/recipes-gnome/json-glib/json-glib/0001-scanner-use-macro-instead-of-cast-to-convert-pointer.patch
new file mode 100644
index 0000000000..2a834b674d
--- /dev/null
+++ b/meta/recipes-gnome/json-glib/json-glib/0001-scanner-use-macro-instead-of-cast-to-convert-pointer.patch
@@ -0,0 +1,33 @@
+From d60fcd5bd5c2675e4342775b910a2ea48ec0eccb Mon Sep 17 00:00:00 2001
+From: Dimitry Andric <dim@FreeBSD.org>
+Date: Wed, 19 Aug 2020 03:35:16 +0000
+Subject: [PATCH] scanner: use macro instead of cast to convert pointer to integer
+
+Clang 11 build failed due to a new warning (part of -Werror=pointer-to-int-cast):
+../json-glib/json-scanner.c:928:13: error: cast to smaller integer type 'GTokenType' from 'gpointer' (aka 'void *') [-Werror,-Wvoid-pointer-to-enum-cast]
+        *token_p = (GTokenType) value_p->v_symbol;
+                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/json-glib/-/commit/8c5fabe962b7337066dac7a697d23fce257a5d64]
+Signed-off-by: Jan Beich <jbeich@FreeBSD.org>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ json-glib/json-scanner.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/json-glib/json-scanner.c b/json-glib/json-scanner.c
+index 0c9919f..59dd29c 100644
+--- a/json-glib/json-scanner.c
++++ b/json-glib/json-scanner.c
+@@ -925,7 +925,7 @@ json_scanner_get_token_i (JsonScanner	*scanner,
+       
+     case G_TOKEN_SYMBOL:
+       if (scanner->config->symbol_2_token)
+-	*token_p = (GTokenType) value_p->v_symbol;
++	*token_p = GPOINTER_TO_INT (value_p->v_symbol);
+       break;
+       
+     case G_TOKEN_BINARY:
+-- 
+2.28.0
+
diff --git a/meta/recipes-gnome/json-glib/json-glib_1.4.4.bb b/meta/recipes-gnome/json-glib/json-glib_1.4.4.bb
index 5143d73ed7..bbe284c01e 100644
--- a/meta/recipes-gnome/json-glib/json-glib_1.4.4.bb
+++ b/meta/recipes-gnome/json-glib/json-glib_1.4.4.bb
@@ -14,7 +14,9 @@ DEPENDS = "glib-2.0"
 GNOMEBASEBUILDCLASS = "meson"
 inherit gnomebase lib_package gobject-introspection gtk-doc gettext ptest-gnome manpages
 
-SRC_URI += "file://run-ptest"
+SRC_URI += "file://run-ptest \
+            file://0001-scanner-use-macro-instead-of-cast-to-convert-pointer.patch \
+"
 SRC_URI[archive.md5sum] = "4d4bb9837f6d31e32d0ce658ae135f68"
 SRC_URI[archive.sha256sum] = "720c5f4379513dc11fd97dc75336eb0c0d3338c53128044d9fabec4374f4bc47"
 
-- 
2.17.1

[OE-core][dunfell 17/18] linux-libc-headers: kernel headers are installed in STAGING_KERNEL_BUILDDIR

[Steve Sakoman]

From: Nicolas Dechesne <nicolas.dechesne@linaro.org>

Since 'fido', kernel headers are installed in STAGING_KERNEL_BUILDDIR,
not STAGING_KERNEL_DIR. So this message in the linux-libc-headers
recipe is slightly misleading.

Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bdd06f8ed58ed1c4983f8188e98f1a132da91e3d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-kernel/linux-libc-headers/linux-libc-headers.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-kernel/linux-libc-headers/linux-libc-headers.inc b/meta/recipes-kernel/linux-libc-headers/linux-libc-headers.inc
index 4481aa430c..4ad74a27e9 100644
--- a/meta/recipes-kernel/linux-libc-headers/linux-libc-headers.inc
+++ b/meta/recipes-kernel/linux-libc-headers/linux-libc-headers.inc
@@ -16,7 +16,7 @@ LICENSE = "GPLv2"
 # and have a machine specific libc.
 #
 # But you have some kernel headers you need for some driver? That is fine
-# but get them from STAGING_KERNEL_DIR where the kernel installs itself.
+# but get them from STAGING_KERNEL_BUILDDIR where the kernel installs itself.
 # This will make the package using them machine specific but this is much
 # better than having a machine specific C library. This does mean your
 # recipe needs a
-- 
2.17.1

[OE-core][dunfell 18/18] package: get_package_mapping: avoid dependency mapping if renamed package provides original name

[Steve Sakoman]

From: Yann Dirson <yann@blade-group.com>

Packages with a runtime dependency on a target package whose name is
changed by the PKG_* mechanism must rebuild when that mapping changes,
but we have no way of tracking this today, so
eg. packagegroup-machine-base ends up with a relationship on a
versioned kernel-image, and does not get rebuilt when that version
changes, leading to unsatisfiable dependency and reproducibility
issue.

