* [OE-core][dunfell 00/16] Patch review
@ 2020-04-29 16:10 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2020-04-29 16:10 UTC (permalink / raw)
To: openembedded-core
Please review this first set of changes for dunfell and have comments back
by end of day Friday.
Clean a-full build on autobuilder (other than tickling a Send QA Email bug):
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/898
The following changes since commit 1795f30d8ab73d35710ca99064c51190dc84853e:
build-appliance-image: Update to master head revision (2020-04-07 22:15:32 +0100)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-next
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-next
Bartosz Golaszewski (1):
qemuboot.bbclass: don't redefine IMGDEPLOYDIR
Changqing Li (1):
parselogs.py: ignore pulseaudio startup warning messages
Denys Dmytriyenko (1):
u-boot.inc: install u-boot-initial-env as ${PN}-initial-env in $D and
$DEPLOYDIR
Jeremy Puhlman (3):
qemu-system-native: Fix commented out PACKAGECONFIG
nativesdk-gcc-runtime: enable building libstdc++.a
buildtools-extended-tarball: Add libstc++.a
Khem Raj (2):
libucontext: Bring in mips/mips64 support
ruby: Link with libucontext on musl
Maxime Roussin-B?langer (1):
tzdata: remove exit 0 from pkg_postinst
Paul Barker (1):
kernel-yocto.bbclass: Fix deps when externalsrc is used
Pierre-Jean Texier (1):
ell: upgrade 0.30 -> 0.31
Richard Purdie (1):
bzip2/pbzip2: Correct license information
Tim Orling (1):
python3-manifest.json: add pathlib to core
Wang Mingyu (1):
gnutls: upgrade 3.6.12 -> 3.6.13
Yi Zhao (1):
alsa-state: ignore 'No soundcards found' error in pkg_postinst
hongxu (1):
buildtools-tarball: add nativesdk-mtools for `wic ls'
meta/classes/kernel-yocto.bbclass | 6 +++
meta/classes/qemuboot.bbclass | 1 -
.../common-licenses/{bzip2 => bzip2-1.0.6} | 0
meta/lib/oeqa/runtime/cases/parselogs.py | 4 +-
meta/recipes-bsp/alsa-state/alsa-state.bb | 2 +-
meta/recipes-bsp/u-boot/u-boot.inc | 28 +++++------
.../ell/{ell_0.30.bb => ell_0.31.bb} | 4 +-
.../meta/buildtools-extended-tarball.bb | 1 +
meta/recipes-core/meta/buildtools-tarball.bb | 1 +
...move-using-.end-directive-with-clang.patch | 36 ++++++++++++++
.../0001-Makefile-Add-LIBDIR-variable.patch | 46 ------------------
.../0001-pass-LDFLAGS-to-link-step.patch | 31 ------------
meta/recipes-core/musl/libucontext_git.bb | 48 +++++++++----------
meta/recipes-devtools/gcc/gcc-runtime.inc | 2 +
.../python/python3/python3-manifest.json | 2 +
meta/recipes-devtools/qemu/qemu.inc | 2 +-
meta/recipes-devtools/ruby/ruby_2.7.0.bb | 9 +++-
meta/recipes-extended/bzip2/bzip2_1.0.8.bb | 2 +-
meta/recipes-extended/pbzip2/pbzip2_1.1.13.bb | 2 +-
meta/recipes-extended/timezone/tzdata.bb | 8 +---
.../{gnutls_3.6.12.bb => gnutls_3.6.13.bb} | 4 +-
21 files changed, 106 insertions(+), 133 deletions(-)
rename meta/files/common-licenses/{bzip2 => bzip2-1.0.6} (100%)
rename meta/recipes-core/ell/{ell_0.30.bb => ell_0.31.bb} (83%)
create mode 100644 meta/recipes-core/musl/0001-Remove-using-.end-directive-with-clang.patch
delete mode 100644 meta/recipes-core/musl/libucontext/0001-Makefile-Add-LIBDIR-variable.patch
delete mode 100644 meta/recipes-core/musl/libucontext/0001-pass-LDFLAGS-to-link-step.patch
rename meta/recipes-support/gnutls/{gnutls_3.6.12.bb => gnutls_3.6.13.bb} (93%)
--
2.17.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 00/16] Patch review
@ 2020-06-01 14:11 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2020-06-01 14:11 UTC (permalink / raw)
To: openembedded-core
Please review this next set of patches for dunfell and have comments back
by end of day Wednesday.
The following changes since commit c88cf750f26f6786d6ba5b4f1f7e5d4f0c800e6e:
avahi: Don't advertise example services by default (2020-05-26 04:12:28 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Adrian Bunk (1):
libubootenv: Remove the DEPENDS on mtd-utils
Gregor Zatko (1):
sanity.bbclass: Detect and fail if 'inherit' is used in conf file
Joe Slater (1):
terminal.py: do not stop searching for auto
Joshua Watt (1):
checklayer: Skip layers without a collection
Khem Raj (2):
cve-check: Run it after do_fetch
make-mod-scripts: Fix a rare build race condition
Konrad Weihmann (1):
qemurunner: fix ip fallback detection
Lee Chee Yang (2):
bind: fix CVE-2020-8616/7
libexif: fix CVE-2020-13114
Mark Hatle (1):
sstate.bbclass: When siginfo or sig files are missing, stop fetcher
errors
Richard Purdie (2):
resulttool/report: Remove leftover debugging
resulttool/log: Add ability to dump ltp logs as well as ptest
Robert P. J. Day (1):
bitbake.conf: Remove unused DEPLOY_DIR_TOOLS variable
Robert Yang (1):
archiver.bbclass: Fix duplicated SRC_URIs for do_ar_original
Steve Sakoman (1):
oeqa/concurrencytest: don't delete build directory for failed tests
Trevor Gamblin (1):
qemuarm: check serial consoles vs /proc/consoles
meta/classes/archiver.bbclass | 8 +-
meta/classes/cve-check.bbclass | 2 +-
meta/classes/sanity.bbclass | 6 +
meta/classes/sstate.bbclass | 6 +-
meta/conf/bitbake.conf | 1 -
meta/conf/machine/qemuarm.conf | 1 +
meta/conf/machine/qemuarm64.conf | 1 +
meta/lib/oe/terminal.py | 5 +-
meta/lib/oeqa/core/utils/concurrencytest.py | 10 +-
meta/lib/oeqa/utils/qemurunner.py | 2 +-
meta/recipes-bsp/u-boot/libubootenv_0.2.bb | 2 +-
.../bind/bind/CVE-2020-8616.patch | 206 ++++++++++++++++++
.../bind/bind/CVE-2020-8617.patch | 29 +++
.../recipes-connectivity/bind/bind_9.11.13.bb | 2 +
.../make-mod-scripts/make-mod-scripts_1.0.bb | 7 +-
.../libexif/libexif/CVE-2020-13114.patch | 73 +++++++
.../recipes-support/libexif/libexif_0.6.21.bb | 4 +-
scripts/lib/checklayer/__init__.py | 3 +
scripts/lib/resulttool/log.py | 21 +-
scripts/lib/resulttool/report.py | 1 -
scripts/lib/resulttool/resultutils.py | 22 +-
21 files changed, 383 insertions(+), 29 deletions(-)
create mode 100644 meta/recipes-connectivity/bind/bind/CVE-2020-8616.patch
create mode 100644 meta/recipes-connectivity/bind/bind/CVE-2020-8617.patch
create mode 100644 meta/recipes-support/libexif/libexif/CVE-2020-13114.patch
--
2.17.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 00/16] Patch review
@ 2020-10-27 22:29 Steve Sakoman
2020-10-27 22:29 ` [OE-core][dunfell 01/16] oeqa: Add sync call to command execution Steve Sakoman
` (15 more replies)
0 siblings, 16 replies; 22+ messages in thread
From: Steve Sakoman @ 2020-10-27 22:29 UTC (permalink / raw)
To: openembedded-core
Please review this next set of patches for dunfell and have changes back
by end of day Thursday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/1514
The following changes since commit 89e6fc44a378cb3489376d7193672cdf94c504b6:
qemu: change TLBs number to 64 in 34Kf mips cpu model (2020-10-21 04:42:42 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Jose Quaresma (12):
gstreamer1.0: Fix reproducibility issue around libcap
gstreamer1.0: Update 1.16.2 -> Update 1.16.3
gstreamer1.0-plugins-base: Update 1.16.2 -> Update 1.16.3
gstreamer1.0-plugins-good: Update 1.16.2 -> Update 1.16.3
gstreamer1.0-plugins-bad: Update 1.16.2 -> Update 1.16.3
gstreamer1.0-plugins-ugly: Update 1.16.2 -> Update 1.16.3
gstreamer1.0-libav: Update 1.16.2 -> Update 1.16.3
gstreamer1.0-vaapi: Update 1.16.2 -> Update 1.16.3
gstreamer1.0-rtsp-server: Update 1.16.2 -> Update 1.16.3
gstreamer1.0-omx: Update 1.16.2 -> Update 1.16.3
gstreamer1.0-python: Update 1.16.2 -> Update 1.16.3
gst-validate: Update 1.16.2 -> Update 1.16.3
Lee Chee Yang (1):
ffmpeg: fix CVE-2020-12284
Richard Purdie (1):
oeqa: Add sync call to command execution
Ross Burton (2):
gcc: mitigate the Straight-line Speculation attack
glib-2.0: fix parsing of slim encoded tzdata
meta/lib/oeqa/selftest/cases/runcmd.py | 16 +-
meta/lib/oeqa/utils/commands.py | 8 +-
.../glib-2.0/glib-2.0/tzdata-update.patch | 458 ++++++++++++
meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb | 1 +
meta/recipes-devtools/gcc/gcc-9.3.inc | 3 +
...ight-Line-Speculation-SLS-mitigation.patch | 204 ++++++
...e-SLS-mitigation-for-RET-and-BR-inst.patch | 600 ++++++++++++++++
...h64-Mitigate-SLS-for-BLR-instruction.patch | 659 ++++++++++++++++++
.../ffmpeg/ffmpeg/CVE-2020-12284.patch | 36 +
.../recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb | 1 +
...idate_1.16.2.bb => gst-validate_1.16.3.bb} | 4 +-
...1.16.2.bb => gstreamer1.0-libav_1.16.3.bb} | 4 +-
...x_1.16.2.bb => gstreamer1.0-omx_1.16.3.bb} | 4 +-
....bb => gstreamer1.0-plugins-bad_1.16.3.bb} | 4 +-
...bb => gstreamer1.0-plugins-base_1.16.3.bb} | 4 +-
...bb => gstreamer1.0-plugins-good_1.16.3.bb} | 4 +-
...bb => gstreamer1.0-plugins-ugly_1.16.3.bb} | 4 +-
...son.build-fix-builds-with-python-3.8.patch | 24 -
....16.2.bb => gstreamer1.0-python_1.16.3.bb} | 8 +-
....bb => gstreamer1.0-rtsp-server_1.16.3.bb} | 4 +-
...1.16.2.bb => gstreamer1.0-vaapi_1.16.3.bb} | 4 +-
.../gstreamer/gstreamer1.0/capfix.patch | 37 -
...er1.0_1.16.2.bb => gstreamer1.0_1.16.3.bb} | 9 +-
23 files changed, 2002 insertions(+), 98 deletions(-)
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/tzdata-update.patch
create mode 100644 meta/recipes-devtools/gcc/gcc-9.3/0001-aarch64-New-Straight-Line-Speculation-SLS-mitigation.patch
create mode 100644 meta/recipes-devtools/gcc/gcc-9.3/0002-aarch64-Introduce-SLS-mitigation-for-RET-and-BR-inst.patch
create mode 100644 meta/recipes-devtools/gcc/gcc-9.3/0003-aarch64-Mitigate-SLS-for-BLR-instruction.patch
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-12284.patch
rename meta/recipes-multimedia/gstreamer/{gst-validate_1.16.2.bb => gst-validate_1.16.3.bb} (87%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-libav_1.16.2.bb => gstreamer1.0-libav_1.16.3.bb} (90%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-omx_1.16.2.bb => gstreamer1.0-omx_1.16.3.bb} (92%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-bad_1.16.2.bb => gstreamer1.0-plugins-bad_1.16.3.bb} (98%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-base_1.16.2.bb => gstreamer1.0-plugins-base_1.16.3.bb} (96%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-good_1.16.2.bb => gstreamer1.0-plugins-good_1.16.3.bb} (96%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-ugly_1.16.2.bb => gstreamer1.0-plugins-ugly_1.16.3.bb} (90%)
delete mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-python/0001-meson.build-fix-builds-with-python-3.8.patch
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-python_1.16.2.bb => gstreamer1.0-python_1.16.3.bb} (80%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-rtsp-server_1.16.2.bb => gstreamer1.0-rtsp-server_1.16.3.bb} (86%)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-vaapi_1.16.2.bb => gstreamer1.0-vaapi_1.16.3.bb} (93%)
delete mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0/capfix.patch
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0_1.16.2.bb => gstreamer1.0_1.16.3.bb} (90%)
--
2.17.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 01/16] oeqa: Add sync call to command execution
2020-10-27 22:29 [OE-core][dunfell 00/16] Patch review Steve Sakoman
@ 2020-10-27 22:29 ` Steve Sakoman
2020-10-27 22:29 ` [OE-core][dunfell 02/16] gcc: mitigate the Straight-line Speculation attack Steve Sakoman
` (14 subsequent siblings)
15 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2020-10-27 22:29 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
We previously put a sync call into devtool to try and combat the bitbake
timeout issues on the autobuilder. It isn't enough as the timeouts occur
mid test. They are also occurring on non-devtool tests.
Add in sync calls around command execution instead.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ceca5ed121e2b54415a7ab3a217882e4ea86923a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oeqa/selftest/cases/runcmd.py | 16 ++++++++--------
meta/lib/oeqa/utils/commands.py | 8 +++++++-
2 files changed, 15 insertions(+), 9 deletions(-)
diff --git a/meta/lib/oeqa/selftest/cases/runcmd.py b/meta/lib/oeqa/selftest/cases/runcmd.py
index a5ef1ea95f..fa6113d7fa 100644
--- a/meta/lib/oeqa/selftest/cases/runcmd.py
+++ b/meta/lib/oeqa/selftest/cases/runcmd.py
@@ -64,12 +64,12 @@ class RunCmdTests(OESelftestTestCase):
runCmd, "echo foobar >&2; false", shell=True, assert_error=False)
def test_output(self):
- result = runCmd("echo stdout; echo stderr >&2", shell=True)
+ result = runCmd("echo stdout; echo stderr >&2", shell=True, sync=False)
self.assertEqual("stdout\nstderr", result.output)
self.assertEqual("", result.error)
def test_output_split(self):
- result = runCmd("echo stdout; echo stderr >&2", shell=True, stderr=subprocess.PIPE)
+ result = runCmd("echo stdout; echo stderr >&2", shell=True, stderr=subprocess.PIPE, sync=False)
self.assertEqual("stdout", result.output)
self.assertEqual("stderr", result.error)
@@ -77,7 +77,7 @@ class RunCmdTests(OESelftestTestCase):
numthreads = threading.active_count()
start = time.time()
# Killing a hanging process only works when not using a shell?!
- result = runCmd(['sleep', '60'], timeout=self.TIMEOUT, ignore_status=True)
+ result = runCmd(['sleep', '60'], timeout=self.TIMEOUT, ignore_status=True, sync=False)
self.assertEqual(result.status, -signal.SIGTERM)
end = time.time()
self.assertLess(end - start, self.TIMEOUT + self.DELTA)
@@ -87,7 +87,7 @@ class RunCmdTests(OESelftestTestCase):
numthreads = threading.active_count()
start = time.time()
# Killing a hanging process only works when not using a shell?!
- result = runCmd(['sleep', '60'], timeout=self.TIMEOUT, ignore_status=True, stderr=subprocess.PIPE)
+ result = runCmd(['sleep', '60'], timeout=self.TIMEOUT, ignore_status=True, stderr=subprocess.PIPE, sync=False)
self.assertEqual(result.status, -signal.SIGTERM)
end = time.time()
self.assertLess(end - start, self.TIMEOUT + self.DELTA)
@@ -95,7 +95,7 @@ class RunCmdTests(OESelftestTestCase):
def test_stdin(self):
numthreads = threading.active_count()
- result = runCmd("cat", data=b"hello world", timeout=self.TIMEOUT)
+ result = runCmd("cat", data=b"hello world", timeout=self.TIMEOUT, sync=False)
self.assertEqual("hello world", result.output)
self.assertEqual(numthreads, threading.active_count(), msg="Thread counts were not equal before (%s) and after (%s), active threads: %s" % (numthreads, threading.active_count(), threading.enumerate()))
self.assertEqual(numthreads, 1)
@@ -103,7 +103,7 @@ class RunCmdTests(OESelftestTestCase):
def test_stdin_timeout(self):
numthreads = threading.active_count()
start = time.time()
- result = runCmd(['sleep', '60'], data=b"hello world", timeout=self.TIMEOUT, ignore_status=True)
+ result = runCmd(['sleep', '60'], data=b"hello world", timeout=self.TIMEOUT, ignore_status=True, sync=False)
self.assertEqual(result.status, -signal.SIGTERM)
end = time.time()
self.assertLess(end - start, self.TIMEOUT + self.DELTA)
@@ -111,12 +111,12 @@ class RunCmdTests(OESelftestTestCase):
def test_log(self):
log = MemLogger()
- result = runCmd("echo stdout; echo stderr >&2", shell=True, output_log=log)
+ result = runCmd("echo stdout; echo stderr >&2", shell=True, output_log=log, sync=False)
self.assertEqual(["Running: echo stdout; echo stderr >&2", "stdout", "stderr"], log.info_msgs)
self.assertEqual([], log.error_msgs)
def test_log_split(self):
log = MemLogger()
- result = runCmd("echo stdout; echo stderr >&2", shell=True, output_log=log, stderr=subprocess.PIPE)
+ result = runCmd("echo stdout; echo stderr >&2", shell=True, output_log=log, stderr=subprocess.PIPE, sync=False)
self.assertEqual(["Running: echo stdout; echo stderr >&2", "stdout"], log.info_msgs)
self.assertEqual(["stderr"], log.error_msgs)
diff --git a/meta/lib/oeqa/utils/commands.py b/meta/lib/oeqa/utils/commands.py
index f7f8c16bf0..8059cbce3e 100644
--- a/meta/lib/oeqa/utils/commands.py
+++ b/meta/lib/oeqa/utils/commands.py
@@ -167,7 +167,7 @@ class Result(object):
pass
-def runCmd(command, ignore_status=False, timeout=None, assert_error=True,
+def runCmd(command, ignore_status=False, timeout=None, assert_error=True, sync=True,
native_sysroot=None, limit_exc_output=0, output_log=None, **options):
result = Result()
@@ -184,6 +184,12 @@ def runCmd(command, ignore_status=False, timeout=None, assert_error=True,
cmd = Command(command, timeout=timeout, output_log=output_log, **options)
cmd.run()
+ # tests can be heavy on IO and if bitbake can't write out its caches, we see timeouts.
