[OE-core][kirkstone 00/24] Patch review

[OE-core][kirkstone 00/24] Patch review

[Steve Sakoman]

Please review this set of patches for kirkstone and have comments back by
end of day Friday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4192

The following changes since commit 2363d69d687fc8e53a7c97bf5300e59c9a04f22e:

  gcr: Define _GNU_SOURCE (2022-09-03 13:09:42 +0100)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Alex Stewart (1):
  maintainers: update opkg maintainer

Chee Yang Lee (1):
  sqlite: add CVE-2022-35737 patch to SRC_URI

Enrico Scholz (5):
  npm: replace 'npm pack' call by 'tar czf'
  npm: return content of 'package.json' in 'npm_pack'
  npm: take 'version' directly from 'package.json'
  lib:npm_registry: initial checkin
  npm: use npm_registry to cache package

Joshua Watt (1):
  classes: cve-check: Get shared database lock

Khem Raj (1):
  apr: Cache configure tests which use AC_TRY_RUN

LUIS ENRIQUEZ (1):
  kernel-fitimage.bbclass: add padding algorithm property in config
    nodes

Ming Liu (1):
  meta: introduce UBOOT_MKIMAGE_KERNEL_TYPE

Rasmus Villemoes (1):
  bitbake.conf: set BB_DEFAULT_UMASK using ??=

Richard Purdie (2):
  vim: Upgrade 9.0.0242 -> 9.0.0341
  pseudo: Update to include recent upstream minor fixes

Robert Joslyn (1):
  curl: Backport patch for CVE-2022-35252

Ross Burton (1):
  cve-check: close cursors as soon as possible

Ulrich Ölmann (1):
  scripts/runqemu.README: fix typos and trailing whitespaces

Yang Xu (1):
  insane.bbclass: Skip patches not in oe-core by full path

pgowda (1):
  binutils : CVE-2022-38533

wangmy (5):
  libtasn1: upgrade 4.18.0 -> 4.19.0
  liburcu: upgrade 0.13.1 -> 0.13.2
  libwpe: upgrade 1.12.2 -> 1.12.3
  libatomic-ops: upgrade 7.6.12 -> 7.6.14
  lz4: upgrade 1.9.3 -> 1.9.4

 meta/classes/cve-check.bbclass                |  36 ++--
 meta/classes/insane.bbclass                   |   3 +-
 meta/classes/kernel-fitimage.bbclass          |   4 +-
 meta/classes/kernel-uboot.bbclass             |   3 +
 meta/classes/kernel-uimage.bbclass            |   2 +-
 meta/classes/npm.bbclass                      |  63 ++++---
 meta/classes/uboot-sign.bbclass               |   3 +
 meta/conf/bitbake.conf                        |   2 +-
 meta/conf/distro/include/maintainers.inc      |   8 +-
 meta/lib/oe/npm_registry.py                   | 169 ++++++++++++++++++
 meta/lib/oeqa/selftest/cases/fitimage.py      |   4 +-
 .../recipes-core/meta/cve-update-db-native.bb |  51 +++---
 .../binutils/binutils-2.38.inc                |   1 +
 .../binutils/0015-CVE-2022-38533.patch        |  36 ++++
 meta/recipes-devtools/pseudo/pseudo_git.bb    |   2 +-
 ...ure-due-to-libc-using-libc-functions.patch |  42 -----
 .../{libwpe_1.12.2.bb => libwpe_1.12.3.bb}    |   6 +-
 ...-runtime-test-for-mmap-that-can-map-.patch |  62 +++++++
 meta/recipes-support/apr/apr_1.7.0.bb         |  15 +-
 .../curl/curl/CVE-2022-35252.patch            |  72 ++++++++
 meta/recipes-support/curl/curl_7.82.0.bb      |   1 +
 ...{libtasn1_4.18.0.bb => libtasn1_4.19.0.bb} |   2 +-
 ...-ops_7.6.12.bb => libatomic-ops_7.6.14.bb} |   4 +-
 .../{liburcu_0.13.1.bb => liburcu_0.13.2.bb}  |   2 +-
 .../lz4/files/CVE-2021-3520.patch             |  27 ---
 .../lz4/{lz4_1.9.3.bb => lz4_1.9.4.bb}        |  10 +-
 meta/recipes-support/sqlite/sqlite3_3.38.5.bb |   4 +-
 meta/recipes-support/vim/vim.inc              |   4 +-
 scripts/runqemu.README                        |  16 +-
 29 files changed, 489 insertions(+), 165 deletions(-)
 create mode 100644 meta/lib/oe/npm_registry.py
 create mode 100644 meta/recipes-devtools/binutils/binutils/0015-CVE-2022-38533.patch
 delete mode 100644 meta/recipes-sato/webkit/libwpe/0001-Fix-build-failure-due-to-libc-using-libc-functions.patch
 rename meta/recipes-sato/webkit/{libwpe_1.12.2.bb => libwpe_1.12.3.bb} (72%)
 create mode 100644 meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-35252.patch
 rename meta/recipes-support/gnutls/{libtasn1_4.18.0.bb => libtasn1_4.19.0.bb} (90%)
 rename meta/recipes-support/libatomic-ops/{libatomic-ops_7.6.12.bb => libatomic-ops_7.6.14.bb} (80%)
 rename meta/recipes-support/liburcu/{liburcu_0.13.1.bb => liburcu_0.13.2.bb} (91%)
 delete mode 100644 meta/recipes-support/lz4/files/CVE-2021-3520.patch
 rename meta/recipes-support/lz4/{lz4_1.9.3.bb => lz4_1.9.4.bb} (78%)

-- 
2.25.1

[OE-core][kirkstone 01/24] sqlite: add CVE-2022-35737 patch to SRC_URI

[Steve Sakoman]

From: Chee Yang Lee <chee.yang.lee@intel.com>

SRC_URI include patch introduced in oe-core commit
fdc82b2314b580c0135c16b7278ebf8786311dec

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-support/sqlite/sqlite3_3.38.5.bb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
index d56a3a0209..628f630657 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
@@ -3,7 +3,9 @@ require sqlite3.inc
 LICENSE = "PD"
 LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66"
 
-SRC_URI = "http://www.sqlite.org/2022/sqlite-autoconf-${SQLITE_PV}.tar.gz"
+SRC_URI = "http://www.sqlite.org/2022/sqlite-autoconf-${SQLITE_PV}.tar.gz \
+           file://0001-sqlite-Increased-the-size-of-loop-variables-in-the-printf-implementation.patch \
+"
 SRC_URI[sha256sum] = "5af07de982ba658fd91a03170c945f99c971f6955bc79df3266544373e39869c"
 
 # -19242 is only an issue in specific development branch commits
-- 
2.25.1

[OE-core][kirkstone 02/24] curl: Backport patch for CVE-2022-35252

[Steve Sakoman]

From: Robert Joslyn <robert.joslyn@redrectangle.org>

https://curl.se/docs/CVE-2022-35252.html

Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../curl/curl/CVE-2022-35252.patch            | 72 +++++++++++++++++++
 meta/recipes-support/curl/curl_7.82.0.bb      |  1 +
 2 files changed, 73 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-35252.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2022-35252.patch b/meta/recipes-support/curl/curl/CVE-2022-35252.patch
new file mode 100644
index 0000000000..7b6f81bd02
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2022-35252.patch
@@ -0,0 +1,72 @@
+From 62c09239ac4e08239c8e363b06901fc80637d8c7 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 29 Aug 2022 00:09:17 +0200
+Subject: [PATCH] cookie: reject cookies with "control bytes"
+
+Rejects 0x01 - 0x1f (except 0x09) plus 0x7f
+
+Reported-by: Axel Chong
+
+Bug: https://curl.se/docs/CVE-2022-35252.html
+
+CVE-2022-35252
+
+Closes #9381
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit/8dfc93e573ca740544a2d79ebb]
+
+Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
+---
+ lib/cookie.c | 29 +++++++++++++++++++++++++++++
+ 1 file changed, 29 insertions(+)
+
+diff --git a/lib/cookie.c b/lib/cookie.c
+index cb0c03b..e0470a1 100644
+--- a/lib/cookie.c
++++ b/lib/cookie.c
+@@ -438,6 +438,30 @@ static bool bad_domain(const char *domain)
+   return TRUE;
+ }
+ 
++/*
++  RFC 6265 section 4.1.1 says a server should accept this range:
++
++  cookie-octet    = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
++
++  But Firefox and Chrome as of June 2022 accept space, comma and double-quotes
++  fine. The prime reason for filtering out control bytes is that some HTTP
++  servers return 400 for requests that contain such.
++*/
++static int invalid_octets(const char *p)
++{
++  /* Reject all bytes \x01 - \x1f (*except* \x09, TAB) + \x7f */
++  static const char badoctets[] = {
++    "\x01\x02\x03\x04\x05\x06\x07\x08\x0a"
++    "\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14"
++    "\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x7f"
++  };
++  size_t vlen, len;
++  /* scan for all the octets that are *not* in cookie-octet */
++  len = strcspn(p, badoctets);
++  vlen = strlen(p);
++  return (len != vlen);
++}
++
+ /*
+  * Curl_cookie_add
+  *
+@@ -590,6 +614,11 @@ Curl_cookie_add(struct Curl_easy *data,
+             badcookie = TRUE;
+             break;
+           }
++          if(invalid_octets(whatptr) || invalid_octets(name)) {
++            infof(data, "invalid octets in name/value, cookie dropped");
++            badcookie = TRUE;
++            break;
++          }
+         }
+         else if(!len) {
+           /*
+-- 
+2.35.1
+
diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb
index 67de0220c6..5368c91f5c 100644
--- a/meta/recipes-support/curl/curl_7.82.0.bb
+++ b/meta/recipes-support/curl/curl_7.82.0.bb
@@ -28,6 +28,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \
            file://CVE-2022-32206.patch \
            file://CVE-2022-32207.patch \
            file://CVE-2022-32208.patch \
+           file://CVE-2022-35252.patch \
            "
 SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c"
 
-- 
2.25.1

[OE-core][kirkstone 03/24] binutils : CVE-2022-38533

[Steve Sakoman]

From: pgowda <pgowda.cve@gmail.com>

Upstream-Status: Backport
[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797]

Signed-off-by: pgowda <pgowda.cve@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../binutils/binutils-2.38.inc                |  1 +
 .../binutils/0015-CVE-2022-38533.patch        | 36 +++++++++++++++++++
 2 files changed, 37 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/0015-CVE-2022-38533.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc
index eed252976a..8aa8295881 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -33,5 +33,6 @@ SRC_URI = "\
      file://0012-Check-for-clang-before-checking-gcc-version.patch \
      file://0013-Avoid-as-info-race-condition.patch \
      file://0014-CVE-2019-1010204.patch \
+     file://0015-CVE-2022-38533.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-38533.patch b/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-38533.patch
new file mode 100644
index 0000000000..5d9ac2cb1f
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-38533.patch
@@ -0,0 +1,36 @@
+From ef186fe54aa6d281a3ff8a9528417e5cc614c797 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sat, 13 Aug 2022 15:32:47 +0930
+Subject: [PATCH] PR29482 - strip: heap-buffer-overflow
+
+	PR 29482
+	* coffcode.h (coff_set_section_contents): Sanity check _LIB.
+
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797]
+
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+
+---
+ bfd/coffcode.h | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/bfd/coffcode.h b/bfd/coffcode.h
+index 67aaf158ca1..52027981c3f 100644
+--- a/bfd/coffcode.h
++++ b/bfd/coffcode.h
+@@ -4302,10 +4302,13 @@ coff_set_section_contents (bfd * abfd,
+ 
+ 	rec = (bfd_byte *) location;
+ 	recend = rec + count;
+-	while (rec < recend)
++	while (recend - rec >= 4)
+ 	  {
++	    size_t len = bfd_get_32 (abfd, rec);
++	    if (len == 0 || len > (size_t) (recend - rec) / 4)
++	      break;
++	    rec += len * 4;
+ 	    ++section->lma;
+-	    rec += bfd_get_32 (abfd, rec) * 4;
+ 	  }
+ 
+ 	BFD_ASSERT (rec == recend);
-- 
2.25.1

[OE-core][kirkstone 04/24] classes: cve-check: Get shared database lock

[Steve Sakoman]

From: Joshua Watt <JPEWhacker@gmail.com>

The CVE check database needs to have a shared lock acquired on it before
it is accessed. This to prevent cve-update-db-native from deleting the
database file out from underneath it.