OTOH there is no reason for the dependency to get rewritten if the
renamed package already has a RPROVIDES on the non-rewritten package
name, and if the dependency relationship is an unversionned one.  This
is what this patch prevents.

Note that this may not cover all cases of rewritten package names.

Notably I had to let the rewrite be done in the case of versionned
dependencies, as package managers usually can follow "Provides" in
such case; this includes many dependencies against shared-lib packages
renamed to their soname, and those at least are OK, since the
dependent recipe should explicitly depend on the target recipe.

(From OE-Core rev: 920beaaeef62b558e046f32c8ef0332250969ef1)

Signed-off-by: Yann Dirson <yann@blade-group.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/package.bbclass | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/meta/classes/package.bbclass b/meta/classes/package.bbclass
index 23ff4772fa..cc64ddffc3 100644
--- a/meta/classes/package.bbclass
+++ b/meta/classes/package.bbclass
@@ -535,7 +535,7 @@ def copydebugsources(debugsrcdir, sources, d):
 # Package data handling routines
 #
 
-def get_package_mapping (pkg, basepkg, d):
+def get_package_mapping (pkg, basepkg, d, depversions=None):
     import oe.packagedata
 
     data = oe.packagedata.read_subpkgdata(pkg, d)
@@ -546,6 +546,14 @@ def get_package_mapping (pkg, basepkg, d):
         if bb.data.inherits_class('allarch', d) and not d.getVar('MULTILIB_VARIANTS') \
             and data[key] == basepkg:
             return pkg
+        if depversions == []:
+            # Avoid returning a mapping if the renamed package rprovides its original name
+            rprovkey = "RPROVIDES_%s" % pkg
+            if rprovkey in data:
+                if pkg in bb.utils.explode_dep_versions2(data[rprovkey]):
+                    bb.note("%s rprovides %s, not replacing the latter" % (data[key], pkg))
+                    return pkg
+        # Do map to rewritten package name
         return data[key]
 
     return pkg
@@ -566,8 +574,10 @@ def runtime_mapping_rename (varname, pkg, d):
 
     new_depends = {}
     deps = bb.utils.explode_dep_versions2(d.getVar(varname) or "")
-    for depend in deps:
-        new_depend = get_package_mapping(depend, pkg, d)
+    for depend, depversions in deps.items():
+        new_depend = get_package_mapping(depend, pkg, d, depversions)
+        if depend != new_depend:
+            bb.note("package name mapping done: %s -> %s" % (depend, new_depend))
         new_depends[new_depend] = deps[depend]
 
     d.setVar(varname, bb.utils.join_deps(new_depends, commasep=False))
-- 
2.17.1

[OE-core][dunfell 00/18] Patch review

[Steve Sakoman]

Please review this next set of patches for dunfell and have comments back by
end of day on Tuesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/1588

The following changes since commit 4f395ad49ef9035954d0fda7b7df14dea18b49a0:

  grub: clean up CVE patches (2020-11-08 16:51:24 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Alex Kiernan (1):
  openssh: Upgrade 8.2p1 -> 8.3p1

Alexander Kanavin (2):
  clutter-gst-3.0: do not call out to host gstreamer plugin scanner
  openssh: upgrade 8.3p1 -> 8.4p1 to fix CVE-2020-14145 and
    CVE-2020-15778

Denys Zagorui (1):
  binutils: reproducibility: reuse debug-prefix-map for stabs

Diego Santa Cruz (1):
  freetype: fix CVE-2020-15999, backport from 2.10.4

Gratian Crisan (1):
  kernel-module-split.bbclass: identify kernel modconf files as
    configuration files

Jose Quaresma (1):
  gstreamer1.0: warn the user when something is wrong with GstBufferPool

Konrad Weihmann (3):
  oeqa/core/context: expose results as variable
  oeqa/core/context: initialize _run_end_time
  testimage: print results for interrupted runs