+ # call sync around the tests to ensure the IO queue doesn't get too large, taking any IO
+ # hit here rather than in bitbake shutdown.
+ if sync:
+ os.system("sync")
+
result.command = command
result.status = cmd.status
result.output = cmd.output
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 02/16] gcc: mitigate the Straight-line Speculation attack
2020-10-27 22:29 [OE-core][dunfell 00/16] Patch review Steve Sakoman
2020-10-27 22:29 ` [OE-core][dunfell 01/16] oeqa: Add sync call to command execution Steve Sakoman
@ 2020-10-27 22:29 ` Steve Sakoman
2020-10-27 22:29 ` [OE-core][dunfell 03/16] ffmpeg: fix CVE-2020-12284 Steve Sakoman
` (13 subsequent siblings)
15 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2020-10-27 22:29 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross@burtonini.com>
Straight-line Speculation is a SPECTRE-like attack on Armv8-A, further
details can be found in the white paper here:
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation
Backport the GCC patches to mitigate the attack.
CVE: CVE-2020-13844
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/gcc/gcc-9.3.inc | 3 +
...ight-Line-Speculation-SLS-mitigation.patch | 204 ++++++
...e-SLS-mitigation-for-RET-and-BR-inst.patch | 600 ++++++++++++++++
...h64-Mitigate-SLS-for-BLR-instruction.patch | 659 ++++++++++++++++++
4 files changed, 1466 insertions(+)
create mode 100644 meta/recipes-devtools/gcc/gcc-9.3/0001-aarch64-New-Straight-Line-Speculation-SLS-mitigation.patch
create mode 100644 meta/recipes-devtools/gcc/gcc-9.3/0002-aarch64-Introduce-SLS-mitigation-for-RET-and-BR-inst.patch
create mode 100644 meta/recipes-devtools/gcc/gcc-9.3/0003-aarch64-Mitigate-SLS-for-BLR-instruction.patch
diff --git a/meta/recipes-devtools/gcc/gcc-9.3.inc b/meta/recipes-devtools/gcc/gcc-9.3.inc
index 38dee001d4..4c54ba250a 100644
--- a/meta/recipes-devtools/gcc/gcc-9.3.inc
+++ b/meta/recipes-devtools/gcc/gcc-9.3.inc
@@ -69,6 +69,9 @@ SRC_URI = "\
file://0037-CVE-2019-14250-Check-zero-value-in-simple_object_elf.patch \
file://0038-gentypes-genmodes-Do-not-use-__LINE__-for-maintainin.patch \
file://0039-process_alt_operands-Don-t-match-user-defined-regs-o.patch \
+ file://0001-aarch64-New-Straight-Line-Speculation-SLS-mitigation.patch \
+ file://0002-aarch64-Introduce-SLS-mitigation-for-RET-and-BR-inst.patch \
+ file://0003-aarch64-Mitigate-SLS-for-BLR-instruction.patch \
"
S = "${TMPDIR}/work-shared/gcc-${PV}-${PR}/gcc-${PV}"
SRC_URI[sha256sum] = "71e197867611f6054aa1119b13a0c0abac12834765fe2d81f35ac57f84f742d1"
diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0001-aarch64-New-Straight-Line-Speculation-SLS-mitigation.patch b/meta/recipes-devtools/gcc/gcc-9.3/0001-aarch64-New-Straight-Line-Speculation-SLS-mitigation.patch
new file mode 100644
index 0000000000..a7e29f4bd7
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc-9.3/0001-aarch64-New-Straight-Line-Speculation-SLS-mitigation.patch
@@ -0,0 +1,204 @@
+CVE: CVE-2020-13844
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 20da13e395bde597d8337167c712039c8f923c3b Mon Sep 17 00:00:00 2001
+From: Matthew Malcomson <matthew.malcomson@arm.com>
+Date: Thu, 9 Jul 2020 09:11:58 +0100
+Subject: [PATCH 1/3] aarch64: New Straight Line Speculation (SLS) mitigation
+ flags
+
+Here we introduce the flags that will be used for straight line speculation.
+
+The new flag introduced is `-mharden-sls=`.
+This flag can take arguments of `none`, `all`, or a comma seperated list
+of one or more of `retbr` or `blr`.
+`none` indicates no special mitigation of the straight line speculation
+vulnerability.
+`all` requests all mitigations currently implemented.
+`retbr` requests that the RET and BR instructions have a speculation
+barrier inserted after them.
+`blr` requests that BLR instructions are replaced by a BL to a function
+stub using a BR with a speculation barrier after it.
+
+Setting this on a per-function basis using attributes or the like is not
+enabled, but may be in the future.
+
+(cherry picked from commit a9ba2a9b77bec7eacaf066801f22d1c366a2bc86)
+
+gcc/ChangeLog:
+
+2020-06-02 Matthew Malcomson <matthew.malcomson@arm.com>
+
+ * config/aarch64/aarch64-protos.h (aarch64_harden_sls_retbr_p):
+ New.
+ (aarch64_harden_sls_blr_p): New.
+ * config/aarch64/aarch64.c (enum aarch64_sls_hardening_type):
+ New.
+ (aarch64_harden_sls_retbr_p): New.
+ (aarch64_harden_sls_blr_p): New.
+ (aarch64_validate_sls_mitigation): New.
+ (aarch64_override_options): Parse options for SLS mitigation.
+ * config/aarch64/aarch64.opt (-mharden-sls): New option.
+ * doc/invoke.texi: Document new option.
+---
+ gcc/config/aarch64/aarch64-protos.h | 3 ++
+ gcc/config/aarch64/aarch64.c | 76 +++++++++++++++++++++++++++++
+ gcc/config/aarch64/aarch64.opt | 4 ++
+ gcc/doc/invoke.texi | 12 +++++
+ 4 files changed, 95 insertions(+)
+
+diff --git a/gcc/config/aarch64/aarch64-protos.h b/gcc/config/aarch64/aarch64-protos.h
+index c083cad53..31493f412 100644
+--- a/gcc/config/aarch64/aarch64-protos.h
++++ b/gcc/config/aarch64/aarch64-protos.h
+@@ -644,4 +644,7 @@ poly_uint64 aarch64_regmode_natural_size (machine_mode);
+
+ bool aarch64_high_bits_all_ones_p (HOST_WIDE_INT);
+
++extern bool aarch64_harden_sls_retbr_p (void);
++extern bool aarch64_harden_sls_blr_p (void);
++
+ #endif /* GCC_AARCH64_PROTOS_H */
+diff --git a/gcc/config/aarch64/aarch64.c b/gcc/config/aarch64/aarch64.c
+index b452a53af..269ff6c92 100644
+--- a/gcc/config/aarch64/aarch64.c
++++ b/gcc/config/aarch64/aarch64.c
+@@ -11734,6 +11734,79 @@ aarch64_validate_mcpu (const char *str, const struct processor **res,
+ return false;
+ }
+
++/* Straight line speculation indicators. */
++enum aarch64_sls_hardening_type
++{
++ SLS_NONE = 0,
++ SLS_RETBR = 1,
++ SLS_BLR = 2,
++ SLS_ALL = 3,
++};
++static enum aarch64_sls_hardening_type aarch64_sls_hardening;
++
++/* Return whether we should mitigatate Straight Line Speculation for the RET
++ and BR instructions. */
++bool
++aarch64_harden_sls_retbr_p (void)
++{
++ return aarch64_sls_hardening & SLS_RETBR;
++}
++
++/* Return whether we should mitigatate Straight Line Speculation for the BLR
++ instruction. */
++bool
++aarch64_harden_sls_blr_p (void)
++{
++ return aarch64_sls_hardening & SLS_BLR;
++}
++
++/* As of yet we only allow setting these options globally, in the future we may
++ allow setting them per function. */
++static void
++aarch64_validate_sls_mitigation (const char *const_str)
++{
++ char *token_save = NULL;
++ char *str = NULL;
++
++ if (strcmp (const_str, "none") == 0)
++ {
++ aarch64_sls_hardening = SLS_NONE;
++ return;
++ }
++ if (strcmp (const_str, "all") == 0)
++ {
++ aarch64_sls_hardening = SLS_ALL;
++ return;
++ }
++
++ char *str_root = xstrdup (const_str);
++ str = strtok_r (str_root, ",", &token_save);
++ if (!str)
++ error ("invalid argument given to %<-mharden-sls=%>");
++
++ int temp = SLS_NONE;
++ while (str)
++ {
++ if (strcmp (str, "blr") == 0)
++ temp |= SLS_BLR;
++ else if (strcmp (str, "retbr") == 0)
++ temp |= SLS_RETBR;
++ else if (strcmp (str, "none") == 0 || strcmp (str, "all") == 0)
++ {
++ error ("%<%s%> must be by itself for %<-mharden-sls=%>", str);
++ break;
++ }
++ else
++ {
++ error ("invalid argument %<%s%> for %<-mharden-sls=%>", str);
++ break;
++ }
++ str = strtok_r (NULL, ",", &token_save);
++ }
++ aarch64_sls_hardening = (aarch64_sls_hardening_type) temp;
++ free (str_root);
++}
++
+ /* Parses CONST_STR for branch protection features specified in
+ aarch64_branch_protect_types, and set any global variables required. Returns
+ the parsing result and assigns LAST_STR to the last processed token from
+@@ -11972,6 +12045,9 @@ aarch64_override_options (void)
+ selected_arch = NULL;
+ selected_tune = NULL;
+
++ if (aarch64_harden_sls_string)
++ aarch64_validate_sls_mitigation (aarch64_harden_sls_string);
++
+ if (aarch64_branch_protection_string)
+ aarch64_validate_mbranch_protection (aarch64_branch_protection_string);
+
+diff --git a/gcc/config/aarch64/aarch64.opt b/gcc/config/aarch64/aarch64.opt
+index 3c6d1cc90..d27ab6df8 100644
+--- a/gcc/config/aarch64/aarch64.opt
++++ b/gcc/config/aarch64/aarch64.opt
+@@ -71,6 +71,10 @@ mgeneral-regs-only
+ Target Report RejectNegative Mask(GENERAL_REGS_ONLY) Save
+ Generate code which uses only the general registers.
+
++mharden-sls=
++Target RejectNegative Joined Var(aarch64_harden_sls_string)
++Generate code to mitigate against straight line speculation.
++
+ mfix-cortex-a53-835769
+ Target Report Var(aarch64_fix_a53_err835769) Init(2) Save
+ Workaround for ARM Cortex-A53 Erratum number 835769.
+diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
+index 2f7ffe456..5f04a7d2b 100644
+--- a/gcc/doc/invoke.texi
++++ b/gcc/doc/invoke.texi
+@@ -638,6 +638,7 @@ Objective-C and Objective-C++ Dialects}.
+ -mpc-relative-literal-loads @gol
+ -msign-return-address=@var{scope} @gol
+ -mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}]|@var{bti} @gol
++-mharden-sls=@var{opts} @gol
+ -march=@var{name} -mcpu=@var{name} -mtune=@var{name} @gol
+ -moverride=@var{string} -mverbose-cost-dump @gol
+ -mstack-protector-guard=@var{guard} -mstack-protector-guard-reg=@var{sysreg} @gol
+@@ -15955,6 +15956,17 @@ argument @samp{leaf} can be used to extend the signing to include leaf
+ functions.
+ @samp{bti} turns on branch target identification mechanism.
+
++@item -mharden-sls=@var{opts}
++@opindex mharden-sls
++Enable compiler hardening against straight line speculation (SLS).
++@var{opts} is a comma-separated list of the following options:
++@table @samp
++@item retbr
++@item blr
++@end table
++In addition, @samp{-mharden-sls=all} enables all SLS hardening while
++@samp{-mharden-sls=none} disables all SLS hardening.
++
+ @item -msve-vector-bits=@var{bits}
+ @opindex msve-vector-bits
+ Specify the number of bits in an SVE vector register. This option only has
+--
+2.25.1
+
diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0002-aarch64-Introduce-SLS-mitigation-for-RET-and-BR-inst.patch b/meta/recipes-devtools/gcc/gcc-9.3/0002-aarch64-Introduce-SLS-mitigation-for-RET-and-BR-inst.patch
new file mode 100644
index 0000000000..c972088d2b
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc-9.3/0002-aarch64-Introduce-SLS-mitigation-for-RET-and-BR-inst.patch
@@ -0,0 +1,600 @@
+CVE: CVE-2020-13844
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From dc586a749228ecfb71f72ec2ca10e6f7b6874af3 Mon Sep 17 00:00:00 2001
+From: Matthew Malcomson <matthew.malcomson@arm.com>
+Date: Thu, 9 Jul 2020 09:11:59 +0100
+Subject: [PATCH 2/3] aarch64: Introduce SLS mitigation for RET and BR
+ instructions
+
+Instructions following RET or BR are not necessarily executed. In order
+to avoid speculation past RET and BR we can simply append a speculation
+barrier.
+
+Since these speculation barriers will not be architecturally executed,
+they are not expected to add a high performance penalty.
+
+The speculation barrier is to be SB when targeting architectures which
+have this enabled, and DSB SY + ISB otherwise.
+
+We add tests for each of the cases where such an instruction was seen.
+
+This is implemented by modifying each machine description pattern that
+emits either a RET or a BR instruction. We choose not to use something
+like `TARGET_ASM_FUNCTION_EPILOGUE` since it does not affect the
+`indirect_jump`, `jump`, `sibcall_insn` and `sibcall_value_insn`
+patterns and we find it preferable to implement the functionality in the
+same way for every pattern.
+
+There is one particular case which is slightly tricky. The
+implementation of TARGET_ASM_TRAMPOLINE_TEMPLATE uses a BR which needs
+to be mitigated against. The trampoline template is used *once* per
+compilation unit, and the TRAMPOLINE_SIZE is exposed to the user via the
+builtin macro __LIBGCC_TRAMPOLINE_SIZE__.
+In the future we may implement function specific attributes to turn on
+and off hardening on a per-function basis.
+The fixed nature of the trampoline described above implies it will be
+safer to ensure this speculation barrier is always used.
+
+Testing:
+ Bootstrap and regtest done on aarch64-none-linux
+ Used a temporary hack(1) to use these options on every test in the
+ testsuite and a script to check that the output never emitted an
+ unmitigated RET or BR.
+
+1) Temporary hack was a change to the testsuite to always use
+`-save-temps` and run a script on the assembly output of those
+compilations which produced one to ensure every RET or BR is immediately
+followed by a speculation barrier.
+
+(cherry picked from be178ecd5ac1fe1510d960ff95c66d0ff831afe1)
+
+gcc/ChangeLog:
+
+ * config/aarch64/aarch64-protos.h (aarch64_sls_barrier): New.
+ * config/aarch64/aarch64.c (aarch64_output_casesi): Emit
+ speculation barrier after BR instruction if needs be.
+ (aarch64_trampoline_init): Handle ptr_mode value & adjust size
+ of code copied.
+ (aarch64_sls_barrier): New.
+ (aarch64_asm_trampoline_template): Add needed barriers.
+ * config/aarch64/aarch64.h (AARCH64_ISA_SB): New.
+ (TARGET_SB): New.
+ (TRAMPOLINE_SIZE): Account for barrier.
+ * config/aarch64/aarch64.md (indirect_jump, *casesi_dispatch,
+ simple_return, *do_return, *sibcall_insn, *sibcall_value_insn):
+ Emit barrier if needs be, also account for possible barrier using
+ "sls_length" attribute.
+ (sls_length): New attribute.
+ (length): Determine default using any non-default sls_length
+ value.
+
+gcc/testsuite/ChangeLog:
+
+ * gcc.target/aarch64/sls-mitigation/sls-miti-retbr.c: New test.
+ * gcc.target/aarch64/sls-mitigation/sls-miti-retbr-pacret.c:
+ New test.
+ * gcc.target/aarch64/sls-mitigation/sls-mitigation.exp: New file.
+ * lib/target-supports.exp (check_effective_target_aarch64_asm_sb_ok):
+ New proc.