[YOCTO #14899]

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 20a9911b73df62a0d0d1884e57085f13ac5016dd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/cve-check.bbclass | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index da7f93371c..b751c986ef 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -139,17 +139,18 @@ python do_cve_check () {
     """
     from oe.cve_check import get_patched_cves
 
-    if os.path.exists(d.getVar("CVE_CHECK_DB_FILE")):
-        try:
-            patched_cves = get_patched_cves(d)
-        except FileNotFoundError:
-            bb.fatal("Failure in searching patches")
-        ignored, patched, unpatched, status = check_cves(d, patched_cves)
-        if patched or unpatched or (d.getVar("CVE_CHECK_COVERAGE") == "1" and status):
-            cve_data = get_cve_info(d, patched + unpatched + ignored)
-            cve_write_data(d, patched, unpatched, ignored, cve_data, status)
-    else:
-        bb.note("No CVE database found, skipping CVE check")
+    with bb.utils.fileslocked([d.getVar("CVE_CHECK_DB_FILE_LOCK")], shared=True):
+        if os.path.exists(d.getVar("CVE_CHECK_DB_FILE")):
+            try:
+                patched_cves = get_patched_cves(d)
+            except FileNotFoundError:
+                bb.fatal("Failure in searching patches")
+            ignored, patched, unpatched, status = check_cves(d, patched_cves)
+            if patched or unpatched or (d.getVar("CVE_CHECK_COVERAGE") == "1" and status):
+                cve_data = get_cve_info(d, patched + unpatched + ignored)
+                cve_write_data(d, patched, unpatched, ignored, cve_data, status)
+        else:
+            bb.note("No CVE database found, skipping CVE check")
 
 }
 
-- 
2.25.1

[OE-core][kirkstone 05/24] cve-check: close cursors as soon as possible

[Steve Sakoman]

From: Ross Burton <ross.burton@arm.com>

We can have multiple processes reading the database at the same time, and
cursors only release their locks when they're garbage collected.

This might be the cause of random sqlite errors on the autobuilder, so
explicitly close the cursors when we're done with them.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 5d2e90e4a58217a943ec21140bc2ecdd4357a98a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/cve-check.bbclass                | 13 +++--
 .../recipes-core/meta/cve-update-db-native.bb | 51 ++++++++++---------
 2 files changed, 37 insertions(+), 27 deletions(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index b751c986ef..16466586a7 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -291,7 +291,8 @@ def check_cves(d, patched_cves):
             vendor = "%"
 
         # Find all relevant CVE IDs.
-        for cverow in conn.execute("SELECT DISTINCT ID FROM PRODUCTS WHERE PRODUCT IS ? AND VENDOR LIKE ?", (product, vendor)):
+        cve_cursor = conn.execute("SELECT DISTINCT ID FROM PRODUCTS WHERE PRODUCT IS ? AND VENDOR LIKE ?", (product, vendor))
+        for cverow in cve_cursor:
             cve = cverow[0]
 
             if cve in cve_ignore:
@@ -310,7 +311,8 @@ def check_cves(d, patched_cves):
             vulnerable = False
             ignored = False
 
-            for row in conn.execute("SELECT * FROM PRODUCTS WHERE ID IS ? AND PRODUCT IS ? AND VENDOR LIKE ?", (cve, product, vendor)):
+            product_cursor = conn.execute("SELECT * FROM PRODUCTS WHERE ID IS ? AND PRODUCT IS ? AND VENDOR LIKE ?", (cve, product, vendor))
+            for row in product_cursor:
                 (_, _, _, version_start, operator_start, version_end, operator_end) = row
                 #bb.debug(2, "Evaluating row " + str(row))
                 if cve in cve_ignore:
@@ -354,10 +356,12 @@ def check_cves(d, patched_cves):
                         bb.note("%s-%s is vulnerable to %s" % (pn, real_pv, cve))
                         cves_unpatched.append(cve)
                     break
+            product_cursor.close()
 
             if not vulnerable:
                 bb.note("%s-%s is not vulnerable to %s" % (pn, real_pv, cve))
                 patched_cves.add(cve)
+        cve_cursor.close()
 
         if not cves_in_product:
             bb.note("No CVE records found for product %s, pn %s" % (product, pn))
@@ -382,14 +386,15 @@ def get_cve_info(d, cves):
     conn = sqlite3.connect(db_file, uri=True)
 
     for cve in cves:
-        for row in conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,)):
+        cursor = conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,))
+        for row in cursor:
             cve_data[row[0]] = {}
             cve_data[row[0]]["summary"] = row[1]
             cve_data[row[0]]["scorev2"] = row[2]
             cve_data[row[0]]["scorev3"] = row[3]
             cve_data[row[0]]["modified"] = row[4]
             cve_data[row[0]]["vector"] = row[5]
-
+        cursor.close()
     conn.close()
     return cve_data
 
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index 18af89b53e..944243fce9 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -66,9 +66,7 @@ python do_fetch() {
 
     # Connect to database
     conn = sqlite3.connect(db_file)
-    c = conn.cursor()
-
-    initialize_db(c)
+    initialize_db(conn)
 
     with bb.progress.ProgressHandler(d) as ph, open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') as cve_f:
         total_years = date.today().year + 1 - YEAR_START
@@ -98,19 +96,21 @@ python do_fetch() {
                     return
 
             # Compare with current db last modified date
-            c.execute("select DATE from META where YEAR = ?", (year,))
-            meta = c.fetchone()
+            cursor = conn.execute("select DATE from META where YEAR = ?", (year,))
+            meta = cursor.fetchone()
+            cursor.close()
+
             if not meta or meta[0] != last_modified:
                 bb.debug(2, "Updating entries")
                 # Clear products table entries corresponding to current year
-                c.execute("delete from PRODUCTS where ID like ?", ('CVE-%d%%' % year,))
+                conn.execute("delete from PRODUCTS where ID like ?", ('CVE-%d%%' % year,)).close()
 
                 # Update db with current year json file
                 try:
                     response = urllib.request.urlopen(json_url)
                     if response:
-                        update_db(c, gzip.decompress(response.read()).decode('utf-8'))
-                    c.execute("insert or replace into META values (?, ?)", [year, last_modified])
+                        update_db(conn, gzip.decompress(response.read()).decode('utf-8'))
+                    conn.execute("insert or replace into META values (?, ?)", [year, last_modified]).close()
                 except urllib.error.URLError as e:
                     cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n')
                     bb.warn("Cannot parse CVE data (%s), update failed" % e.reason)
@@ -129,21 +129,26 @@ do_fetch[lockfiles] += "${CVE_CHECK_DB_FILE_LOCK}"
 do_fetch[file-checksums] = ""
 do_fetch[vardeps] = ""
 
-def initialize_db(c):
-    c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)")
+def initialize_db(conn):
+    with conn:
+        c = conn.cursor()
+
+        c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)")
+
+        c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \
+            SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)")
 
-    c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \
-        SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)")
+        c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \
+            VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \
+            VERSION_END TEXT, OPERATOR_END TEXT)")
+        c.execute("CREATE INDEX IF NOT EXISTS PRODUCT_ID_IDX on PRODUCTS(ID);")
 
-    c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (ID TEXT, \
-        VENDOR TEXT, PRODUCT TEXT, VERSION_START TEXT, OPERATOR_START TEXT, \
-        VERSION_END TEXT, OPERATOR_END TEXT)")
-    c.execute("CREATE INDEX IF NOT EXISTS PRODUCT_ID_IDX on PRODUCTS(ID);")
+        c.close()
 
-def parse_node_and_insert(c, node, cveId):
+def parse_node_and_insert(conn, node, cveId):
     # Parse children node if needed
     for child in node.get('children', ()):
-        parse_node_and_insert(c, child, cveId)
+        parse_node_and_insert(conn, child, cveId)
 
     def cpe_generator():
         for cpe in node.get('cpe_match', ()):
@@ -200,9 +205,9 @@ def parse_node_and_insert(c, node, cveId):
                     # Save processing by representing as -.
                     yield [cveId, vendor, product, '-', '', '', '']
 
-    c.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator())
+    conn.executemany("insert into PRODUCTS values (?, ?, ?, ?, ?, ?, ?)", cpe_generator()).close()
 
-def update_db(c, jsondata):
+def update_db(conn, jsondata):
     import json
     root = json.loads(jsondata)
 
@@ -226,12 +231,12 @@ def update_db(c, jsondata):
             accessVector = accessVector or "UNKNOWN"
             cvssv3 = 0.0
 
-        c.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)",
-                [cveId, cveDesc, cvssv2, cvssv3, date, accessVector])
+        conn.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)",
+                [cveId, cveDesc, cvssv2, cvssv3, date, accessVector]).close()
 
         configurations = elt['configurations']['nodes']
         for config in configurations:
-            parse_node_and_insert(c, config, cveId)
+            parse_node_and_insert(conn, config, cveId)
 
 
 do_fetch[nostamp] = "1"
-- 
2.25.1

[OE-core][kirkstone 06/24] vim: Upgrade 9.0.0242 -> 9.0.0341

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

Addresses CVE-2022-2980, CVE-2022-2946 and CVE-2022-2982.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 01c08d47ecfcc7aefacc8280e0055c75b13795b2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-support/vim/vim.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 5b95ab2625..33a8299243 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -20,8 +20,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
            file://no-path-adjust.patch \
            "
 
-PV .= ".0242"
-SRCREV = "171c683237149262665135c7d5841a89bb156f53"
+PV .= ".0341"
+SRCREV = "92a3d20682d46359bb50a452b4f831659e799155"
 
 # Remove when 8.3 is out
 UPSTREAM_VERSION_UNKNOWN = "1"
-- 
2.25.1

[OE-core][kirkstone 07/24] libtasn1: upgrade 4.18.0 -> 4.19.0

[Steve Sakoman]

From: wangmy <wangmy@fujitsu.com>

Changelog:
===========
- Clarify libtasn1.map license.  Closes: #38.
- Fix ETYPE_OK out of bounds read.  Closes: #32.
- Update gnulib files and various maintenance fixes.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit b8f2c6ec61ffcc607a35bd5c11f5020c9b676226)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../gnutls/{libtasn1_4.18.0.bb => libtasn1_4.19.0.bb}           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-support/gnutls/{libtasn1_4.18.0.bb => libtasn1_4.19.0.bb} (90%)

diff --git a/meta/recipes-support/gnutls/libtasn1_4.18.0.bb b/meta/recipes-support/gnutls/libtasn1_4.19.0.bb
similarity index 90%
rename from meta/recipes-support/gnutls/libtasn1_4.18.0.bb
rename to meta/recipes-support/gnutls/libtasn1_4.19.0.bb
index db49adc1c2..5fb8b54c06 100644
--- a/meta/recipes-support/gnutls/libtasn1_4.18.0.bb
+++ b/meta/recipes-support/gnutls/libtasn1_4.19.0.bb
@@ -16,7 +16,7 @@ SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \
 
 DEPENDS = "bison-native"
 
-SRC_URI[sha256sum] = "4365c154953563d64c67a024b607d1ee75c6db76e0d0f65709ea80a334cd1898"
+SRC_URI[sha256sum] = "1613f0ac1cf484d6ec0ce3b8c06d56263cc7242f1c23b30d82d23de345a63f7a"
 
 inherit autotools texinfo lib_package gtk-doc
 
-- 
2.25.1

Re: [OE-core][kirkstone 07/24] libtasn1: upgrade 4.18.0 -> 4.19.0

[Randy MacLeod]

On 2022-09-07 10:20, Steve Sakoman wrote:
> From: wangmy <wangmy@fujitsu.com>
>
> Changelog:
> ===========
> - Clarify libtasn1.map license.  Closes: #38.
> - Fix ETYPE_OK out of bounds read.  Closes: #32.
> - Update gnulib files and various maintenance fixes.
>
> Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
> (cherry picked from commit b8f2c6ec61ffcc607a35bd5c11f5020c9b676226)
> Signed-off-by: Steve Sakoman <steve@sakoman.com>
> ---
>   .../gnutls/{libtasn1_4.18.0.bb => libtasn1_4.19.0.bb}           | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>   rename meta/recipes-support/gnutls/{libtasn1_4.18.0.bb => libtasn1_4.19.0.bb} (90%)
>
> diff --git a/meta/recipes-support/gnutls/libtasn1_4.18.0.bb b/meta/recipes-support/gnutls/libtasn1_4.19.0.bb
> similarity index 90%
> rename from meta/recipes-support/gnutls/libtasn1_4.18.0.bb
> rename to meta/recipes-support/gnutls/libtasn1_4.19.0.bb
> index db49adc1c2..5fb8b54c06 100644
> --- a/meta/recipes-support/gnutls/libtasn1_4.18.0.bb
> +++ b/meta/recipes-support/gnutls/libtasn1_4.19.0.bb
> @@ -16,7 +16,7 @@ SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \
>   
>   DEPENDS = "bison-native"
>   
> -SRC_URI[sha256sum] = "4365c154953563d64c67a024b607d1ee75c6db76e0d0f65709ea80a334cd1898"
> +SRC_URI[sha256sum] = "1613f0ac1cf484d6ec0ce3b8c06d56263cc7242f1c23b30d82d23de345a63f7a"
>   
>   inherit autotools texinfo lib_package gtk-doc

I was a little concerned about this update for kirkstone but
after a little review, it seems fine so I thought I'd reply to show
Steve that people do eventually read his updates and to re-assure
any late to the party worriers like me.