Nathan Rossi (1):
  diffstat: add nativesdk to BBCLASSEXTEND

Ricardo Salveti (1):
  dosfstools: add mkfs.vfat to ALTERNATIVE

Richard Purdie (3):
  ptest-runner: Fix license as it contains 'or later' clause
  libdnf: Fix license as it contains 'or later' clause
  alsa-utils: Fix license to GPLv2 only

Ross Burton (1):
  syslinux: add link to upstream discussion in patch

Steve Sakoman (1):
  openssh: whitelist CVE-2014-9278

akash hadke (1):
  systemd: udev SECLABEL{selinux} crash fix

 meta/classes/kernel-module-split.bbclass      |  1 +
 meta/classes/testimage.bbclass                | 19 ++++---
 meta/lib/oeqa/core/context.py                 |  4 ++
 .../{openssh_8.2p1.bb => openssh_8.4p1.bb}    |  7 ++-
 ...temd-udev-seclabel-options-crash-fix.patch | 30 +++++++++++
 meta/recipes-core/systemd/systemd_244.3.bb    |  1 +
 .../binutils/binutils-2.34.inc                |  1 +
 ...oducibility-for-stabs-debugging-data.patch | 32 ++++++++++++
 .../diffstat/diffstat_1.63.bb                 |  2 +
 .../dosfstools/dosfstools_4.1.bb              |  6 ++-
 meta/recipes-devtools/libdnf/libdnf_0.28.1.bb |  2 +-
 ...nux-syslinux-support-ext2-3-4-device.patch |  2 +-
 .../clutter/clutter-gst-3.0.inc               |  2 +
 ...-sfnt-Fix-heap-buffer-overflow-59308.patch | 51 +++++++++++++++++++
 .../freetype/freetype_2.10.1.bb               |  1 +
 .../alsa/alsa-utils_1.2.1.bb                  |  3 +-
 ...size-in-reset-when-maxsize-is-larger.patch | 49 ++++++++++++++++++
 .../gstreamer/gstreamer1.0_1.16.3.bb          |  1 +
 .../ptest-runner/ptest-runner_2.3.2.bb        |  2 +-
 19 files changed, 201 insertions(+), 15 deletions(-)
 rename meta/recipes-connectivity/openssh/{openssh_8.2p1.bb => openssh_8.4p1.bb} (95%)
 create mode 100644 meta/recipes-core/systemd/systemd/systemd-udev-seclabel-options-crash-fix.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/0001-gas-improve-reproducibility-for-stabs-debugging-data.patch
 create mode 100644 meta/recipes-graphics/freetype/freetype/0001-sfnt-Fix-heap-buffer-overflow-59308.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-bufferpool-only-resize-in-reset-when-maxsize-is-larger.patch

-- 
2.17.1

[OE-core][dunfell 00/18] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by end
of day Tuesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2988

with the exception of a known autobuilder intermittent issue (on qemuppc test)
which passed on subsequent retest:

https://autobuilder.yoctoproject.org/typhoon/#/builders/63/builds/4402

The following changes since commit f61fcb6e176f19f1e768ce63a693f238713c8887:

  openssh: remove redundant BSD license (2021-12-02 05:11:21 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Dhruva Gole (1):
  scripts/checklayer/common.py: Fixed a minor grammatical error

Eero Aaltonen (1):
  cmake: FindGTest: Add target for gmock library

Jate Sujjavanich (2):
  libdnf: Backport bugfix for upgrade calc
  dnf: Backport bugfix for upgrade

Khem Raj (1):
  libunwind: Backport a fix for -fno-common option to compile

Neetika Singh (1):
  glib-2.0: Add security fixes

Pavel Zhukov (2):
  busybox: Fix for CVE-2021-42374
  busybox: Fix for CVE-2021-42376

Quentin Schulz (1):
  README.OE-Core.md: update URLs

Ranjitsinh Rathod (2):
  ncurses: Fix for CVE-2021-39537
  libsolv: update tag for missing CVEs

Richard Purdie (2):
  buildhistory: Fix srcrevs output
  oeqa/parselogs: Fix quoting

Ross Burton (1):
  vim: fix CVE-2021-3968 and CVE-2021-3973

Steve Sakoman (4):
  cve-extra-exclusions: add db CVEs to exclusion list
  bind: update to 9.11.33
  bind: update to 9.11.34
  bind: update to 9.11.35