+---
+ gcc/config/aarch64/aarch64-protos.h | 1 +
+ gcc/config/aarch64/aarch64.c | 41 +++++-
+ gcc/config/aarch64/aarch64.h | 10 +-
+ gcc/config/aarch64/aarch64.md | 75 ++++++++---
+ .../sls-mitigation/sls-miti-retbr-pacret.c | 15 +++
+ .../aarch64/sls-mitigation/sls-miti-retbr.c | 119 ++++++++++++++++++
+ .../aarch64/sls-mitigation/sls-mitigation.exp | 73 +++++++++++
+ gcc/testsuite/lib/target-supports.exp | 3 +-
+ 8 files changed, 312 insertions(+), 25 deletions(-)
+ create mode 100644 gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-retbr-pacret.c
+ create mode 100644 gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-retbr.c
+ create mode 100644 gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-mitigation.exp
+
+diff --git a/gcc/config/aarch64/aarch64-protos.h b/gcc/config/aarch64/aarch64-protos.h
+index 31493f412..885eae893 100644
+--- a/gcc/config/aarch64/aarch64-protos.h
++++ b/gcc/config/aarch64/aarch64-protos.h
+@@ -644,6 +644,7 @@ poly_uint64 aarch64_regmode_natural_size (machine_mode);
+
+ bool aarch64_high_bits_all_ones_p (HOST_WIDE_INT);
+
++const char *aarch64_sls_barrier (int);
+ extern bool aarch64_harden_sls_retbr_p (void);
+ extern bool aarch64_harden_sls_blr_p (void);
+
+diff --git a/gcc/config/aarch64/aarch64.c b/gcc/config/aarch64/aarch64.c
+index 269ff6c92..dff61105c 100644
+--- a/gcc/config/aarch64/aarch64.c
++++ b/gcc/config/aarch64/aarch64.c
+@@ -8412,8 +8412,8 @@ aarch64_return_addr (int count, rtx frame ATTRIBUTE_UNUSED)
+ static void
+ aarch64_asm_trampoline_template (FILE *f)
+ {
+- int offset1 = 16;
+- int offset2 = 20;
++ int offset1 = 24;
++ int offset2 = 28;
+
+ if (aarch64_bti_enabled ())
+ {
+@@ -8436,6 +8436,17 @@ aarch64_asm_trampoline_template (FILE *f)
+ }
+ asm_fprintf (f, "\tbr\t%s\n", reg_names [IP1_REGNUM]);
+
++ /* We always emit a speculation barrier.
++ This is because the same trampoline template is used for every nested
++ function. Since nested functions are not particularly common or
++ performant we don't worry too much about the extra instructions to copy
++ around.
++ This is not yet a problem, since we have not yet implemented function
++ specific attributes to choose between hardening against straight line
++ speculation or not, but such function specific attributes are likely to
++ happen in the future. */
++ asm_fprintf (f, "\tdsb\tsy\n\tisb\n");
++
+ /* The trampoline needs an extra padding instruction. In case if BTI is
+ enabled the padding instruction is replaced by the BTI instruction at
+ the beginning. */
+@@ -8450,10 +8461,14 @@ static void
+ aarch64_trampoline_init (rtx m_tramp, tree fndecl, rtx chain_value)
+ {
+ rtx fnaddr, mem, a_tramp;
+- const int tramp_code_sz = 16;
++ const int tramp_code_sz = 24;
+
+ /* Don't need to copy the trailing D-words, we fill those in below. */
+- emit_block_move (m_tramp, assemble_trampoline_template (),
++ /* We create our own memory address in Pmode so that `emit_block_move` can
++ use parts of the backend which expect Pmode addresses. */
++ rtx temp = convert_memory_address (Pmode, XEXP (m_tramp, 0));
++ emit_block_move (gen_rtx_MEM (BLKmode, temp),
++ assemble_trampoline_template (),
+ GEN_INT (tramp_code_sz), BLOCK_OP_NORMAL);
+ mem = adjust_address (m_tramp, ptr_mode, tramp_code_sz);
+ fnaddr = XEXP (DECL_RTL (fndecl), 0);
+@@ -8640,6 +8655,8 @@ aarch64_output_casesi (rtx *operands)
+ output_asm_insn (buf, operands);
+ output_asm_insn (patterns[index][1], operands);
+ output_asm_insn ("br\t%3", operands);
++ output_asm_insn (aarch64_sls_barrier (aarch64_harden_sls_retbr_p ()),
++ operands);
+ assemble_label (asm_out_file, label);
+ return "";
+ }
+@@ -18976,6 +18993,22 @@ aarch64_file_end_indicate_exec_stack ()
+ #undef GNU_PROPERTY_AARCH64_FEATURE_1_BTI
+ #undef GNU_PROPERTY_AARCH64_FEATURE_1_AND
+
++/* Helper function for straight line speculation.
++ Return what barrier should be emitted for straight line speculation
++ mitigation.
++ When not mitigating against straight line speculation this function returns
++ an empty string.
++ When mitigating against straight line speculation, use:
++ * SB when the v8.5-A SB extension is enabled.
++ * DSB+ISB otherwise. */
++const char *
++aarch64_sls_barrier (int mitigation_required)
++{
++ return mitigation_required
++ ? (TARGET_SB ? "sb" : "dsb\tsy\n\tisb")
++ : "";
++}
++
+ /* Target-specific selftests. */
+
+ #if CHECKING_P
+diff --git a/gcc/config/aarch64/aarch64.h b/gcc/config/aarch64/aarch64.h
+index 772a97296..72ddc6fd9 100644
+--- a/gcc/config/aarch64/aarch64.h
++++ b/gcc/config/aarch64/aarch64.h
+@@ -235,6 +235,7 @@ extern unsigned aarch64_architecture_version;
+ #define AARCH64_ISA_F16FML (aarch64_isa_flags & AARCH64_FL_F16FML)
+ #define AARCH64_ISA_RCPC8_4 (aarch64_isa_flags & AARCH64_FL_RCPC8_4)
+ #define AARCH64_ISA_V8_5 (aarch64_isa_flags & AARCH64_FL_V8_5)
++#define AARCH64_ISA_SB (aarch64_isa_flags & AARCH64_FL_SB)
+
+ /* Crypto is an optional extension to AdvSIMD. */
+ #define TARGET_CRYPTO (TARGET_SIMD && AARCH64_ISA_CRYPTO)
+@@ -285,6 +286,9 @@ extern unsigned aarch64_architecture_version;
+ #define TARGET_FIX_ERR_A53_835769_DEFAULT 1
+ #endif
+
++/* SB instruction is enabled through +sb. */
++#define TARGET_SB (AARCH64_ISA_SB)
++
+ /* Apply the workaround for Cortex-A53 erratum 835769. */
+ #define TARGET_FIX_ERR_A53_835769 \
+ ((aarch64_fix_a53_err835769 == 2) \
+@@ -931,8 +935,10 @@ typedef struct
+
+ #define RETURN_ADDR_RTX aarch64_return_addr
+
+-/* BTI c + 3 insns + 2 pointer-sized entries. */
+-#define TRAMPOLINE_SIZE (TARGET_ILP32 ? 24 : 32)
++/* BTI c + 3 insns
++ + sls barrier of DSB + ISB.
++ + 2 pointer-sized entries. */
++#define TRAMPOLINE_SIZE (24 + (TARGET_ILP32 ? 8 : 16))
+
+ /* Trampolines contain dwords, so must be dword aligned. */
+ #define TRAMPOLINE_ALIGNMENT 64
+diff --git a/gcc/config/aarch64/aarch64.md b/gcc/config/aarch64/aarch64.md
+index cc5a887d4..494aee964 100644
+--- a/gcc/config/aarch64/aarch64.md
++++ b/gcc/config/aarch64/aarch64.md
+@@ -331,10 +331,25 @@
+ ;; Attribute that specifies whether the alternative uses MOVPRFX.
+ (define_attr "movprfx" "no,yes" (const_string "no"))
+
++;; Attribute to specify that an alternative has the length of a single
++;; instruction plus a speculation barrier.
++(define_attr "sls_length" "none,retbr,casesi" (const_string "none"))
++
+ (define_attr "length" ""
+ (cond [(eq_attr "movprfx" "yes")
+ (const_int 8)
+- ] (const_int 4)))
++
++ (eq_attr "sls_length" "retbr")
++ (cond [(match_test "!aarch64_harden_sls_retbr_p ()") (const_int 4)
++ (match_test "TARGET_SB") (const_int 8)]
++ (const_int 12))
++
++ (eq_attr "sls_length" "casesi")
++ (cond [(match_test "!aarch64_harden_sls_retbr_p ()") (const_int 16)
++ (match_test "TARGET_SB") (const_int 20)]
++ (const_int 24))
++ ]
++ (const_int 4)))
+
+ ;; Strictly for compatibility with AArch32 in pipeline models, since AArch64 has
+ ;; no predicated insns.
+@@ -370,8 +385,12 @@
+ (define_insn "indirect_jump"
+ [(set (pc) (match_operand:DI 0 "register_operand" "r"))]
+ ""
+- "br\\t%0"
+- [(set_attr "type" "branch")]
++ {
++ output_asm_insn ("br\\t%0", operands);
++ return aarch64_sls_barrier (aarch64_harden_sls_retbr_p ());
++ }
++ [(set_attr "type" "branch")
++ (set_attr "sls_length" "retbr")]
+ )
+
+ (define_insn "jump"
+@@ -657,7 +676,7 @@
+ "*
+ return aarch64_output_casesi (operands);
+ "
+- [(set_attr "length" "16")
++ [(set_attr "sls_length" "casesi")
+ (set_attr "type" "branch")]
+ )
+
+@@ -736,14 +755,18 @@
+ [(return)]
+ ""
+ {
++ const char *ret = NULL;
+ if (aarch64_return_address_signing_enabled ()
+ && TARGET_ARMV8_3
+ && !crtl->calls_eh_return)
+- return "retaa";
+-
+- return "ret";
++ ret = "retaa";
++ else
++ ret = "ret";
++ output_asm_insn (ret, operands);
++ return aarch64_sls_barrier (aarch64_harden_sls_retbr_p ());
+ }
+- [(set_attr "type" "branch")]
++ [(set_attr "type" "branch")
++ (set_attr "sls_length" "retbr")]
+ )
+
+ (define_expand "return"
+@@ -755,8 +778,12 @@
+ (define_insn "simple_return"
+ [(simple_return)]
+ "aarch64_use_simple_return_insn_p ()"
+- "ret"
+- [(set_attr "type" "branch")]
++ {
++ output_asm_insn ("ret", operands);
++ return aarch64_sls_barrier (aarch64_harden_sls_retbr_p ());
++ }
++ [(set_attr "type" "branch")
++ (set_attr "sls_length" "retbr")]
+ )
+
+ (define_insn "*cb<optab><mode>1"
+@@ -947,10 +974,16 @@
+ (match_operand 1 "" ""))
+ (return)]
+ "SIBLING_CALL_P (insn)"
+- "@
+- br\\t%0
+- b\\t%c0"
+- [(set_attr "type" "branch, branch")]
++ {
++ if (which_alternative == 0)
++ {
++ output_asm_insn ("br\\t%0", operands);
++ return aarch64_sls_barrier (aarch64_harden_sls_retbr_p ());
++ }
++ return "b\\t%c0";
++ }
++ [(set_attr "type" "branch, branch")
++ (set_attr "sls_length" "retbr,none")]
+ )
+
+ (define_insn "*sibcall_value_insn"
+@@ -960,10 +993,16 @@
+ (match_operand 2 "" "")))
+ (return)]
+ "SIBLING_CALL_P (insn)"
+- "@
+- br\\t%1
+- b\\t%c1"
+- [(set_attr "type" "branch, branch")]
++ {
++ if (which_alternative == 0)
++ {
++ output_asm_insn ("br\\t%1", operands);
++ return aarch64_sls_barrier (aarch64_harden_sls_retbr_p ());
++ }
++ return "b\\t%c1";
++ }
++ [(set_attr "type" "branch, branch")
++ (set_attr "sls_length" "retbr,none")]
+ )
+
+ ;; Call subroutine returning any type.
+diff --git a/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-retbr-pacret.c b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-retbr-pacret.c
+new file mode 100644
+index 000000000..7656123ee
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-retbr-pacret.c
+@@ -0,0 +1,15 @@
++/* Avoid ILP32 since pacret is only available for LP64 */
++/* { dg-do compile { target { ! ilp32 } } } */
++/* { dg-additional-options "-mharden-sls=retbr -mbranch-protection=pac-ret -march=armv8.3-a" } */
++
++/* Testing the do_return pattern for retaa. */
++long retbr_subcall(void);
++long retbr_do_return_retaa(void)
++{
++ return retbr_subcall()+1;
++}
++
++/* Ensure there are no BR or RET instructions which are not directly followed
++ by a speculation barrier. */
++/* { dg-final { scan-assembler-not {\t(br|ret|retaa)\tx[0-9][0-9]?\n\t(?!dsb\tsy\n\tisb)} } } */
++/* { dg-final { scan-assembler-not {ret\t} } } */
+diff --git a/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-retbr.c b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-retbr.c
+new file mode 100644
+index 000000000..573b30cdc
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-retbr.c
+@@ -0,0 +1,119 @@
++/* We ensure that -Wpedantic is off since it complains about the trampolines
++ we explicitly want to test. */
++/* { dg-additional-options "-mharden-sls=retbr -Wno-pedantic " } */
++/*
++ Ensure that the SLS hardening of RET and BR leaves no unprotected RET/BR
++ instructions.
++ */
++typedef int (foo) (int, int);
++typedef void (bar) (int, int);
++struct sls_testclass {
++ foo *x;
++ bar *y;
++ int left;
++ int right;
++};
++
++int
++retbr_sibcall_value_insn (struct sls_testclass x)
++{
++ return x.x(x.left, x.right);
++}
++
++void
++retbr_sibcall_insn (struct sls_testclass x)
++{
++ x.y(x.left, x.right);
++}
++
++/* Aim to test two different returns.
++ One that introduces a tail call in the middle of the function, and one that
++ has a normal return. */
++int
++retbr_multiple_returns (struct sls_testclass x)
++{
++ int temp;
++ if (x.left % 10)
++ return x.x(x.left, 100);
++ else if (x.right % 20)
++ {
++ return x.x(x.left * x.right, 100);
++ }
++ temp = x.left % x.right;
++ temp *= 100;
++ temp /= 2;
++ return temp % 3;
++}
++
++void
++retbr_multiple_returns_void (struct sls_testclass x)
++{
++ if (x.left % 10)
++ {
++ x.y(x.left, 100);
++ }
++ else if (x.right % 20)
++ {
++ x.y(x.left * x.right, 100);
++ }
++ return;
++}
++
++/* Testing the casesi jump via register. */
++__attribute__ ((optimize ("Os")))
++int
++retbr_casesi_dispatch (struct sls_testclass x)
++{
++ switch (x.left)
++ {
++ case -5:
++ return -2;
++ case -3:
++ return -1;
++ case 0:
++ return 0;
++ case 3:
++ return 1;
++ case 5:
++ break;
++ default:
++ __builtin_unreachable ();
++ }
++ return x.right;
++}
++
++/* Testing the BR in trampolines is mitigated against. */
++void f1 (void *);
++void f3 (void *, void (*)(void *));
++void f2 (void *);
++
++int
++retbr_trampolines (void *a, int b)
++{
++ if (!b)
++ {
++ f1 (a);
++ return 1;
++ }
++ if (b)
++ {
++ void retbr_tramp_internal (void *c)
++ {
++ if (c == a)
++ f2 (c);
++ }
++ f3 (a, retbr_tramp_internal);
++ }
++ return 0;
++}
++
++/* Testing the indirect_jump pattern. */
++void
++retbr_indirect_jump (int *buf)
++{
++ __builtin_longjmp(buf, 1);
++}
++
++/* Ensure there are no BR or RET instructions which are not directly followed
++ by a speculation barrier. */
++/* { dg-final { scan-assembler-not {\t(br|ret|retaa)\tx[0-9][0-9]?\n\t(?!dsb\tsy\n\tisb|sb)} } } */
+diff --git a/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-mitigation.exp b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-mitigation.exp
+new file mode 100644
+index 000000000..812250379
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-mitigation.exp
+@@ -0,0 +1,73 @@
++# Regression driver for SLS mitigation on AArch64.
++# Copyright (C) 2020 Free Software Foundation, Inc.
++# Contributed by ARM Ltd.
++#
++# This file is part of GCC.
++#
++# GCC is free software; you can redistribute it and/or modify it
++# under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 3, or (at your option)
++# any later version.
++#
++# GCC is distributed in the hope that it will be useful, but
++# WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++# General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with GCC; see the file COPYING3. If not see
++# <http://www.gnu.org/licenses/>. */
++
++# Exit immediately if this isn't an AArch64 target.
++if {![istarget aarch64*-*-*] } then {
++ return
++}
++
++# Load support procs.
++load_lib gcc-dg.exp
++load_lib torture-options.exp
++
++# If a testcase doesn't have special options, use these.
++global DEFAULT_CFLAGS
++if ![info exists DEFAULT_CFLAGS] then {
++ set DEFAULT_CFLAGS " "
++}
++
++# Initialize `dg'.
++dg-init
++torture-init
++
++# Use different architectures as well as the normal optimisation options.
++# (i.e. use both SB and DSB+ISB barriers).
++
++set save-dg-do-what-default ${dg-do-what-default}
++# Main loop.
++# Run with torture tests (i.e. a bunch of different optimisation levels) just
++# to increase test coverage.
++set dg-do-what-default assemble
++gcc-dg-runtest [lsort [glob -nocomplain $srcdir/$subdir/*.\[cCS\]]] \
++ "-save-temps" $DEFAULT_CFLAGS
++
++# Run the same tests but this time with SB extension.
++# Since not all supported assemblers will support that extension we decide
++# whether to assemble or just compile based on whether the extension is
++# supported for the available assembler.
++
++set templist {}
++foreach x $DG_TORTURE_OPTIONS {
++ lappend templist "$x -march=armv8.3-a+sb "
++ lappend templist "$x -march=armv8-a+sb "
++}
++set-torture-options $templist
++if { [check_effective_target_aarch64_asm_sb_ok] } {
++ set dg-do-what-default assemble
++} else {
++ set dg-do-what-default compile
++}
++gcc-dg-runtest [lsort [glob -nocomplain $srcdir/$subdir/*.\[cCS\]]] \
++ "-save-temps" $DEFAULT_CFLAGS
++set dg-do-what-default ${save-dg-do-what-default}
++
++# All done.
++torture-finish
++dg-finish
+diff --git a/gcc/testsuite/lib/target-supports.exp b/gcc/testsuite/lib/target-supports.exp
+index ea9a50ccb..79482f9b6 100644
+--- a/gcc/testsuite/lib/target-supports.exp
++++ b/gcc/testsuite/lib/target-supports.exp
+@@ -8579,7 +8579,8 @@ proc check_effective_target_aarch64_tiny { } {
+ # Create functions to check that the AArch64 assembler supports the
+ # various architecture extensions via the .arch_extension pseudo-op.