Full git log --oneline below but the source is mainly in 'src and lib':

$ git log --oneline v4.18.0..v4.19.0 src
4e74cf2 Bump copyright years.

$ git log --oneline v4.18.0..v4.19.0 lib
6acc6d9 Work around unfixed gtk-doc problem.
5ce3238 Some C89 fixes.  Closes: !70.
44a700d Fix ETYPE_OK off by one array size check.  Closes: #32.
33adcd0 Fix license header.  Closes: #38.
4e74cf2 Bump copyright years.

so that all seems to be sensible.

I may learn to trust Steve (but I'll keep verifying...)

../Randy


$ git log --oneline v4.18.0..v4.19.0
2b7ee16 (tag: v4.19.0) version 4.19.0
6acc6d9 Work around unfixed gtk-doc problem.
53fe8c8 Improve CI/CD artifacts, and fail on errors.
06e7433 Put version checks in tests/version.c.
513bb42 Deduplicate.
51e04e5 bootstrap.conf (src_gnulib_modules): Add getopt-gnu.
290a4ad Build check with tcc/lld/pcc.
5ce3238 Some C89 fixes.  Closes: !70.
b66b8ce Attempt to reproduce !70 build error.
4af0fbc Bump LT_REVISION.
42467ed Add sc_libtool_version_bump syntax-check.
74785e7 Move gnulib's dummy test directory from tests-gl to lib/gl/tests.
45c87b5 Add NEWS entry.
44a700d Fix ETYPE_OK off by one array size check.  Closes: #32.
1487507 Make sure syntax-check catches indent mistakes during cicd.
6533485 Add self-check for #32 to see if cicd catches it.
33adcd0 Fix license header.  Closes: #38.
72e30be Add NEWS entry.
7b58af4 Silence syntax-check.
f1436e1 Silence sc_makefile_DISTCHECK_CONFIGURE_FLAGS until we clean up 
coverage code.
7c54eb1 Put gtkdocize in bootstrap_post_import_hook.
2a2686c Update bootstrap.
81b1cb0 Update gnulib.
4e74cf2 Bump copyright years.
02bf9cb Don't use -static when linking in fuzz/.  Closes: !61.
56d2301 Use portable way to remove carriage returns.
3af8286 (origin/jas/tmp-cicd) Don't use non-portable diff 
--strip-trailing-cr.
607e6b1 cicd: Add targets, reduce texlive.
581e2a3 maint: Fix builddir!=srcdir abi-check failure.
c9c8de3 maint: Attempt to minimize texlive dependencies.
6182cf4 maint: Fix (and CICD-test) builddir!=srcdir bootstrap builds.
4332821 maint: Remove really old release announcement template.
5b766ad maint: Really remove texinfo.css.
f3c679d maint: post-release administrivia


>   
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#170402): https://lists.openembedded.org/g/openembedded-core/message/170402
> Mute This Topic: https://lists.openembedded.org/mt/93525901/3616765
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [randy.macleod@windriver.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>

-- 
# Randy MacLeod
# Wind River Linux

Re: [OE-core][kirkstone 07/24] libtasn1: upgrade 4.18.0 -> 4.19.0

[Steve Sakoman]

On Tue, Sep 13, 2022 at 2:37 PM Randy MacLeod
<randy.macleod@windriver.com> wrote:
>
> On 2022-09-07 10:20, Steve Sakoman wrote:
> > From: wangmy <wangmy@fujitsu.com>
> >
> > Changelog:
> > ===========
> > - Clarify libtasn1.map license.  Closes: #38.
> > - Fix ETYPE_OK out of bounds read.  Closes: #32.
> > - Update gnulib files and various maintenance fixes.
> >
> > Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
> > Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
> > (cherry picked from commit b8f2c6ec61ffcc607a35bd5c11f5020c9b676226)
> > Signed-off-by: Steve Sakoman <steve@sakoman.com>
> > ---
> >   .../gnutls/{libtasn1_4.18.0.bb => libtasn1_4.19.0.bb}           | 2 +-
> >   1 file changed, 1 insertion(+), 1 deletion(-)
> >   rename meta/recipes-support/gnutls/{libtasn1_4.18.0.bb => libtasn1_4.19.0.bb} (90%)
> >
> > diff --git a/meta/recipes-support/gnutls/libtasn1_4.18.0.bb b/meta/recipes-support/gnutls/libtasn1_4.19.0.bb
> > similarity index 90%
> > rename from meta/recipes-support/gnutls/libtasn1_4.18.0.bb
> > rename to meta/recipes-support/gnutls/libtasn1_4.19.0.bb
> > index db49adc1c2..5fb8b54c06 100644
> > --- a/meta/recipes-support/gnutls/libtasn1_4.18.0.bb
> > +++ b/meta/recipes-support/gnutls/libtasn1_4.19.0.bb
> > @@ -16,7 +16,7 @@ SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \
> >
> >   DEPENDS = "bison-native"
> >
> > -SRC_URI[sha256sum] = "4365c154953563d64c67a024b607d1ee75c6db76e0d0f65709ea80a334cd1898"
> > +SRC_URI[sha256sum] = "1613f0ac1cf484d6ec0ce3b8c06d56263cc7242f1c23b30d82d23de345a63f7a"
> >
> >   inherit autotools texinfo lib_package gtk-doc
>
> I was a little concerned about this update for kirkstone but
> after a little review, it seems fine so I thought I'd reply to show
> Steve that people do eventually read his updates and to re-assure
> any late to the party worriers like me.
>
>
> Full git log --oneline below but the source is mainly in 'src and lib':
>
> $ git log --oneline v4.18.0..v4.19.0 src
> 4e74cf2 Bump copyright years.
>
> $ git log --oneline v4.18.0..v4.19.0 lib
> 6acc6d9 Work around unfixed gtk-doc problem.
> 5ce3238 Some C89 fixes.  Closes: !70.
> 44a700d Fix ETYPE_OK off by one array size check.  Closes: #32.
> 33adcd0 Fix license header.  Closes: #38.
> 4e74cf2 Bump copyright years.
>
> so that all seems to be sensible.
>
> I may learn to trust Steve (but I'll keep verifying...)

Please do!  I'm not sure I would trust me ;-)

Steve

> $ git log --oneline v4.18.0..v4.19.0
> 2b7ee16 (tag: v4.19.0) version 4.19.0
> 6acc6d9 Work around unfixed gtk-doc problem.
> 53fe8c8 Improve CI/CD artifacts, and fail on errors.
> 06e7433 Put version checks in tests/version.c.
> 513bb42 Deduplicate.
> 51e04e5 bootstrap.conf (src_gnulib_modules): Add getopt-gnu.
> 290a4ad Build check with tcc/lld/pcc.
> 5ce3238 Some C89 fixes.  Closes: !70.
> b66b8ce Attempt to reproduce !70 build error.
> 4af0fbc Bump LT_REVISION.
> 42467ed Add sc_libtool_version_bump syntax-check.
> 74785e7 Move gnulib's dummy test directory from tests-gl to lib/gl/tests.
> 45c87b5 Add NEWS entry.
> 44a700d Fix ETYPE_OK off by one array size check.  Closes: #32.
> 1487507 Make sure syntax-check catches indent mistakes during cicd.
> 6533485 Add self-check for #32 to see if cicd catches it.
> 33adcd0 Fix license header.  Closes: #38.
> 72e30be Add NEWS entry.
> 7b58af4 Silence syntax-check.
> f1436e1 Silence sc_makefile_DISTCHECK_CONFIGURE_FLAGS until we clean up
> coverage code.
> 7c54eb1 Put gtkdocize in bootstrap_post_import_hook.
> 2a2686c Update bootstrap.
> 81b1cb0 Update gnulib.
> 4e74cf2 Bump copyright years.
> 02bf9cb Don't use -static when linking in fuzz/.  Closes: !61.
> 56d2301 Use portable way to remove carriage returns.
> 3af8286 (origin/jas/tmp-cicd) Don't use non-portable diff
> --strip-trailing-cr.
> 607e6b1 cicd: Add targets, reduce texlive.
> 581e2a3 maint: Fix builddir!=srcdir abi-check failure.
> c9c8de3 maint: Attempt to minimize texlive dependencies.
> 6182cf4 maint: Fix (and CICD-test) builddir!=srcdir bootstrap builds.
> 4332821 maint: Remove really old release announcement template.
> 5b766ad maint: Really remove texinfo.css.
> f3c679d maint: post-release administrivia
>
>
> >
> >
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> > View/Reply Online (#170402): https://lists.openembedded.org/g/openembedded-core/message/170402
> > Mute This Topic: https://lists.openembedded.org/mt/93525901/3616765
> > Group Owner: openembedded-core+owner@lists.openembedded.org
> > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [randy.macleod@windriver.com]
> > -=-=-=-=-=-=-=-=-=-=-=-
> >
>
> --
> # Randy MacLeod
> # Wind River Linux
>

[OE-core][kirkstone 08/24] liburcu: upgrade 0.13.1 -> 0.13.2

[Steve Sakoman]

From: wangmy <wangmy@fujitsu.com>

2022-08-18 Userspace RCU 0.13.2
	* Revert "Fix: remove type constness in URCU_FORCE_CAST's C++ version"
	* Fix: futex.h: include headers outside extern C
	* Fix: add missing unused attribute to _rcu_dereference
	* Fix: change method used by _rcu_dereference to strip type constness
	* Fix: remove type constness in URCU_FORCE_CAST's C++ version
	* Move extern "C" down in include/urcu/urcu-bp.h
	* fix: ifdef linux specific cpu count compat
	* Set git-review branch to stable-0.13
	* fix: sysconf(_SC_NPROCESSORS_CONF) can be less than max cpu id
	* Fix: revise obsolete command in README.md
	* Fix: workqueue: remove unused variable "ret"
	* Fix: urcu-qsbr: futex wait: handle spurious futex wakeups
	* Fix: urcu: futex wait: handle spurious futex wakeups
	* Fix: urcu-wait: futex wait: handle spurious futex wakeups
	* Fix: defer_rcu: futex wait: handle spurious futex wakeups
	* Fix: call_rcu: futex wait: handle spurious futex wakeups
	* Fix: workqueue: futex wait: handle spurious futex wakeups
	* Fix: Use %lu rather than %ld to print count

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit b9ce9d9ab53baab7ba84187d17b34e48ff9eb16e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../liburcu/{liburcu_0.13.1.bb => liburcu_0.13.2.bb}            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-support/liburcu/{liburcu_0.13.1.bb => liburcu_0.13.2.bb} (91%)

diff --git a/meta/recipes-support/liburcu/liburcu_0.13.1.bb b/meta/recipes-support/liburcu/liburcu_0.13.2.bb
similarity index 91%
rename from meta/recipes-support/liburcu/liburcu_0.13.1.bb
rename to meta/recipes-support/liburcu/liburcu_0.13.2.bb
index 66763349d2..6ecf2e21c0 100644
--- a/meta/recipes-support/liburcu/liburcu_0.13.1.bb
+++ b/meta/recipes-support/liburcu/liburcu_0.13.2.bb
@@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=e548d28737289d75a8f1e01ba2fd7825 \
 
 SRC_URI = "http://lttng.org/files/urcu/userspace-rcu-${PV}.tar.bz2"
 
-SRC_URI[sha256sum] = "3213f33d2b8f710eb920eb1abb279ec04bf8ae6361f44f2513c28c20d3363083"
+SRC_URI[sha256sum] = "1213fd9f1b0b74da7de2bb74335b76098db9738fec5d3cdc07c0c524f34fc032"
 
 S = "${WORKDIR}/userspace-rcu-${PV}"
 inherit autotools multilib_header
-- 
2.25.1

[OE-core][kirkstone 09/24] libwpe: upgrade 1.12.2 -> 1.12.3

[Steve Sakoman]

From: wangmy <wangmy@fujitsu.com>

Changelog:
  Fix the build when using Clang's libc++ or the Musl libc.