 README.OE-Core                                |  10 +-
 meta/classes/buildhistory.bbclass             |  30 +-
 .../distro/include/cve-extra-exclusions.inc   |   9 +-
 meta/lib/oeqa/runtime/cases/parselogs.py      |  14 +-
 .../bind/{bind_9.11.32.bb => bind_9.11.35.bb} |   2 +-
 .../busybox/busybox/CVE-2021-42374.patch      |  53 +++
 .../busybox/busybox/CVE-2021-42376.patch      | 138 ++++++
 meta/recipes-core/busybox/busybox_1.31.1.bb   |   2 +
 .../glib-2.0/glib-2.0/CVE-2021-27218.patch    | 129 ++++++
 .../glib-2.0/glib-2.0/CVE-2021-27219-01.patch | 170 +++++++
 .../glib-2.0/glib-2.0/CVE-2021-27219-02.patch | 249 +++++++++++
 .../glib-2.0/glib-2.0/CVE-2021-27219-03.patch | 131 ++++++
 .../glib-2.0/glib-2.0/CVE-2021-27219-04.patch | 298 +++++++++++++
 .../glib-2.0/glib-2.0/CVE-2021-27219-05.patch |  54 +++
 .../glib-2.0/glib-2.0/CVE-2021-27219-06.patch | 101 +++++
 .../glib-2.0/glib-2.0/CVE-2021-27219-07.patch |  76 ++++
 .../glib-2.0/glib-2.0/CVE-2021-27219-08.patch | 101 +++++
 .../glib-2.0/glib-2.0/CVE-2021-27219-09.patch | 100 +++++
 .../glib-2.0/glib-2.0/CVE-2021-27219-10.patch |  59 +++
 .../glib-2.0/glib-2.0/CVE-2021-27219-11.patch |  63 +++
 .../glib-2.0/CVE-2021-27219-reg1-1.patch      |  36 ++
 .../glib-2.0/CVE-2021-27219-reg1-2.patch      |  38 ++
 .../glib-2.0/CVE-2021-27219-reg1-4.patch      |  38 ++
 .../glib-2.0/CVE-2021-27219-reg1-5.patch      | 100 +++++
 .../glib-2.0/CVE-2021-27219-reg2-1.patch      |  49 ++
 .../glib-2.0/CVE-2021-27219-reg2-2.patch      |  43 ++
 .../glib-2.0/CVE-2021-27219-reg2-3.patch      | 232 ++++++++++
 .../glib-2.0/glib-2.0/CVE-2021-28153-1.patch  |  27 ++
 .../glib-2.0/glib-2.0/CVE-2021-28153-2.patch  |  42 ++
 .../glib-2.0/glib-2.0/CVE-2021-28153-3.patch  |  57 +++
 .../glib-2.0/glib-2.0/CVE-2021-28153-4.patch  | 265 +++++++++++
 .../glib-2.0/glib-2.0/CVE-2021-28153-5.patch  |  55 +++
 meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb |  24 +
 .../ncurses/files/CVE-2021-39537.patch        |  30 ++
 meta/recipes-core/ncurses/ncurses_6.2.bb      |   1 +
 .../cmake/cmake-native_3.16.5.bb              |   1 +
 ...ndGTest-Add-target-for-gmock-library.patch | 255 +++++++++++
 ...ackages-in-upgrade-job-RhBug-1728252.patch |  60 +++
 meta/recipes-devtools/dnf/dnf_4.2.2.bb        |   1 +
 ...job-goal.upgrade-with-sltr-as-target.patch |  58 +++
 meta/recipes-devtools/libdnf/libdnf_0.28.1.bb |   1 +
 .../libsolv/files/CVE-2021-3200.patch         |   9 +-
 ...0001-Fix-compilation-with-fno-common.patch | 420 ++++++++++++++++++
 .../libunwind/libunwind_1.3.1.bb              |   1 +
 ...rash-when-using-CTRL-W-f-without-fin.patch |  92 ++++
 meta/recipes-support/vim/vim.inc              |   4 +
 scripts/lib/checklayer/cases/common.py        |   2 +-
 47 files changed, 3696 insertions(+), 34 deletions(-)
 rename meta/recipes-connectivity/bind/{bind_9.11.32.bb => bind_9.11.35.bb} (98%)
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2021-42374.patch
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2021-42376.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27218.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-01.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-02.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-03.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-04.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-05.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-06.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-07.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-08.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-09.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-10.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-11.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-1.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-2.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-4.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-5.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-1.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-2.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-3.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-1.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-2.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-3.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-4.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-5.patch
 create mode 100644 meta/recipes-core/ncurses/files/CVE-2021-39537.patch
 create mode 100644 meta/recipes-devtools/cmake/cmake/0006-cmake-FindGTest-Add-target-for-gmock-library.patch
 create mode 100644 meta/recipes-devtools/dnf/dnf/0040-Keep-installed-packages-in-upgrade-job-RhBug-1728252.patch
 create mode 100644 meta/recipes-devtools/libdnf/libdnf/0040-Mark-job-goal.upgrade-with-sltr-as-target.patch
 create mode 100644 meta/recipes-support/libunwind/libunwind/0001-Fix-compilation-with-fno-common.patch
 create mode 100644 meta/recipes-support/vim/files/0002-patch-8.2.3611-crash-when-using-CTRL-W-f-without-fin.patch