+
+-foreach { aarch64_ext } { "fp" "simd" "crypto" "crc" "lse" "dotprod" "sve"} {
++foreach { aarch64_ext } { "fp" "simd" "crypto" "crc" "lse" "dotprod" "sve"
++ "sb"} {
+ eval [string map [list FUNC $aarch64_ext] {
+ proc check_effective_target_aarch64_asm_FUNC_ok { } {
+ if { [istarget aarch64*-*-*] } {
+--
+2.25.1
+
diff --git a/meta/recipes-devtools/gcc/gcc-9.3/0003-aarch64-Mitigate-SLS-for-BLR-instruction.patch b/meta/recipes-devtools/gcc/gcc-9.3/0003-aarch64-Mitigate-SLS-for-BLR-instruction.patch
new file mode 100644
index 0000000000..6dffef0a34
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc-9.3/0003-aarch64-Mitigate-SLS-for-BLR-instruction.patch
@@ -0,0 +1,659 @@
+CVE: CVE-2020-13844
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 2155170525f93093b90a1a065e7ed71a925566e9 Mon Sep 17 00:00:00 2001
+From: Matthew Malcomson <matthew.malcomson@arm.com>
+Date: Thu, 9 Jul 2020 09:11:59 +0100
+Subject: [PATCH 3/3] aarch64: Mitigate SLS for BLR instruction
+
+This patch introduces the mitigation for Straight Line Speculation past
+the BLR instruction.
+
+This mitigation replaces BLR instructions with a BL to a stub which uses
+a BR to jump to the original value. These function stubs are then
+appended with a speculation barrier to ensure no straight line
+speculation happens after these jumps.
+
+When optimising for speed we use a set of stubs for each function since
+this should help the branch predictor make more accurate predictions
+about where a stub should branch.
+
+When optimising for size we use one set of stubs for all functions.
+This set of stubs can have human readable names, and we are using
+`__call_indirect_x<N>` for register x<N>.
+
+When BTI branch protection is enabled the BLR instruction can jump to a
+`BTI c` instruction using any register, while the BR instruction can
+only jump to a `BTI c` instruction using the x16 or x17 registers.
+Hence, in order to ensure this transformation is safe we mov the value
+of the original register into x16 and use x16 for the BR.
+
+As an example when optimising for size:
+a
+ BLR x0
+instruction would get transformed to something like
+ BL __call_indirect_x0
+where __call_indirect_x0 labels a thunk that contains
+__call_indirect_x0:
+ MOV X16, X0
+ BR X16
+ <speculation barrier>
+
+The first version of this patch used local symbols specific to a
+compilation unit to try and avoid relocations.
+This was mistaken since functions coming from the same compilation unit
+can still be in different sections, and the assembler will insert
+relocations at jumps between sections.
+
+On any relocation the linker is permitted to emit a veneer to handle
+jumps between symbols that are very far apart. The registers x16 and
+x17 may be clobbered by these veneers.
+Hence the function stubs cannot rely on the values of x16 and x17 being
+the same as just before the function stub is called.
+
+Similar can be said for the hot/cold partitioning of single functions,
+so function-local stubs have the same restriction.
+
+This updated version of the patch never emits function stubs for x16 and
+x17, and instead forces other registers to be used.
+
+Given the above, there is now no benefit to local symbols (since they
+are not enough to avoid dealing with linker intricacies). This patch
+now uses global symbols with hidden visibility each stored in their own
+COMDAT section. This means stubs can be shared between compilation
+units while still avoiding the PLT indirection.
+
+This patch also removes the `__call_indirect_x30` stub (and
+function-local equivalent) which would simply jump back to the original
+location.
+
+The function-local stubs are emitted to the assembly output file in one
+chunk, which means we need not add the speculation barrier directly
+after each one.
+This is because we know for certain that the instructions directly after
+the BR in all but the last function stub will be from another one of
+these stubs and hence will not contain a speculation gadget.
+Instead we add a speculation barrier at the end of the sequence of
+stubs.
+
+The global stubs are emitted in COMDAT/.linkonce sections by
+themselves so that the linker can remove duplicates from multiple object
+files. This means they are not emitted in one chunk, and each one must
+include the speculation barrier.
+
+Another difference is that since the global stubs are shared across
+compilation units we do not know that all functions will be targeting an
+architecture supporting the SB instruction.
+Rather than provide multiple stubs for each architecture, we provide a
+stub that will work for all architectures -- using the DSB+ISB barrier.
+
+This mitigation does not apply for BLR instructions in the following
+places:
+- Some accesses to thread-local variables use a code sequence with a BLR
+ instruction. This code sequence is part of the binary interface between
+ compiler and linker. If this BLR instruction needs to be mitigated, it'd
+ probably be best to do so in the linker. It seems that the code sequence
+ for thread-local variable access is unlikely to lead to a Spectre Revalation
+ Gadget.
+- PLT stubs are produced by the linker and each contain a BLR instruction.
+ It seems that at most only after the last PLT stub a Spectre Revalation
+ Gadget might appear.
+
+Testing:
+ Bootstrap and regtest on AArch64
+ (with BOOT_CFLAGS="-mharden-sls=retbr,blr")
+ Used a temporary hack(1) in gcc-dg.exp to use these options on every
+ test in the testsuite, a slight modification to emit the speculation
+ barrier after every function stub, and a script to check that the
+ output never emitted a BLR, or unmitigated BR or RET instruction.
+ Similar on an aarch64-none-elf cross-compiler.
+
+1) Temporary hack emitted a speculation barrier at the end of every stub
+function, and used a script to ensure that:
+ a) Every RET or BR is immediately followed by a speculation barrier.
+ b) No BLR instruction is emitted by compiler.
+
+(cherry picked from 96b7f495f9269d5448822e4fc28882edb35a58d7)
+
+gcc/ChangeLog:
+
+ * config/aarch64/aarch64-protos.h (aarch64_indirect_call_asm):
+ New declaration.
+ * config/aarch64/aarch64.c (aarch64_regno_regclass): Handle new
+ stub registers class.
+ (aarch64_class_max_nregs): Likewise.
+ (aarch64_register_move_cost): Likewise.
+ (aarch64_sls_shared_thunks): Global array to store stub labels.
+ (aarch64_sls_emit_function_stub): New.
+ (aarch64_create_blr_label): New.
+ (aarch64_sls_emit_blr_function_thunks): New.
+ (aarch64_sls_emit_shared_blr_thunks): New.
+ (aarch64_asm_file_end): New.
+ (aarch64_indirect_call_asm): New.
+ (TARGET_ASM_FILE_END): Use aarch64_asm_file_end.
+ (TARGET_ASM_FUNCTION_EPILOGUE): Use
+ aarch64_sls_emit_blr_function_thunks.
+ * config/aarch64/aarch64.h (STB_REGNUM_P): New.
+ (enum reg_class): Add STUB_REGS class.
+ (machine_function): Introduce `call_via` array for
+ function-local stub labels.
+ * config/aarch64/aarch64.md (*call_insn, *call_value_insn): Use
+ aarch64_indirect_call_asm to emit code when hardening BLR
+ instructions.
+ * config/aarch64/constraints.md (Ucr): New constraint
+ representing registers for indirect calls. Is GENERAL_REGS
+ usually, and STUB_REGS when hardening BLR instruction against
+ SLS.
+ * config/aarch64/predicates.md (aarch64_general_reg): STUB_REGS class
+ is also a general register.
+
+gcc/testsuite/ChangeLog:
+
+ * gcc.target/aarch64/sls-mitigation/sls-miti-blr-bti.c: New test.
+ * gcc.target/aarch64/sls-mitigation/sls-miti-blr.c: New test.
+---
+ gcc/config/aarch64/aarch64-protos.h | 1 +
+ gcc/config/aarch64/aarch64.c | 225 +++++++++++++++++-
+ gcc/config/aarch64/aarch64.h | 15 ++
+ gcc/config/aarch64/aarch64.md | 11 +-
+ gcc/config/aarch64/constraints.md | 9 +
+ gcc/config/aarch64/predicates.md | 3 +-
+ .../aarch64/sls-mitigation/sls-miti-blr-bti.c | 40 ++++
+ .../aarch64/sls-mitigation/sls-miti-blr.c | 33 +++
+ 8 files changed, 328 insertions(+), 9 deletions(-)
+ create mode 100644 gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-blr-bti.c
+ create mode 100644 gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-blr.c
+
+diff --git a/gcc/config/aarch64/aarch64-protos.h b/gcc/config/aarch64/aarch64-protos.h
+index 885eae893..2676e43ae 100644
+--- a/gcc/config/aarch64/aarch64-protos.h
++++ b/gcc/config/aarch64/aarch64-protos.h
+@@ -645,6 +645,7 @@ poly_uint64 aarch64_regmode_natural_size (machine_mode);
+ bool aarch64_high_bits_all_ones_p (HOST_WIDE_INT);
+
+ const char *aarch64_sls_barrier (int);
++const char *aarch64_indirect_call_asm (rtx);
+ extern bool aarch64_harden_sls_retbr_p (void);
+ extern bool aarch64_harden_sls_blr_p (void);
+
+diff --git a/gcc/config/aarch64/aarch64.c b/gcc/config/aarch64/aarch64.c
+index dff61105c..bc6c02c3a 100644
+--- a/gcc/config/aarch64/aarch64.c
++++ b/gcc/config/aarch64/aarch64.c
+@@ -8190,6 +8190,9 @@ aarch64_label_mentioned_p (rtx x)
+ enum reg_class
+ aarch64_regno_regclass (unsigned regno)
+ {
++ if (STUB_REGNUM_P (regno))
++ return STUB_REGS;
++
+ if (GP_REGNUM_P (regno))
+ return GENERAL_REGS;
+
+@@ -8499,6 +8502,7 @@ aarch64_class_max_nregs (reg_class_t regclass, machine_mode mode)
+ unsigned int nregs;
+ switch (regclass)
+ {
++ case STUB_REGS:
+ case TAILCALL_ADDR_REGS:
+ case POINTER_REGS:
+ case GENERAL_REGS:
+@@ -10693,10 +10697,12 @@ aarch64_register_move_cost (machine_mode mode,
+ = aarch64_tune_params.regmove_cost;
+
+ /* Caller save and pointer regs are equivalent to GENERAL_REGS. */
+- if (to == TAILCALL_ADDR_REGS || to == POINTER_REGS)
++ if (to == TAILCALL_ADDR_REGS || to == POINTER_REGS
++ || to == STUB_REGS)
+ to = GENERAL_REGS;
+
+- if (from == TAILCALL_ADDR_REGS || from == POINTER_REGS)
++ if (from == TAILCALL_ADDR_REGS || from == POINTER_REGS
++ || from == STUB_REGS)
+ from = GENERAL_REGS;
+
+ /* Moving between GPR and stack cost is the same as GP2GP. */
+@@ -19009,6 +19015,215 @@ aarch64_sls_barrier (int mitigation_required)
+ : "";
+ }
+
++static GTY (()) tree aarch64_sls_shared_thunks[30];
++static GTY (()) bool aarch64_sls_shared_thunks_needed = false;
++const char *indirect_symbol_names[30] = {
++ "__call_indirect_x0",
++ "__call_indirect_x1",
++ "__call_indirect_x2",
++ "__call_indirect_x3",
++ "__call_indirect_x4",
++ "__call_indirect_x5",
++ "__call_indirect_x6",
++ "__call_indirect_x7",
++ "__call_indirect_x8",
++ "__call_indirect_x9",
++ "__call_indirect_x10",
++ "__call_indirect_x11",
++ "__call_indirect_x12",
++ "__call_indirect_x13",
++ "__call_indirect_x14",
++ "__call_indirect_x15",
++ "", /* "__call_indirect_x16", */
++ "", /* "__call_indirect_x17", */
++ "__call_indirect_x18",
++ "__call_indirect_x19",
++ "__call_indirect_x20",
++ "__call_indirect_x21",
++ "__call_indirect_x22",
++ "__call_indirect_x23",
++ "__call_indirect_x24",
++ "__call_indirect_x25",
++ "__call_indirect_x26",
++ "__call_indirect_x27",
++ "__call_indirect_x28",
++ "__call_indirect_x29",
++};
++
++/* Function to create a BLR thunk. This thunk is used to mitigate straight
++ line speculation. Instead of a simple BLR that can be speculated past,
++ we emit a BL to this thunk, and this thunk contains a BR to the relevant
++ register. These thunks have the relevant speculation barries put after
++ their indirect branch so that speculation is blocked.
++
++ We use such a thunk so the speculation barriers are kept off the
++ architecturally executed path in order to reduce the performance overhead.
++
++ When optimizing for size we use stubs shared by the linked object.
++ When optimizing for performance we emit stubs for each function in the hope
++ that the branch predictor can better train on jumps specific for a given
++ function. */
++rtx
++aarch64_sls_create_blr_label (int regnum)
++{
++ gcc_assert (STUB_REGNUM_P (regnum));
++ if (optimize_function_for_size_p (cfun))
++ {
++ /* For the thunks shared between different functions in this compilation
++ unit we use a named symbol -- this is just for users to more easily
++ understand the generated assembly. */
++ aarch64_sls_shared_thunks_needed = true;
++ const char *thunk_name = indirect_symbol_names[regnum];
++ if (aarch64_sls_shared_thunks[regnum] == NULL)
++ {
++ /* Build a decl representing this function stub and record it for
++ later. We build a decl here so we can use the GCC machinery for
++ handling sections automatically (through `get_named_section` and
++ `make_decl_one_only`). That saves us a lot of trouble handling
++ the specifics of different output file formats. */
++ tree decl = build_decl (BUILTINS_LOCATION, FUNCTION_DECL,
++ get_identifier (thunk_name),
++ build_function_type_list (void_type_node,
++ NULL_TREE));
++ DECL_RESULT (decl) = build_decl (BUILTINS_LOCATION, RESULT_DECL,
++ NULL_TREE, void_type_node);
++ TREE_PUBLIC (decl) = 1;
++ TREE_STATIC (decl) = 1;
++ DECL_IGNORED_P (decl) = 1;
++ DECL_ARTIFICIAL (decl) = 1;
++ make_decl_one_only (decl, DECL_ASSEMBLER_NAME (decl));
++ resolve_unique_section (decl, 0, false);
++ aarch64_sls_shared_thunks[regnum] = decl;
++ }
++
++ return gen_rtx_SYMBOL_REF (Pmode, thunk_name);
++ }
++
++ if (cfun->machine->call_via[regnum] == NULL)
++ cfun->machine->call_via[regnum]
++ = gen_rtx_LABEL_REF (Pmode, gen_label_rtx ());
++ return cfun->machine->call_via[regnum];
++}
++
++/* Helper function for aarch64_sls_emit_blr_function_thunks and
++ aarch64_sls_emit_shared_blr_thunks below. */
++static void
++aarch64_sls_emit_function_stub (FILE *out_file, int regnum)
++{
++ /* Save in x16 and branch to that function so this transformation does
++ not prevent jumping to `BTI c` instructions. */
++ asm_fprintf (out_file, "\tmov\tx16, x%d\n", regnum);
++ asm_fprintf (out_file, "\tbr\tx16\n");
++}
++
++/* Emit all BLR stubs for this particular function.
++ Here we emit all the BLR stubs needed for the current function. Since we
++ emit these stubs in a consecutive block we know there will be no speculation
++ gadgets between each stub, and hence we only emit a speculation barrier at
++ the end of the stub sequences.
++
++ This is called in the TARGET_ASM_FUNCTION_EPILOGUE hook. */
++void
++aarch64_sls_emit_blr_function_thunks (FILE *out_file)
++{
++ if (! aarch64_harden_sls_blr_p ())
++ return;
++
++ bool any_functions_emitted = false;
++ /* We must save and restore the current function section since this assembly
++ is emitted at the end of the function. This means it can be emitted *just
++ after* the cold section of a function. That cold part would be emitted in
++ a different section. That switch would trigger a `.cfi_endproc` directive
++ to be emitted in the original section and a `.cfi_startproc` directive to
++ be emitted in the new section. Switching to the original section without
++ restoring would mean that the `.cfi_endproc` emitted as a function ends
++ would happen in a different section -- leaving an unmatched
++ `.cfi_startproc` in the cold text section and an unmatched `.cfi_endproc`
++ in the standard text section. */
++ section *save_text_section = in_section;
++ switch_to_section (function_section (current_function_decl));
++ for (int regnum = 0; regnum < 30; ++regnum)
++ {
++ rtx specu_label = cfun->machine->call_via[regnum];
++ if (specu_label == NULL)
++ continue;
++
++ targetm.asm_out.print_operand (out_file, specu_label, 0);
++ asm_fprintf (out_file, ":\n");
++ aarch64_sls_emit_function_stub (out_file, regnum);
++ any_functions_emitted = true;
++ }
++ if (any_functions_emitted)
++ /* Can use the SB if needs be here, since this stub will only be used
++ by the current function, and hence for the current target. */
++ asm_fprintf (out_file, "\t%s\n", aarch64_sls_barrier (true));
++ switch_to_section (save_text_section);
++}
++
++/* Emit shared BLR stubs for the current compilation unit.
++ Over the course of compiling this unit we may have converted some BLR
++ instructions to a BL to a shared stub function. This is where we emit those
++ stub functions.
++ This function is for the stubs shared between different functions in this
++ compilation unit. We share when optimizing for size instead of speed.