0001-Fix-build-failure-due-to-libc-using-libc-functions.patch
removed since it's included in 1.12.3

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit f8d8cc58c9b9c221158414be186bc12aa5d80e91)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...ure-due-to-libc-using-libc-functions.patch | 42 -------------------
 .../{libwpe_1.12.2.bb => libwpe_1.12.3.bb}    |  6 +--
 2 files changed, 2 insertions(+), 46 deletions(-)
 delete mode 100644 meta/recipes-sato/webkit/libwpe/0001-Fix-build-failure-due-to-libc-using-libc-functions.patch
 rename meta/recipes-sato/webkit/{libwpe_1.12.2.bb => libwpe_1.12.3.bb} (72%)

diff --git a/meta/recipes-sato/webkit/libwpe/0001-Fix-build-failure-due-to-libc-using-libc-functions.patch b/meta/recipes-sato/webkit/libwpe/0001-Fix-build-failure-due-to-libc-using-libc-functions.patch
deleted file mode 100644
index 6d27b4835d..0000000000
--- a/meta/recipes-sato/webkit/libwpe/0001-Fix-build-failure-due-to-libc-using-libc-functions.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From ccf8a58c3536ca0e62748e0ea477514e14d821bc Mon Sep 17 00:00:00 2001
-From: Adrian Perez de Castro <aperez@igalia.com>
-Date: Thu, 4 Aug 2022 12:19:05 +0300
-Subject: [PATCH] Fix build failure due to libc++ using libc functions
-
-Include the "alloc-private.h" header after the C++ standard library
-headers. This sidesteps build failures caused by implementations of
-std::map and std::string which use libc memory allocation functions
-in expanded templates after they have been marked with the "poison"
-pragma.
-
-Fixes #115
-
-Upstream-Status: Backport
-Signed-off-by: Alexander Kanavin <alex@linutronix.de>
----
- src/pasteboard-generic.cpp | 9 ++++++---
- 1 file changed, 6 insertions(+), 3 deletions(-)
-
-diff --git a/src/pasteboard-generic.cpp b/src/pasteboard-generic.cpp
-index 86fe4ee..a357027 100644
---- a/src/pasteboard-generic.cpp
-+++ b/src/pasteboard-generic.cpp
-@@ -26,12 +26,15 @@
- 
- #include "pasteboard-private.h"
- 
--#include "alloc-private.h"
--#include <cstdlib>
--#include <cstring>
- #include <map>
- #include <string>
- 
-+// We need to include this header last, in order to avoid template expansions
-+// from the C++ standard library happening after it forbids usage of the libc
-+// memory functions.
-+#include "alloc-private.h"
-+#include <cstring>
-+
- namespace Generic {
- using Pasteboard = std::map<std::string, std::string>;
- }
diff --git a/meta/recipes-sato/webkit/libwpe_1.12.2.bb b/meta/recipes-sato/webkit/libwpe_1.12.3.bb
similarity index 72%
rename from meta/recipes-sato/webkit/libwpe_1.12.2.bb
rename to meta/recipes-sato/webkit/libwpe_1.12.3.bb
index e23a9ac32d..77ca517ef7 100644
--- a/meta/recipes-sato/webkit/libwpe_1.12.2.bb
+++ b/meta/recipes-sato/webkit/libwpe_1.12.3.bb
@@ -10,10 +10,8 @@ inherit cmake features_check pkgconfig
 
 REQUIRED_DISTRO_FEATURES = "opengl"
 
-SRC_URI = "https://wpewebkit.org/releases/${BPN}-${PV}.tar.xz \
-           file://0001-Fix-build-failure-due-to-libc-using-libc-functions.patch \
-           "
-SRC_URI[sha256sum] = "4ac4fd0a8b562b721bffd0f46ae9f06c2b5a3114407581978be875a9d651642a"
+SRC_URI = "https://wpewebkit.org/releases/${BPN}-${PV}.tar.xz"
+SRC_URI[sha256sum] = "b84fdbfbc849ce4fdf084bb28b58e5463b1b4b6cc8f200dc77b41f8545d5329d"
 
 # This is a tweak of upstream-version-is-even needed because
 # ipstream directory contains tarballs for other components as well.
-- 
2.25.1

[OE-core][kirkstone 10/24] libatomic-ops: upgrade 7.6.12 -> 7.6.14

[Steve Sakoman]

From: wangmy <wangmy@fujitsu.com>

License-Update:  Adjust/reformat content of LICENSING.txt
=========================================================
 "libatomic_ops_gpl.a" changed to "libatomic_ops_gpl.a file"
 "sysdeps" changed to "atomic_ops/sysdeps"
 "This applies only to test code, sample applications," changed to
 "This applies only to the test code"

Changelog:
==========
 Add note to README that AO malloc code has same license as AO stack
 Adjust/reformat content of LICENSING.txt
 Avoid AO_stack_t to cross CPU cache line boundary
 Do not assume 'ordered except earlier write' for UWP/arm64
 Do not name GCC intrinsics as C11 ones in ChangeLog and configure
 Eliminate '-pedantic is not option that controls warnings' GCC-6.3 message
 Ensure result of AO_test_and_set is always AO_TS_CLEAR or AO_TS_SET
 Fix 'AO_malloc redefinition' MS VC warning caused by attributes mismatch
 Fix 'use of undeclared SIG_BLOCK' Clang error if -std=c89 on Cygwin
 Fix AO_compare_and_swap_full asm code for clang on sparc
 Fix a typo in comment of AO_stack_push_explicit_aux_release
 Fix code indentation in main() of test_stack.c
 Refine AO_UNIPROCESSOR macro description in configure
 Remove outdated comment about unsupported Win64 in atomic_ops_stack.h
 Repeat black list check on CAS fail in stack_push_explicit_aux_release

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit a0f177ef7f52bab06d8fff752ba8390defd71ed5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../{libatomic-ops_7.6.12.bb => libatomic-ops_7.6.14.bb}      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-support/libatomic-ops/{libatomic-ops_7.6.12.bb => libatomic-ops_7.6.14.bb} (80%)

diff --git a/meta/recipes-support/libatomic-ops/libatomic-ops_7.6.12.bb b/meta/recipes-support/libatomic-ops/libatomic-ops_7.6.14.bb
similarity index 80%
rename from meta/recipes-support/libatomic-ops/libatomic-ops_7.6.12.bb
rename to meta/recipes-support/libatomic-ops/libatomic-ops_7.6.14.bb
index 8ea8436977..fad92df507 100644
--- a/meta/recipes-support/libatomic-ops/libatomic-ops_7.6.12.bb
+++ b/meta/recipes-support/libatomic-ops/libatomic-ops_7.6.14.bb
@@ -5,13 +5,13 @@ SECTION = "optional"
 PROVIDES += "libatomics-ops"
 LICENSE = "GPL-2.0-only & MIT"
 LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
-                    file://doc/LICENSING.txt;md5=e00dd5c8ac03a14c5ae5225a4525fa2d \
+                    file://doc/LICENSING.txt;md5=dfc50c7cea7b66935844587a0f7389e7 \
                     "
 
 SRC_URI = "https://github.com/ivmai/libatomic_ops/releases/download/v${PV}/libatomic_ops-${PV}.tar.gz"
 UPSTREAM_CHECK_URI = "https://github.com/ivmai/libatomic_ops/releases"
 
-SRC_URI[sha256sum] = "f0ab566e25fce08b560e1feab6a3db01db4a38e5bc687804334ef3920c549f3e"
+SRC_URI[sha256sum] = "390f244d424714735b7050d056567615b3b8f29008a663c262fb548f1802d292"
 
 S = "${WORKDIR}/libatomic_ops-${PV}"
 
-- 
2.25.1

[OE-core][kirkstone 11/24] lz4: upgrade 1.9.3 -> 1.9.4

[Steve Sakoman]

From: wangmy <wangmy@fujitsu.com>

CVE-2021-3520.patch
removed since it's included in 1.9.4

License-Update:
  Copyright year updated to 2020
  description of 3rd party applications changed

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit f95c66050bc69af7769d1868b0118cefb24e5b0d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../lz4/files/CVE-2021-3520.patch             | 27 -------------------
 .../lz4/{lz4_1.9.3.bb => lz4_1.9.4.bb}        | 10 +++----
 2 files changed, 4 insertions(+), 33 deletions(-)
 delete mode 100644 meta/recipes-support/lz4/files/CVE-2021-3520.patch
 rename meta/recipes-support/lz4/{lz4_1.9.3.bb => lz4_1.9.4.bb} (78%)

diff --git a/meta/recipes-support/lz4/files/CVE-2021-3520.patch b/meta/recipes-support/lz4/files/CVE-2021-3520.patch
deleted file mode 100644
index 5ac8f6691f..0000000000
--- a/meta/recipes-support/lz4/files/CVE-2021-3520.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 8301a21773ef61656225e264f4f06ae14462bca7 Mon Sep 17 00:00:00 2001
-From: Jasper Lievisse Adriaanse <j@jasper.la>
-Date: Fri, 26 Feb 2021 15:21:20 +0100
-Subject: [PATCH] Fix potential memory corruption with negative memmove() size
-
-Upstream-Status: Backport
-https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7#diff-7055e9cf14c488aea9837aaf9f528b58ee3c22988d7d0d81d172ec62d94a88a7
-CVE: CVE-2021-3520
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- lib/lz4.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Index: git/lib/lz4.c
-===================================================================
---- git.orig/lib/lz4.c
-+++ git/lib/lz4.c
-@@ -1665,7 +1665,7 @@ LZ4_decompress_generic(
-                  const size_t dictSize         /* note : = 0 if noDict */
-                  )
- {
--    if (src == NULL) { return -1; }
-+    if ((src == NULL) || (outputSize < 0)) { return -1; }
- 
-     {   const BYTE* ip = (const BYTE*) src;
-         const BYTE* const iend = ip + srcSize;
diff --git a/meta/recipes-support/lz4/lz4_1.9.3.bb b/meta/recipes-support/lz4/lz4_1.9.4.bb
similarity index 78%
rename from meta/recipes-support/lz4/lz4_1.9.3.bb
rename to meta/recipes-support/lz4/lz4_1.9.4.bb
index 129a86b681..a2a178bab5 100644
--- a/meta/recipes-support/lz4/lz4_1.9.3.bb
+++ b/meta/recipes-support/lz4/lz4_1.9.4.bb
@@ -3,18 +3,16 @@ DESCRIPTION = "LZ4 is a very fast lossless compression algorithm, providing comp
 HOMEPAGE = "https://github.com/lz4/lz4"
 
 LICENSE = "BSD-2-Clause | GPL-2.0-only"
-LIC_FILES_CHKSUM = "file://lib/LICENSE;md5=ebc2ea4814a64de7708f1571904b32cc \
+LIC_FILES_CHKSUM = "file://lib/LICENSE;md5=5cd5f851b52ec832b10eedb3f01f885a \
                     file://programs/COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
-                    file://LICENSE;md5=d57c0d21cb917fb4e0af2454aa48b956 \
+                    file://LICENSE;md5=c5cc3cd6f9274b4d32988096df9c3ec3 \
                     "
 
 PE = "1"
 
-SRCREV = "d44371841a2f1728a3f36839fd4b7e872d0927d3"
+SRCREV = "5ff839680134437dbf4678f3d0c7b371d84f4964"
 
-SRC_URI = "git://github.com/lz4/lz4.git;branch=release;protocol=https \
-           file://CVE-2021-3520.patch \
-           "
+SRC_URI = "git://github.com/lz4/lz4.git;branch=release;protocol=https"
 UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>.*)"
 
 S = "${WORKDIR}/git"
-- 
2.25.1

[OE-core][kirkstone 12/24] insane.bbclass: Skip patches not in oe-core by full path

[Steve Sakoman]

From: Yang Xu <yang.xu@mediatek.com>

The full path of patch may contain '/meta/' but not in oe-core, skip
patches by checking it starts with oe-core full path or not.

Signed-off-by: Yang Xu <yang.xu@mediatek.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit d8a525afdfb5d371e76b09301c8b2741d23d1d10)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/insane.bbclass | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta/classes/insane.bbclass b/meta/classes/insane.bbclass
index f3f80334f6..0d93d50e58 100644
--- a/meta/classes/insane.bbclass
+++ b/meta/classes/insane.bbclass
@@ -1196,11 +1196,12 @@ python do_qa_patch() {
     import re
     from oe import patch
 
+    coremeta_path = os.path.join(d.getVar('COREBASE'), 'meta', '')
     for url in patch.src_patches(d):
        (_, _, fullpath, _, _, _) = bb.fetch.decodeurl(url)
 
        # skip patches not in oe-core
-       if '/meta/' not in fullpath:
+       if not os.path.abspath(fullpath).startswith(coremeta_path):
            continue
 
        kinda_status_re = re.compile(r"^.*upstream.*status.*$", re.IGNORECASE | re.MULTILINE)
-- 
2.25.1

[OE-core][kirkstone 13/24] maintainers: update opkg maintainer

[Steve Sakoman]

From: Alex Stewart <alex.stewart@ni.com>

Alex Stewart assumed maintainership of the yocto project's opkg fork,
and opkg recipes, from Alejandro Del Castilo back in Q1 of 2020.

Update maintainership of the opkg recipes.