-- 
2.25.1

[OE-core][dunfell 00/18] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by end
of day Tuesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3314

with the exception of a known autobuilder intermittent issue on qemumips64:

https://bugzilla.yoctoproject.org/show_bug.cgi?id=14029

which passed on subsequent retest:

https://autobuilder.yoctoproject.org/typhoon/#/builders/74/builds/4787

The following changes since commit 79ce9059f716546a7d6f4562ba194aedd90c22cd:

  grub: add a fix for a crash in scripts (2022-02-23 05:00:42 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Jose Quaresma (1):
  buildhistory.bbclass: create the buildhistory directory when needed

Marek Vasut (1):
  bootchart2: Add missing python3-math dependency

Michael Halstead (1):
  uninative: Upgrade to 3.5

Minjae Kim (2):
  go: fix CVE-2022-23806
  go: fix CVE-2022-23772

Nathan Rossi (1):
  cml1.bbclass: Handle ncurses-native being available via pkg-config

Richard Purdie (2):
  libxml-parser-perl: Add missing RDEPENDS
  uninative: Add version to uninative tarball name

Ross Burton (3):
  coreutils: remove obsolete ignored CVE list
  cve-check: get_cve_info should open the database read-only
  Revert "cve-check: add lockfile to task"

Steve Sakoman (5):
  expat: fix CVE-2022-25235
  expat: fix CVE-2022-25236
  expat: fix CVE-2022-25313
  expat: fix CVE-2022-25314
  expat: fix CVE-2022-25315

Virendra Thakur (1):
  libarchive: Fix for CVE-2021-36976

wangmy (1):
  wireless-regdb: upgrade 2021.08.28 -> 2022.02.18

 meta/classes/buildhistory.bbclass             |   1 +
 meta/classes/cml1.bbclass                     |   8 +
 meta/classes/cve-check.bbclass                |   4 +-
 meta/classes/uninative.bbclass                |   2 +-
 meta/conf/distro/include/yocto-uninative.inc  |  11 +-
 meta/recipes-core/coreutils/coreutils_8.31.bb |   3 -
 .../expat/expat/CVE-2022-25235.patch          | 283 +++++++++++++++
 .../expat/expat/CVE-2022-25236.patch          | 129 +++++++
 .../expat/CVE-2022-25313-regression.patch     | 131 +++++++
 .../expat/expat/CVE-2022-25313.patch          | 230 +++++++++++++
 .../expat/expat/CVE-2022-25314.patch          |  32 ++
 .../expat/expat/CVE-2022-25315.patch          | 145 ++++++++
 meta/recipes-core/expat/expat_2.2.9.bb        |   6 +
 .../bootchart2/bootchart2_0.14.9.bb           |   2 +-
 meta/recipes-devtools/go/go-1.14.inc          |   2 +
 .../go/go-1.14/CVE-2022-23772.patch           |  50 +++
 .../go/go-1.14/CVE-2022-23806.patch           | 142 ++++++++
 .../perl/libxml-parser-perl_2.46.bb           |   1 +
 .../libarchive/CVE-2021-36976-1.patch         | 321 ++++++++++++++++++
 .../libarchive/CVE-2021-36976-2.patch         | 121 +++++++
 .../libarchive/CVE-2021-36976-3.patch         |  93 +++++
 .../libarchive/libarchive_3.4.2.bb            |   6 +-
 ....08.28.bb => wireless-regdb_2022.02.18.bb} |   2 +-
 23 files changed, 1711 insertions(+), 14 deletions(-)
 create mode 100644 meta/recipes-core/expat/expat/CVE-2022-25235.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2022-25236.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2022-25313-regression.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2022-25313.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2022-25314.patch
 create mode 100644 meta/recipes-core/expat/expat/CVE-2022-25315.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-23772.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-23806.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2021-36976-1.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2021-36976-2.patch
 create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2021-36976-3.patch
 rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2021.08.28.bb => wireless-regdb_2022.02.18.bb} (94%)

-- 
2.25.1

[OE-core][dunfell 00/18] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by
end of day Tuesday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4715

The following changes since commit cc8ec63310f9a936371ea1070cb257c926808755:

  oeqa/selftest/tinfoil: Add test for separate config_data with recipe_parse_file() (2022-12-14 16:34:29 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Alexander Kanavin (1):
  tzdata: update 2022d -> 2022g

Bruce Ashfield (4):
  linux-yocto/5.4: update to v5.4.221
  linux-yocto/5.4: update to v5.4.224
  linux-yocto/5.4: update to v5.4.225
  linux-yocto/5.4: update to v5.4.228

Chen Qi (1):
  bc: extend to nativesdk

Hitendra Prajapati (1):
  grub2: CVE-2022-28735 shim_lock verifier allows non-kernel files to be
    loaded

Jagadeesh Krishnanjanappa (1):
  qemuboot.bbclass: make sure runqemu boots bundled initramfs kernel
    image

Joshua Watt (1):
  sudo: Use specific BSD license variant

Minjae Kim (1):
  ppp: fix CVE-2022-4603

Peter Marko (1):
  externalsrc: fix lookup for .gitmodules

Quentin Schulz (1):
  cairo: update patch for CVE-2019-6461 with upstream solution

Robert Andersson (1):
  go-crosssdk: avoid host contamination by GOCACHE

Ross Burton (1):
  lib/buildstats: fix parsing of trees with reduced_proc_pressure
    directories

Vivek Kumbhar (4):
  go: fix CVE-2022-41717 Excessive memory use in got server
  rsync: fix CVE-2022-29154 remote arbitrary files write inside the
    directories of connecting peers
  libx11: fix CVE-2022-3555 memory leak in _XFreeX11XCBStructure() of
    xcb_disp.c
  qemu: fix CVE-2021-3507 fdc heap buffer overflow in DMA read data
    transfers

 meta/classes/externalsrc.bbclass              |   2 +-
 meta/classes/qemuboot.bbclass                 |   3 +-
 .../grub/files/CVE-2022-28735.patch           | 271 ++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |   1 +
 .../ppp/ppp/CVE-2022-4603.patch               |  50 +++
 meta/recipes-connectivity/ppp/ppp_2.4.7.bb    |   1 +
 meta/recipes-devtools/go/go-1.14.inc          |   1 +
 .../go/go-1.14/CVE-2022-41717.patch           |  75 ++++
 meta/recipes-devtools/go/go-crosssdk.inc      |   2 +
 meta/recipes-devtools/qemu/qemu.inc           |   1 +
 .../qemu/qemu/CVE-2021-3507.patch             |  87 +++++
 .../rsync/files/CVE-2022-29154.patch          | 334 ++++++++++++++++++
 meta/recipes-devtools/rsync/rsync_3.1.3.bb    |   1 +
 meta/recipes-extended/bc/bc_1.07.1.bb         |   2 +-
 meta/recipes-extended/sudo/sudo.inc           |   2 +-
 meta/recipes-extended/timezone/timezone.inc   |   7 +-
 .../cairo/cairo/CVE-2019-6461.patch           |  35 +-
 .../xorg-lib/libx11/CVE-2022-3555.patch       |  38 ++
 .../recipes-graphics/xorg-lib/libx11_1.6.9.bb |   1 +
 .../linux/linux-yocto-rt_5.4.bb               |   6 +-
 .../linux/linux-yocto-tiny_5.4.bb             |   8 +-
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  |  22 +-
 scripts/lib/buildstats.py                     |   4 +-
 23 files changed, 919 insertions(+), 35 deletions(-)
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2022-28735.patch
 create mode 100644 meta/recipes-connectivity/ppp/ppp/CVE-2022-4603.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41717.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3507.patch
 create mode 100644 meta/recipes-devtools/rsync/files/CVE-2022-29154.patch
 create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2022-3555.patch

-- 
2.25.1