++
++ This function is called through the TARGET_ASM_FILE_END hook. */
++void
++aarch64_sls_emit_shared_blr_thunks (FILE *out_file)
++{
++ if (! aarch64_sls_shared_thunks_needed)
++ return;
++
++ for (int regnum = 0; regnum < 30; ++regnum)
++ {
++ tree decl = aarch64_sls_shared_thunks[regnum];
++ if (!decl)
++ continue;
++
++ const char *name = indirect_symbol_names[regnum];
++ switch_to_section (get_named_section (decl, NULL, 0));
++ ASM_OUTPUT_ALIGN (out_file, 2);
++ targetm.asm_out.globalize_label (out_file, name);
++ /* Only emits if the compiler is configured for an assembler that can
++ handle visibility directives. */
++ targetm.asm_out.assemble_visibility (decl, VISIBILITY_HIDDEN);
++ ASM_OUTPUT_TYPE_DIRECTIVE (out_file, name, "function");
++ ASM_OUTPUT_LABEL (out_file, name);
++ aarch64_sls_emit_function_stub (out_file, regnum);
++ /* Use the most conservative target to ensure it can always be used by any
++ function in the translation unit. */
++ asm_fprintf (out_file, "\tdsb\tsy\n\tisb\n");
++ ASM_DECLARE_FUNCTION_SIZE (out_file, name, decl);
++ }
++}
++
++/* Implement TARGET_ASM_FILE_END. */
++void
++aarch64_asm_file_end ()
++{
++ aarch64_sls_emit_shared_blr_thunks (asm_out_file);
++ /* Since this function will be called for the ASM_FILE_END hook, we ensure
++ that what would be called otherwise (e.g. `file_end_indicate_exec_stack`
++ for FreeBSD) still gets called. */
++#ifdef TARGET_ASM_FILE_END
++ TARGET_ASM_FILE_END ();
++#endif
++}
++
++const char *
++aarch64_indirect_call_asm (rtx addr)
++{
++ gcc_assert (REG_P (addr));
++ if (aarch64_harden_sls_blr_p ())
++ {
++ rtx stub_label = aarch64_sls_create_blr_label (REGNO (addr));
++ output_asm_insn ("bl\t%0", &stub_label);
++ }
++ else
++ output_asm_insn ("blr\t%0", &addr);
++ return "";
++}
++
+ /* Target-specific selftests. */
+
+ #if CHECKING_P
+@@ -19529,6 +19744,12 @@ aarch64_libgcc_floating_mode_supported_p
+ #define TARGET_RUN_TARGET_SELFTESTS selftest::aarch64_run_selftests
+ #endif /* #if CHECKING_P */
+
++#undef TARGET_ASM_FILE_END
++#define TARGET_ASM_FILE_END aarch64_asm_file_end
++
++#undef TARGET_ASM_FUNCTION_EPILOGUE
++#define TARGET_ASM_FUNCTION_EPILOGUE aarch64_sls_emit_blr_function_thunks
++
+ struct gcc_target targetm = TARGET_INITIALIZER;
+
+ #include "gt-aarch64.h"
+diff --git a/gcc/config/aarch64/aarch64.h b/gcc/config/aarch64/aarch64.h
+index 72ddc6fd9..60682a100 100644
+--- a/gcc/config/aarch64/aarch64.h
++++ b/gcc/config/aarch64/aarch64.h
+@@ -540,6 +540,16 @@ extern unsigned aarch64_architecture_version;
+ #define GP_REGNUM_P(REGNO) \
+ (((unsigned) (REGNO - R0_REGNUM)) <= (R30_REGNUM - R0_REGNUM))
+
++/* Registers known to be preserved over a BL instruction. This consists of the
++ GENERAL_REGS without x16, x17, and x30. The x30 register is changed by the
++ BL instruction itself, while the x16 and x17 registers may be used by
++ veneers which can be inserted by the linker. */
++#define STUB_REGNUM_P(REGNO) \
++ (GP_REGNUM_P (REGNO) \
++ && (REGNO) != R16_REGNUM \
++ && (REGNO) != R17_REGNUM \
++ && (REGNO) != R30_REGNUM) \
++
+ #define FP_REGNUM_P(REGNO) \
+ (((unsigned) (REGNO - V0_REGNUM)) <= (V31_REGNUM - V0_REGNUM))
+
+@@ -561,6 +571,7 @@ enum reg_class
+ {
+ NO_REGS,
+ TAILCALL_ADDR_REGS,
++ STUB_REGS,
+ GENERAL_REGS,
+ STACK_REG,
+ POINTER_REGS,
+@@ -580,6 +591,7 @@ enum reg_class
+ { \
+ "NO_REGS", \
+ "TAILCALL_ADDR_REGS", \
++ "STUB_REGS", \
+ "GENERAL_REGS", \
+ "STACK_REG", \
+ "POINTER_REGS", \
+@@ -596,6 +608,7 @@ enum reg_class
+ { \
+ { 0x00000000, 0x00000000, 0x00000000 }, /* NO_REGS */ \
+ { 0x00030000, 0x00000000, 0x00000000 }, /* TAILCALL_ADDR_REGS */\
++ { 0x3ffcffff, 0x00000000, 0x00000000 }, /* STUB_REGS */ \
+ { 0x7fffffff, 0x00000000, 0x00000003 }, /* GENERAL_REGS */ \
+ { 0x80000000, 0x00000000, 0x00000000 }, /* STACK_REG */ \
+ { 0xffffffff, 0x00000000, 0x00000003 }, /* POINTER_REGS */ \
+@@ -735,6 +748,8 @@ typedef struct GTY (()) machine_function
+ struct aarch64_frame frame;
+ /* One entry for each hard register. */
+ bool reg_is_wrapped_separately[LAST_SAVED_REGNUM];
++ /* One entry for each general purpose register. */
++ rtx call_via[SP_REGNUM];
+ bool label_is_assembled;
+ } machine_function;
+ #endif
+diff --git a/gcc/config/aarch64/aarch64.md b/gcc/config/aarch64/aarch64.md
+index 494aee964..ed8cf8ece 100644
+--- a/gcc/config/aarch64/aarch64.md
++++ b/gcc/config/aarch64/aarch64.md
+@@ -908,15 +908,14 @@
+ )
+
+ (define_insn "*call_insn"
+- [(call (mem:DI (match_operand:DI 0 "aarch64_call_insn_operand" "r, Usf"))
++ [(call (mem:DI (match_operand:DI 0 "aarch64_call_insn_operand" "Ucr, Usf"))
+ (match_operand 1 "" ""))
+ (clobber (reg:DI LR_REGNUM))]
+ ""
+ "@
+- blr\\t%0
++ * return aarch64_indirect_call_asm (operands[0]);
+ bl\\t%c0"
+- [(set_attr "type" "call, call")]
+-)
++ [(set_attr "type" "call, call")])
+
+ (define_expand "call_value"
+ [(parallel [(set (match_operand 0 "" "")
+@@ -934,12 +933,12 @@
+
+ (define_insn "*call_value_insn"
+ [(set (match_operand 0 "" "")
+- (call (mem:DI (match_operand:DI 1 "aarch64_call_insn_operand" "r, Usf"))
++ (call (mem:DI (match_operand:DI 1 "aarch64_call_insn_operand" "Ucr, Usf"))
+ (match_operand 2 "" "")))
+ (clobber (reg:DI LR_REGNUM))]
+ ""
+ "@
+- blr\\t%1
++ * return aarch64_indirect_call_asm (operands[1]);
+ bl\\t%c1"
+ [(set_attr "type" "call, call")]
+ )
+diff --git a/gcc/config/aarch64/constraints.md b/gcc/config/aarch64/constraints.md
+index 21f9549e6..7756dbe83 100644
+--- a/gcc/config/aarch64/constraints.md
++++ b/gcc/config/aarch64/constraints.md
+@@ -24,6 +24,15 @@
+ (define_register_constraint "Ucs" "TAILCALL_ADDR_REGS"
+ "@internal Registers suitable for an indirect tail call")
+
++(define_register_constraint "Ucr"
++ "aarch64_harden_sls_blr_p () ? STUB_REGS : GENERAL_REGS"
++ "@internal Registers to be used for an indirect call.
++ This is usually the general registers, but when we are hardening against
++ Straight Line Speculation we disallow x16, x17, and x30 so we can use
++ indirection stubs. These indirection stubs cannot use the above registers
++ since they will be reached by a BL that may have to go through a linker
++ veneer.")
++
+ (define_register_constraint "w" "FP_REGS"
+ "Floating point and SIMD vector registers.")
+
+diff --git a/gcc/config/aarch64/predicates.md b/gcc/config/aarch64/predicates.md
+index 8e1b78421..4250aecb3 100644
+--- a/gcc/config/aarch64/predicates.md
++++ b/gcc/config/aarch64/predicates.md
+@@ -32,7 +32,8 @@
+
+ (define_predicate "aarch64_general_reg"
+ (and (match_operand 0 "register_operand")
+- (match_test "REGNO_REG_CLASS (REGNO (op)) == GENERAL_REGS")))
++ (match_test "REGNO_REG_CLASS (REGNO (op)) == STUB_REGS
++ || REGNO_REG_CLASS (REGNO (op)) == GENERAL_REGS")))
+
+ ;; Return true if OP a (const_int 0) operand.
+ (define_predicate "const0_operand"
+diff --git a/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-blr-bti.c b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-blr-bti.c
+new file mode 100644
+index 000000000..b1fb754c7
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-blr-bti.c
+@@ -0,0 +1,40 @@
++/* { dg-do compile } */
++/* { dg-additional-options "-mharden-sls=blr -mbranch-protection=bti" } */
++/*
++ Ensure that the SLS hardening of BLR leaves no BLR instructions.
++ Here we also check that there are no BR instructions with anything except an
++ x16 or x17 register. This is because a `BTI c` instruction can be branched
++ to using a BLR instruction using any register, but can only be branched to
++ with a BR using an x16 or x17 register.
++ */
++typedef int (foo) (int, int);
++typedef void (bar) (int, int);
++struct sls_testclass {
++ foo *x;
++ bar *y;
++ int left;
++ int right;
++};
++
++/* We test both RTL patterns for a call which returns a value and a call which
++ does not. */
++int blr_call_value (struct sls_testclass x)
++{
++ int retval = x.x(x.left, x.right);
++ if (retval % 10)
++ return 100;
++ return 9;
++}
++
++int blr_call (struct sls_testclass x)
++{
++ x.y(x.left, x.right);
++ if (x.left % 10)
++ return 100;
++ return 9;
++}
++
++/* { dg-final { scan-assembler-not {\tblr\t} } } */
++/* { dg-final { scan-assembler-not {\tbr\tx(?!16|17)} } } */
++/* { dg-final { scan-assembler {\tbr\tx(16|17)} } } */
++
+diff --git a/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-blr.c b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-blr.c
+new file mode 100644
+index 000000000..88baffffe
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/aarch64/sls-mitigation/sls-miti-blr.c
+@@ -0,0 +1,33 @@
++/* { dg-additional-options "-mharden-sls=blr -save-temps" } */
++/* Ensure that the SLS hardening of BLR leaves no BLR instructions.
++ We only test that all BLR instructions have been removed, not that the
++ resulting code makes sense. */
++typedef int (foo) (int, int);
++typedef void (bar) (int, int);
++struct sls_testclass {
++ foo *x;
++ bar *y;
++ int left;
++ int right;
++};
++
++/* We test both RTL patterns for a call which returns a value and a call which
++ does not. */
++int blr_call_value (struct sls_testclass x)
++{
++ int retval = x.x(x.left, x.right);
++ if (retval % 10)
++ return 100;
++ return 9;
++}
++
++int blr_call (struct sls_testclass x)
++{
++ x.y(x.left, x.right);
++ if (x.left % 10)
++ return 100;
++ return 9;
++}
++
++/* { dg-final { scan-assembler-not {\tblr\t} } } */
++/* { dg-final { scan-assembler {\tbr\tx[0-9][0-9]?} } } */
+--
+2.25.1
+
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 03/16] ffmpeg: fix CVE-2020-12284
2020-10-27 22:29 [OE-core][dunfell 00/16] Patch review Steve Sakoman
2020-10-27 22:29 ` [OE-core][dunfell 01/16] oeqa: Add sync call to command execution Steve Sakoman
2020-10-27 22:29 ` [OE-core][dunfell 02/16] gcc: mitigate the Straight-line Speculation attack Steve Sakoman
@ 2020-10-27 22:29 ` Steve Sakoman
2020-10-27 22:29 ` [OE-core][dunfell 04/16] gstreamer1.0: Fix reproducibility issue around libcap Steve Sakoman
` (12 subsequent siblings)
15 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2020-10-27 22:29 UTC (permalink / raw)
To: openembedded-core
From: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../ffmpeg/ffmpeg/CVE-2020-12284.patch | 36 +++++++++++++++++++
.../recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb | 1 +
2 files changed, 37 insertions(+)
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-12284.patch
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-12284.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-12284.patch
new file mode 100644
index 0000000000..5fff4754f4
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-12284.patch
@@ -0,0 +1,36 @@
+From 1812352d767ccf5431aa440123e2e260a4db2726 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Sat, 7 Mar 2020 15:42:58 +0100
+Subject: [PATCH] avcodec/cbs_jpeg: Check length for SOS
+
+Fixes: out of array access
+Fixes: 19734/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5673507031875584
+Fixes: 19353/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5703944462663680
+
+Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+
+Upstream-Status: Backport [https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/1812352d767ccf5431aa440123e2e260a4db2726]
+CVE: CVE-2020-12284
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ libavcodec/cbs_jpeg.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/libavcodec/cbs_jpeg.c b/libavcodec/cbs_jpeg.c
+index 6bbce5f..89512a2 100644
+--- a/libavcodec/cbs_jpeg.c
++++ b/libavcodec/cbs_jpeg.c
+@@ -197,6 +197,9 @@ static int cbs_jpeg_split_fragment(CodedBitstreamContext *ctx,
+ if (marker == JPEG_MARKER_SOS) {
+ length = AV_RB16(frag->data + start);
+
++ if (length > end - start)
++ return AVERROR_INVALIDDATA;
++
+ data_ref = NULL;
+ data = av_malloc(end - start +
+ AV_INPUT_BUFFER_PADDING_SIZE);
+--
+2.7.4
+
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb
index d7b0641054..fddfef9e27 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb
@@ -25,6 +25,7 @@ LIC_FILES_CHKSUM = "file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://mips64_cpu_detection.patch \
+ file://CVE-2020-12284.patch \
"
SRC_URI[md5sum] = "348956fc2faa57a2f79bbb84ded9fbc3"
SRC_URI[sha256sum] = "cb754255ab0ee2ea5f66f8850e1bd6ad5cac1cd855d0a2f4990fb8c668b0d29c"
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 04/16] gstreamer1.0: Fix reproducibility issue around libcap
2020-10-27 22:29 [OE-core][dunfell 00/16] Patch review Steve Sakoman
` (2 preceding siblings ...)
2020-10-27 22:29 ` [OE-core][dunfell 03/16] ffmpeg: fix CVE-2020-12284 Steve Sakoman
@ 2020-10-27 22:29 ` Steve Sakoman
2020-10-27 22:29 ` [OE-core][dunfell 05/16] gstreamer1.0: Update 1.16.2 -> Update 1.16.3 Steve Sakoman
` (11 subsequent siblings)
15 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2020-10-27 22:29 UTC (permalink / raw)
To: openembedded-core
From: Jose Quaresma <quaresma.jose@gmail.com>
Currently gstreamer configuration depends libcap and on whether
setcap is found on the host system.
Removing libcap from DEPENDS and only use it when the 'setcap' is enabled.
* 0004-capfix.patch
Removed as the same goals can be achieved only with the PACKAGECONFIG 'setcap'
Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
---
.../gstreamer/gstreamer1.0/capfix.patch | 37 -------------------
.../gstreamer/gstreamer1.0_1.16.2.bb | 5 +--
2 files changed, 2 insertions(+), 40 deletions(-)
delete mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0/capfix.patch
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0/capfix.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0/capfix.patch
deleted file mode 100644
index 7ca3d5ad4a..0000000000
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0/capfix.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-Currently gstreamer configuration depends on whether setcap is found on the host
-system. Turn this into a configure option to make builds deterinistic.
-
-RP 2020/2/19
-Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-Upstream-Status: Pending
-
-Index: gstreamer-1.16.1/libs/gst/helpers/meson.build
-===================================================================
---- gstreamer-1.16.1.orig/libs/gst/helpers/meson.build
-+++ gstreamer-1.16.1/libs/gst/helpers/meson.build
-@@ -73,7 +73,12 @@ if have_ptp
- endif
- endif
-
-- setcap = find_program('setcap', '/usr/sbin/setcap', '/sbin/setcap', required : false)
-+ setcap_feature = get_option('setcap')
-+ if setcap_feature.disabled()
-+ setcap = find_program('dontexist', required : false)
-+ else
-+ setcap = find_program('setcap', '/usr/sbin/setcap', '/sbin/setcap', required : false)
-+ endif
-
- # user/group to change to in gst-ptp-helper
- ptp_helper_setuid_user = get_option('ptp-helper-setuid-user')
-Index: gstreamer-1.16.1/meson_options.txt
-===================================================================
---- gstreamer-1.16.1.orig/meson_options.txt
-+++ gstreamer-1.16.1/meson_options.txt
-@@ -26,6 +26,7 @@ option('libunwind', type : 'feature', va
- option('libdw', type : 'feature', value : 'auto', description : 'Use libdw to generate better backtraces from libunwind')
- option('dbghelp', type : 'feature', value : 'auto', description : 'Use dbghelp to generate backtraces')
- option('bash-completion', type : 'feature', value : 'auto', description : 'Install bash completion files')
-+option('setcap', type : 'feature', value : 'auto', description : 'Use setcap')
-
- # Common feature options
- option('examples', type : 'feature', value : 'auto', yield : true)
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.2.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.2.bb
index 50a872e292..9d92fe1439 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.2.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.2.bb
@@ -6,7 +6,7 @@ BUGTRACKER = "https://bugzilla.gnome.org/enter_bug.cgi?product=Gstreamer"
SECTION = "multimedia"
LICENSE = "LGPLv2+"
-DEPENDS = "glib-2.0 glib-2.0-native libcap libxml2 bison-native flex-native"
+DEPENDS = "glib-2.0 glib-2.0-native libxml2 bison-native flex-native"
inherit meson pkgconfig gettext upstream-version-is-even gobject-introspection gtk-doc
@@ -21,7 +21,6 @@ SRC_URI = " \
file://0002-meson-build-gir-even-when-cross-compiling-if-introsp.patch \
file://0003-meson-Add-valgrind-feature.patch \
file://0004-meson-Add-option-for-installed-tests.patch \
- file://capfix.patch \
"
SRC_URI[md5sum] = "0e661ed5bdf1d8996e430228d022628e"
SRC_URI[sha256sum] = "e3f044246783fd685439647373fa13ba14f7ab0b346eadd06437092f8419e94e"
@@ -40,7 +39,7 @@ PACKAGECONFIG[unwind] = "-Dlibunwind=enabled,-Dlibunwind=disabled,libunwind"
PACKAGECONFIG[dw] = "-Dlibdw=enabled,-Dlibdw=disabled,elfutils"
PACKAGECONFIG[bash-completion] = "-Dbash-completion=enabled,-Dbash-completion=disabled,bash-completion"
PACKAGECONFIG[tools] = "-Dtools=enabled,-Dtools=disabled"
-PACKAGECONFIG[setcap] = "-Dsetcap=enabled,-Dsetcap=disabled,libcap libcap-native"
+PACKAGECONFIG[setcap] = ",,libcap libcap-native"
# TODO: put this in a gettext.bbclass patch
def gettext_oemeson(d):
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 05/16] gstreamer1.0: Update 1.16.2 -> Update 1.16.3
2020-10-27 22:29 [OE-core][dunfell 00/16] Patch review Steve Sakoman
` (3 preceding siblings ...)