Signed-off-by: Alex Stewart <alex.stewart@ni.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit fd0511080fb5744b4b58df43184fa2561cc37134)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/conf/distro/include/maintainers.inc | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc
index 0a1897fc92..4778b1e5e6 100644
--- a/meta/conf/distro/include/maintainers.inc
+++ b/meta/conf/distro/include/maintainers.inc
@@ -544,10 +544,10 @@ RECIPE_MAINTAINER:pn-ofono = "Ross Burton <ross.burton@arm.com>"
 RECIPE_MAINTAINER:pn-opensbi = "Alistair Francis <alistair.francis@wdc.com>"
 RECIPE_MAINTAINER:pn-openssh = "Unassigned <unassigned@yoctoproject.org>"
 RECIPE_MAINTAINER:pn-openssl = "Alexander Kanavin <alex.kanavin@gmail.com>"
-RECIPE_MAINTAINER:pn-opkg = "Alejandro del Castillo <alejandro.delcastillo@ni.com>"
-RECIPE_MAINTAINER:pn-opkg-arch-config = "Alejandro del Castillo <alejandro.delcastillo@ni.com>"
-RECIPE_MAINTAINER:pn-opkg-keyrings = "Alejandro del Castillo <alejandro.delcastillo@ni.com>"
-RECIPE_MAINTAINER:pn-opkg-utils = "Alejandro del Castillo <alejandro.delcastillo@ni.com>"
+RECIPE_MAINTAINER:pn-opkg = "Alex Stewart <alex.stewart@ni.com>"
+RECIPE_MAINTAINER:pn-opkg-arch-config = "Alex Stewart <alex.stewart@ni.com>"
+RECIPE_MAINTAINER:pn-opkg-keyrings = "Alex Stewart <alex.stewart@ni.com>"
+RECIPE_MAINTAINER:pn-opkg-utils = "Alex Stewart <alex.stewart@ni.com>"
 RECIPE_MAINTAINER:pn-orc = "Anuj Mittal <anuj.mittal@intel.com>"
 RECIPE_MAINTAINER:pn-os-release = "Ross Burton <ross.burton@arm.com>"
 RECIPE_MAINTAINER:pn-ovmf = "Ricardo Neri <ricardo.neri-calderon@linux.intel.com>"
-- 
2.25.1

[OE-core][kirkstone 14/24] apr: Cache configure tests which use AC_TRY_RUN

[Steve Sakoman]

From: Khem Raj <raj.khem@gmail.com>

AC_TRY_RUN macro means the test needs to run to find the result and we
are cross compiling so this will always get wrong results, this results
in miscompiling apache2 on musl because it disables rlimit
(ac_cv_struct_rlimit) wrongly.

All these variables are determined with AC_TRY_RUN checks

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 504eb0ff1cae200ee85ec18ebae564cae9bf9c8c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...-runtime-test-for-mmap-that-can-map-.patch | 62 +++++++++++++++++++
 meta/recipes-support/apr/apr_1.7.0.bb         | 15 ++++-
 2 files changed, 75 insertions(+), 2 deletions(-)
 create mode 100644 meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch

diff --git a/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch b/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch
new file mode 100644
index 0000000000..fa6202da79
--- /dev/null
+++ b/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch
@@ -0,0 +1,62 @@
+From ee728971fd9d2da39356f1574d58d5daa3b24520 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 26 Aug 2022 00:28:08 -0700
+Subject: [PATCH] configure: Remove runtime test for mmap that can map
+ /dev/zero
+
+This never works for cross-compile moreover it ends up disabling
+ac_cv_file__dev_zero which then results in compiler errors in shared
+mutexes
+
+Upstream-Status: Inappropriate [Cross-compile specific]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ configure.in | 32 --------------------------------
+ 1 file changed, 32 deletions(-)
+
+diff --git a/configure.in b/configure.in
+index a99049d..f1f55c7 100644
+--- a/configure.in
++++ b/configure.in
+@@ -1182,38 +1182,6 @@ AC_CHECK_FUNCS([mmap munmap shm_open shm_unlink shmget shmat shmdt shmctl \
+ APR_CHECK_DEFINE(MAP_ANON, sys/mman.h)
+ AC_CHECK_FILE(/dev/zero)
+ 
+-# Not all systems can mmap /dev/zero (such as HP-UX).  Check for that.
+-if test "$ac_cv_func_mmap" = "yes" &&
+-   test "$ac_cv_file__dev_zero" = "yes"; then
+-    AC_MSG_CHECKING(for mmap that can map /dev/zero)
+-    AC_TRY_RUN([
+-#include <sys/types.h>
+-#include <sys/stat.h>
+-#include <fcntl.h>
+-#ifdef HAVE_SYS_MMAN_H
+-#include <sys/mman.h>
+-#endif
+-    int main()
+-    {
+-        int fd;
+-        void *m;
+-        fd = open("/dev/zero", O_RDWR);
+-        if (fd < 0) {
+-            return 1;
+-        }
+-        m = mmap(0, sizeof(void*), PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
+-        if (m == (void *)-1) {  /* aka MAP_FAILED */
+-            return 2;
+-        }
+-        if (munmap(m, sizeof(void*)) < 0) {
+-            return 3;
+-        }
+-        return 0;
+-    }], [], [ac_cv_file__dev_zero=no], [ac_cv_file__dev_zero=no])
+-
+-    AC_MSG_RESULT($ac_cv_file__dev_zero)
+-fi
+-
+ # Now we determine which one is our anonymous shmem preference.
+ haveshmgetanon="0"
+ havemmapzero="0"
+-- 
+2.37.2
+
diff --git a/meta/recipes-support/apr/apr_1.7.0.bb b/meta/recipes-support/apr/apr_1.7.0.bb
index 07bf61545e..cb4bb936d7 100644
--- a/meta/recipes-support/apr/apr_1.7.0.bb
+++ b/meta/recipes-support/apr/apr_1.7.0.bb
@@ -25,6 +25,7 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.bz2 \
            file://0001-Add-option-to-disable-timed-dependant-tests.patch \
            file://autoconf270.patch \
            file://0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch \
+           file://0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch \
            file://CVE-2021-35940.patch \
            "
 
@@ -37,12 +38,22 @@ OE_BINCONFIG_EXTRA_MANGLE = " -e 's:location=source:location=installed:'"
 
 # Added to fix some issues with cmake. Refer to https://github.com/bmwcarit/meta-ros/issues/68#issuecomment-19896928
 CACHED_CONFIGUREVARS += "apr_cv_mutex_recursive=yes"
-
+# Enable largefile
+CACHED_CONFIGUREVARS += "apr_cv_use_lfs64=yes"
+# Additional AC_TRY_RUN tests which will need to be cached for cross compile
+CACHED_CONFIGUREVARS += "apr_cv_epoll=yes epoll_create1=yes apr_cv_sock_cloexec=yes \
+    ac_cv_struct_rlimit=yes \
+    ac_cv_func_sem_open=yes \
+    apr_cv_process_shared_works=yes \
+    apr_cv_mutex_robust_shared=yes \
+    "
 # Also suppress trying to use sctp.
 #
 CACHED_CONFIGUREVARS += "ac_cv_header_netinet_sctp_h=no ac_cv_header_netinet_sctp_uio_h=no"
 
-CACHED_CONFIGUREVARS += "ac_cv_sizeof_struct_iovec=yes"
+# ac_cv_sizeof_struct_iovec is deduced using runtime check which will fail during cross-compile
+CACHED_CONFIGUREVARS += "${@['ac_cv_sizeof_struct_iovec=16','ac_cv_sizeof_struct_iovec=8'][d.getVar('SITEINFO_BITS') != '32']}"
+
 CACHED_CONFIGUREVARS += "ac_cv_file__dev_zero=yes"
 
 CACHED_CONFIGUREVARS:append:libc-musl = " ac_cv_strerror_r_rc_int=yes"
-- 
2.25.1

[OE-core][kirkstone 15/24] bitbake.conf: set BB_DEFAULT_UMASK using ??=

[Steve Sakoman]

From: Rasmus Villemoes <rasmus.villemoes@prevas.dk>

Currently, there's no way for the user's site.conf, local.conf or
similar to set BB_DEFAULT_UMASK, because those files are included by
bitbake.conf prior to the unconditional assignment of
BB_DEFAULT_UMASK. To make that possible, use a weak default assignment
instead. This is also consistent with most other variable assignments
in the lower half of bitbake.conf.

I believe the risk of a regression is very small; it would require
something like somebody having a definition of BB_DEFAULT_UMASK in a
local configuration file, and having been relying on that _not_ taking
effect.

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit e3dbded499f0bd1e71abb0650ae98fd9ade94250)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/conf/bitbake.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf
index 2a3cf6f8aa..516a30c963 100644
--- a/meta/conf/bitbake.conf
+++ b/meta/conf/bitbake.conf
@@ -924,7 +924,7 @@ SHELL[unexport] = "1"
 TRANSLATED_TARGET_ARCH ??= "${@d.getVar('TARGET_ARCH').replace("_", "-")}"
 
 # Set a default umask to use for tasks for determinism
-BB_DEFAULT_UMASK = "022"
+BB_DEFAULT_UMASK ??= "022"
 
 # Complete output from bitbake
 BB_CONSOLELOG ?= "${LOG_DIR}/cooker/${MACHINE}/${DATETIME}.log"
-- 
2.25.1

[OE-core][kirkstone 16/24] pseudo: Update to include recent upstream minor fixes

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

Pull in some minor fixes:

 pseudo_util: Silence symlink errors and fix resolution bug
 ports/linux: Remove build dependency on libattr
 Minor build fixes
 pseudo_util: Fix resolving relative paths from "/"

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c57d0c57d00cdef622dab3bf783a10d52f8d9ffb)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb
index e7ef6a730c..c34580b4ff 100644
--- a/meta/recipes-devtools/pseudo/pseudo_git.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_git.bb
@@ -13,7 +13,7 @@ SRC_URI:append:class-nativesdk = " \
     file://older-glibc-symbols.patch"
 SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa"
 
-SRCREV = "2b4b88eb513335b0ece55fe51854693d9b20de35"
+SRCREV = "c9670c27ff67ab899007ce749254b16091577e55"
 S = "${WORKDIR}/git"
 PV = "1.9.0+git${SRCPV}"
 
-- 
2.25.1

[OE-core][kirkstone 17/24] scripts/runqemu.README: fix typos and trailing whitespaces

[Steve Sakoman]

From: Ulrich Ölmann <u.oelmann@pengutronix.de>

Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 217b00d378f359689613ca4c0666bb2eed040f69)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 scripts/runqemu.README | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/scripts/runqemu.README b/scripts/runqemu.README
index da9abd7dfb..e5f4b4634c 100644
--- a/scripts/runqemu.README
+++ b/scripts/runqemu.README
@@ -1,12 +1,12 @@
 Using OE images with QEMU
 =========================
 
-OE-Core can generate qemu bootable kernels and images with can be used 
+OE-Core can generate qemu bootable kernels and images which can be used
 on a desktop system. The scripts currently support booting ARM, MIPS, PowerPC
-and x86 (32 and 64 bit) images. The scripts can be used within the OE build 
-system or externaly.
+and x86 (32 and 64 bit) images. The scripts can be used within the OE build
+system or externally.
 
-The runqemu script is run as: 
+The runqemu script is run as:
 
    runqemu <machine> <zimage> <filesystem>
 
@@ -15,13 +15,13 @@ where:
    <machine> is the machine/architecture to use (qemuarm/qemumips/qemuppc/qemux86/qemux86-64)
    <zimage> is the path to a kernel (e.g. zimage-qemuarm.bin)
    <filesystem> is the path to an ext2 image (e.g. filesystem-qemuarm.ext2) or an nfs directory
-   
-If <machine> isn't specified, the script will try to detect the machine name 
+
+If <machine> isn't specified, the script will try to detect the machine name
 from the name of the <zimage> file.
 
 If <filesystem> isn't specified, nfs booting will be assumed.
 
-When used within the build system, it will default to qemuarm, ext2 and the last kernel and 
+When used within the build system, it will default to qemuarm, ext2 and the last kernel and
 core-image-sato-sdk image built by the build system. If an sdk image isn't present it will look
 for sato and minimal images.
 
@@ -31,7 +31,7 @@ Full usage instructions can be seen by running the command with no options speci
 Notes
 =====
 
- - The scripts run qemu using sudo. Change perms on /dev/net/tun to 
+ - The scripts run qemu using sudo. Change perms on /dev/net/tun to
    run as non root. The runqemu-gen-tapdevs script can also be used by
    root to prepopulate the appropriate network devices.
  - You can access the host computer at 192.168.7.1 within the image.
-- 
2.25.1

[OE-core][kirkstone 18/24] meta: introduce UBOOT_MKIMAGE_KERNEL_TYPE

[Steve Sakoman]

From: Ming Liu <liu.ming50@gmail.com>

Sometimes an end user might want to choose another kernel type argument
for uboot-mkimage other than "kernel", for instance: "kernel_noload".