2020-10-27 22:29 ` [OE-core][dunfell 04/16] gstreamer1.0: Fix reproducibility issue around libcap Steve Sakoman
@ 2020-10-27 22:29 ` Steve Sakoman
2020-10-27 22:29 ` [OE-core][dunfell 06/16] gstreamer1.0-plugins-base: " Steve Sakoman
` (10 subsequent siblings)
15 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2020-10-27 22:29 UTC (permalink / raw)
To: openembedded-core
From: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
---
.../{gstreamer1.0_1.16.2.bb => gstreamer1.0_1.16.3.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0_1.16.2.bb => gstreamer1.0_1.16.3.bb} (95%)
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.2.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.3.bb
similarity index 95%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.2.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.3.bb
index 9d92fe1439..66ad3e3381 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.2.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.3.bb
@@ -22,8 +22,8 @@ SRC_URI = " \
file://0003-meson-Add-valgrind-feature.patch \
file://0004-meson-Add-option-for-installed-tests.patch \
"
-SRC_URI[md5sum] = "0e661ed5bdf1d8996e430228d022628e"
-SRC_URI[sha256sum] = "e3f044246783fd685439647373fa13ba14f7ab0b346eadd06437092f8419e94e"
+SRC_URI[md5sum] = "beecf6965a17fb17fa3b262fd36df70a"
+SRC_URI[sha256sum] = "692f037968e454e508b0f71d9674e2e26c78475021407fcf8193b1c7e59543c7"
PACKAGECONFIG ??= "${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)} \
check \
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 06/16] gstreamer1.0-plugins-base: Update 1.16.2 -> Update 1.16.3
2020-10-27 22:29 [OE-core][dunfell 00/16] Patch review Steve Sakoman
` (4 preceding siblings ...)
2020-10-27 22:29 ` [OE-core][dunfell 05/16] gstreamer1.0: Update 1.16.2 -> Update 1.16.3 Steve Sakoman
@ 2020-10-27 22:29 ` Steve Sakoman
2020-10-27 22:29 ` [OE-core][dunfell 07/16] gstreamer1.0-plugins-good: " Steve Sakoman
` (9 subsequent siblings)
15 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2020-10-27 22:29 UTC (permalink / raw)
To: openembedded-core
From: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
---
...ins-base_1.16.2.bb => gstreamer1.0-plugins-base_1.16.3.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-base_1.16.2.bb => gstreamer1.0-plugins-base_1.16.3.bb} (96%)
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.16.2.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.16.3.bb
similarity index 96%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.16.2.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.16.3.bb
index 6563b6f738..a4f4772c1c 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.16.2.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.16.3.bb
@@ -13,8 +13,8 @@ SRC_URI = " \
file://0005-viv-fb-Make-sure-config.h-is-included.patch \
file://0009-glimagesink-Downrank-to-marginal.patch \
"
-SRC_URI[md5sum] = "3fdb32823535799a748c1fc14f978e2c"
-SRC_URI[sha256sum] = "b13e73e2fe74a4166552f9577c3dcb24bed077021b9c7fa600d910ec6987816a"
+SRC_URI[md5sum] = "e3ddb1bae9fb510b49a295f212f1e6e4"
+SRC_URI[sha256sum] = "9f02678b0bbbcc9eff107d3bd89d83ce92fec2154cd607c7c8bd34dc7fee491c"
S = "${WORKDIR}/gst-plugins-base-${PV}"
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 07/16] gstreamer1.0-plugins-good: Update 1.16.2 -> Update 1.16.3
2020-10-27 22:29 [OE-core][dunfell 00/16] Patch review Steve Sakoman
` (5 preceding siblings ...)
2020-10-27 22:29 ` [OE-core][dunfell 06/16] gstreamer1.0-plugins-base: " Steve Sakoman
@ 2020-10-27 22:29 ` Steve Sakoman
2020-10-27 22:29 ` [OE-core][dunfell 08/16] gstreamer1.0-plugins-bad: " Steve Sakoman
` (8 subsequent siblings)
15 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2020-10-27 22:29 UTC (permalink / raw)
To: openembedded-core
From: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
---
...ins-good_1.16.2.bb => gstreamer1.0-plugins-good_1.16.3.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-good_1.16.2.bb => gstreamer1.0-plugins-good_1.16.3.bb} (96%)
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.2.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.3.bb
similarity index 96%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.2.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.3.bb
index 17c9421394..75dd029109 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.2.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.3.bb
@@ -6,8 +6,8 @@ SRC_URI = " \
file://0001-qt-include-ext-qt-gstqtgl.h-instead-of-gst-gl-gstglf.patch \
"
-SRC_URI[md5sum] = "bd025f8f14974f94b75ac69a9d1b9c93"
-SRC_URI[sha256sum] = "40bb3bafda25c0b739c8fc36e48380fccf61c4d3f83747e97ac3f9b0171b1319"
+SRC_URI[md5sum] = "c79b6c2f8eaadb2bb66615b694db399e"
+SRC_URI[sha256sum] = "d3a23a3fe73de673f591b7655494990c9e8a0e22a3c70d6f1dbf50198b29f85f"
S = "${WORKDIR}/gst-plugins-good-${PV}"
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 08/16] gstreamer1.0-plugins-bad: Update 1.16.2 -> Update 1.16.3
2020-10-27 22:29 [OE-core][dunfell 00/16] Patch review Steve Sakoman
` (6 preceding siblings ...)
2020-10-27 22:29 ` [OE-core][dunfell 07/16] gstreamer1.0-plugins-good: " Steve Sakoman
@ 2020-10-27 22:29 ` Steve Sakoman
2020-10-27 22:29 ` [OE-core][dunfell 09/16] gstreamer1.0-plugins-ugly: " Steve Sakoman
` (7 subsequent siblings)
15 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2020-10-27 22:29 UTC (permalink / raw)
To: openembedded-core
From: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
---
...ugins-bad_1.16.2.bb => gstreamer1.0-plugins-bad_1.16.3.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-bad_1.16.2.bb => gstreamer1.0-plugins-bad_1.16.3.bb} (98%)
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.16.2.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.16.3.bb
similarity index 98%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.16.2.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.16.3.bb
index 99176b2571..ffbaaf425a 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.16.2.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.16.3.bb
@@ -8,8 +8,8 @@ SRC_URI = " \
file://ensure-valid-sentinels-for-gst_structure_get-etc.patch \
file://opencv-resolve-missing-opencv-data-dir-in-yocto-buil.patch \
"
-SRC_URI[md5sum] = "ccc7404230afddec723bbdb63c89feec"
-SRC_URI[sha256sum] = "f1cb7aa2389569a5343661aae473f0a940a90b872001824bc47fa8072a041e74"
+SRC_URI[md5sum] = "8969ea1aec3411c13d0e7dd27ccaaef1"
+SRC_URI[sha256sum] = "84efe57011658f0a53a5d5b20f64ef109f5105dccb0808c21e069e946673514d"
S = "${WORKDIR}/gst-plugins-bad-${PV}"
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 09/16] gstreamer1.0-plugins-ugly: Update 1.16.2 -> Update 1.16.3
2020-10-27 22:29 [OE-core][dunfell 00/16] Patch review Steve Sakoman
` (7 preceding siblings ...)
2020-10-27 22:29 ` [OE-core][dunfell 08/16] gstreamer1.0-plugins-bad: " Steve Sakoman
@ 2020-10-27 22:29 ` Steve Sakoman
2020-10-27 22:29 ` [OE-core][dunfell 10/16] gstreamer1.0-libav: " Steve Sakoman
` (6 subsequent siblings)
15 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2020-10-27 22:29 UTC (permalink / raw)
To: openembedded-core
From: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
---
...ins-ugly_1.16.2.bb => gstreamer1.0-plugins-ugly_1.16.3.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-ugly_1.16.2.bb => gstreamer1.0-plugins-ugly_1.16.3.bb} (90%)
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.16.2.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.16.3.bb
similarity index 90%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.16.2.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.16.3.bb
index be10800389..d9ec82d887 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.16.2.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.16.3.bb
@@ -9,8 +9,8 @@ LICENSE_FLAGS = "commercial"
SRC_URI = " \
https://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-${PV}.tar.xz \
"
-SRC_URI[md5sum] = "10283ff5ef1e34d462dde77042e329bd"
-SRC_URI[sha256sum] = "5500415b865e8b62775d4742cbb9f37146a50caecfc0e7a6fc0160d3c560fbca"
+SRC_URI[md5sum] = "b025125a6c928024cbd300cc27b5d712"
+SRC_URI[sha256sum] = "403c21688065f41e53008874402b5c07832567cc1309a60df597eab7ff5843f0"
S = "${WORKDIR}/gst-plugins-ugly-${PV}"
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 10/16] gstreamer1.0-libav: Update 1.16.2 -> Update 1.16.3
2020-10-27 22:29 [OE-core][dunfell 00/16] Patch review Steve Sakoman
` (8 preceding siblings ...)
2020-10-27 22:29 ` [OE-core][dunfell 09/16] gstreamer1.0-plugins-ugly: " Steve Sakoman
@ 2020-10-27 22:29 ` Steve Sakoman
2020-10-27 22:29 ` [OE-core][dunfell 11/16] gstreamer1.0-vaapi: " Steve Sakoman
` (5 subsequent siblings)
15 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2020-10-27 22:29 UTC (permalink / raw)
To: openembedded-core
From: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
---
...reamer1.0-libav_1.16.2.bb => gstreamer1.0-libav_1.16.3.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-libav_1.16.2.bb => gstreamer1.0-libav_1.16.3.bb} (90%)
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.16.2.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.16.3.bb
similarity index 90%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.16.2.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.16.3.bb
index 2fdefc925e..98355a1b75 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.16.2.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.16.3.bb
@@ -10,8 +10,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
SRC_URI = "https://gstreamer.freedesktop.org/src/gst-libav/gst-libav-${PV}.tar.xz \
"
-SRC_URI[md5sum] = "eacebd0136ede3a9bd3672eeb338806b"
-SRC_URI[sha256sum] = "c724f612700c15a933c7356fbeabb0bb9571fb5538f8b1b54d4d2d94188deef2"
+SRC_URI[md5sum] = "d08fb5429f102d5a3f1eca3dee2a0add"
+SRC_URI[sha256sum] = "d10c5eb1a00a91de97c85c0956c663aa6e99d268195cdec4534c179b831538ec"
S = "${WORKDIR}/gst-libav-${PV}"
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 11/16] gstreamer1.0-vaapi: Update 1.16.2 -> Update 1.16.3
2020-10-27 22:29 [OE-core][dunfell 00/16] Patch review Steve Sakoman
` (9 preceding siblings ...)
2020-10-27 22:29 ` [OE-core][dunfell 10/16] gstreamer1.0-libav: " Steve Sakoman
@ 2020-10-27 22:29 ` Steve Sakoman
2020-10-27 22:29 ` [OE-core][dunfell 12/16] gstreamer1.0-rtsp-server: " Steve Sakoman
` (4 subsequent siblings)
15 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2020-10-27 22:29 UTC (permalink / raw)
To: openembedded-core
From: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
---
...reamer1.0-vaapi_1.16.2.bb => gstreamer1.0-vaapi_1.16.3.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-vaapi_1.16.2.bb => gstreamer1.0-vaapi_1.16.3.bb} (93%)
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.16.2.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.16.3.bb
similarity index 93%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.16.2.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.16.3.bb
index 1bedf25128..9d9b1b8757 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.16.2.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.16.3.bb
@@ -12,8 +12,8 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/${REALPN}/${REALPN}-${PV}.tar.x
file://0001-vaapsink-downgrade-to-marginal.patch \
"
-SRC_URI[md5sum] = "13f7cb6a64bde24e67f563377487dcce"
-SRC_URI[sha256sum] = "191de7b0ab64a85dd0875c990721e7be95518f60e2a9106beca162004ed7c601"
+SRC_URI[md5sum] = "8c9b5a4d20afc04bc5e1536e81511f27"
+SRC_URI[sha256sum] = "77200b3c183fe97cd987deb5544e615873cff5e98ec87573583771e5f1fb9ebe"
S = "${WORKDIR}/${REALPN}-${PV}"
DEPENDS = "libva gstreamer1.0 gstreamer1.0-plugins-base gstreamer1.0-plugins-bad"
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 12/16] gstreamer1.0-rtsp-server: Update 1.16.2 -> Update 1.16.3
2020-10-27 22:29 [OE-core][dunfell 00/16] Patch review Steve Sakoman
` (10 preceding siblings ...)
2020-10-27 22:29 ` [OE-core][dunfell 11/16] gstreamer1.0-vaapi: " Steve Sakoman
@ 2020-10-27 22:29 ` Steve Sakoman
2020-10-27 22:29 ` [OE-core][dunfell 13/16] gstreamer1.0-omx: " Steve Sakoman
` (3 subsequent siblings)
15 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2020-10-27 22:29 UTC (permalink / raw)
To: openembedded-core
From: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
---
...sp-server_1.16.2.bb => gstreamer1.0-rtsp-server_1.16.3.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-rtsp-server_1.16.2.bb => gstreamer1.0-rtsp-server_1.16.3.bb} (86%)
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.16.2.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.16.3.bb
similarity index 86%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.16.2.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.16.3.bb
index 02c3c83840..5f1b1d44fa 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.16.2.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.16.3.bb
@@ -12,8 +12,8 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.x
file://0001-meson-build-gir-even-when-cross-compiling-if-introsp.patch \
"
-SRC_URI[md5sum] = "8a998725820c771ba45be6e18bfdf73a"
-SRC_URI[sha256sum] = "de07a2837b3b04820ce68264a4909f70c221b85dbff0cede7926e9cdbb1dc26e"
+SRC_URI[md5sum] = "f0d8263c9d61f6f05b59ae0f676a6406"
+SRC_URI[sha256sum] = "67886b872826d513c58f88d559d4dc4aa63382d03fb64ceac91a09537fe6fea0"
S = "${WORKDIR}/${PNREAL}-${PV}"
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 13/16] gstreamer1.0-omx: Update 1.16.2 -> Update 1.16.3
2020-10-27 22:29 [OE-core][dunfell 00/16] Patch review Steve Sakoman
` (11 preceding siblings ...)
2020-10-27 22:29 ` [OE-core][dunfell 12/16] gstreamer1.0-rtsp-server: " Steve Sakoman
@ 2020-10-27 22:29 ` Steve Sakoman
2020-10-27 22:29 ` [OE-core][dunfell 14/16] gstreamer1.0-python: " Steve Sakoman
` (2 subsequent siblings)
15 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2020-10-27 22:29 UTC (permalink / raw)
To: openembedded-core
From: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
---
...{gstreamer1.0-omx_1.16.2.bb => gstreamer1.0-omx_1.16.3.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-omx_1.16.2.bb => gstreamer1.0-omx_1.16.3.bb} (92%)
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.16.2.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.16.3.bb
similarity index 92%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.16.2.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.16.3.bb
index f1bdbd235d..1aa13cf73c 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.16.2.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.16.3.bb
@@ -9,8 +9,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \
SRC_URI = "https://gstreamer.freedesktop.org/src/gst-omx/gst-omx-${PV}.tar.xz"
-SRC_URI[md5sum] = "6362786d2b6cce34de08c86b7847f782"
-SRC_URI[sha256sum] = "11ed411a2eba75610d72331eeb14ff05e2df28f4fd05cb69225a88bec6d27439"
+SRC_URI[md5sum] = "d4d89dd44362c1d262186c60437cdbee"
+SRC_URI[sha256sum] = "60603b7889528ef8539d36cb3284b648c46aa0cf980a28cba4d3fe3a44988ff9"
S = "${WORKDIR}/gst-omx-${PV}"
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 14/16] gstreamer1.0-python: Update 1.16.2 -> Update 1.16.3
2020-10-27 22:29 [OE-core][dunfell 00/16] Patch review Steve Sakoman
` (12 preceding siblings ...)
2020-10-27 22:29 ` [OE-core][dunfell 13/16] gstreamer1.0-omx: " Steve Sakoman
@ 2020-10-27 22:29 ` Steve Sakoman
2020-10-27 22:29 ` [OE-core][dunfell 15/16] gst-validate: " Steve Sakoman
2020-10-27 22:29 ` [OE-core][dunfell 16/16] glib-2.0: fix parsing of slim encoded tzdata Steve Sakoman
15 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2020-10-27 22:29 UTC (permalink / raw)
To: openembedded-core
From: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
---
...son.build-fix-builds-with-python-3.8.patch | 24 -------------------
....16.2.bb => gstreamer1.0-python_1.16.3.bb} | 8 +++----
2 files changed, 3 insertions(+), 29 deletions(-)
delete mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-python/0001-meson.build-fix-builds-with-python-3.8.patch
rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-python_1.16.2.bb => gstreamer1.0-python_1.16.3.bb} (80%)
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-python/0001-meson.build-fix-builds-with-python-3.8.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-python/0001-meson.build-fix-builds-with-python-3.8.patch
deleted file mode 100644
index 053108ad50..0000000000
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-python/0001-meson.build-fix-builds-with-python-3.8.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From 61cfd1b49dc82baf14bb36d88b6c5be7b8c3d23a Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex.kanavin@gmail.com>
-Date: Mon, 2 Dec 2019 18:16:41 +0100
-Subject: [PATCH] meson.build: fix builds with python 3.8
-
-Upstream-Status: Submitted [https://gitlab.freedesktop.org/gstreamer/gst-python/merge_requests/14]
-Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
----
- meson.build | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/meson.build b/meson.build
-index 1da81d5..3e0db38 100644
---- a/meson.build
-+++ b/meson.build
-@@ -24,7 +24,7 @@ pygobject_dep = dependency('pygobject-3.0', fallback: ['pygobject', 'pygobject_d
-
- pymod = import('python')
- python = pymod.find_installation(get_option('python'))
--python_dep = python.dependency(required : true)
-+python_dep = dependency('python3-embed', required : true)
-
- python_abi_flags = python.get_variable('ABIFLAGS', '')
- pylib_loc = get_option('libpython-dir')
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.16.2.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.16.3.bb
similarity index 80%
rename from meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.16.2.bb
rename to meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.16.3.bb
index 9e024eb9f3..14b34a2808 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.16.2.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.16.3.bb
@@ -5,11 +5,9 @@ SECTION = "multimedia"
LICENSE = "LGPLv2.1"
LIC_FILES_CHKSUM = "file://COPYING;md5=c34deae4e395ca07e725ab0076a5f740"
-SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz \
- file://0001-meson.build-fix-builds-with-python-3.8.patch \
- "
-SRC_URI[md5sum] = "6ac709767334d8d0a71cb4e016f6abeb"
-SRC_URI[sha256sum] = "208df3148d73d9f416d016564737585d8ea763d91201732d44b5fe688c6288a8"
+SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz"
+SRC_URI[md5sum] = "326f4f4c23e2477bf3d5839c465a42ca"
+SRC_URI[sha256sum] = "36a00a256c25ccaaa9b965a6f09d6158dfb77558145ab6b25809938732c7161f"
DEPENDS = "gstreamer1.0 python3-pygobject"
RDEPENDS_${PN} += "gstreamer1.0 python3-pygobject"
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 15/16] gst-validate: Update 1.16.2 -> Update 1.16.3
2020-10-27 22:29 [OE-core][dunfell 00/16] Patch review Steve Sakoman
` (13 preceding siblings ...)
2020-10-27 22:29 ` [OE-core][dunfell 14/16] gstreamer1.0-python: " Steve Sakoman
@ 2020-10-27 22:29 ` Steve Sakoman
2020-10-27 22:29 ` [OE-core][dunfell 16/16] glib-2.0: fix parsing of slim encoded tzdata Steve Sakoman
15 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2020-10-27 22:29 UTC (permalink / raw)
To: openembedded-core
From: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
---
.../{gst-validate_1.16.2.bb => gst-validate_1.16.3.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-multimedia/gstreamer/{gst-validate_1.16.2.bb => gst-validate_1.16.3.bb} (87%)
diff --git a/meta/recipes-multimedia/gstreamer/gst-validate_1.16.2.bb b/meta/recipes-multimedia/gstreamer/gst-validate_1.16.3.bb
similarity index 87%
rename from meta/recipes-multimedia/gstreamer/gst-validate_1.16.2.bb
rename to meta/recipes-multimedia/gstreamer/gst-validate_1.16.3.bb
index 35492fe861..ef42abbdd7 100644
--- a/meta/recipes-multimedia/gstreamer/gst-validate_1.16.2.bb
+++ b/meta/recipes-multimedia/gstreamer/gst-validate_1.16.3.bb
@@ -9,8 +9,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
SRC_URI = "https://gstreamer.freedesktop.org/src/${BPN}/${BP}.tar.xz \
file://0001-connect-has-a-different-signature-on-musl.patch \
"
-SRC_URI[md5sum] = "688f42c52d62e8c5e506df911553fb2c"
-SRC_URI[sha256sum] = "4861ccb9326200e74d98007e316b387d48dd49f072e0b78cb9d3303fdecfeeca"
+SRC_URI[md5sum] = "740a436f5b9bf17ea7de0e62c92ec264"
+SRC_URI[sha256sum] = "c2064e887324af6aa476ca669234936711f253b29042f617f1d9f2597c4bf92b"
DEPENDS = "json-glib glib-2.0 glib-2.0-native gstreamer1.0 gstreamer1.0-plugins-base"
RRECOMMENDS_${PN} = "git"
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 16/16] glib-2.0: fix parsing of slim encoded tzdata
2020-10-27 22:29 [OE-core][dunfell 00/16] Patch review Steve Sakoman
` (14 preceding siblings ...)
2020-10-27 22:29 ` [OE-core][dunfell 15/16] gst-validate: " Steve Sakoman
@ 2020-10-27 22:29 ` Steve Sakoman
15 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2020-10-27 22:29 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross@burtonini.com>
As of tzcode 2020b the timezone data is encoded using the 'slim' format
instead of the previous 'fat'. This exposes a number of bugs in GLib,
so backport the fixes to improve the parser.
[ YOCTO #14106 ]
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../glib-2.0/glib-2.0/tzdata-update.patch | 458 ++++++++++++++++++
meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb | 1 +
2 files changed, 459 insertions(+)
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/tzdata-update.patch
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/tzdata-update.patch b/meta/recipes-core/glib-2.0/glib-2.0/tzdata-update.patch
new file mode 100644
index 0000000000..0af036f8bd
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/tzdata-update.patch
@@ -0,0 +1,458 @@
+Backport a number of patches from upstream to fix reading of the new 'slim'
+encoding for tzdata files.
+
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+commit 18cbd5e5a4812e9bd0b06a058322d2b44ed2ad92
+Author: Paul Eggert <eggert@cs.ucla.edu>
+Date: Thu Jul 16 12:41:49 2020 -0700
+
+ Clarify memset in set_tz_name
+
+ * glib/gtimezone.c (set_tz_name): Use size, not NAME_SIZE,
+ to clear the buffer. Suggested by Philip Withnall in:
+ https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1533#note_867859
+
+commit 1ab3f927d6d09a8cf3349a3545f5351446f43d47
+Author: Paul Eggert <eggert@cs.ucla.edu>
+Date: Thu Jul 16 12:41:49 2020 -0700
+
+ gtimezone: support footers in TZif files
+
+ Since tzcode95f (1995), TZif files have had a trailing
+ TZ string, used for timestamps after the last transition.
+ This string is specified in Internet RFC 8536 section 3.3.
+ init_zone_from_iana_info has ignored this string, causing it
+ to mishandle timestamps past the year 2038. With zic's new -b
+ slim flag, init_zone_from_iana_info would even mishandle current
+ timestamps. Fix this by parsing the trailing TZ string and adding
+ its transitions.
+
+ Closes #2129
+
+commit e8b763e35235a2c6b4bdd48a5099c00f72741059
+Author: Paul Eggert <eggert@cs.ucla.edu>
+Date: Thu Jul 16 12:41:49 2020 -0700
+
+ gtimezone: add support for RFC 8536 time zone transitions
+
+ Time zone transition times can range from -167:59:59 through
+ +167:59:59, according to Internet RFC 8536 section 3.3.1;
+ this is an extension to POSIX. It is needed for proper
+ support of TZif version 3 files.
+
+commit 1c65dd48b8ebd31af8bc9b2263f83c0c411f7519
+Author: Paul Eggert <eggert@cs.ucla.edu>
+Date: Thu Jul 16 12:41:49 2020 -0700
+
+ gtimezone: allow hh to be 24, as per POSIX
+
+ POSIX allows hh to be 24; see
+ https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_03
+
+commit 368b65cb4cb17e29a4f55654149f554a14f48bc6
+Author: Paul Eggert <eggert@cs.ucla.edu>
+Date: Thu Jul 16 12:41:49 2020 -0700
+
+ gtimezone: support POSIX 1003.1-2001 quoted TZ abbreviations
+
+ TZ strings like '<-03>3' were introduced in POSIX 1003.1-2001 and
+ are currently specified in:
+ https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_03
+
+commit fd528aaab6bb077c6d217e62f2228ec9fe3ed760
+Author: Paul Eggert <eggert@cs.ucla.edu>
+Date: Thu Jul 16 12:41:49 2020 -0700
+
+ gtimezone: get 64-bit data from version-3 TZif files
+
+ Version 3 was introduced in tzdb 2013e (2013).
+ See Internet RFC 8536 section 3.1 under "ver(sion)".
+
+diff --git a/glib/gtimezone.c b/glib/gtimezone.c
+index 5a835dea9..f9eee1967 100644
+--- a/glib/gtimezone.c
++++ b/glib/gtimezone.c
+@@ -142,9 +142,7 @@ typedef struct
+ gint mday;
+ gint wday;
+ gint week;
+- gint hour;
+- gint min;
+- gint sec;
++ gint32 offset; /* hour*3600 + min*60 + sec; can be negative. */
+ } TimeZoneDate;
+
+ /* POSIX Timezone abbreviations are typically 3 or 4 characters, but
+@@ -205,6 +203,10 @@ static GTimeZone *tz_local = NULL;
+ there's no point in getting carried
+ away. */
+
++#ifdef G_OS_UNIX
++static GTimeZone *parse_footertz (const gchar *, size_t);
++#endif
++
+ /**
+ * g_time_zone_unref:
+ * @tz: a #GTimeZone
+@@ -286,13 +288,20 @@ g_time_zone_ref (GTimeZone *tz)
+ /* fake zoneinfo creation (for RFC3339/ISO 8601 timezones) {{{1 */
+ /*
+ * parses strings of the form h or hh[[:]mm[[[:]ss]]] where:
+- * - h[h] is 0 to 23
++ * - h[h] is 0 to 24
+ * - mm is 00 to 59
+ * - ss is 00 to 59
++ * If RFC8536, TIME_ is a transition time sans sign,
++ * so colons are required before mm and ss, and hh can be up to 167.
++ * See Internet RFC 8536 section 3.3.1:
++ * https://tools.ietf.org/html/rfc8536#section-3.3.1
++ * and POSIX Base Definitions 8.3 TZ rule time:
++ * https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_03
+ */
+ static gboolean
+ parse_time (const gchar *time_,
+- gint32 *offset)
++ gint32 *offset,
++ gboolean rfc8536)
+ {
+ if (*time_ < '0' || '9' < *time_)
+ return FALSE;
+@@ -310,7 +319,20 @@ parse_time (const gchar *time_,
+ *offset *= 10;
+ *offset += 60 * 60 * (*time_++ - '0');
+
+- if (*offset > 23 * 60 * 60)
++ if (rfc8536)
++ {
++ /* Internet RFC 8536 section 3.3.1 and POSIX 8.3 TZ together say
++ that a transition time must be of the form [+-]hh[:mm[:ss]] where
++ the hours part can range from -167 to 167. */
++ if ('0' <= *time_ && *time_ <= '9')
++ {
++ *offset *= 10;
++ *offset += 60 * 60 * (*time_++ - '0');
++ }
++ if (*offset > 167 * 60 * 60)
++ return FALSE;
++ }
++ else if (*offset > 24 * 60 * 60)
+ return FALSE;
+
+ if (*time_ == '\0')
+@@ -319,6 +341,8 @@ parse_time (const gchar *time_,
+
+ if (*time_ == ':')
+ time_++;
++ else if (rfc8536)
++ return FALSE;
+
+ if (*time_ < '0' || '5' < *time_)
+ return FALSE;
+@@ -335,6 +359,8 @@ parse_time (const gchar *time_,
+
+ if (*time_ == ':')
+ time_++;
++ else if (rfc8536)
++ return FALSE;
+
+ if (*time_ < '0' || '5' < *time_)
+ return FALSE;
+@@ -351,28 +377,32 @@ parse_time (const gchar *time_,
+
+ static gboolean
+ parse_constant_offset (const gchar *name,
+- gint32 *offset)
++ gint32 *offset,
++ gboolean rfc8536)
+ {
+- if (g_strcmp0 (name, "UTC") == 0)
++ /* Internet RFC 8536 section 3.3.1 and POSIX 8.3 TZ together say
++ that a transition time must be numeric. */
++ if (!rfc8536 && g_strcmp0 (name, "UTC") == 0)
+ {
+ *offset = 0;
+ return TRUE;
+ }
+
+ if (*name >= '0' && '9' >= *name)
+- return parse_time (name, offset);
++ return parse_time (name, offset, rfc8536);
+
+ switch (*name++)
+ {
+ case 'Z':
+ *offset = 0;
+- return !*name;
++ /* Internet RFC 8536 section 3.3.1 requires a numeric zone. */
++ return !rfc8536 && !*name;
+
+ case '+':
+- return parse_time (name, offset);
++ return parse_time (name, offset, rfc8536);
+
+ case '-':
+- if (parse_time (name, offset))
++ if (parse_time (name, offset, rfc8536))
+ {
+ *offset = -*offset;
+ return TRUE;
+@@ -391,7 +421,7 @@ zone_for_constant_offset (GTimeZone *gtz, const gchar *name)
+ gint32 offset;
+ TransitionInfo info;
+
+- if (name == NULL || !parse_constant_offset (name, &offset))
++ if (name == NULL || !parse_constant_offset (name, &offset, FALSE))
+ return;
+
+ info.gmt_offset = offset;
+@@ -529,12 +559,17 @@ init_zone_from_iana_info (GTimeZone *gtz,
+ guint8 *tz_transitions, *tz_type_index, *tz_ttinfo;
+ guint8 *tz_abbrs;
+ gsize timesize = sizeof (gint32);
+- const struct tzhead *header = g_bytes_get_data (zoneinfo, &size);
++ gconstpointer header_data = g_bytes_get_data (zoneinfo, &size);
++ const gchar *data = header_data;
++ const struct tzhead *header = header_data;
++ GTimeZone *footertz = NULL;
++ guint extra_time_count = 0, extra_type_count = 0;
++ gint64 last_explicit_transition_time;
+
+ g_return_if_fail (size >= sizeof (struct tzhead) &&
+ memcmp (header, "TZif", 4) == 0);
+
+- if (header->tzh_version == '2')
++ if (header->tzh_version >= '2')
+ {
+ /* Skip ahead to the newer 64-bit data if it's available. */
+ header = (const struct tzhead *)
+@@ -550,6 +585,30 @@ init_zone_from_iana_info (GTimeZone *gtz,
+ time_count = guint32_from_be(header->tzh_timecnt);
+ type_count = guint32_from_be(header->tzh_typecnt);
+
++ if (header->tzh_version >= '2')
++ {
++ const gchar *footer = (((const gchar *) (header + 1))
++ + guint32_from_be(header->tzh_ttisgmtcnt)
++ + guint32_from_be(header->tzh_ttisstdcnt)
++ + 12 * guint32_from_be(header->tzh_leapcnt)
++ + 9 * time_count
++ + 6 * type_count
++ + guint32_from_be(header->tzh_charcnt));
++ const gchar *footerlast;
++ size_t footerlen;
++ g_return_if_fail (footer <= data + size - 2 && footer[0] == '\n');
++ footerlast = memchr (footer + 1, '\n', data + size - (footer + 1));
++ g_return_if_fail (footerlast);
++ footerlen = footerlast + 1 - footer;
++ if (footerlen != 2)
++ {
++ footertz = parse_footertz (footer, footerlen);
++ g_return_if_fail (footertz);
++ extra_type_count = footertz->t_info->len;
++ extra_time_count = footertz->transitions->len;
++ }
++ }
++
+ tz_transitions = ((guint8 *) (header) + sizeof (*header));
+ tz_type_index = tz_transitions + timesize * time_count;
+ tz_ttinfo = tz_type_index + time_count;
+@@ -557,9 +616,9 @@ init_zone_from_iana_info (GTimeZone *gtz,
+
+ gtz->name = g_steal_pointer (&identifier);
+ gtz->t_info = g_array_sized_new (FALSE, TRUE, sizeof (TransitionInfo),
+- type_count);
++ type_count + extra_type_count);
+ gtz->transitions = g_array_sized_new (FALSE, TRUE, sizeof (Transition),
+- time_count);
++ time_count + extra_time_count);
+
+ for (index = 0; index < type_count; index++)
+ {
+@@ -574,15 +633,50 @@ init_zone_from_iana_info (GTimeZone *gtz,
+ for (index = 0; index < time_count; index++)
+ {
+ Transition trans;
+- if (header->tzh_version == '2')
++ if (header->tzh_version >= '2')
+ trans.time = gint64_from_be (((gint64_be*)tz_transitions)[index]);
+ else
+ trans.time = gint32_from_be (((gint32_be*)tz_transitions)[index]);
++ last_explicit_transition_time = trans.time;
+ trans.info_index = tz_type_index[index];
+ g_assert (trans.info_index >= 0);
+ g_assert ((guint) trans.info_index < gtz->t_info->len);
+ g_array_append_val (gtz->transitions, trans);
+ }
++
++ if (footertz)
++ {
++ /* Append footer time types. Don't bother to coalesce
++ duplicates with existing time types. */
++ for (index = 0; index < extra_type_count; index++)
++ {
++ TransitionInfo t_info;
++ TransitionInfo *footer_t_info
++ = &g_array_index (footertz->t_info, TransitionInfo, index);
++ t_info.gmt_offset = footer_t_info->gmt_offset;
++ t_info.is_dst = footer_t_info->is_dst;
++ t_info.abbrev = g_steal_pointer (&footer_t_info->abbrev);