Let's introduce a variable UBOOT_MKIMAGE_KERNEL_TYPE to support that,
and it could be used by BSP layers as well.

(From OE-Core rev: e288686e97de1265eeeaf452141e1473867efb1b)

Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4eb7bbcc2f08b25387a15b7e4a89ef199783c973)
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/kernel-fitimage.bbclass     | 2 +-
 meta/classes/kernel-uboot.bbclass        | 3 +++
 meta/classes/kernel-uimage.bbclass       | 2 +-
 meta/lib/oeqa/selftest/cases/fitimage.py | 4 +++-
 4 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/meta/classes/kernel-fitimage.bbclass b/meta/classes/kernel-fitimage.bbclass
index 56d71ba8fa..7b16633f6f 100644
--- a/meta/classes/kernel-fitimage.bbclass
+++ b/meta/classes/kernel-fitimage.bbclass
@@ -148,7 +148,7 @@ fitimage_emit_section_kernel() {
                 kernel-$2 {
                         description = "Linux kernel";
                         data = /incbin/("$3");
-                        type = "kernel";
+                        type = "${UBOOT_MKIMAGE_KERNEL_TYPE}";
                         arch = "${UBOOT_ARCH}";
                         os = "linux";
                         compression = "$4";
diff --git a/meta/classes/kernel-uboot.bbclass b/meta/classes/kernel-uboot.bbclass
index 2facade818..1bc98e042d 100644
--- a/meta/classes/kernel-uboot.bbclass
+++ b/meta/classes/kernel-uboot.bbclass
@@ -2,6 +2,9 @@
 FIT_KERNEL_COMP_ALG ?= "gzip"
 FIT_KERNEL_COMP_ALG_EXTENSION ?= ".gz"
 
+# Kernel image type passed to mkimage (i.e. kernel kernel_noload...)
+UBOOT_MKIMAGE_KERNEL_TYPE ?= "kernel"
+
 uboot_prep_kimage() {
 	if [ -e arch/${ARCH}/boot/compressed/vmlinux ]; then
 		vmlinux_path="arch/${ARCH}/boot/compressed/vmlinux"
diff --git a/meta/classes/kernel-uimage.bbclass b/meta/classes/kernel-uimage.bbclass
index cedb4fa070..2e661ea916 100644
--- a/meta/classes/kernel-uimage.bbclass
+++ b/meta/classes/kernel-uimage.bbclass
@@ -30,6 +30,6 @@ do_uboot_mkimage() {
 			awk '$3=="${UBOOT_ENTRYSYMBOL}" {print "0x"$1;exit}'`
 	fi
 
-	uboot-mkimage -A ${UBOOT_ARCH} -O linux -T kernel -C "${linux_comp}" -a ${UBOOT_LOADADDRESS} -e $ENTRYPOINT -n "${DISTRO_NAME}/${PV}/${MACHINE}" -d linux.bin ${B}/arch/${ARCH}/boot/uImage
+	uboot-mkimage -A ${UBOOT_ARCH} -O linux -T ${UBOOT_MKIMAGE_KERNEL_TYPE} -C "${linux_comp}" -a ${UBOOT_LOADADDRESS} -e $ENTRYPOINT -n "${DISTRO_NAME}/${PV}/${MACHINE}" -d linux.bin ${B}/arch/${ARCH}/boot/uImage
 	rm -f linux.bin
 }
diff --git a/meta/lib/oeqa/selftest/cases/fitimage.py b/meta/lib/oeqa/selftest/cases/fitimage.py
index e6bfd1257e..d732a9020d 100644
--- a/meta/lib/oeqa/selftest/cases/fitimage.py
+++ b/meta/lib/oeqa/selftest/cases/fitimage.py
@@ -738,6 +738,7 @@ UBOOT_LOADADDRESS = "0x80000000"
 UBOOT_DTB_LOADADDRESS = "0x82000000"
 UBOOT_ARCH = "arm"
 UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000"
+UBOOT_MKIMAGE_KERNEL_TYPE = "kernel"
 UBOOT_EXTLINUX = "0"
 FIT_GENERATE_KEYS = "1"
 KERNEL_IMAGETYPE_REPLACEMENT = "zImage"
@@ -763,6 +764,7 @@ FIT_HASH_ALG = "sha256"
 
         kernel_load = str(get_bb_var('UBOOT_LOADADDRESS'))
         kernel_entry = str(get_bb_var('UBOOT_ENTRYPOINT'))
+        kernel_type = str(get_bb_var('UBOOT_MKIMAGE_KERNEL_TYPE'))
         kernel_compression = str(get_bb_var('FIT_KERNEL_COMP_ALG'))
         uboot_arch = str(get_bb_var('UBOOT_ARCH'))
         fit_hash_alg = str(get_bb_var('FIT_HASH_ALG'))
@@ -775,7 +777,7 @@ FIT_HASH_ALG = "sha256"
             'kernel-1 {',
             'description = "Linux kernel";',
             'data = /incbin/("linux.bin");',
-            'type = "kernel";',
+            'type = "' + kernel_type + '";',
             'arch = "' + uboot_arch + '";',
             'os = "linux";',
             'compression = "' + kernel_compression + '";',
-- 
2.25.1

[OE-core][kirkstone 19/24] kernel-fitimage.bbclass: add padding algorithm property in config nodes

[Steve Sakoman]

From: LUIS ENRIQUEZ <luis.enriquez@se.com>

This allows choosing padding algorithm when building fitImage. It may be pkcs-1.5 or pss.

Signed-off-by: LUIS ENRIQUEZ <luis.enriquez@se.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 29d5336c728b28890bbaadebf0ccff00ad90a64d)
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/kernel-fitimage.bbclass | 2 ++
 meta/classes/uboot-sign.bbclass      | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/meta/classes/kernel-fitimage.bbclass b/meta/classes/kernel-fitimage.bbclass
index 7b16633f6f..983392c23a 100644
--- a/meta/classes/kernel-fitimage.bbclass
+++ b/meta/classes/kernel-fitimage.bbclass
@@ -346,6 +346,7 @@ fitimage_emit_section_config() {
 
 	conf_csum="${FIT_HASH_ALG}"
 	conf_sign_algo="${FIT_SIGN_ALG}"
+	conf_padding_algo="${FIT_PAD_ALG}"
 	if [ "${UBOOT_SIGN_ENABLE}" = "1" ] ; then
 		conf_sign_keyname="${UBOOT_SIGN_KEYNAME}"
 	fi
@@ -465,6 +466,7 @@ EOF
                         signature-1 {
                                 algo = "$conf_csum,$conf_sign_algo";
                                 key-name-hint = "$conf_sign_keyname";
+                                padding = "$conf_padding_algo";
                                 $sign_line
                         };
 EOF
diff --git a/meta/classes/uboot-sign.bbclass b/meta/classes/uboot-sign.bbclass
index 31ffe1f472..eecdec9160 100644
--- a/meta/classes/uboot-sign.bbclass
+++ b/meta/classes/uboot-sign.bbclass
@@ -73,6 +73,9 @@ UBOOT_FIT_HASH_ALG ?= "sha256"
 FIT_SIGN_ALG ?= "rsa2048"
 UBOOT_FIT_SIGN_ALG ?= "rsa2048"
 
+# Kernel / U-Boot fitImage Padding Algo
+FIT_PAD_ALG ?= "pkcs-1.5"
+
 # Generate keys for signing Kernel / U-Boot fitImage
 FIT_GENERATE_KEYS ?= "0"
 UBOOT_FIT_GENERATE_KEYS ?= "0"
-- 
2.25.1

[OE-core][kirkstone 20/24] npm: replace 'npm pack' call by 'tar czf'

[Steve Sakoman]

From: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>

'npm pack' is a maintainer tool which tries to execute 'prepare'
and similar scripts.  This fails usually in OE because it requires
completely installed 'node_modules'.

Earlier nodejs versions supported an undocumented 'ignore-scripts'
option.  This has been removed in nodejs 16.

We could patch 'package.json' and remove the unwanted scripts.  But
this might complicate local workflows (applying patches) and installed
packages will contain the modified 'package.json'.

Instead of, package it manually by 'tar czf'.  As a sideeffect,
'do_configure' is running much faster now.

Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 68b480d64ffb6750699cc8fa00d2ac0bc6a2e58a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/npm.bbclass | 35 +++++++++++++++++++++++++++++------
 1 file changed, 29 insertions(+), 6 deletions(-)

diff --git a/meta/classes/npm.bbclass b/meta/classes/npm.bbclass
index ba50fcac20..91f8f36b0d 100644
--- a/meta/classes/npm.bbclass
+++ b/meta/classes/npm.bbclass
@@ -57,13 +57,36 @@ def npm_global_configs(d):
     configs.append(("cache", d.getVar("NPM_CACHE")))
     return configs
 
+## 'npm pack' runs 'prepare' and 'prepack' scripts. Support for
+## 'ignore-scripts' which prevents this behavior has been removed
+## from nodejs 16.  Use simple 'tar' instead of.
 def npm_pack(env, srcdir, workdir):
-    """Run 'npm pack' on a specified directory"""
-    import shlex
-    cmd = "npm pack %s" % shlex.quote(srcdir)
-    args = [("ignore-scripts", "true")]
-    tarball = env.run(cmd, args=args, workdir=workdir).strip("\n")
-    return os.path.join(workdir, tarball)
+    """Emulate 'npm pack' on a specified directory"""
+    import subprocess
+    import os
+    import json
+
+    src = os.path.join(srcdir, 'package.json')
+    with open(src) as f:
+        j = json.load(f)
+
+    # base does not really matter and is for documentation purposes
+    # only.  But the 'version' part must exist because other parts of
+    # the bbclass rely on it.
+    base = j['name'].split('/')[-1]
+    tarball = os.path.join(workdir, "%s-%s.tgz" % (base, j['version']));
+
+    # TODO: real 'npm pack' does not include directories while 'tar'
+    # does.  But this does not seem to matter...
+    subprocess.run(['tar', 'czf', tarball,
+                    '--exclude', './node-modules',
+                    '--exclude-vcs',
+                    '--transform', 's,^\./,package/,',
+                    '--mtime', '1985-10-26T08:15:00.000Z',
+                    '.'],
+                   check = True, cwd = srcdir)
+
+    return tarball
 
 python npm_do_configure() {
     """
-- 
2.25.1

[OE-core][kirkstone 21/24] npm: return content of 'package.json' in 'npm_pack'

[Steve Sakoman]

From: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>

We have to read 'package.json' to calculate the name of the tarball.
This content is interesting for later patches.

Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d67367e389c492ae90f9021066d6a4d5ebcf68e5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/npm.bbclass | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/meta/classes/npm.bbclass b/meta/classes/npm.bbclass
index 91f8f36b0d..014f793450 100644
--- a/meta/classes/npm.bbclass
+++ b/meta/classes/npm.bbclass
@@ -86,7 +86,7 @@ def npm_pack(env, srcdir, workdir):
                     '.'],
                    check = True, cwd = srcdir)
 
-    return tarball
+    return (tarball, j)
 
 python npm_do_configure() {
     """
@@ -186,7 +186,7 @@ python npm_do_configure() {
         with tempfile.TemporaryDirectory() as tmpdir:
             # Add the dependency to the npm cache
             destdir = os.path.join(d.getVar("S"), destsuffix)
-            tarball = npm_pack(env, destdir, tmpdir)
+            (tarball, pkg) = npm_pack(env, destdir, tmpdir)
             _npm_cache_add(tarball)
             # Add its signature to the cached shrinkwrap
             dep = _npmsw_dependency_dict(cached_shrinkwrap, deptree)
@@ -207,7 +207,7 @@ python npm_do_configure() {
 
     # Configure the main package
     with tempfile.TemporaryDirectory() as tmpdir:
-        tarball = npm_pack(env, d.getVar("S"), tmpdir)
+        (tarball, _) = npm_pack(env, d.getVar("S"), tmpdir)
         npm_unpack(tarball, d.getVar("NPM_PACKAGE"), d)
 
     # Configure the cached manifest file and cached shrinkwrap file
@@ -280,7 +280,7 @@ python npm_do_compile() {
         args.append(("build-from-source", "true"))
 
         # Pack and install the main package
-        tarball = npm_pack(env, d.getVar("NPM_PACKAGE"), tmpdir)
+        (tarball, _) = npm_pack(env, d.getVar("NPM_PACKAGE"), tmpdir)
         cmd = "npm install %s %s" % (shlex.quote(tarball), d.getVar("EXTRA_OENPM"))
         env.run(cmd, args=args)
 }
-- 
2.25.1

[OE-core][kirkstone 22/24] npm: take 'version' directly from 'package.json'

[Steve Sakoman]

From: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>

We know the content of 'package.json' from earlier patches; there is
no need to parse the tarball name to extract the version.

Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f553e528e76f7e3925ed1c0950d96e73aec37da9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/npm.bbclass | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/meta/classes/npm.bbclass b/meta/classes/npm.bbclass
index 014f793450..11c80a738e 100644
--- a/meta/classes/npm.bbclass
+++ b/meta/classes/npm.bbclass
@@ -125,11 +125,6 @@ python npm_do_configure() {
         sha512 = bb.utils.sha512_file(tarball)
         return "sha512-" + base64.b64encode(bytes.fromhex(sha512)).decode()
 
-    def _npm_version(tarball):
-        """Return the version of a specified tarball"""
-        regex = r"-(\d+\.\d+\.\d+(-.*)?(\+.*)?)\.tgz"
-        return re.search(regex, tarball).group(1)
-
     def _npmsw_dependency_dict(orig, deptree):
         """
         Return the sub dictionary in the 'orig' dictionary corresponding to the
@@ -190,7 +185,7 @@ python npm_do_configure() {
             _npm_cache_add(tarball)
             # Add its signature to the cached shrinkwrap
             dep = _npmsw_dependency_dict(cached_shrinkwrap, deptree)
-            dep["version"] = _npm_version(tarball)
+            dep["version"] = pkg['version']
             dep["integrity"] = _npm_integrity(tarball)
             if params.get("dev", False):
                 dep["dev"] = True
-- 
2.25.1

[OE-core][kirkstone 23/24] lib:npm_registry: initial checkin

[Steve Sakoman]

From: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>

Helper module to:

- generate meta information from package.json content.  This data has
  a format as provided by https://registry.npmjs.org

- put this meta information and the corresponding tarball in the
  nodejs cache.  This uses an external, nodejs version specific helper
  script (oe-npm-cache) shipped in oe-meta

To avoid further nodejs version dependencies, future versions of this
module might omit the caching completely and serve meta information
and tarball by an http server.

Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6cd5886ad05fee704e8a5892bd370c360c8c3b54)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oe/npm_registry.py | 169 ++++++++++++++++++++++++++++++++++++
 1 file changed, 169 insertions(+)
 create mode 100644 meta/lib/oe/npm_registry.py

diff --git a/meta/lib/oe/npm_registry.py b/meta/lib/oe/npm_registry.py
new file mode 100644
index 0000000000..96c0affb45
--- /dev/null
+++ b/meta/lib/oe/npm_registry.py
@@ -0,0 +1,169 @@
+import bb
+import json
+import subprocess
+
+_ALWAYS_SAFE = frozenset('ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+                         'abcdefghijklmnopqrstuvwxyz'
+                         '0123456789'
+                         '_.-~')
+
+MISSING_OK = object()
+
+REGISTRY = "https://registry.npmjs.org"
+
+# we can not use urllib.parse here because npm expects lowercase
+# hex-chars but urllib generates uppercase ones
+def uri_quote(s, safe = '/'):
+    res = ""
+    safe_set = set(safe)
+    for c in s:
+        if c in _ALWAYS_SAFE or c in safe_set:
+            res += c
+        else:
+            res += '%%%02x' % ord(c)
+    return res
+
+class PackageJson:
+    def __init__(self, spec):
+        self.__spec = spec
+
+    @property
+    def name(self):
+        return self.__spec['name']
+
+    @property
+    def version(self):
+        return self.__spec['version']
+
+    @property
+    def empty_manifest(self):
+        return {
+            'name': self.name,
+            'description': self.__spec.get('description', ''),
+            'versions': {},
+        }
+
+    def base_filename(self):
+        return uri_quote(self.name, safe = '@')
+
+    def as_manifest_entry(self, tarball_uri):
+        res = {}
+
+        ## NOTE: 'npm install' requires more than basic meta information;
+        ## e.g. it takes 'bin' from this manifest entry but not the actual
+        ## 'package.json'
+        for (idx,dflt) in [('name', None),
+                           ('description', ""),
+                           ('version', None),
+                           ('bin', MISSING_OK),
+                           ('man', MISSING_OK),
+                           ('scripts', MISSING_OK),
+                           ('directories', MISSING_OK),
+                           ('dependencies', MISSING_OK),
+                           ('devDependencies', MISSING_OK),
+                           ('optionalDependencies', MISSING_OK),
+                           ('license', "unknown")]:
+            if idx in self.__spec:
+                res[idx] = self.__spec[idx]
+            elif dflt == MISSING_OK:
+                pass
+            elif dflt != None:
+                res[idx] = dflt
+            else:
+                raise Exception("%s-%s: missing key %s" % (self.name,
+                                                           self.version,
+                                                           idx))
+
+        res['dist'] = {
+            'tarball': tarball_uri,
+        }
+
+        return res
+
+class ManifestImpl:
+    def __init__(self, base_fname, spec):
+        self.__base = base_fname
+        self.__spec = spec
+
+    def load(self):
+        try:
+            with open(self.filename, "r") as f:
+                res = json.load(f)
+        except IOError:
+            res = self.__spec.empty_manifest
+
+        return res
+
+    def save(self, meta):
+        with open(self.filename, "w") as f:
+            json.dump(meta, f, indent = 2)
+
+    @property
+    def filename(self):
+        return self.__base + ".meta"
+
+class Manifest:
+    def __init__(self, base_fname, spec):
+        self.__base = base_fname
+        self.__spec = spec
+        self.__lockf = None
+        self.__impl = None
+
+    def __enter__(self):
+        self.__lockf = bb.utils.lockfile(self.__base + ".lock")
+        self.__impl  = ManifestImpl(self.__base, self.__spec)
+        return self.__impl
+
+    def __exit__(self, exc_type, exc_val, exc_tb):
+        bb.utils.unlockfile(self.__lockf)
+
+class NpmCache:
+    def __init__(self, cache):
+        self.__cache = cache
+
+    @property
+    def path(self):
+        return self.__cache
+
+    def run(self, type, key, fname):
+        subprocess.run(['oe-npm-cache', self.__cache, type, key, fname],
+                       check = True)
+
+class NpmRegistry:
+    def __init__(self, path, cache):
+        self.__path = path
+        self.__cache = NpmCache(cache + '/_cacache')
+        bb.utils.mkdirhier(self.__path)
+        bb.utils.mkdirhier(self.__cache.path)
+
+    @staticmethod
+    ## This function is critical and must match nodejs expectations
+    def _meta_uri(spec):
+        return REGISTRY + '/' + uri_quote(spec.name, safe = '@')
+
+    @staticmethod
+    ## Exact return value does not matter; just make it look like a
+    ## usual registry url
+    def _tarball_uri(spec):
+        return '%s/%s/-/%s-%s.tgz' % (REGISTRY,
+                                      uri_quote(spec.name, safe = '@'),
+                                      uri_quote(spec.name, safe = '@/'),
+                                      spec.version)
+
+    def add_pkg(self, tarball, pkg_json):
+        pkg_json = PackageJson(pkg_json)
+        base = os.path.join(self.__path, pkg_json.base_filename())
+
+        with Manifest(base, pkg_json) as manifest:
+            meta = manifest.load()
+            tarball_uri = self._tarball_uri(pkg_json)
+
+            meta['versions'][pkg_json.version] = pkg_json.as_manifest_entry(tarball_uri)
+
+            manifest.save(meta)
+
+            ## Cache entries are a little bit dependent on the nodejs
+            ## version; version specific cache implementation must
+            ## mitigate differences
+            self.__cache.run('meta', self._meta_uri(pkg_json), manifest.filename);
+            self.__cache.run('tgz',  tarball_uri, tarball);
-- 
2.25.1

[OE-core][kirkstone 24/24] npm: use npm_registry to cache package

[Steve Sakoman]

From: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>

With nodejs 16, the simple 'npm cache add' approach does not work
anymore because its fetcher implementation downloads also meta
information from the registry.

We have to generate these information and add them to the cache.
There is no direct support in 'npm' for task so we have to implement
it manually.

This implementation consists of a openembedded python module (in
oe-core) and a nodejs version specific helper (in oe-meta).

Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 019b9c341d539939098962c228c1fd5c99331312)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/npm.bbclass | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/meta/classes/npm.bbclass b/meta/classes/npm.bbclass
index 11c80a738e..8379c7b988 100644
--- a/meta/classes/npm.bbclass
+++ b/meta/classes/npm.bbclass
@@ -19,7 +19,7 @@
 
 inherit python3native
 
-DEPENDS:prepend = "nodejs-native "
+DEPENDS:prepend = "nodejs-native nodejs-oe-cache-native "
 RDEPENDS:${PN}:append:class-target = " nodejs"
 
 EXTRA_OENPM = ""
@@ -46,6 +46,7 @@ NPM_ARCH ?= "${@npm_target_arch_map(d.getVar("TARGET_ARCH"))}"
 NPM_PACKAGE = "${WORKDIR}/npm-package"
 NPM_CACHE = "${WORKDIR}/npm-cache"
 NPM_BUILD = "${WORKDIR}/npm-build"
+NPM_REGISTRY = "${WORKDIR}/npm-registry"
 
 def npm_global_configs(d):
     """Get the npm global configuration"""
@@ -109,16 +110,18 @@ python npm_do_configure() {
     from bb.fetch2.npm import npm_unpack
     from bb.fetch2.npmsw import foreach_dependencies
     from bb.progress import OutOfProgressHandler
+    from oe.npm_registry import NpmRegistry
 
     bb.utils.remove(d.getVar("NPM_CACHE"), recurse=True)
     bb.utils.remove(d.getVar("NPM_PACKAGE"), recurse=True)
 
     env = NpmEnvironment(d, configs=npm_global_configs(d))
+    registry = NpmRegistry(d.getVar('NPM_REGISTRY'), d.getVar('NPM_CACHE'))
 
-    def _npm_cache_add(tarball):
-        """Run 'npm cache add' for a specified tarball"""
-        cmd = "npm cache add %s" % shlex.quote(tarball)
-        env.run(cmd)
+    def _npm_cache_add(tarball, pkg):
+        """Add tarball to local registry and register it in the
+           cache"""
+        registry.add_pkg(tarball, pkg)
 
     def _npm_integrity(tarball):
         """Return the npm integrity of a specified tarball"""
@@ -182,7 +185,7 @@ python npm_do_configure() {
             # Add the dependency to the npm cache
             destdir = os.path.join(d.getVar("S"), destsuffix)
             (tarball, pkg) = npm_pack(env, destdir, tmpdir)
-            _npm_cache_add(tarball)
+            _npm_cache_add(tarball, pkg)
             # Add its signature to the cached shrinkwrap
             dep = _npmsw_dependency_dict(cached_shrinkwrap, deptree)
             dep["version"] = pkg['version']
-- 
2.25.1

Re: [OE-core][kirkstone 24/24] npm: use npm_registry to cache package

[Martin Jansa]

[-- Attachment #1: Type: text/plain, Size: 3858 bytes --]

FWIW: this depends on meta-oe change to add meta-oe-cache-native as
reported in:
https://github.com/openembedded/meta-openembedded/issues/606
I've sent the backport request for meta-oe/kirkstone:
https://lists.openembedded.org/g/openembedded-devel/message/98787

On Wed, Sep 7, 2022 at 4:21 PM Steve Sakoman <steve@sakoman.com> wrote:

> From: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
>
> With nodejs 16, the simple 'npm cache add' approach does not work
> anymore because its fetcher implementation downloads also meta
> information from the registry.
>
> We have to generate these information and add them to the cache.
> There is no direct support in 'npm' for task so we have to implement
> it manually.
>
> This implementation consists of a openembedded python module (in
> oe-core) and a nodejs version specific helper (in oe-meta).
>
> Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> (cherry picked from commit 019b9c341d539939098962c228c1fd5c99331312)
> Signed-off-by: Steve Sakoman <steve@sakoman.com>
> ---
>  meta/classes/npm.bbclass | 15 +++++++++------
>  1 file changed, 9 insertions(+), 6 deletions(-)
>
> diff --git a/meta/classes/npm.bbclass b/meta/classes/npm.bbclass
> index 11c80a738e..8379c7b988 100644
> --- a/meta/classes/npm.bbclass
> +++ b/meta/classes/npm.bbclass
> @@ -19,7 +19,7 @@
>
>  inherit python3native
>
> -DEPENDS:prepend = "nodejs-native "
> +DEPENDS:prepend = "nodejs-native nodejs-oe-cache-native "
>  RDEPENDS:${PN}:append:class-target = " nodejs"
>
>  EXTRA_OENPM = ""
> @@ -46,6 +46,7 @@ NPM_ARCH ?=
> "${@npm_target_arch_map(d.getVar("TARGET_ARCH"))}"
>  NPM_PACKAGE = "${WORKDIR}/npm-package"
>  NPM_CACHE = "${WORKDIR}/npm-cache"
>  NPM_BUILD = "${WORKDIR}/npm-build"
> +NPM_REGISTRY = "${WORKDIR}/npm-registry"
>
>  def npm_global_configs(d):
>      """Get the npm global configuration"""
> @@ -109,16 +110,18 @@ python npm_do_configure() {
>      from bb.fetch2.npm import npm_unpack
>      from bb.fetch2.npmsw import foreach_dependencies
>      from bb.progress import OutOfProgressHandler
> +    from oe.npm_registry import NpmRegistry
>
>      bb.utils.remove(d.getVar("NPM_CACHE"), recurse=True)
>      bb.utils.remove(d.getVar("NPM_PACKAGE"), recurse=True)
>
>      env = NpmEnvironment(d, configs=npm_global_configs(d))
> +    registry = NpmRegistry(d.getVar('NPM_REGISTRY'),
> d.getVar('NPM_CACHE'))
>
> -    def _npm_cache_add(tarball):
> -        """Run 'npm cache add' for a specified tarball"""
> -        cmd = "npm cache add %s" % shlex.quote(tarball)
> -        env.run(cmd)
> +    def _npm_cache_add(tarball, pkg):
> +        """Add tarball to local registry and register it in the
> +           cache"""
> +        registry.add_pkg(tarball, pkg)
>
>      def _npm_integrity(tarball):
>          """Return the npm integrity of a specified tarball"""
> @@ -182,7 +185,7 @@ python npm_do_configure() {
>              # Add the dependency to the npm cache
>              destdir = os.path.join(d.getVar("S"), destsuffix)
>              (tarball, pkg) = npm_pack(env, destdir, tmpdir)
> -            _npm_cache_add(tarball)
> +            _npm_cache_add(tarball, pkg)
>              # Add its signature to the cached shrinkwrap
>              dep = _npmsw_dependency_dict(cached_shrinkwrap, deptree)
>              dep["version"] = pkg['version']
> --
> 2.25.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#170419):
> https://lists.openembedded.org/g/openembedded-core/message/170419
> Mute This Topic: https://lists.openembedded.org/mt/93525927/3617156
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [
> Martin.Jansa@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>

[-- Attachment #2: Type: text/html, Size: 5790 bytes --]

[OE-core][kirkstone 00/24] Patch review

[Steve Sakoman]

Please review this set of changes for kirkstone and have comments back by
end of day Monday, October 13

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2552

The following changes since commit 2285f30e643f52511c328e4f6e1f0c042bea4110:

  libhandy: update git branch name (2025-09-30 06:42:16 -0700)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Aleksandar Nikolic (1):
  scripts/install-buildtools: Update to 4.0.30

Archana Polampalli (2):
  go: fix CVE-2025-47906
  openssl: upgrade 3.0.17 -> 3.0.18

AshishKumar Mishra (2):
  systemd: backport fix for handle USE_NLS from master
  p11-kit: backport fix for handle USE_NLS from master

Deepesh Varatharajan (1):
  glibc: stable 2.35 branch updates

Gyorgy Sarvari (1):
  conf/bitbake.conf: use gnu mirror instead of main server

Peter Marko (10):
  busybox: patch CVE-2025-46394
  gstreamer1.0: ignore CVEs fixed in plugins
  gstreamer1.0: ignore CVE-2025-2759
  grub: ignore CVE-2024-2312
  ghostscript: patch CVE-2025-59798
  ghostscript: patch CVE-2025-59799
  ghostscript: patch CVE-2025-59800
  pulseaudio: ignore CVE-2024-11586
  ffmpeg: ignore CVE-2023-6603
  ffmpeg: mark CVE-2023-6601 as patched

Steve Sakoman (2):
  selftest/cases/meta_ide.py: use use gnu mirror instead of main server
  oeqa/sdk/cases/buildcpio.py: use gnu mirror instead of main server

Theo GAIGE (1):
  libxml2: fix CVE-2025-9714

Vijay Anusuri (4):
  gstreamer1.0-plugins-bad: Fix CVE-2025-3887
  libxslt: Patch for CVE-2025-7424
  tiff: Fix CVE-2025-8961
  tiff: Fix CVE-2025-9165

 meta/conf/bitbake.conf                        |   2 +-
 meta/lib/oeqa/sdk/cases/buildcpio.py          |   2 +-
 meta/lib/oeqa/selftest/cases/meta_ide.py      |   2 +-
 meta/recipes-bsp/grub/grub2.inc               |   2 +
 .../{openssl_3.0.17.bb => openssl_3.0.18.bb}  |   2 +-
 .../busybox/busybox/CVE-2025-46394-01.patch   |  57 ++++++
 .../busybox/busybox/CVE-2025-46394-02.patch   |  32 ++++
 meta/recipes-core/busybox/busybox_1.35.0.bb   |   2 +
 meta/recipes-core/glibc/glibc-version.inc     |   2 +-
 .../libxml/libxml2/CVE-2025-9714.patch        | 117 ++++++++++++
 meta/recipes-core/libxml/libxml2_2.9.14.bb    |   1 +
 meta/recipes-core/systemd/systemd_250.14.bb   |   1 +
 meta/recipes-devtools/go/go-1.17.13.inc       |   1 +
 .../go/go-1.21/CVE-2025-47906.patch           | 171 ++++++++++++++++++
 .../ghostscript/CVE-2025-59798.patch          | 134 ++++++++++++++
 .../ghostscript/CVE-2025-59799.patch          |  41 +++++
 .../ghostscript/CVE-2025-59800.patch          |  36 ++++
 .../ghostscript/ghostscript_9.55.0.bb         |   3 +
 ...602-CVE-2023-6604-CVE-2023-6605-0002.patch |   2 +-
 .../recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb |   4 +
 .../CVE-2025-3887-1.patch                     |  50 +++++
 .../CVE-2025-3887-2.patch                     |  93 ++++++++++
 .../gstreamer1.0-plugins-bad_1.20.7.bb        |   2 +
 .../gstreamer/gstreamer1.0_1.20.7.bb          |  15 +-
 .../libtiff/tiff/CVE-2025-8961.patch          |  74 ++++++++
 .../libtiff/tiff/CVE-2025-9165.patch          |  32 ++++
 meta/recipes-multimedia/libtiff/tiff_4.3.0.bb |   2 +
 .../pulseaudio/pulseaudio.inc                 |   3 +
 .../libxslt/libxslt/CVE-2025-7424.patch       | 105 +++++++++++
 .../recipes-support/libxslt/libxslt_1.1.35.bb |   1 +
 .../recipes-support/p11-kit/p11-kit_0.24.1.bb |   1 +
 scripts/install-buildtools                    |   4 +-
 32 files changed, 985 insertions(+), 11 deletions(-)
 rename meta/recipes-connectivity/openssl/{openssl_3.0.17.bb => openssl_3.0.18.bb} (99%)
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2025-46394-01.patch
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2025-46394-02.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2025-9714.patch
 create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2025-47906.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59798.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59799.patch
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59800.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2025-3887-1.patch
 create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2025-3887-2.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-8961.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-9165.patch
 create mode 100644 meta/recipes-support/libxslt/libxslt/CVE-2025-7424.patch

-- 
2.43.0

[OE-core][kirkstone 00/24] Patch review

[Steve Sakoman]

Please review this set of patches for kirkstone and have comments back by
end of day Tuesday.

Pass a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4141

The following changes since commit 7709a8c1c1b2dcf05678f1a2a1fd579a95e492f2:

  packagegroup-self-hosted: update for strace (2022-08-23 04:23:01 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Alexander Kanavin (10):
  tzdata: upgrade 2022a -> 2022b
  xz: update 5.2.5 -> 5.2.6
  gdk-pixbuf: upgrade 2.42.6 -> 2.42.8
  gdk-pixbuf: update 2.42.8 -> 2.42.9
  epiphany: upgrade 42.3 -> 42.4
  glib-networking: upgrade 2.72.1 -> 2.72.2
  libjpeg-turbo: upgrade 2.1.3 -> 2.1.4
  libwebp: upgrade 1.2.3 -> 1.2.4
  wireless-regdb: upgrade 2022.06.06 -> 2022.08.12
  wpebackend-fdo: upgrade 1.12.0 -> 1.12.1

Awais Belal (1):
  kernel-fitimage.bbclass: only package unique DTBs

Bertrand Marquis (1):
  sysvinit-inittab/start_getty: Fix respawn too fast

Hitendra Prajapati (1):
  Revert "gdk-pixbuf: CVE-2021-46829 a heap-based buffer overflow"

Jon Mason (1):
  oeqa/parselogs: add qemuarmv5 arm-charlcd masking

Pavel Zhukov (1):
  package_rpm: Do not replace square brackets in %files

Richard Purdie (1):
  vim: Upgrade 9.0.0115 -> 9.0.0242

Ross Burton (7):
  oeqa/qemurunner: add run_serial() comment
  oeqa/selftest: rename git.py to intercept.py
  oeqa/gotoolchain: put writable files in the Go module cache
  oeqa/gotoolchain: set CGO_ENABLED=1
  wic: add target tools to PATH when executing native commands
  wic/bootimg-efi: use cross objcopy when building unified kernel image
  wic: depend on cross-binutils

Shubham Kulkarni (1):
  sanity: add a comment to ensure CONNECTIVITY_CHECK_URIS is correct

 meta/classes/image_types_wic.bbclass          |  2 +
 meta/classes/kernel-fitimage.bbclass          |  8 ++
 meta/classes/package_rpm.bbclass              |  6 --
 meta/classes/sanity.bbclass                   |  1 +
 meta/lib/oeqa/runtime/cases/parselogs.py      |  1 +
 meta/lib/oeqa/selftest/cases/gotoolchain.py   |  8 +-
 .../selftest/cases/{git.py => intercept.py}   |  0
 .../oeqa/selftest/cases/oelib/buildhistory.py |  6 +-
 meta/lib/oeqa/utils/qemurunner.py             |  2 +
 ...ng_2.72.1.bb => glib-networking_2.72.2.bb} |  2 +-
 meta/recipes-core/meta/wic-tools.bb           |  3 +-
 .../sysvinit/sysvinit-inittab/start_getty     |  3 +
 meta/recipes-extended/timezone/timezone.inc   |  6 +-
 .../xz/xz/CVE-2022-1271.patch                 | 96 -------------------
 .../xz/{xz_5.2.5.bb => xz_5.2.6.bb}           |  7 +-
 .../{epiphany_42.3.bb => epiphany_42.4.bb}    |  2 +-
 .../0001-Add-use_prebuilt_tools-option.patch  | 18 ++--
 .../gdk-pixbuf/CVE-2021-46829.patch           | 61 ------------
 .../gdk-pixbuf/gdk-pixbuf/fatal-loader.patch  | 20 ++--
 ...-pixbuf_2.42.6.bb => gdk-pixbuf_2.42.9.bb} | 19 ++--
 ...-turbo_2.1.3.bb => libjpeg-turbo_2.1.4.bb} |  2 +-
 ....06.06.bb => wireless-regdb_2022.08.12.bb} |  2 +-
 .../{libwebp_1.2.3.bb => libwebp_1.2.4.bb}    |  2 +-
 ...fdo_1.12.0.bb => wpebackend-fdo_1.12.1.bb} |  2 +-
 meta/recipes-support/vim/vim.inc              |  4 +-
 scripts/lib/wic/misc.py                       |  7 +-
 scripts/lib/wic/plugins/source/bootimg-efi.py | 25 +++--
 27 files changed, 84 insertions(+), 231 deletions(-)
 rename meta/lib/oeqa/selftest/cases/{git.py => intercept.py} (100%)
 rename meta/recipes-core/glib-networking/{glib-networking_2.72.1.bb => glib-networking_2.72.2.bb} (93%)
 delete mode 100644 meta/recipes-extended/xz/xz/CVE-2022-1271.patch
 rename meta/recipes-extended/xz/{xz_5.2.5.bb => xz_5.2.6.bb} (88%)
 rename meta/recipes-gnome/epiphany/{epiphany_42.3.bb => epiphany_42.4.bb} (94%)
 delete mode 100644 meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-46829.patch
 rename meta/recipes-gnome/gdk-pixbuf/{gdk-pixbuf_2.42.6.bb => gdk-pixbuf_2.42.9.bb} (87%)
 rename meta/recipes-graphics/jpeg/{libjpeg-turbo_2.1.3.bb => libjpeg-turbo_2.1.4.bb} (97%)
 rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2022.06.06.bb => wireless-regdb_2022.08.12.bb} (94%)
 rename meta/recipes-multimedia/webp/{libwebp_1.2.3.bb => libwebp_1.2.4.bb} (95%)
 rename meta/recipes-sato/webkit/{wpebackend-fdo_1.12.0.bb => wpebackend-fdo_1.12.1.bb} (90%)

-- 
2.25.1