++ g_array_append_val (gtz->t_info, t_info);
++ }
++
++ /* Append footer transitions that follow the last explicit
++ transition. */
++ for (index = 0; index < extra_time_count; index++)
++ {
++ Transition *footer_transition
++ = &g_array_index (footertz->transitions, Transition, index);
++ if (time_count <= 0
++ || last_explicit_transition_time < footer_transition->time)
++ {
++ Transition trans;
++ trans.time = footer_transition->time;
++ trans.info_index = type_count + footer_transition->info_index;
++ g_array_append_val (gtz->transitions, trans);
++ }
++ }
++
++ g_time_zone_unref (footertz);
++ }
+ }
+
+ #elif defined (G_OS_WIN32)
+@@ -590,9 +684,8 @@ init_zone_from_iana_info (GTimeZone *gtz,
+ static void
+ copy_windows_systemtime (SYSTEMTIME *s_time, TimeZoneDate *tzdate)
+ {
+- tzdate->sec = s_time->wSecond;
+- tzdate->min = s_time->wMinute;
+- tzdate->hour = s_time->wHour;
++ tzdate->offset
++ = s_time->wHour * 3600 + s_time->wMinute * 60 + s_time->wSecond;
+ tzdate->mon = s_time->wMonth;
+ tzdate->year = s_time->wYear;
+ tzdate->wday = s_time->wDayOfWeek ? s_time->wDayOfWeek : 7;
+@@ -979,7 +1072,7 @@ boundary_for_year (TimeZoneDate *boundary,
+ g_date_clear (&date, 1);
+ g_date_set_dmy (&date, buffer.mday, buffer.mon, buffer.year);
+ return ((g_date_get_julian (&date) - unix_epoch_start) * seconds_per_day +
+- buffer.hour * 3600 + buffer.min * 60 + buffer.sec - offset);
++ buffer.offset - offset);
+ }
+
+ static void
+@@ -1156,7 +1249,7 @@ init_zone_from_rules (GTimeZone *gtz,
+ * - N is 0 to 365
+ *
+ * time is either h or hh[[:]mm[[[:]ss]]]
+- * - h[h] is 0 to 23
++ * - h[h] is 0 to 24
+ * - mm is 00 to 59
+ * - ss is 00 to 59
+ */
+@@ -1289,25 +1382,10 @@ parse_tz_boundary (const gchar *identifier,
+ /* Time */
+
+ if (*pos == '/')
+- {
+- gint32 offset;
+-
+- if (!parse_time (++pos, &offset))
+- return FALSE;
+-
+- boundary->hour = offset / 3600;
+- boundary->min = (offset / 60) % 60;
+- boundary->sec = offset % 3600;
+-
+- return TRUE;
+- }
+-
++ return parse_constant_offset (pos + 1, &boundary->offset, TRUE);
+ else
+ {
+- boundary->hour = 2;
+- boundary->min = 0;
+- boundary->sec = 0;
+-
++ boundary->offset = 2 * 60 * 60;
+ return *pos == '\0';
+ }
+ }
+@@ -1341,7 +1419,7 @@ parse_offset (gchar **pos, gint32 *target)
+ ++(*pos);
+
+ buffer = g_strndup (target_pos, *pos - target_pos);
+- ret = parse_constant_offset (buffer, target);
++ ret = parse_constant_offset (buffer, target, FALSE);
+ g_free (buffer);
+
+ return ret;
+@@ -1366,21 +1444,32 @@ parse_identifier_boundary (gchar **pos, TimeZoneDate *target)
+ static gboolean
+ set_tz_name (gchar **pos, gchar *buffer, guint size)
+ {
++ gboolean quoted = **pos == '<';
+ gchar *name_pos = *pos;
+ guint len;
+
+- /* Name is ASCII alpha (Is this necessarily true?) */
+- while (g_ascii_isalpha (**pos))
+- ++(*pos);
++ if (quoted)
++ {
++ name_pos++;
++ do
++ ++(*pos);
++ while (g_ascii_isalnum (**pos) || **pos == '-' || **pos == '+');
++ if (**pos != '>')
++ return FALSE;
++ }
++ else
++ while (g_ascii_isalpha (**pos))
++ ++(*pos);
+
+- /* Name should be three or more alphabetic characters */
++ /* Name should be three or more characters */
+ if (*pos - name_pos < 3)
+ return FALSE;
+
+- memset (buffer, 0, NAME_SIZE);
++ memset (buffer, 0, size);
+ /* name_pos isn't 0-terminated, so we have to limit the length expressly */
+ len = *pos - name_pos > size - 1 ? size - 1 : *pos - name_pos;
+ strncpy (buffer, name_pos, len);
++ *pos += quoted;
+ return TRUE;
+ }
+
+@@ -1483,6 +1572,28 @@ rules_from_identifier (const gchar *identifier,
+ return create_ruleset_from_rule (rules, &tzr);
+ }
+
++#ifdef G_OS_UNIX
++static GTimeZone *
++parse_footertz (const gchar *footer, size_t footerlen)
++{
++ gchar *tzstring = g_strndup (footer + 1, footerlen - 2);
++ GTimeZone *footertz = NULL;
++ gchar *ident;
++ TimeZoneRule *rules;
++ guint rules_num = rules_from_identifier (tzstring, &ident, &rules);
++ g_free (ident);
++ g_free (tzstring);
++ if (rules_num > 1)
++ {
++ footertz = g_slice_new0 (GTimeZone);
++ init_zone_from_rules (footertz, rules, rules_num, NULL);
++ footertz->ref_count++;
++ }
++ g_free (rules);
++ return footertz;
++}
++#endif
++
+ /* Construction {{{1 */
+ /**
+ * g_time_zone_new:
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb
index 911152ddaa..09d253fbfb 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb
+++ b/meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb
@@ -16,6 +16,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
file://0001-Do-not-write-bindir-into-pkg-config-files.patch \
file://0001-meson-Run-atomics-test-on-clang-as-well.patch \
file://0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch \
+ file://tzdata-update.patch \
"
SRC_URI_append_class-native = " file://relocate-modules.patch"
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [OE-core][dunfell 00/16] Patch review
@ 2020-12-01 18:51 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2020-12-01 18:51 UTC (permalink / raw)
To: openembedded-core
Please review this next set of patches for dunfell and have comments back by
end of day Thursday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/1638
The following changes since commit b885888df67eb5cdb3b82f4f0a07369a449e223b:
build-appliance-image: Update to dunfell head revision (2020-11-25 23:25:31 +0000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Anuj Mittal (1):
distutils-common-base: fix LINKSHARED expansion
Bruce Ashfield (2):
kernel: provide module.lds for out of tree builds in v5.10+
kernel: relocate copy of module.lds to module compilation task
Fedor Ross (2):
sysvinit: remove bashism to be compatible with dash
eudev: remove bashism to be compatible with dash
Loic Domaigne (1):
roofs_*.bbclass: fix missing vardeps for do_rootfs
Max Krummenacher (1):
linux-firmware: rdepend on license for all nvidia packages
Richard Purdie (2):
fs-perms: Ensure /usr/src/debug/ file modes are correct
e2fsprogs: Fix a ptest permissions determinism issue
Ross Burton (4):
cve-check: show real PN/PV
python3: add CVE-2007-4559 to whitelist
gstreamer1.0-rtsp-server: set CVE_PRODUCT
gstreamer1.0-plugins-base: set CVE_PRODUCT
Steve Sakoman (1):
sqlite3: add CVE-2015-3717 to whitelist
Vyacheslav Yurkov (1):
license_image.bbclass: use canonical name for license files
Wonmin Jung (1):
kernel: Set proper LD in KERNEL_KCONFIG_COMMAND
meta/classes/cve-check.bbclass | 9 ++++++---
meta/classes/distutils-common-base.bbclass | 2 +-
meta/classes/kernel.bbclass | 6 +++++-
meta/classes/license_image.bbclass | 3 ++-
meta/classes/package.bbclass | 2 +-
meta/classes/rootfs_deb.bbclass | 2 +-
meta/classes/rootfs_ipk.bbclass | 2 +-
meta/classes/rootfs_rpm.bbclass | 2 +-
meta/conf/abi_version.conf | 2 +-
meta/files/fs-perms-persistent-log.txt | 2 +-
meta/files/fs-perms.txt | 2 +-
meta/recipes-core/sysvinit/sysvinit/rc | 2 +-
meta/recipes-core/udev/eudev/init | 2 +-
meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.4.bb | 2 ++
meta/recipes-devtools/python/python3_3.8.2.bb | 2 ++
.../linux-firmware/linux-firmware_20201022.bb | 1 +
meta/recipes-kernel/linux/kernel-devsrc.bb | 6 ++++++
.../gstreamer/gstreamer1.0-plugins-base_1.16.3.bb | 2 ++
.../gstreamer/gstreamer1.0-rtsp-server_1.16.3.bb | 2 ++
meta/recipes-support/sqlite/sqlite3_3.31.1.bb | 2 ++
20 files changed, 40 insertions(+), 15 deletions(-)
--
2.17.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 00/16] Patch review
@ 2023-01-25 14:41 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2023-01-25 14:41 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by
end of day Friday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4828
with the exception of a known autobuilder intermittent issue on qemuppc:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=14824
which passed on subsequent re-test:
https://autobuilder.yoctoproject.org/typhoon/#/builders/63/builds/6517
The following changes since commit db81e3c7e7f1d4d9eba52ac35ac97627d0240b63:
build-appliance-image: Update to dunfell head revision (2023-01-13 18:11:40 +0000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Alexander Kanavin (2):
linux-firmware: upgrade 20221109 -> 20221214
selftest/virgl: use pkg-config from the host
Benoît Mauduit (1):
lib/oe/reproducible: Use git log without gpg signature
Bhabu Bindu (1):
ffmpeg: Fix CVE-2022-3109
Hitendra Prajapati (2):
QEMU: CVE-2022-4144 QXL: qxl_phys2virt unsafe address translation can
lead to out-of-bounds read
xserver-xorg: Fix Multiple CVEs
Jan Kircher (1):
toolchain-scripts: compatibility with unbound variable protection
Jermain Horsman (1):
cve-check: write the cve manifest to IMGDEPLOYDIR
Marta Rybczynska (1):
cve-update-db-native: avoid incomplete updates
Niko Mauno (1):
systemd: Consider PACKAGECONFIG in RRECOMMENDS
Quentin Schulz (1):
cairo: fix CVE patches assigned wrong CVE number
Randy MacLeod (1):
vim: upgrade 9.0.0947 -> 9.0.1211
Ross Burton (2):
cve-update-db-native: add more logging when fetching
cve-update-db-native: show IP on failure
Steve Sakoman (1):
python3: fix packaging of Windows distutils installer stubs
jan (1):
cve-update-db-native: Allow to overrule the URL in a bbappend.
meta/classes/cve-check.bbclass | 6 +-
meta/classes/toolchain-scripts.bbclass | 2 +-
meta/lib/oe/reproducible.py | 3 +-
meta/lib/oeqa/selftest/cases/runtime_test.py | 2 +-
.../recipes-core/meta/cve-update-db-native.bb | 97 ++++++++++++-----
meta/recipes-core/systemd/systemd_244.5.bb | 4 +-
.../python/python3/python3-manifest.json | 4 +-
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2022-4144.patch | 103 ++++++++++++++++++
.../cairo/cairo/CVE-2019-6461.patch | 46 +++-----
.../cairo/cairo/CVE-2019-6462.patch | 46 +++++---
.../xserver-xorg/CVE-2022-4283.patch | 39 +++++++
.../xserver-xorg/CVE-2022-46340.patch | 55 ++++++++++
.../xserver-xorg/CVE-2022-46341.patch | 86 +++++++++++++++
.../xserver-xorg/CVE-2022-46342.patch | 78 +++++++++++++
.../xserver-xorg/CVE-2022-46343.patch | 51 +++++++++
.../xserver-xorg/CVE-2022-46344.patch | 75 +++++++++++++
.../xorg-xserver/xserver-xorg_1.20.14.bb | 8 +-
...20221109.bb => linux-firmware_20221214.bb} | 4 +-
.../ffmpeg/ffmpeg/CVE-2022-3109.patch | 41 +++++++
.../recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb | 1 +
meta/recipes-support/vim/vim.inc | 4 +-
22 files changed, 670 insertions(+), 86 deletions(-)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2022-4144.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2022-4283.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2022-46340.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2022-46341.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2022-46342.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2022-46343.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2022-46344.patch
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20221109.bb => linux-firmware_20221214.bb} (99%)
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-3109.patch
--
2.25.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [OE-core][dunfell 00/16] Patch review
@ 2023-02-20 22:20 Steve Sakoman
0 siblings, 0 replies; 22+ messages in thread
From: Steve Sakoman @ 2023-02-20 22:20 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by
end of day Wednesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4950
The following changes since commit daaee6fcb0d201f041678af433d8e1cd6f924d09:
build-appliance-image: Update to dunfell head revision (2023-02-13 07:48:21 +0000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Alexander Kanavin (1):
oeqa/qemurunner: do not use Popen.poll() when terminating runqemu with
a signal
Antonin Godard (2):
busybox: always start do_compile with orig config files
busybox: rm temporary files if do_compile was interrupted
Hitendra Prajapati (1):
git: CVE-2022-23521 gitattributes parsing integer overflow
Martin Jansa (1):
meta: remove True option to getVar and getVarFlag calls (again)
Mikko Rapeli (1):
oeqa context.py: fix --target-ip comment to include ssh port number
Omkar Patil (1):
sudo: Fix CVE-2023-22809
Pawel Zalewski (1):
classes/fs-uuid: Fix command output decoding issue
Richard Purdie (3):
nativesdk: Handle chown/chgrp calls in nativesdk do_install tasks
make-mod-scripts: Ensure kernel build output is deterministic
libc-locale: Fix on target locale generation
Ross Burton (3):
quilt: fix intermittent failure in faildiff.test
quilt: use upstreamed faildiff.test fix
git: ignore CVE-2022-41953
Steve Sakoman (1):
qemu: Fix slirp determinism issue
Vivek Kumbhar (1):
qemu: fix CVE-2021-3929 nvme DMA reentrancy issue leads to
use-after-free
meta/classes/fs-uuid.bbclass | 2 +-
meta/classes/image.bbclass | 2 +-
meta/classes/libc-package.bbclass | 1 +
meta/classes/license_image.bbclass | 2 +-
meta/classes/nativesdk.bbclass | 2 +
meta/lib/oeqa/runtime/context.py | 4 +-
meta/lib/oeqa/utils/qemurunner.py | 11 +-
meta/recipes-core/busybox/busybox.inc | 27 +-
.../git/files/CVE-2022-23521.patch | 367 ++++++++++++++++++
meta/recipes-devtools/git/git.inc | 4 +-
meta/recipes-devtools/go/go_1.14.bb | 4 +-
.../qemu/qemu-system-native_4.2.0.bb | 2 +-
meta/recipes-devtools/qemu/qemu.inc | 3 +
.../qemu/qemu/CVE-2021-3929.patch | 78 ++++
meta/recipes-devtools/qemu/qemu_4.2.0.bb | 4 +-
meta/recipes-devtools/quilt/quilt.inc | 1 +
.../quilt/quilt/faildiff-order.patch | 41 ++
.../sudo/files/CVE-2023-22809.patch | 113 ++++++
meta/recipes-extended/sudo/sudo_1.8.32.bb | 1 +
.../make-mod-scripts/make-mod-scripts_1.0.bb | 2 +-
scripts/lib/devtool/menuconfig.py | 2 +-
scripts/nativesdk-intercept/chgrp | 27 ++
scripts/nativesdk-intercept/chown | 27 ++
23 files changed, 702 insertions(+), 25 deletions(-)
create mode 100644 meta/recipes-devtools/git/files/CVE-2022-23521.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2021-3929.patch
create mode 100644 meta/recipes-devtools/quilt/quilt/faildiff-order.patch
create mode 100644 meta/recipes-extended/sudo/files/CVE-2023-22809.patch
create mode 100755 scripts/nativesdk-intercept/chgrp
create mode 100755 scripts/nativesdk-intercept/chown
--
2.34.1
^ permalink raw reply [flat|nested] 22+ messages in thread
end of thread, other threads:[~2023-02-20 22:20 UTC | newest]
Thread overview: 22+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-10-27 22:29 [OE-core][dunfell 00/16] Patch review Steve Sakoman
2020-10-27 22:29 ` [OE-core][dunfell 01/16] oeqa: Add sync call to command execution Steve Sakoman
2020-10-27 22:29 ` [OE-core][dunfell 02/16] gcc: mitigate the Straight-line Speculation attack Steve Sakoman
2020-10-27 22:29 ` [OE-core][dunfell 03/16] ffmpeg: fix CVE-2020-12284 Steve Sakoman
2020-10-27 22:29 ` [OE-core][dunfell 04/16] gstreamer1.0: Fix reproducibility issue around libcap Steve Sakoman
2020-10-27 22:29 ` [OE-core][dunfell 05/16] gstreamer1.0: Update 1.16.2 -> Update 1.16.3 Steve Sakoman
2020-10-27 22:29 ` [OE-core][dunfell 06/16] gstreamer1.0-plugins-base: " Steve Sakoman
2020-10-27 22:29 ` [OE-core][dunfell 07/16] gstreamer1.0-plugins-good: " Steve Sakoman
2020-10-27 22:29 ` [OE-core][dunfell 08/16] gstreamer1.0-plugins-bad: " Steve Sakoman
2020-10-27 22:29 ` [OE-core][dunfell 09/16] gstreamer1.0-plugins-ugly: " Steve Sakoman
2020-10-27 22:29 ` [OE-core][dunfell 10/16] gstreamer1.0-libav: " Steve Sakoman
2020-10-27 22:29 ` [OE-core][dunfell 11/16] gstreamer1.0-vaapi: " Steve Sakoman
2020-10-27 22:29 ` [OE-core][dunfell 12/16] gstreamer1.0-rtsp-server: " Steve Sakoman
2020-10-27 22:29 ` [OE-core][dunfell 13/16] gstreamer1.0-omx: " Steve Sakoman
2020-10-27 22:29 ` [OE-core][dunfell 14/16] gstreamer1.0-python: " Steve Sakoman
2020-10-27 22:29 ` [OE-core][dunfell 15/16] gst-validate: " Steve Sakoman
2020-10-27 22:29 ` [OE-core][dunfell 16/16] glib-2.0: fix parsing of slim encoded tzdata Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2023-02-20 22:20 [OE-core][dunfell 00/16] Patch review Steve Sakoman
2023-01-25 14:41 Steve Sakoman
2020-12-01 18:51 Steve Sakoman
2020-06-01 14:11 Steve Sakoman
2020-04-29 16:10 Steve Sakoman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox