* [OE-core][kirkstone 00/30] Patch review
@ 2022-07-03 19:35 Steve Sakoman
0 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2022-07-03 19:35 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for kirkstone and have comments back by end
of day Wednesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3856
The following changes since commit eea52e0c3d24c79464f4afdbc3c397e1cb982231:
build-appliance-image: Update to kirkstone head revision (2022-06-29 07:48:24 +0100)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Ahmed Hossam (1):
insane.bbclass: host-user-contaminated: Correct per package home path
Alexander Kanavin (3):
wireless-regdb: upgrade 2022.04.08 -> 2022.06.06
oeqa/sdk: drop the nativesdk-python 2.x test
at: take tarballs from debian
David Bagonyi (1):
sanity.bbclass: Add ftps to accepted URI protocols for mirrors sanity
Jose Quaresma (1):
curl: backport openssl fix CN check error code
Kai Kang (1):
glibc-tests: not clear BBCLASSEXTEND
Lee Chee Yang (1):
ghostscript: fix CVE-2022-2085
Lucas Stach (1):
perf: sort-pmuevents: really keep array terminators
Martin Jansa (1):
wic: fix WicError message
Maxime Roussin-Bélanger (1):
libffi: fix native build being not portable
Muhammad Hamza (1):
initramfs-framework: move storage mounts to actual rootfs
Peter Bergin (1):
rust: fix issue building cross-canadian tools for aarch64 on x86_64
Peter Kjellerstedt (1):
base.bbclass: Correct the test for obsolete license exceptions
Pgowda (1):
binutils : CVE-2019-1010204
Raju Kumar Pothuraju (1):
kernel-uboot.bbclass: Use vmlinux.initramfs when
INITRAMFS_IMAGE_BUNDLE set
Richard Purdie (8):
unzip: Port debian fixes for two CVEs
cve-extra-exclusions: Clean up and ignore three CVEs (2xqemu and nasm)
vim: 8.2.5083 -> 9.0.0005
openssl: Upgrade 3.0.3 -> 3.0.4
coreutils: Tweak packaging variable names for coreutils-dev
oeqa/runtime/scp: Disable scp test for dropbear
packagegroup-core-ssh-dropbear: Add openssh-sftp-server recommendation
oe-selftest-image: Ensure the image has sftp as well as dropbear
Ross Burton (3):
cups: ignore CVE-2022-26691
busybox: fix CVE-2022-30065
cve-check: hook cleanup to the BuildCompleted event, not CookerExit
Steve Sakoman (2):
openssh: break dependency on base package for -dev package
dropbear: break dependency on base package for -dev package
Thomas Roos (1):
recipetool/devtool: Fix python egg whitespace issues in PACKAGECONFIG
.../recipes-test/images/oe-selftest-image.bb | 2 +-
meta/classes/base.bbclass | 4 +-
meta/classes/cve-check.bbclass | 2 +-
meta/classes/insane.bbclass | 2 +-
meta/classes/kernel-uboot.bbclass | 6 ++
meta/classes/sanity.bbclass | 2 +-
.../distro/include/cve-extra-exclusions.inc | 30 +++++-----
meta/lib/oeqa/runtime/cases/scp.py | 2 +-
meta/lib/oeqa/sdk/cases/python.py | 11 ----
meta/lib/oeqa/selftest/cases/devtool.py | 15 ++++-
.../openssh/openssh_8.9p1.bb | 5 ++
...1-Configure-do-not-tweak-mips-cflags.patch | 10 ++--
...sysroot-and-debug-prefix-map-from-co.patch | 20 +++----
...ea88c3888cc5cb3ebc94ffcef706c68bc1d2.patch | 55 -------------------
.../openssl/openssl/afalg.patch | 10 ++--
.../{openssl_3.0.3.bb => openssl_3.0.4.bb} | 3 +-
.../busybox/busybox/CVE-2022-30065.patch | 29 ++++++++++
meta/recipes-core/busybox/busybox_1.35.0.bb | 1 +
meta/recipes-core/coreutils/coreutils_9.0.bb | 3 +-
meta/recipes-core/dropbear/dropbear.inc | 5 ++
meta/recipes-core/glibc/glibc-tests_2.35.bb | 5 +-
.../initrdscripts/initramfs-framework/finish | 9 +++
.../packagegroup-core-ssh-dropbear.bb | 1 +
.../binutils/binutils-2.38.inc | 1 +
.../binutils/0014-CVE-2019-1010204.patch | 49 +++++++++++++++++
meta/recipes-devtools/rust/rust-common.inc | 5 +-
meta/recipes-extended/at/at_3.2.5.bb | 2 +-
meta/recipes-extended/cups/cups.inc | 2 +
.../ghostscript/CVE-2022-2085.patch | 44 +++++++++++++++
.../ghostscript/ghostscript_9.55.0.bb | 1 +
.../unzip/unzip/CVE-2022-0529.patch | 39 +++++++++++++
.../unzip/unzip/CVE-2022-0530.patch | 33 +++++++++++
meta/recipes-extended/unzip/unzip_6.0.bb | 2 +
.../perf/perf/sort-pmuevents.py | 5 +-
....04.08.bb => wireless-regdb_2022.06.06.bb} | 2 +-
...0001-openssl-fix-CN-check-error-code.patch | 38 +++++++++++++
meta/recipes-support/curl/curl_7.82.0.bb | 1 +
meta/recipes-support/libffi/libffi_3.4.2.bb | 2 +-
.../vim/{vim-tiny_8.2.bb => vim-tiny_9.0.bb} | 0
meta/recipes-support/vim/vim.inc | 6 +-
.../vim/{vim_8.2.bb => vim_9.0.bb} | 0
.../lib/recipetool/create_buildsys_python.py | 13 +++++
scripts/wic | 2 +-
43 files changed, 353 insertions(+), 126 deletions(-)
delete mode 100644 meta/recipes-connectivity/openssl/openssl/770aea88c3888cc5cb3ebc94ffcef706c68bc1d2.patch
rename meta/recipes-connectivity/openssl/{openssl_3.0.3.bb => openssl_3.0.4.bb} (98%)
create mode 100644 meta/recipes-core/busybox/busybox/CVE-2022-30065.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0014-CVE-2019-1010204.patch
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2022-2085.patch
create mode 100644 meta/recipes-extended/unzip/unzip/CVE-2022-0529.patch
create mode 100644 meta/recipes-extended/unzip/unzip/CVE-2022-0530.patch
rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2022.04.08.bb => wireless-regdb_2022.06.06.bb} (94%)
create mode 100644 meta/recipes-support/curl/curl/0001-openssl-fix-CN-check-error-code.patch
rename meta/recipes-support/vim/{vim-tiny_8.2.bb => vim-tiny_9.0.bb} (100%)
rename meta/recipes-support/vim/{vim_8.2.bb => vim_9.0.bb} (100%)
--
2.25.1
^ permalink raw reply [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 00/30] Patch review
@ 2023-07-30 18:00 Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 01/30] libjpeg-turbo: patch CVE-2023-2804 Steve Sakoman
` (30 more replies)
0 siblings, 31 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Tuesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5667
The following changes since commit e7d3e02a624f7ce23d012bb11ad1df2049066b37:
package.bbclass: moving field data process before variable process in process_pkgconfig (2023-07-21 07:14:06 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alexander Kanavin (1):
diffutils: update 3.9 -> 3.10
Andrej Valek (1):
kernel: add missing path to search for debug files
Archana Polampalli (1):
openssh: fix CVE-2023-38408
Benjamin Bouvier (1):
util-linux: add alternative links for ipcs,ipcrm
Hitendra Prajapati (3):
tiff: fix multiple CVEs
tiff: fix multiple CVEs
libtiff: fix CVE-2023-26965 heap-based use after free
Jose Quaresma (2):
openssl: add PERLEXTERNAL path to test its existence
openssl: use a glob on the PERLEXTERNAL to track updates on the path
Khem Raj (1):
meson.bbclass: Point to llvm-config from native sysroot
Martin Jansa (1):
libxcrypt: fix build with perl-5.38 and use master branch
Ovidiu Panait (4):
mdadm: fix util-linux ptest dependency
mdadm: fix 07revert-inplace ptest
mdadm: fix segfaults when running ptests
mdadm: skip running known broken ptests
Peter Marko (2):
libjpeg-turbo: patch CVE-2023-2804
python3: ignore CVE-2023-36632
Quentin Schulz (1):
uboot-extlinux-config.bbclass: fix old override syntax in comment
Ross Burton (2):
python3: fix missing comma in get_module_deps3.py
oeqa/runtime/cases/rpm: fix wait_for_no_process_for_user failure case
Sundeep KOKKONDA (1):
gcc : upgrade to v11.4
Tim Orling (1):
python3: upgrade 3.10.9 -> 3.10.12
Vivek Kumbhar (1):
go: fix CVE-2023-29406 net/http insufficient sanitization of Host
header
Wang Mingyu (3):
libassuan: upgrade 2.5.5 -> 2.5.6
libksba: upgrade 1.6.3 -> 1.6.4
lttng-ust: upgrade 2.13.5 -> 2.13.6
Yoann Congal (2):
recipetool: Fix inherit in created -native* recipes
oeqa/selftest/devtool: add unit test for "devtool add -b"
Yogita Urade (1):
dmidecode: fix CVE-2023-30630
Yuta Hayama (1):
systemd-systemctl: fix errors in instance name expansion
meta/classes/kernel.bbclass | 1 +
meta/classes/meson.bbclass | 1 +
meta/classes/uboot-extlinux-config.bbclass | 8 +-
meta/conf/distro/include/maintainers.inc | 2 +-
meta/lib/oeqa/runtime/cases/rpm.py | 4 +-
meta/lib/oeqa/selftest/cases/devtool.py | 32 +
.../openssh/openssh/CVE-2023-38408-0001.patch | 585 ++++++++++++++++++
.../openssh/openssh/CVE-2023-38408-0002.patch | 173 ++++++
.../openssh/openssh/CVE-2023-38408-0003.patch | 36 ++
.../openssh/openssh/CVE-2023-38408-0004.patch | 114 ++++
.../openssh/openssh_8.9p1.bb | 4 +
.../openssl/openssl_3.0.9.bb | 4 +-
...ommon.pm-compatible-with-latest-perl.patch | 50 ++
...ve-smartmatch-usage-from-gen-crypt-h.patch | 62 ++
meta/recipes-core/libxcrypt/libxcrypt.inc | 7 +-
.../systemd/systemd-systemctl/systemctl | 2 +-
.../util-linux/util-linux_2.37.4.bb | 2 +
.../dmidecode/CVE-2023-30630_1.patch | 237 +++++++
.../dmidecode/CVE-2023-30630_2.patch | 80 +++
.../dmidecode/CVE-2023-30630_3.patch | 69 +++
.../dmidecode/CVE-2023-30630_4.patch | 137 ++++
.../dmidecode/dmidecode_3.3.bb | 4 +
.../gcc/{gcc-11.3.inc => gcc-11.4.inc} | 6 +-
...ian_11.3.bb => gcc-cross-canadian_11.4.bb} | 0
.../{gcc-cross_11.3.bb => gcc-cross_11.4.bb} | 0
...-crosssdk_11.3.bb => gcc-crosssdk_11.4.bb} | 0
...cc-runtime_11.3.bb => gcc-runtime_11.4.bb} | 0
...itizers_11.3.bb => gcc-sanitizers_11.4.bb} | 0
...{gcc-source_11.3.bb => gcc-source_11.4.bb} | 0
...rch64-Update-Neoverse-N2-core-defini.patch | 20 +-
...rm-add-armv9-a-architecture-to-march.patch | 54 +-
...AMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch | 102 +--
...s-fix-v4bx-to-linker-to-support-EABI.patch | 6 +-
.../gcc/{gcc_11.3.bb => gcc_11.4.bb} | 0
...initial_11.3.bb => libgcc-initial_11.4.bb} | 0
.../gcc/{libgcc_11.3.bb => libgcc_11.4.bb} | 0
...ibgfortran_11.3.bb => libgfortran_11.4.bb} | 0
meta/recipes-devtools/go/go-1.17.13.inc | 1 +
.../go/go-1.18/CVE-2023-29406.patch | 210 +++++++
.../python/python3/cve-2023-24329.patch | 50 --
.../python/python3/get_module_deps3.py | 2 +-
.../{python3_3.10.9.bb => python3_3.10.12.bb} | 7 +-
...001-Skip-strip-trailing-cr-test-case.patch | 19 +-
.../{diffutils_3.9.bb => diffutils_3.10.bb} | 2 +-
...anup-validate_geometry_ddf_container.patch | 148 +++++
...nter-dereference-in-validate_geometr.patch | 56 ++
...se-after-close-bug-by-closing-after-.patch | 91 +++
...gfault-when-calling-NULL-get_bad_blo.patch | 42 ++
...Mark-and-ignore-broken-test-failures.patch | 128 ++++
...dd-broken-files-for-all-broken-tests.patch | 454 ++++++++++++++
meta/recipes-extended/mdadm/files/run-ptest | 2 +-
meta/recipes-extended/mdadm/mdadm_4.2.bb | 9 +-
.../jpeg/files/CVE-2023-2804-1.patch | 103 +++
.../jpeg/files/CVE-2023-2804-2.patch | 75 +++
.../jpeg/libjpeg-turbo_2.1.5.1.bb | 2 +
...ttng-ust_2.13.5.bb => lttng-ust_2.13.6.bb} | 2 +-
.../CVE-2023-0795_0796_0797_0798_0799.patch | 162 +++++
.../libtiff/tiff/CVE-2023-25433.patch | 195 ++++++
.../tiff/CVE-2023-25434-CVE-2023-25435.patch | 94 +++
.../libtiff/tiff/CVE-2023-26965.patch | 97 +++
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 4 +
...{libassuan_2.5.5.bb => libassuan_2.5.6.bb} | 2 +-
.../{libksba_1.6.3.bb => libksba_1.6.4.bb} | 2 +-
scripts/lib/recipetool/create.py | 4 +
64 files changed, 3585 insertions(+), 180 deletions(-)
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0001.patch
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0002.patch
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0003.patch
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0004.patch
create mode 100644 meta/recipes-core/libxcrypt/files/0001-Make-BuildCommon.pm-compatible-with-latest-perl.patch
create mode 100644 meta/recipes-core/libxcrypt/files/0002-Remove-smartmatch-usage-from-gen-crypt-h.patch
create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1.patch
create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch
create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_3.patch
create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch
rename meta/recipes-devtools/gcc/{gcc-11.3.inc => gcc-11.4.inc} (97%)
rename meta/recipes-devtools/gcc/{gcc-cross-canadian_11.3.bb => gcc-cross-canadian_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-cross_11.3.bb => gcc-cross_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-crosssdk_11.3.bb => gcc-crosssdk_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-runtime_11.3.bb => gcc-runtime_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-sanitizers_11.3.bb => gcc-sanitizers_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-source_11.3.bb => gcc-source_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc_11.3.bb => gcc_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{libgcc-initial_11.3.bb => libgcc-initial_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{libgcc_11.3.bb => libgcc_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{libgfortran_11.3.bb => libgfortran_11.4.bb} (100%)
create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2023-29406.patch
delete mode 100644 meta/recipes-devtools/python/python3/cve-2023-24329.patch
rename meta/recipes-devtools/python/{python3_3.10.9.bb => python3_3.10.12.bb} (98%)
rename meta/recipes-extended/diffutils/{diffutils_3.9.bb => diffutils_3.10.bb} (93%)
create mode 100644 meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch
create mode 100644 meta/recipes-extended/mdadm/files/0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch
create mode 100644 meta/recipes-extended/mdadm/files/0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch
create mode 100644 meta/recipes-extended/mdadm/files/0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch
create mode 100644 meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch
create mode 100644 meta/recipes-extended/mdadm/files/0006-tests-Add-broken-files-for-all-broken-tests.patch
create mode 100644 meta/recipes-graphics/jpeg/files/CVE-2023-2804-1.patch
create mode 100644 meta/recipes-graphics/jpeg/files/CVE-2023-2804-2.patch
rename meta/recipes-kernel/lttng/{lttng-ust_2.13.5.bb => lttng-ust_2.13.6.bb} (95%)
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-0795_0796_0797_0798_0799.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-25433.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-25434-CVE-2023-25435.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-26965.patch
rename meta/recipes-support/libassuan/{libassuan_2.5.5.bb => libassuan_2.5.6.bb} (93%)
rename meta/recipes-support/libksba/{libksba_1.6.3.bb => libksba_1.6.4.bb} (94%)
--
2.34.1
^ permalink raw reply [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 01/30] libjpeg-turbo: patch CVE-2023-2804
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 02/30] python3: ignore CVE-2023-36632 Steve Sakoman
` (29 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Relevant links:
* linked fronm NVD:
* https://github.com/libjpeg-turbo/libjpeg-turbo/issues/668#issuecomment-1492586118
* follow-up analysis:
* https://github.com/libjpeg-turbo/libjpeg-turbo/issues/668#issuecomment-1496473989
* picked commits fix all issues mentioned in this analysis
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../jpeg/files/CVE-2023-2804-1.patch | 103 ++++++++++++++++++
.../jpeg/files/CVE-2023-2804-2.patch | 75 +++++++++++++
.../jpeg/libjpeg-turbo_2.1.5.1.bb | 2 +
3 files changed, 180 insertions(+)
create mode 100644 meta/recipes-graphics/jpeg/files/CVE-2023-2804-1.patch
create mode 100644 meta/recipes-graphics/jpeg/files/CVE-2023-2804-2.patch
diff --git a/meta/recipes-graphics/jpeg/files/CVE-2023-2804-1.patch b/meta/recipes-graphics/jpeg/files/CVE-2023-2804-1.patch
new file mode 100644
index 0000000000..fd8a66bca7
--- /dev/null
+++ b/meta/recipes-graphics/jpeg/files/CVE-2023-2804-1.patch
@@ -0,0 +1,103 @@
+From 42ce199c9cfe129e5e21afd48dfe757a6acf87c4 Mon Sep 17 00:00:00 2001
+From: DRC <information@libjpeg-turbo.org>
+Date: Tue, 4 Apr 2023 19:06:20 -0500
+Subject: [PATCH] Decomp: Don't enable 2-pass color quant w/ RGB565
+
+The 2-pass color quantization algorithm assumes 3-sample pixels. RGB565
+is the only 3-component colorspace that doesn't have 3-sample pixels, so
+we need to treat it as a special case when determining whether to enable
+2-pass color quantization. Otherwise, attempting to initialize 2-pass
+color quantization with an RGB565 output buffer could cause
+prescan_quantize() to read from uninitialized memory and subsequently
+underflow/overflow the histogram array.
+
+djpeg is supposed to fail gracefully if both -rgb565 and -colors are
+specified, because none of its destination managers (image writers)
+support color quantization with RGB565. However, prescan_quantize() was
+called before that could occur. It is possible but very unlikely that
+these issues could have been reproduced in applications other than
+djpeg. The issues involve the use of two features (12-bit precision and
+RGB565) that are incompatible, and they also involve the use of two
+rarely-used legacy features (RGB565 and color quantization) that don't
+make much sense when combined.
+
+Fixes #668
+Fixes #671
+Fixes #680
+
+CVE: CVE-2023-2804
+Upstream-Status: Backport [https://github.com/libjpeg-turbo/libjpeg-turbo/commit/42ce199c9cfe129e5e21afd48dfe757a6acf87c4]
+
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ ChangeLog.md | 12 ++++++++++++
+ jdmaster.c | 5 +++--
+ jquant2.c | 5 +++--
+ 3 files changed, 18 insertions(+), 4 deletions(-)
+
+diff --git a/ChangeLog.md b/ChangeLog.md
+index 1c1e6538a..f1bfb3d87 100644
+--- a/ChangeLog.md
++++ b/ChangeLog.md
+@@ -1,3 +1,15 @@
++2.1.6
++=====
++
++### Significant changes relative to 2.1.5.1:
++
++1. Fixed an oversight in 1.4 beta1[8] that caused various segfaults and buffer
++overruns when attempting to decompress various specially-crafted malformed
++12-bit-per-component JPEG images using a 12-bit-per-component build of djpeg
++(`-DWITH_12BIT=1`) with both color quantization and RGB565 color conversion
++enabled.
++
++
+ 2.1.5.1
+ =======
+
+diff --git a/jdmaster.c b/jdmaster.c
+index a3690bf56..a9446adfd 100644
+--- a/jdmaster.c
++++ b/jdmaster.c
+@@ -5,7 +5,7 @@
+ * Copyright (C) 1991-1997, Thomas G. Lane.
+ * Modified 2002-2009 by Guido Vollbeding.
+ * libjpeg-turbo Modifications:
+- * Copyright (C) 2009-2011, 2016, 2019, 2022, D. R. Commander.
++ * Copyright (C) 2009-2011, 2016, 2019, 2022-2023, D. R. Commander.
+ * Copyright (C) 2013, Linaro Limited.
+ * Copyright (C) 2015, Google, Inc.
+ * For conditions of distribution and use, see the accompanying README.ijg
+@@ -480,7 +480,8 @@ master_selection(j_decompress_ptr cinfo)
+ if (cinfo->raw_data_out)
+ ERREXIT(cinfo, JERR_NOTIMPL);
+ /* 2-pass quantizer only works in 3-component color space. */
+- if (cinfo->out_color_components != 3) {
++ if (cinfo->out_color_components != 3 ||
++ cinfo->out_color_space == JCS_RGB565) {
+ cinfo->enable_1pass_quant = TRUE;
+ cinfo->enable_external_quant = FALSE;
+ cinfo->enable_2pass_quant = FALSE;
+diff --git a/jquant2.c b/jquant2.c
+index 44efb18ca..1c14ef763 100644
+--- a/jquant2.c
++++ b/jquant2.c
+@@ -4,7 +4,7 @@
+ * This file was part of the Independent JPEG Group's software:
+ * Copyright (C) 1991-1996, Thomas G. Lane.
+ * libjpeg-turbo Modifications:
+- * Copyright (C) 2009, 2014-2015, 2020, D. R. Commander.
++ * Copyright (C) 2009, 2014-2015, 2020, 2023, D. R. Commander.
+ * For conditions of distribution and use, see the accompanying README.ijg
+ * file.
+ *
+@@ -1230,7 +1230,8 @@ jinit_2pass_quantizer(j_decompress_ptr cinfo)
+ cquantize->error_limiter = NULL;
+
+ /* Make sure jdmaster didn't give me a case I can't handle */
+- if (cinfo->out_color_components != 3)
++ if (cinfo->out_color_components != 3 ||
++ cinfo->out_color_space == JCS_RGB565)
+ ERREXIT(cinfo, JERR_NOTIMPL);
+
+ /* Allocate the histogram/inverse colormap storage */
diff --git a/meta/recipes-graphics/jpeg/files/CVE-2023-2804-2.patch b/meta/recipes-graphics/jpeg/files/CVE-2023-2804-2.patch
new file mode 100644
index 0000000000..af955a72f6
--- /dev/null
+++ b/meta/recipes-graphics/jpeg/files/CVE-2023-2804-2.patch
@@ -0,0 +1,75 @@
+From 2e1b8a462f7f9f9bf6cd25a8516caa8203cc4593 Mon Sep 17 00:00:00 2001
+From: DRC <information@libjpeg-turbo.org>
+Date: Thu, 6 Apr 2023 18:33:41 -0500
+Subject: [PATCH] jpeg_crop_scanline: Fix calc w/sclg + 2x4,4x2 samp
+
+When computing the downsampled width for a particular component,
+jpeg_crop_scanline() needs to take into account the fact that the
+libjpeg code uses a combination of IDCT scaling and upsampling to
+implement 4x2 and 2x4 upsampling with certain decompression scaling
+factors. Failing to account for that led to incomplete upsampling of
+4x2- or 2x4-subsampled components, which caused the color converter to
+read from uninitialized memory. With 12-bit data precision, this caused
+a buffer overrun or underrun and subsequent segfault if the
+uninitialized memory contained a value that was outside of the valid
+sample range (because the color converter uses the value as an array
+index.)
+
+Fixes #669
+
+CVE: CVE-2023-2804
+Upstream-Status: Backport [https://github.com/libjpeg-turbo/libjpeg-turbo/commit/2e1b8a462f7f9f9bf6cd25a8516caa8203cc4593]
+
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ ChangeLog.md | 8 ++++++++
+ jdapistd.c | 10 ++++++----
+ 2 files changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/ChangeLog.md b/ChangeLog.md
+index f1bfb3d87..0a075c3c5 100644
+--- a/ChangeLog.md
++++ b/ChangeLog.md
+@@ -9,6 +9,14 @@ overruns when attempting to decompress various specially-crafted malformed
+ (`-DWITH_12BIT=1`) with both color quantization and RGB565 color conversion
+ enabled.
+
++2. Fixed an issue whereby `jpeg_crop_scanline()` sometimes miscalculated the
++downsampled width for components with 4x2 or 2x4 subsampling factors if
++decompression scaling was enabled. This caused the components to be upsampled
++incompletely, which caused the color converter to read from uninitialized
++memory. With 12-bit data precision, this caused a buffer overrun or underrun
++and subsequent segfault if the sample value read from unitialized memory was
++outside of the valid sample range.
++
+
+ 2.1.5.1
+ =======
+diff --git a/jdapistd.c b/jdapistd.c
+index 02cd0cb93..96cded112 100644
+--- a/jdapistd.c
++++ b/jdapistd.c
+@@ -4,7 +4,7 @@
+ * This file was part of the Independent JPEG Group's software:
+ * Copyright (C) 1994-1996, Thomas G. Lane.
+ * libjpeg-turbo Modifications:
+- * Copyright (C) 2010, 2015-2020, 2022, D. R. Commander.
++ * Copyright (C) 2010, 2015-2020, 2022-2023, D. R. Commander.
+ * Copyright (C) 2015, Google, Inc.
+ * For conditions of distribution and use, see the accompanying README.ijg
+ * file.
+@@ -236,9 +236,11 @@ jpeg_crop_scanline(j_decompress_ptr cinfo, JDIMENSION *xoffset,
+ /* Set downsampled_width to the new output width. */
+ orig_downsampled_width = compptr->downsampled_width;
+ compptr->downsampled_width =
+- (JDIMENSION)jdiv_round_up((long)(cinfo->output_width *
+- compptr->h_samp_factor),
+- (long)cinfo->max_h_samp_factor);
++ (JDIMENSION)jdiv_round_up((long)cinfo->output_width *
++ (long)(compptr->h_samp_factor *
++ compptr->_DCT_scaled_size),
++ (long)(cinfo->max_h_samp_factor *
++ cinfo->_min_DCT_scaled_size));
+ if (compptr->downsampled_width < 2 && orig_downsampled_width >= 2)
+ reinit_upsampler = TRUE;
+
diff --git a/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.5.1.bb b/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.5.1.bb
index e086830c02..86bf471eea 100644
--- a/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.5.1.bb
+++ b/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.5.1.bb
@@ -12,6 +12,8 @@ DEPENDS:append:x86:class-target = " nasm-native"
SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz \
file://0001-libjpeg-turbo-fix-package_qa-error.patch \
+ file://CVE-2023-2804-1.patch \
+ file://CVE-2023-2804-2.patch \
"
SRC_URI[sha256sum] = "2fdc3feb6e9deb17adec9bafa3321419aa19f8f4e5dea7bf8486844ca22207bf"
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 02/30] python3: ignore CVE-2023-36632
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 01/30] libjpeg-turbo: patch CVE-2023-2804 Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 03/30] tiff: fix multiple CVEs Steve Sakoman
` (28 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
This CVE shouldn't have been filed as the "exploit" is described in the
documentation as how the library behaves.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c652f094d86c4efb7ff99accba63b8169493ab18)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/python/python3_3.10.9.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-devtools/python/python3_3.10.9.bb b/meta/recipes-devtools/python/python3_3.10.9.bb
index 867958c0fb..4ecc7614bb 100644
--- a/meta/recipes-devtools/python/python3_3.10.9.bb
+++ b/meta/recipes-devtools/python/python3_3.10.9.bb
@@ -61,6 +61,8 @@ CVE_CHECK_IGNORE += "CVE-2020-15523 CVE-2022-26488"
# The mailcap module is insecure by design, so this can't be fixed in a meaningful way.
# The module will be removed in the future and flaws documented.
CVE_CHECK_IGNORE += "CVE-2015-20107"
+# Not an issue, in fact expected behaviour
+CVE_CHECK_IGNORE += "CVE-2023-36632"
PYTHON_MAJMIN = "3.10"
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 03/30] tiff: fix multiple CVEs
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 01/30] libjpeg-turbo: patch CVE-2023-2804 Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 02/30] python3: ignore CVE-2023-36632 Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 04/30] go: fix CVE-2023-29406 net/http insufficient sanitization of Host header Steve Sakoman
` (27 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Bug-Debian: https://bugs.debian.org/1031632
Origin: https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68
import from debian http://security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.1.0+git191117-2~deb10u7.debian.tar.xz
fix multiple CVEs:
CVE-2023-0795
CVE-2023-0796
CVE-2023-0797
CVE-2023-0798
CVE-2023-0799
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../CVE-2023-0795_0796_0797_0798_0799.patch | 162 ++++++++++++++++++
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 1 +
2 files changed, 163 insertions(+)
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-0795_0796_0797_0798_0799.patch
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-0795_0796_0797_0798_0799.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-0795_0796_0797_0798_0799.patch
new file mode 100644
index 0000000000..498d5ec8ab
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-0795_0796_0797_0798_0799.patch
@@ -0,0 +1,162 @@
+From 7808740e100ba30ffb791044f3b14dec3e85ed6f Mon Sep 17 00:00:00 2001
+From: Markus Koschany <apo@debian.org>
+Date: Tue, 21 Feb 2023 14:26:43 +0100
+Subject: [PATCH] CVE-2023-0795
+
+This is also the fix for CVE-2023-0796, CVE-2023-0797, CVE-2023-0798,
+CVE-2023-0799.
+
+Bug-Debian: https://bugs.debian.org/1031632
+Origin: https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68
+
+Upstream-Status: Backport [import from debian http://security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.1.0+git191117-2~deb10u7.debian.tar.xz ]
+CVE: CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ tools/tiffcrop.c | 51 ++++++++++++++++++++++++++++--------------------
+ 1 file changed, 30 insertions(+), 21 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index adf0f84..deba170 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -269,7 +269,6 @@ struct region {
+ uint32_t width; /* width in pixels */
+ uint32_t length; /* length in pixels */
+ uint32_t buffsize; /* size of buffer needed to hold the cropped region */
+- unsigned char *buffptr; /* address of start of the region */
+ };
+
+ /* Cropping parameters from command line and image data
+@@ -524,7 +523,7 @@ static int rotateContigSamples24bits(uint16_t, uint16_t, uint16_t, uint32_t,
+ static int rotateContigSamples32bits(uint16_t, uint16_t, uint16_t, uint32_t,
+ uint32_t, uint32_t, uint8_t *, uint8_t *);
+ static int rotateImage(uint16_t, struct image_data *, uint32_t *, uint32_t *,
+- unsigned char **);
++ unsigned char **, int);
+ static int mirrorImage(uint16_t, uint16_t, uint16_t, uint32_t, uint32_t,
+ unsigned char *);
+ static int invertImage(uint16_t, uint16_t, uint16_t, uint32_t, uint32_t,
+@@ -5219,7 +5218,6 @@ initCropMasks (struct crop_mask *cps)
+ cps->regionlist[i].width = 0;
+ cps->regionlist[i].length = 0;
+ cps->regionlist[i].buffsize = 0;
+- cps->regionlist[i].buffptr = NULL;
+ cps->zonelist[i].position = 0;
+ cps->zonelist[i].total = 0;
+ }
+@@ -6511,8 +6509,13 @@ static int correct_orientation(struct image_data *image, unsigned char **work_b
+ (uint16_t) (image->adjustments & ROTATE_ANY));
+ return (-1);
+ }
+-
+- if (rotateImage(rotation, image, &image->width, &image->length, work_buff_ptr))
++
++ /* Dummy variable in order not to switch two times the
++ * image->width,->length within rotateImage(),
++ * but switch xres, yres there. */
++ uint32_t width = image->width;
++ uint32_t length = image->length;
++ if (rotateImage(rotation, image, &width, &length, work_buff_ptr, TRUE))
+ {
+ TIFFError ("correct_orientation", "Unable to rotate image");
+ return (-1);
+@@ -6580,7 +6583,6 @@ extractCompositeRegions(struct image_data *image, struct crop_mask *crop,
+ /* These should not be needed for composite images */
+ crop->regionlist[i].width = crop_width;
+ crop->regionlist[i].length = crop_length;
+- crop->regionlist[i].buffptr = crop_buff;
+
+ src_rowsize = ((img_width * bps * spp) + 7) / 8;
+ dst_rowsize = (((crop_width * bps * count) + 7) / 8);
+@@ -6817,7 +6819,6 @@ extractSeparateRegion(struct image_data *image, struct crop_mask *crop,
+
+ crop->regionlist[region].width = crop_width;
+ crop->regionlist[region].length = crop_length;
+- crop->regionlist[region].buffptr = crop_buff;
+
+ src = read_buff;
+ dst = crop_buff;
+@@ -7695,7 +7696,7 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
+ if (crop->crop_mode & CROP_ROTATE) /* rotate should be last as it can reallocate the buffer */
+ {
+ if (rotateImage(crop->rotation, image, &crop->combined_width,
+- &crop->combined_length, &crop_buff))
++ &crop->combined_length, &crop_buff, FALSE))
+ {
+ TIFFError("processCropSelections",
+ "Failed to rotate composite regions by %"PRIu32" degrees", crop->rotation);
+@@ -7805,7 +7806,7 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
+ * ToDo: Therefore rotateImage() and its usage has to be reworked (e.g. like mirrorImage()) !!
+ */
+ if (rotateImage(crop->rotation, image, &crop->regionlist[i].width,
+- &crop->regionlist[i].length, &crop_buff))
++ &crop->regionlist[i].length, &crop_buff, FALSE))
+ {
+ TIFFError("processCropSelections",
+ "Failed to rotate crop region by %"PRIu16" degrees", crop->rotation);
+@@ -7937,7 +7938,7 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop,
+ if (crop->crop_mode & CROP_ROTATE) /* rotate should be last as it can reallocate the buffer */
+ {
+ if (rotateImage(crop->rotation, image, &crop->combined_width,
+- &crop->combined_length, crop_buff_ptr))
++ &crop->combined_length, crop_buff_ptr, TRUE))
+ {
+ TIFFError("createCroppedImage",
+ "Failed to rotate image or cropped selection by %"PRIu16" degrees", crop->rotation);
+@@ -8600,7 +8601,7 @@ rotateContigSamples32bits(uint16_t rotation, uint16_t spp, uint16_t bps, uint32_
+ /* Rotate an image by a multiple of 90 degrees clockwise */
+ static int
+ rotateImage(uint16_t rotation, struct image_data *image, uint32_t *img_width,
+- uint32_t *img_length, unsigned char **ibuff_ptr)
++ uint32_t *img_length, unsigned char **ibuff_ptr, int rot_image_params)
+ {
+ int shift_width;
+ uint32_t bytes_per_pixel, bytes_per_sample;
+@@ -8791,11 +8792,15 @@ rotateImage(uint16_t rotation, struct image_data *image, uint32_t *img_width,
+
+ *img_width = length;
+ *img_length = width;
+- image->width = length;
+- image->length = width;
+- res_temp = image->xres;
+- image->xres = image->yres;
+- image->yres = res_temp;
++ /* Only toggle image parameters if whole input image is rotated. */
++ if (rot_image_params)
++ {
++ image->width = length;
++ image->length = width;
++ res_temp = image->xres;
++ image->xres = image->yres;
++ image->yres = res_temp;
++ }
+ break;
+
+ case 270: if ((bps % 8) == 0) /* byte aligned data */
+@@ -8868,11 +8873,15 @@ rotateImage(uint16_t rotation, struct image_data *image, uint32_t *img_width,
+
+ *img_width = length;
+ *img_length = width;
+- image->width = length;
+- image->length = width;
+- res_temp = image->xres;
+- image->xres = image->yres;
+- image->yres = res_temp;
++ /* Only toggle image parameters if whole input image is rotated. */
++ if (rot_image_params)
++ {
++ image->width = length;
++ image->length = width;
++ res_temp = image->xres;
++ image->xres = image->yres;
++ image->yres = res_temp;
++ }
+ break;
+ default:
+ break;
+--
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
index 4bd485a10a..2be25756bc 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -34,6 +34,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
file://0001-tiffcrop-subroutines-require-a-larger-buffer-fixes-2.patch \
file://CVE-2022-48281.patch \
file://CVE-2023-0800_0801_0802_0803_0804.patch \
+ file://CVE-2023-0795_0796_0797_0798_0799.patch \
"
SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 04/30] go: fix CVE-2023-29406 net/http insufficient sanitization of Host header
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (2 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 03/30] tiff: fix multiple CVEs Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 05/30] tiff: fix multiple CVEs Steve Sakoman
` (26 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/go/go-1.17.13.inc | 1 +
.../go/go-1.18/CVE-2023-29406.patch | 210 ++++++++++++++++++
2 files changed, 211 insertions(+)
create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2023-29406.patch
diff --git a/meta/recipes-devtools/go/go-1.17.13.inc b/meta/recipes-devtools/go/go-1.17.13.inc
index 73921852fc..36904a92fb 100644
--- a/meta/recipes-devtools/go/go-1.17.13.inc
+++ b/meta/recipes-devtools/go/go-1.17.13.inc
@@ -36,6 +36,7 @@ SRC_URI += "\
file://CVE-2023-29405.patch \
file://CVE-2023-29402.patch \
file://CVE-2023-29400.patch \
+ file://CVE-2023-29406.patch \
"
SRC_URI[main.sha256sum] = "a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784ada0cd300fd"
diff --git a/meta/recipes-devtools/go/go-1.18/CVE-2023-29406.patch b/meta/recipes-devtools/go/go-1.18/CVE-2023-29406.patch
new file mode 100644
index 0000000000..a326cda5c4
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.18/CVE-2023-29406.patch
@@ -0,0 +1,210 @@
+From 5fa6923b1ea891400153d04ddf1545e23b40041b Mon Sep 17 00:00:00 2001
+From: Damien Neil <dneil@google.com>
+Date: Wed, 28 Jun 2023 13:20:08 -0700
+Subject: [PATCH] [release-branch.go1.19] net/http: validate Host header before
+ sending
+
+Verify that the Host header we send is valid.
+Avoids surprising behavior such as a Host of "go.dev\r\nX-Evil:oops"
+adding an X-Evil header to HTTP/1 requests.
+
+Add a test, skip the test for HTTP/2. HTTP/2 is not vulnerable to
+header injection in the way HTTP/1 is, but x/net/http2 doesn't validate
+the header and will go into a retry loop when the server rejects it.
+CL 506995 adds the necessary validation to x/net/http2.
+
+Updates #60374
+Fixes #61075
+For CVE-2023-29406
+
+Change-Id: I05cb6866a9bead043101954dfded199258c6dd04
+Reviewed-on: https://go-review.googlesource.com/c/go/+/506996
+Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
+TryBot-Result: Gopher Robot <gobot@golang.org>
+Run-TryBot: Damien Neil <dneil@google.com>
+(cherry picked from commit 499458f7ca04087958987a33c2703c3ef03e27e2)
+Reviewed-on: https://go-review.googlesource.com/c/go/+/507358
+Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
+Reviewed-by: Roland Shoemaker <roland@golang.org>
+
+Upstream-Status: Backport [https://github.com/golang/go/commit/5fa6923b1ea891400153d04ddf1545e23b40041b]
+CVE: CVE-2023-29406
+Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
+---
+ src/net/http/http_test.go | 29 ----------------------
+ src/net/http/request.go | 45 ++++++++--------------------------
+ src/net/http/request_test.go | 11 ++-------
+ src/net/http/transport_test.go | 18 ++++++++++++++
+ 4 files changed, 30 insertions(+), 73 deletions(-)
+
+diff --git a/src/net/http/http_test.go b/src/net/http/http_test.go
+index 0d92fe5..f03272a 100644
+--- a/src/net/http/http_test.go
++++ b/src/net/http/http_test.go
+@@ -48,35 +48,6 @@ func TestForeachHeaderElement(t *testing.T) {
+ }
+ }
+
+-func TestCleanHost(t *testing.T) {
+- tests := []struct {
+- in, want string
+- }{
+- {"www.google.com", "www.google.com"},
+- {"www.google.com foo", "www.google.com"},
+- {"www.google.com/foo", "www.google.com"},
+- {" first character is a space", ""},
+- {"[1::6]:8080", "[1::6]:8080"},
+-
+- // Punycode:
+- {"гофер.рф/foo", "xn--c1ae0ajs.xn--p1ai"},
+- {"bücher.de", "xn--bcher-kva.de"},
+- {"bücher.de:8080", "xn--bcher-kva.de:8080"},
+- // Verify we convert to lowercase before punycode:
+- {"BÜCHER.de", "xn--bcher-kva.de"},
+- {"BÜCHER.de:8080", "xn--bcher-kva.de:8080"},
+- // Verify we normalize to NFC before punycode:
+- {"gophér.nfc", "xn--gophr-esa.nfc"}, // NFC input; no work needed
+- {"goph\u0065\u0301r.nfd", "xn--gophr-esa.nfd"}, // NFD input
+- }
+- for _, tt := range tests {
+- got := cleanHost(tt.in)
+- if tt.want != got {
+- t.Errorf("cleanHost(%q) = %q, want %q", tt.in, got, tt.want)
+- }
+- }
+-}
+-
+ // Test that cmd/go doesn't link in the HTTP server.
+ //
+ // This catches accidental dependencies between the HTTP transport and
+diff --git a/src/net/http/request.go b/src/net/http/request.go
+index 09cb0c7..2f4e740 100644
+--- a/src/net/http/request.go
++++ b/src/net/http/request.go
+@@ -17,7 +17,6 @@ import (
+ "io"
+ "mime"
+ "mime/multipart"
+- "net"
+ "net/http/httptrace"
+ "net/http/internal/ascii"
+ "net/textproto"
+@@ -27,6 +26,7 @@ import (
+ "strings"
+ "sync"
+
++ "golang.org/x/net/http/httpguts"
+ "golang.org/x/net/idna"
+ )
+
+@@ -568,12 +568,19 @@ func (r *Request) write(w io.Writer, usingProxy bool, extraHeaders Header, waitF
+ // is not given, use the host from the request URL.
+ //
+ // Clean the host, in case it arrives with unexpected stuff in it.
+- host := cleanHost(r.Host)
++ host := r.Host
+ if host == "" {
+ if r.URL == nil {
+ return errMissingHost
+ }
+- host = cleanHost(r.URL.Host)
++ host = r.URL.Host
++ }
++ host, err = httpguts.PunycodeHostPort(host)
++ if err != nil {
++ return err
++ }
++ if !httpguts.ValidHostHeader(host) {
++ return errors.New("http: invalid Host header")
+ }
+
+ // According to RFC 6874, an HTTP client, proxy, or other
+@@ -730,38 +737,6 @@ func idnaASCII(v string) (string, error) {
+ return idna.Lookup.ToASCII(v)
+ }
+
+-// cleanHost cleans up the host sent in request's Host header.
+-//
+-// It both strips anything after '/' or ' ', and puts the value
+-// into Punycode form, if necessary.
+-//
+-// Ideally we'd clean the Host header according to the spec:
+-// https://tools.ietf.org/html/rfc7230#section-5.4 (Host = uri-host [ ":" port ]")
+-// https://tools.ietf.org/html/rfc7230#section-2.7 (uri-host -> rfc3986's host)
+-// https://tools.ietf.org/html/rfc3986#section-3.2.2 (definition of host)
+-// But practically, what we are trying to avoid is the situation in
+-// issue 11206, where a malformed Host header used in the proxy context
+-// would create a bad request. So it is enough to just truncate at the
+-// first offending character.
+-func cleanHost(in string) string {
+- if i := strings.IndexAny(in, " /"); i != -1 {
+- in = in[:i]
+- }
+- host, port, err := net.SplitHostPort(in)
+- if err != nil { // input was just a host
+- a, err := idnaASCII(in)
+- if err != nil {
+- return in // garbage in, garbage out
+- }
+- return a
+- }
+- a, err := idnaASCII(host)
+- if err != nil {
+- return in // garbage in, garbage out
+- }
+- return net.JoinHostPort(a, port)
+-}
+-
+ // removeZone removes IPv6 zone identifier from host.
+ // E.g., "[fe80::1%en0]:8080" to "[fe80::1]:8080"
+ func removeZone(host string) string {
+diff --git a/src/net/http/request_test.go b/src/net/http/request_test.go
+index fac12b7..368e87a 100644
+--- a/src/net/http/request_test.go
++++ b/src/net/http/request_test.go
+@@ -776,15 +776,8 @@ func TestRequestBadHost(t *testing.T) {
+ }
+ req.Host = "foo.com with spaces"
+ req.URL.Host = "foo.com with spaces"
+- req.Write(logWrites{t, &got})
+- want := []string{
+- "GET /after HTTP/1.1\r\n",
+- "Host: foo.com\r\n",
+- "User-Agent: " + DefaultUserAgent + "\r\n",
+- "\r\n",
+- }
+- if !reflect.DeepEqual(got, want) {
+- t.Errorf("Writes = %q\n Want = %q", got, want)
++ if err := req.Write(logWrites{t, &got}); err == nil {
++ t.Errorf("Writing request with invalid Host: succeded, want error")
+ }
+ }
+
+diff --git a/src/net/http/transport_test.go b/src/net/http/transport_test.go
+index eeaa492..58f12af 100644
+--- a/src/net/http/transport_test.go
++++ b/src/net/http/transport_test.go
+@@ -6512,3 +6512,21 @@ func TestCancelRequestWhenSharingConnection(t *testing.T) {
+ close(r2c)
+ wg.Wait()
+ }
++
++func TestRequestSanitization(t *testing.T) {
++ setParallel(t)
++ defer afterTest(t)
++
++ ts := newClientServerTest(t, h1Mode, HandlerFunc(func(rw ResponseWriter, req *Request) {
++ if h, ok := req.Header["X-Evil"]; ok {
++ t.Errorf("request has X-Evil header: %q", h)
++ }
++ })).ts
++ defer ts.Close()
++ req, _ := NewRequest("GET", ts.URL, nil)
++ req.Host = "go.dev\r\nX-Evil:evil"
++ resp, _ := ts.Client().Do(req)
++ if resp != nil {
++ resp.Body.Close()
++ }
++}
+--
+2.25.1
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 05/30] tiff: fix multiple CVEs
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (3 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 04/30] go: fix CVE-2023-29406 net/http insufficient sanitization of Host header Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 06/30] libtiff: fix CVE-2023-26965 heap-based use after free Steve Sakoman
` (25 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Backport fixes for:
* CVE-2023-25433 - Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/9c22495e5eeeae9e00a1596720c969656bb8d678 && https://gitlab.com/libtiff/libtiff/-/commit/688012dca2c39033aa2dc7bcea9796787cfd1b44
* CVE-2023-25434 & CVE-2023-25435 - Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/69818e2f2d246e6631ac2a2da692c3706b849c38
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libtiff/tiff/CVE-2023-25433.patch | 195 ++++++++++++++++++
.../tiff/CVE-2023-25434-CVE-2023-25435.patch | 94 +++++++++
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 2 +
3 files changed, 291 insertions(+)
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-25433.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-25434-CVE-2023-25435.patch
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-25433.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-25433.patch
new file mode 100644
index 0000000000..285aa3d1c4
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-25433.patch
@@ -0,0 +1,195 @@
+From 9c22495e5eeeae9e00a1596720c969656bb8d678 Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Fri, 3 Feb 2023 15:31:31 +0100
+Subject: [PATCH] CVE-2023-25433
+
+tiffcrop correctly update buffersize after rotateImage()
+fix#520 rotateImage() set up a new buffer and calculates its size
+individually. Therefore, seg_buffs[] size needs to be updated accordingly.
+Before this fix, the seg_buffs buffer size was calculated with a different
+formula than within rotateImage().
+
+Closes #520.
+
+Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/9c22495e5eeeae9e00a1596720c969656bb8d678 && https://gitlab.com/libtiff/libtiff/-/commit/688012dca2c39033aa2dc7bcea9796787cfd1b44]
+CVE: CVE-2023-25433
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ tools/tiffcrop.c | 78 +++++++++++++++++++++++++++++++++++++-----------
+ 1 file changed, 60 insertions(+), 18 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index eee26bf..cbd24cc 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -523,7 +523,7 @@ static int rotateContigSamples24bits(uint16_t, uint16_t, uint16_t, uint32_t,
+ static int rotateContigSamples32bits(uint16_t, uint16_t, uint16_t, uint32_t,
+ uint32_t, uint32_t, uint8_t *, uint8_t *);
+ static int rotateImage(uint16_t, struct image_data *, uint32_t *, uint32_t *,
+- unsigned char **, int);
++ unsigned char **, size_t *);
+ static int mirrorImage(uint16_t, uint16_t, uint16_t, uint32_t, uint32_t,
+ unsigned char *);
+ static int invertImage(uint16_t, uint16_t, uint16_t, uint32_t, uint32_t,
+@@ -6515,7 +6515,7 @@ static int correct_orientation(struct image_data *image, unsigned char **work_b
+ * but switch xres, yres there. */
+ uint32_t width = image->width;
+ uint32_t length = image->length;
+- if (rotateImage(rotation, image, &width, &length, work_buff_ptr, TRUE))
++ if (rotateImage(rotation, image, &width, &length, work_buff_ptr, NULL))
+ {
+ TIFFError ("correct_orientation", "Unable to rotate image");
+ return (-1);
+@@ -7695,16 +7695,19 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
+
+ if (crop->crop_mode & CROP_ROTATE) /* rotate should be last as it can reallocate the buffer */
+ {
++ /* rotateImage() set up a new buffer and calculates its size
++ * individually. Therefore, seg_buffs size needs to be updated
++ * accordingly. */
++ size_t rot_buf_size = 0;
+ if (rotateImage(crop->rotation, image, &crop->combined_width,
+- &crop->combined_length, &crop_buff, FALSE))
++ &crop->combined_length, &crop_buff, &rot_buf_size))
+ {
+ TIFFError("processCropSelections",
+ "Failed to rotate composite regions by %"PRIu32" degrees", crop->rotation);
+ return (-1);
+ }
+ seg_buffs[0].buffer = crop_buff;
+- seg_buffs[0].size = (((crop->combined_width * image->bps + 7 ) / 8)
+- * image->spp) * crop->combined_length;
++ seg_buffs[0].size = rot_buf_size;
+ }
+ }
+ else /* Separated Images */
+@@ -7804,9 +7807,13 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
+ {
+ /* rotateImage() changes image->width, ->length, ->xres and ->yres, what it schouldn't do here, when more than one section is processed.
+ * ToDo: Therefore rotateImage() and its usage has to be reworked (e.g. like mirrorImage()) !!
+- */
+- if (rotateImage(crop->rotation, image, &crop->regionlist[i].width,
+- &crop->regionlist[i].length, &crop_buff, FALSE))
++ * Furthermore, rotateImage() set up a new buffer and calculates
++ * its size individually. Therefore, seg_buffs size needs to be
++ * updated accordingly. */
++ size_t rot_buf_size = 0;
++ if (rotateImage(
++ crop->rotation, image, &crop->regionlist[i].width,
++ &crop->regionlist[i].length, &crop_buff, &rot_buf_size))
+ {
+ TIFFError("processCropSelections",
+ "Failed to rotate crop region by %"PRIu16" degrees", crop->rotation);
+@@ -7817,8 +7824,7 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
+ crop->combined_width = total_width;
+ crop->combined_length = total_length;
+ seg_buffs[i].buffer = crop_buff;
+- seg_buffs[i].size = (((crop->regionlist[i].width * image->bps + 7 ) / 8)
+- * image->spp) * crop->regionlist[i].length;
++ seg_buffs[i].size = rot_buf_size;
+ }
+ } /* for crop->selections loop */
+ } /* Separated Images (else case) */
+@@ -7827,7 +7833,6 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
+
+ /* Copy the crop section of the data from the current image into a buffer
+ * and adjust the IFD values to reflect the new size. If no cropping is
+- * required, use the original read buffer as the crop buffer.
+ *
+ * There is quite a bit of redundancy between this routine and the more
+ * specialized processCropSelections, but this provides
+@@ -7938,7 +7943,7 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop,
+ if (crop->crop_mode & CROP_ROTATE) /* rotate should be last as it can reallocate the buffer */
+ {
+ if (rotateImage(crop->rotation, image, &crop->combined_width,
+- &crop->combined_length, crop_buff_ptr, TRUE))
++ &crop->combined_length, crop_buff_ptr, NULL))
+ {
+ TIFFError("createCroppedImage",
+ "Failed to rotate image or cropped selection by %"PRIu16" degrees", crop->rotation);
+@@ -8600,14 +8605,16 @@ rotateContigSamples32bits(uint16_t rotation, uint16_t spp, uint16_t bps, uint32_
+
+ /* Rotate an image by a multiple of 90 degrees clockwise */
+ static int
+-rotateImage(uint16_t rotation, struct image_data *image, uint32_t *img_width,
+- uint32_t *img_length, unsigned char **ibuff_ptr, int rot_image_params)
++rotateImage(uint16_t rotation, struct image_data *image,
++ uint32_t *img_width,uint32_t *img_length,
++ unsigned char **ibuff_ptr, size_t *rot_buf_size)
+ {
+ int shift_width;
+ uint32_t bytes_per_pixel, bytes_per_sample;
+ uint32_t row, rowsize, src_offset, dst_offset;
+ uint32_t i, col, width, length;
+- uint32_t colsize, buffsize, col_offset, pix_offset;
++ uint32_t colsize, col_offset, pix_offset;
++ tmsize_t buffsize;
+ unsigned char *ibuff;
+ unsigned char *src;
+ unsigned char *dst;
+@@ -8620,12 +8627,41 @@ rotateImage(uint16_t rotation, struct image_data *image, uint32_t *img_width,
+ spp = image->spp;
+ bps = image->bps;
+
++ if ((spp != 0 && bps != 0 &&
++ width > (uint32_t)((UINT32_MAX - 7) / spp / bps)) ||
++ (spp != 0 && bps != 0 &&
++ length > (uint32_t)((UINT32_MAX - 7) / spp / bps)))
++ {
++ TIFFError("rotateImage", "Integer overflow detected.");
++ return (-1);
++ }
++
+ rowsize = ((bps * spp * width) + 7) / 8;
+ colsize = ((bps * spp * length) + 7) / 8;
+ if ((colsize * width) > (rowsize * length))
+- buffsize = (colsize + 1) * width;
++{
++ if (((tmsize_t)colsize + 1) != 0 &&
++ (tmsize_t)width > ((TIFF_TMSIZE_T_MAX - NUM_BUFF_OVERSIZE_BYTES) /
++ ((tmsize_t)colsize + 1)))
++ {
++ TIFFError("rotateImage",
++ "Integer overflow when calculating buffer size.");
++ return (-1);
++ }
++ buffsize = ((tmsize_t)colsize + 1) * width;
++ }
+ else
+- buffsize = (rowsize + 1) * length;
++ {
++ if (((tmsize_t)rowsize + 1) != 0 &&
++ (tmsize_t)length > ((TIFF_TMSIZE_T_MAX - NUM_BUFF_OVERSIZE_BYTES) /
++ ((tmsize_t)rowsize + 1)))
++ {
++ TIFFError("rotateImage",
++ "Integer overflow when calculating buffer size.");
++ return (-1);
++ }
++ buffsize = (rowsize + 1) * length;
++ }
+
+ bytes_per_sample = (bps + 7) / 8;
+ bytes_per_pixel = ((bps * spp) + 7) / 8;
+@@ -8648,11 +8684,17 @@ rotateImage(uint16_t rotation, struct image_data *image, uint32_t *img_width,
+ /* Add 3 padding bytes for extractContigSamplesShifted32bits */
+ if (!(rbuff = (unsigned char *)limitMalloc(buffsize + NUM_BUFF_OVERSIZE_BYTES)))
+ {
+- TIFFError("rotateImage", "Unable to allocate rotation buffer of %1u bytes", buffsize + NUM_BUFF_OVERSIZE_BYTES);
++ TIFFError("rotateImage",
++ "Unable to allocate rotation buffer of %" TIFF_SSIZE_FORMAT
++ " bytes ",
++ buffsize + NUM_BUFF_OVERSIZE_BYTES);
+ return (-1);
+ }
+ _TIFFmemset(rbuff, '\0', buffsize + NUM_BUFF_OVERSIZE_BYTES);
+
++ if (rot_buf_size != NULL)
++ *rot_buf_size = buffsize;
++
+ ibuff = *ibuff_ptr;
+ switch (rotation)
+ {
+--
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-25434-CVE-2023-25435.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-25434-CVE-2023-25435.patch
new file mode 100644
index 0000000000..e214277504
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-25434-CVE-2023-25435.patch
@@ -0,0 +1,94 @@
+From 69818e2f2d246e6631ac2a2da692c3706b849c38 Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Sun, 29 Jan 2023 11:09:26 +0100
+Subject: [PATCH] CVE-2023-25434 & CVE-2023-25435
+
+tiffcrop: Amend rotateImage() not to toggle the input (main)
+image width and length parameters when only cropped image sections are
+rotated. Remove buffptr from region structure because never used.
+
+Closes #492 #493 #494 #495 #499 #518 #519
+
+Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/69818e2f2d246e6631ac2a2da692c3706b849c38]
+CVE: CVE-2023-25434 & CVE-2023-25435
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ tools/tiffcrop.c | 27 ++++++++++++++++-----------
+ 1 file changed, 16 insertions(+), 11 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index cbd24cc..b811fbb 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -523,7 +523,7 @@ static int rotateContigSamples24bits(uint16_t, uint16_t, uint16_t, uint32_t,
+ static int rotateContigSamples32bits(uint16_t, uint16_t, uint16_t, uint32_t,
+ uint32_t, uint32_t, uint8_t *, uint8_t *);
+ static int rotateImage(uint16_t, struct image_data *, uint32_t *, uint32_t *,
+- unsigned char **, size_t *);
++ unsigned char **, size_t *, int);
+ static int mirrorImage(uint16_t, uint16_t, uint16_t, uint32_t, uint32_t,
+ unsigned char *);
+ static int invertImage(uint16_t, uint16_t, uint16_t, uint32_t, uint32_t,
+@@ -6513,10 +6513,11 @@ static int correct_orientation(struct image_data *image, unsigned char **work_b
+ /* Dummy variable in order not to switch two times the
+ * image->width,->length within rotateImage(),
+ * but switch xres, yres there. */
+- uint32_t width = image->width;
+- uint32_t length = image->length;
+- if (rotateImage(rotation, image, &width, &length, work_buff_ptr, NULL))
+- {
++ uint32_t width = image->width;
++ uint32_t length = image->length;
++ if (rotateImage(rotation, image, &width, &length, work_buff_ptr, NULL,
++ TRUE))
++ {
+ TIFFError ("correct_orientation", "Unable to rotate image");
+ return (-1);
+ }
+@@ -7700,7 +7701,8 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
+ * accordingly. */
+ size_t rot_buf_size = 0;
+ if (rotateImage(crop->rotation, image, &crop->combined_width,
+- &crop->combined_length, &crop_buff, &rot_buf_size))
++ &crop->combined_length, &crop_buff, &rot_buf_size,
++ FALSE))
+ {
+ TIFFError("processCropSelections",
+ "Failed to rotate composite regions by %"PRIu32" degrees", crop->rotation);
+@@ -7811,9 +7813,10 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
+ * its size individually. Therefore, seg_buffs size needs to be
+ * updated accordingly. */
+ size_t rot_buf_size = 0;
+- if (rotateImage(
+- crop->rotation, image, &crop->regionlist[i].width,
+- &crop->regionlist[i].length, &crop_buff, &rot_buf_size))
++ if (rotateImage(crop->rotation, image,
++ &crop->regionlist[i].width,
++ &crop->regionlist[i].length, &crop_buff,
++ &rot_buf_size, FALSE))
+ {
+ TIFFError("processCropSelections",
+ "Failed to rotate crop region by %"PRIu16" degrees", crop->rotation);
+@@ -7943,7 +7946,7 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop,
+ if (crop->crop_mode & CROP_ROTATE) /* rotate should be last as it can reallocate the buffer */
+ {
+ if (rotateImage(crop->rotation, image, &crop->combined_width,
+- &crop->combined_length, crop_buff_ptr, NULL))
++ &crop->combined_length, crop_buff_ptr, NULL, TRUE))
+ {
+ TIFFError("createCroppedImage",
+ "Failed to rotate image or cropped selection by %"PRIu16" degrees", crop->rotation);
+@@ -8607,7 +8610,9 @@ rotateContigSamples32bits(uint16_t rotation, uint16_t spp, uint16_t bps, uint32_
+ static int
+ rotateImage(uint16_t rotation, struct image_data *image,
+ uint32_t *img_width,uint32_t *img_length,
+- unsigned char **ibuff_ptr, size_t *rot_buf_size)
++ unsigned char **ibuff_ptr, size_t *rot_buf_size,
++ int rot_image_params)
++
+ {
+ int shift_width;
+ uint32_t bytes_per_pixel, bytes_per_sample;
+--
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
index 2be25756bc..2ee10fca72 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -35,6 +35,8 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
file://CVE-2022-48281.patch \
file://CVE-2023-0800_0801_0802_0803_0804.patch \
file://CVE-2023-0795_0796_0797_0798_0799.patch \
+ file://CVE-2023-25433.patch \
+ file://CVE-2023-25434-CVE-2023-25435.patch \
"
SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 06/30] libtiff: fix CVE-2023-26965 heap-based use after free
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (4 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 05/30] tiff: fix multiple CVEs Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 07/30] openssh: fix CVE-2023-38408 Steve Sakoman
` (24 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/ec8ef90c1f573c9eb1f17d6a056aa0015f184acf
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libtiff/tiff/CVE-2023-26965.patch | 97 +++++++++++++++++++
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 1 +
2 files changed, 98 insertions(+)
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-26965.patch
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-26965.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-26965.patch
new file mode 100644
index 0000000000..2162493e34
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-26965.patch
@@ -0,0 +1,97 @@
+From ec8ef90c1f573c9eb1f17d6a056aa0015f184acf Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Tue, 14 Feb 2023 20:43:43 +0100
+Subject: [PATCH] tiffcrop: Do not reuse input buffer for subsequent images.
+ Fix issue 527
+
+Reuse of read_buff within loadImage() from previous image is quite unsafe, because other functions (like rotateImage() etc.) reallocate that buffer with different size without updating the local prev_readsize value.
+
+Closes #527
+
+Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/ec8ef90c1f573c9eb1f17d6a056aa0015f184acf]
+CVE: CVE-2023-26965
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ tools/tiffcrop.c | 47 +++++++++++++++--------------------------------
+ 1 file changed, 15 insertions(+), 32 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index b811fbb..ce77c74 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -6066,9 +6066,7 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c
+ uint32_t tw = 0, tl = 0; /* Tile width and length */
+ tmsize_t tile_rowsize = 0;
+ unsigned char *read_buff = NULL;
+- unsigned char *new_buff = NULL;
+ int readunit = 0;
+- static tmsize_t prev_readsize = 0;
+
+ TIFFGetFieldDefaulted(in, TIFFTAG_BITSPERSAMPLE, &bps);
+ TIFFGetFieldDefaulted(in, TIFFTAG_SAMPLESPERPIXEL, &spp);
+@@ -6361,47 +6359,32 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c
+ }
+
+ read_buff = *read_ptr;
+- /* +3 : add a few guard bytes since reverseSamples16bits() can read a bit */
+- /* outside buffer */
+- if (!read_buff)
+- {
+- if( buffsize > 0xFFFFFFFFU - 3 )
++ /* +3 : add a few guard bytes since reverseSamples16bits() can read a bit
++ * outside buffer */
++ /* Reuse of read_buff from previous image is quite unsafe, because other
++ * functions (like rotateImage() etc.) reallocate that buffer with different
++ * size without updating the local prev_readsize value. */
++ if (read_buff)
+ {
+- TIFFError("loadImage", "Unable to allocate/reallocate read buffer");
+- return (-1);
++ _TIFFfree(read_buff);
+ }
+- read_buff = (unsigned char *)limitMalloc(buffsize + NUM_BUFF_OVERSIZE_BYTES);
+- }
+- else
++ if (buffsize > 0xFFFFFFFFU - 3)
+ {
+- if (prev_readsize < buffsize)
+- {
+- if( buffsize > 0xFFFFFFFFU - 3 )
+- {
+- TIFFError("loadImage", "Unable to allocate/reallocate read buffer");
+- return (-1);
+- }
+- new_buff = _TIFFrealloc(read_buff, buffsize + NUM_BUFF_OVERSIZE_BYTES);
+- if (!new_buff)
+- {
+- free (read_buff);
+- read_buff = (unsigned char *)limitMalloc(buffsize + NUM_BUFF_OVERSIZE_BYTES);
+- }
+- else
+- read_buff = new_buff;
+- }
++ TIFFError("loadImage", "Required read buffer size too large");
++ return (-1);
+ }
+- if (!read_buff)
++ read_buff =
++ (unsigned char *)limitMalloc(buffsize + NUM_BUFF_OVERSIZE_BYTES);
++ if (!read_buff)
+ {
+- TIFFError("loadImage", "Unable to allocate/reallocate read buffer");
+- return (-1);
++ TIFFError("loadImage", "Unable to allocate read buffer");
++ return (-1);
+ }
+
+ read_buff[buffsize] = 0;
+ read_buff[buffsize+1] = 0;
+ read_buff[buffsize+2] = 0;
+
+- prev_readsize = buffsize;
+ *read_ptr = read_buff;
+
+ /* N.B. The read functions used copy separate plane data into a buffer as interleaved
+--
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
index 2ee10fca72..4796dfde24 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -37,6 +37,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
file://CVE-2023-0795_0796_0797_0798_0799.patch \
file://CVE-2023-25433.patch \
file://CVE-2023-25434-CVE-2023-25435.patch \
+ file://CVE-2023-26965.patch \
"
SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 07/30] openssh: fix CVE-2023-38408
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (5 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 06/30] libtiff: fix CVE-2023-26965 heap-based use after free Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 08/30] dmidecode: fix CVE-2023-30630 Steve Sakoman
` (23 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Archana Polampalli <archana.polampalli@windriver.com>
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an
insufficiently trustworthy search path, leading to remote code
execution if an agent is forwarded to an attacker-controlled system.
(Code in /usr/lib is not necessarily safe for loading into ssh-agent.)
NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-38408
Upstream patches:
https://github.com/openssh/openssh-portable/commit/892506b13654301f69f9545f48213fc210e5c5cc
https://github.com/openssh/openssh-portable/commit/1f2731f5d7a8f8a8385c6031667ed29072c0d92a
https://github.com/openssh/openssh-portable/commit/29ef8a04866ca14688d5b7fed7b8b9deab851f77
https://github.com/openssh/openssh-portable/commit/099cdf59ce1e72f55d421c8445bf6321b3004755
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../openssh/openssh/CVE-2023-38408-0001.patch | 585 ++++++++++++++++++
.../openssh/openssh/CVE-2023-38408-0002.patch | 173 ++++++
.../openssh/openssh/CVE-2023-38408-0003.patch | 36 ++
.../openssh/openssh/CVE-2023-38408-0004.patch | 114 ++++
.../openssh/openssh_8.9p1.bb | 4 +
5 files changed, 912 insertions(+)
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0001.patch
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0002.patch
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0003.patch
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0004.patch
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0001.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0001.patch
new file mode 100644
index 0000000000..2ee344cb27
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0001.patch
@@ -0,0 +1,585 @@
+From 099cdf59ce1e72f55d421c8445bf6321b3004755 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Wed, 19 Jul 2023 14:03:45 +0000
+Subject: [PATCH 1/4] upstream: Separate ssh-pkcs11-helpers for each p11 module
+
+Make ssh-pkcs11-client start an independent helper for each provider,
+providing better isolation between modules and reliability if a single
+module misbehaves.
+
+This also implements reference counting of PKCS#11-hosted keys,
+allowing ssh-pkcs11-helper subprocesses to be automatically reaped
+when no remaining keys reference them. This fixes some bugs we have
+that make PKCS11 keys unusable after they have been deleted, e.g.
+https://bugzilla.mindrot.org/show_bug.cgi?id=3125
+
+ok markus@
+
+OpenBSD-Commit-ID: 0ce188b14fe271ab0568f4500070d96c5657244e
+
+Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/099cdf59ce1e72f55d421c8445bf6321b3004755]
+
+CVE: CVE-2023-38408
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ ssh-pkcs11-client.c | 378 +++++++++++++++++++++++++++++++++-----------
+ 1 file changed, 285 insertions(+), 93 deletions(-)
+
+diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c
+index cfd833d..7db6c6c 100644
+--- a/ssh-pkcs11-client.c
++++ b/ssh-pkcs11-client.c
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: ssh-pkcs11-client.c,v 1.17 2020/10/18 11:32:02 djm Exp $ */
++/* $OpenBSD: ssh-pkcs11-client.c,v 1.18 2023/07/19 14:03:45 djm Exp $ */
+ /*
+ * Copyright (c) 2010 Markus Friedl. All rights reserved.
+ * Copyright (c) 2014 Pedro Martelletto. All rights reserved.
+@@ -30,12 +30,11 @@
+ #include <string.h>
+ #include <unistd.h>
+ #include <errno.h>
++#include <limits.h>
+
+ #include <openssl/ecdsa.h>
+ #include <openssl/rsa.h>
+
+-#include "openbsd-compat/openssl-compat.h"
+-
+ #include "pathnames.h"
+ #include "xmalloc.h"
+ #include "sshbuf.h"
+@@ -47,18 +46,140 @@
+ #include "ssh-pkcs11.h"
+ #include "ssherr.h"
+
++#include "openbsd-compat/openssl-compat.h"
++
+ /* borrows code from sftp-server and ssh-agent */
+
+-static int fd = -1;
+-static pid_t pid = -1;
++/*
++ * Maintain a list of ssh-pkcs11-helper subprocesses. These may be looked up
++ * by provider path or their unique EC/RSA METHOD pointers.
++ */
++struct helper {
++ char *path;
++ pid_t pid;
++ int fd;
++ RSA_METHOD *rsa_meth;
++ EC_KEY_METHOD *ec_meth;
++ int (*rsa_finish)(RSA *rsa);
++ void (*ec_finish)(EC_KEY *key);
++ size_t nrsa, nec; /* number of active keys of each type */
++};
++static struct helper **helpers;
++static size_t nhelpers;
++
++static struct helper *
++helper_by_provider(const char *path)
++{
++ size_t i;
++
++ for (i = 0; i < nhelpers; i++) {
++ if (helpers[i] == NULL || helpers[i]->path == NULL ||
++ helpers[i]->fd == -1)
++ continue;
++ if (strcmp(helpers[i]->path, path) == 0)
++ return helpers[i];
++ }
++ return NULL;
++}
++
++static struct helper *
++helper_by_rsa(const RSA *rsa)
++{
++ size_t i;
++ const RSA_METHOD *meth;
++
++ if ((meth = RSA_get_method(rsa)) == NULL)
++ return NULL;
++ for (i = 0; i < nhelpers; i++) {
++ if (helpers[i] != NULL && helpers[i]->rsa_meth == meth)
++ return helpers[i];
++ }
++ return NULL;
++
++}
++
++static struct helper *
++helper_by_ec(const EC_KEY *ec)
++{
++ size_t i;
++ const EC_KEY_METHOD *meth;
++
++ if ((meth = EC_KEY_get_method(ec)) == NULL)
++ return NULL;
++ for (i = 0; i < nhelpers; i++) {
++ if (helpers[i] != NULL && helpers[i]->ec_meth == meth)
++ return helpers[i];
++ }
++ return NULL;
++
++}
++
++static void
++helper_free(struct helper *helper)
++{
++ size_t i;
++ int found = 0;
++
++ if (helper == NULL)
++ return;
++ if (helper->path == NULL || helper->ec_meth == NULL ||
++ helper->rsa_meth == NULL)
++ fatal_f("inconsistent helper");
++ debug3_f("free helper for provider %s", helper->path);
++ for (i = 0; i < nhelpers; i++) {
++ if (helpers[i] == helper) {
++ if (found)
++ fatal_f("helper recorded more than once");
++ found = 1;
++ }
++ else if (found)
++ helpers[i - 1] = helpers[i];
++ }
++ if (found) {
++ helpers = xrecallocarray(helpers, nhelpers,
++ nhelpers - 1, sizeof(*helpers));
++ nhelpers--;
++ }
++ free(helper->path);
++ EC_KEY_METHOD_free(helper->ec_meth);
++ RSA_meth_free(helper->rsa_meth);
++ free(helper);
++}
++
++static void
++helper_terminate(struct helper *helper)
++{
++ if (helper == NULL) {
++ return;
++ } else if (helper->fd == -1) {
++ debug3_f("already terminated");
++ } else {
++ debug3_f("terminating helper for %s; "
++ "remaining %zu RSA %zu ECDSA",
++ helper->path, helper->nrsa, helper->nec);
++ close(helper->fd);
++ /* XXX waitpid() */
++ helper->fd = -1;
++ helper->pid = -1;
++ }
++ /*
++ * Don't delete the helper entry until there are no remaining keys
++ * that reference it. Otherwise, any signing operation would call
++ * a free'd METHOD pointer and that would be bad.
++ */
++ if (helper->nrsa == 0 && helper->nec == 0)
++ helper_free(helper);
++}
+
+ static void
+-send_msg(struct sshbuf *m)
++send_msg(int fd, struct sshbuf *m)
+ {
+ u_char buf[4];
+ size_t mlen = sshbuf_len(m);
+ int r;
+
++ if (fd == -1)
++ return;
+ POKE_U32(buf, mlen);
+ if (atomicio(vwrite, fd, buf, 4) != 4 ||
+ atomicio(vwrite, fd, sshbuf_mutable_ptr(m),
+@@ -69,12 +190,15 @@ send_msg(struct sshbuf *m)
+ }
+
+ static int
+-recv_msg(struct sshbuf *m)
++recv_msg(int fd, struct sshbuf *m)
+ {
+ u_int l, len;
+ u_char c, buf[1024];
+ int r;
+
++ sshbuf_reset(m);
++ if (fd == -1)
++ return 0; /* XXX */
+ if ((len = atomicio(read, fd, buf, 4)) != 4) {
+ error("read from helper failed: %u", len);
+ return (0); /* XXX */
+@@ -83,7 +207,6 @@ recv_msg(struct sshbuf *m)
+ if (len > 256 * 1024)
+ fatal("response too long: %u", len);
+ /* read len bytes into m */
+- sshbuf_reset(m);
+ while (len > 0) {
+ l = len;
+ if (l > sizeof(buf))
+@@ -104,14 +227,17 @@ recv_msg(struct sshbuf *m)
+ int
+ pkcs11_init(int interactive)
+ {
+- return (0);
++ return 0;
+ }
+
+ void
+ pkcs11_terminate(void)
+ {
+- if (fd >= 0)
+- close(fd);
++ size_t i;
++
++ debug3_f("terminating %zu helpers", nhelpers);
++ for (i = 0; i < nhelpers; i++)
++ helper_terminate(helpers[i]);
+ }
+
+ static int
+@@ -122,7 +248,11 @@ rsa_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, int padding)
+ u_char *blob = NULL, *signature = NULL;
+ size_t blen, slen = 0;
+ int r, ret = -1;
++ struct helper *helper;
+
++ if ((helper = helper_by_rsa(rsa)) == NULL || helper->fd == -1)
++ fatal_f("no helper for PKCS11 key");
++ debug3_f("signing with PKCS11 provider %s", helper->path);
+ if (padding != RSA_PKCS1_PADDING)
+ goto fail;
+ key = sshkey_new(KEY_UNSPEC);
+@@ -144,10 +274,10 @@ rsa_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, int padding)
+ (r = sshbuf_put_string(msg, from, flen)) != 0 ||
+ (r = sshbuf_put_u32(msg, 0)) != 0)
+ fatal_fr(r, "compose");
+- send_msg(msg);
++ send_msg(helper->fd, msg);
+ sshbuf_reset(msg);
+
+- if (recv_msg(msg) == SSH2_AGENT_SIGN_RESPONSE) {
++ if (recv_msg(helper->fd, msg) == SSH2_AGENT_SIGN_RESPONSE) {
+ if ((r = sshbuf_get_string(msg, &signature, &slen)) != 0)
+ fatal_fr(r, "parse");
+ if (slen <= (size_t)RSA_size(rsa)) {
+@@ -163,7 +293,26 @@ rsa_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, int padding)
+ return (ret);
+ }
+
+-#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW)
++static int
++rsa_finish(RSA *rsa)
++{
++ struct helper *helper;
++
++ if ((helper = helper_by_rsa(rsa)) == NULL)
++ fatal_f("no helper for PKCS11 key");
++ debug3_f("free PKCS11 RSA key for provider %s", helper->path);
++ if (helper->rsa_finish != NULL)
++ helper->rsa_finish(rsa);
++ if (helper->nrsa == 0)
++ fatal_f("RSA refcount error");
++ helper->nrsa--;
++ debug3_f("provider %s remaining keys: %zu RSA %zu ECDSA",
++ helper->path, helper->nrsa, helper->nec);
++ if (helper->nrsa == 0 && helper->nec == 0)
++ helper_terminate(helper);
++ return 1;
++}
++
+ static ECDSA_SIG *
+ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
+ const BIGNUM *rp, EC_KEY *ec)
+@@ -175,7 +324,11 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
+ u_char *blob = NULL, *signature = NULL;
+ size_t blen, slen = 0;
+ int r, nid;
++ struct helper *helper;
+
++ if ((helper = helper_by_ec(ec)) == NULL || helper->fd == -1)
++ fatal_f("no helper for PKCS11 key");
++ debug3_f("signing with PKCS11 provider %s", helper->path);
+ nid = sshkey_ecdsa_key_to_nid(ec);
+ if (nid < 0) {
+ error_f("couldn't get curve nid");
+@@ -203,10 +356,10 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
+ (r = sshbuf_put_string(msg, dgst, dgst_len)) != 0 ||
+ (r = sshbuf_put_u32(msg, 0)) != 0)
+ fatal_fr(r, "compose");
+- send_msg(msg);
++ send_msg(helper->fd, msg);
+ sshbuf_reset(msg);
+
+- if (recv_msg(msg) == SSH2_AGENT_SIGN_RESPONSE) {
++ if (recv_msg(helper->fd, msg) == SSH2_AGENT_SIGN_RESPONSE) {
+ if ((r = sshbuf_get_string(msg, &signature, &slen)) != 0)
+ fatal_fr(r, "parse");
+ cp = signature;
+@@ -220,75 +373,110 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
+ sshbuf_free(msg);
+ return (ret);
+ }
+-#endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */
+
+-static RSA_METHOD *helper_rsa;
+-#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW)
+-static EC_KEY_METHOD *helper_ecdsa;
+-#endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */
++static void
++ecdsa_do_finish(EC_KEY *ec)
++{
++ struct helper *helper;
++
++ if ((helper = helper_by_ec(ec)) == NULL)
++ fatal_f("no helper for PKCS11 key");
++ debug3_f("free PKCS11 ECDSA key for provider %s", helper->path);
++ if (helper->ec_finish != NULL)
++ helper->ec_finish(ec);
++ if (helper->nec == 0)
++ fatal_f("ECDSA refcount error");
++ helper->nec--;
++ debug3_f("provider %s remaining keys: %zu RSA %zu ECDSA",
++ helper->path, helper->nrsa, helper->nec);
++ if (helper->nrsa == 0 && helper->nec == 0)
++ helper_terminate(helper);
++}
+
+ /* redirect private key crypto operations to the ssh-pkcs11-helper */
+ static void
+-wrap_key(struct sshkey *k)
++wrap_key(struct helper *helper, struct sshkey *k)
+ {
+- if (k->type == KEY_RSA)
+- RSA_set_method(k->rsa, helper_rsa);
+-#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW)
+- else if (k->type == KEY_ECDSA)
+- EC_KEY_set_method(k->ecdsa, helper_ecdsa);
+-#endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */
+- else
++ debug3_f("wrap %s for provider %s", sshkey_type(k), helper->path);
++ if (k->type == KEY_RSA) {
++ RSA_set_method(k->rsa, helper->rsa_meth);
++ if (helper->nrsa++ >= INT_MAX)
++ fatal_f("RSA refcount error");
++ } else if (k->type == KEY_ECDSA) {
++ EC_KEY_set_method(k->ecdsa, helper->ec_meth);
++ if (helper->nec++ >= INT_MAX)
++ fatal_f("EC refcount error");
++ } else
+ fatal_f("unknown key type");
++ k->flags |= SSHKEY_FLAG_EXT;
++ debug3_f("provider %s remaining keys: %zu RSA %zu ECDSA",
++ helper->path, helper->nrsa, helper->nec);
+ }
+
+ static int
+-pkcs11_start_helper_methods(void)
++pkcs11_start_helper_methods(struct helper *helper)
+ {
+- if (helper_rsa != NULL)
+- return (0);
+-
+-#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW)
+- int (*orig_sign)(int, const unsigned char *, int, unsigned char *,
++ int (*ec_init)(EC_KEY *key);
++ int (*ec_copy)(EC_KEY *dest, const EC_KEY *src);
++ int (*ec_set_group)(EC_KEY *key, const EC_GROUP *grp);
++ int (*ec_set_private)(EC_KEY *key, const BIGNUM *priv_key);
++ int (*ec_set_public)(EC_KEY *key, const EC_POINT *pub_key);
++ int (*ec_sign)(int, const unsigned char *, int, unsigned char *,
+ unsigned int *, const BIGNUM *, const BIGNUM *, EC_KEY *) = NULL;
+- if (helper_ecdsa != NULL)
+- return (0);
+- helper_ecdsa = EC_KEY_METHOD_new(EC_KEY_OpenSSL());
+- if (helper_ecdsa == NULL)
+- return (-1);
+- EC_KEY_METHOD_get_sign(helper_ecdsa, &orig_sign, NULL, NULL);
+- EC_KEY_METHOD_set_sign(helper_ecdsa, orig_sign, NULL, ecdsa_do_sign);
+-#endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */
+-
+- if ((helper_rsa = RSA_meth_dup(RSA_get_default_method())) == NULL)
++ RSA_METHOD *rsa_meth;
++ EC_KEY_METHOD *ec_meth;
++
++ if ((ec_meth = EC_KEY_METHOD_new(EC_KEY_OpenSSL())) == NULL)
++ return -1;
++ EC_KEY_METHOD_get_sign(ec_meth, &ec_sign, NULL, NULL);
++ EC_KEY_METHOD_set_sign(ec_meth, ec_sign, NULL, ecdsa_do_sign);
++ EC_KEY_METHOD_get_init(ec_meth, &ec_init, &helper->ec_finish,
++ &ec_copy, &ec_set_group, &ec_set_private, &ec_set_public);
++ EC_KEY_METHOD_set_init(ec_meth, ec_init, ecdsa_do_finish,
++ ec_copy, ec_set_group, ec_set_private, ec_set_public);
++
++ if ((rsa_meth = RSA_meth_dup(RSA_get_default_method())) == NULL)
+ fatal_f("RSA_meth_dup failed");
+- if (!RSA_meth_set1_name(helper_rsa, "ssh-pkcs11-helper") ||
+- !RSA_meth_set_priv_enc(helper_rsa, rsa_encrypt))
++ helper->rsa_finish = RSA_meth_get_finish(rsa_meth);
++ if (!RSA_meth_set1_name(rsa_meth, "ssh-pkcs11-helper") ||
++ !RSA_meth_set_priv_enc(rsa_meth, rsa_encrypt) ||
++ !RSA_meth_set_finish(rsa_meth, rsa_finish))
+ fatal_f("failed to prepare method");
+
+- return (0);
++ helper->ec_meth = ec_meth;
++ helper->rsa_meth = rsa_meth;
++ return 0;
+ }
+
+-static int
+-pkcs11_start_helper(void)
++static struct helper *
++pkcs11_start_helper(const char *path)
+ {
+ int pair[2];
+- char *helper, *verbosity = NULL;
+-
+- if (log_level_get() >= SYSLOG_LEVEL_DEBUG1)
+- verbosity = "-vvv";
+-
+- if (pkcs11_start_helper_methods() == -1) {
+- error("pkcs11_start_helper_methods failed");
+- return (-1);
+- }
++ char *prog, *verbosity = NULL;
++ struct helper *helper;
++ pid_t pid;
+
++ if (nhelpers >= INT_MAX)
++ fatal_f("too many helpers");
++ debug3_f("start helper for %s", path);
+ if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1) {
+- error("socketpair: %s", strerror(errno));
+- return (-1);
++ error_f("socketpair: %s", strerror(errno));
++ return NULL;
++ }
++ helper = xcalloc(1, sizeof(*helper));
++ if (pkcs11_start_helper_methods(helper) == -1) {
++ error_f("pkcs11_start_helper_methods failed");
++ goto fail;
+ }
+ if ((pid = fork()) == -1) {
+- error("fork: %s", strerror(errno));
+- return (-1);
++ error_f("fork: %s", strerror(errno));
++ fail:
++ close(pair[0]);
++ close(pair[1]);
++ RSA_meth_free(helper->rsa_meth);
++ EC_KEY_METHOD_free(helper->ec_meth);
++ free(helper);
++ return NULL;
+ } else if (pid == 0) {
+ if ((dup2(pair[1], STDIN_FILENO) == -1) ||
+ (dup2(pair[1], STDOUT_FILENO) == -1)) {
+@@ -297,18 +485,27 @@ pkcs11_start_helper(void)
+ }
+ close(pair[0]);
+ close(pair[1]);
+- helper = getenv("SSH_PKCS11_HELPER");
+- if (helper == NULL || strlen(helper) == 0)
+- helper = _PATH_SSH_PKCS11_HELPER;
+- debug_f("starting %s %s", helper,
++ prog = getenv("SSH_PKCS11_HELPER");
++ if (prog == NULL || strlen(prog) == 0)
++ prog = _PATH_SSH_PKCS11_HELPER;
++ if (log_level_get() >= SYSLOG_LEVEL_DEBUG1)
++ verbosity = "-vvv";
++ debug_f("starting %s %s", prog,
+ verbosity == NULL ? "" : verbosity);
+- execlp(helper, helper, verbosity, (char *)NULL);
+- fprintf(stderr, "exec: %s: %s\n", helper, strerror(errno));
++ execlp(prog, prog, verbosity, (char *)NULL);
++ fprintf(stderr, "exec: %s: %s\n", prog, strerror(errno));
+ _exit(1);
+ }
+ close(pair[1]);
+- fd = pair[0];
+- return (0);
++ helper->fd = pair[0];
++ helper->path = xstrdup(path);
++ helper->pid = pid;
++ debug3_f("helper %zu for \"%s\" on fd %d pid %ld", nhelpers,
++ helper->path, helper->fd, (long)helper->pid);
++ helpers = xrecallocarray(helpers, nhelpers,
++ nhelpers + 1, sizeof(*helpers));
++ helpers[nhelpers++] = helper;
++ return helper;
+ }
+
+ int
+@@ -322,9 +519,11 @@ pkcs11_add_provider(char *name, char *pin, struct sshkey ***keysp,
+ size_t blen;
+ u_int nkeys, i;
+ struct sshbuf *msg;
++ struct helper *helper;
+
+- if (fd < 0 && pkcs11_start_helper() < 0)
+- return (-1);
++ if ((helper = helper_by_provider(name)) == NULL &&
++ (helper = pkcs11_start_helper(name)) == NULL)
++ return -1;
+
+ if ((msg = sshbuf_new()) == NULL)
+ fatal_f("sshbuf_new failed");
+@@ -332,10 +531,10 @@ pkcs11_add_provider(char *name, char *pin, struct sshkey ***keysp,
+ (r = sshbuf_put_cstring(msg, name)) != 0 ||
+ (r = sshbuf_put_cstring(msg, pin)) != 0)
+ fatal_fr(r, "compose");
+- send_msg(msg);
++ send_msg(helper->fd, msg);
+ sshbuf_reset(msg);
+
+- type = recv_msg(msg);
++ type = recv_msg(helper->fd, msg);
+ if (type == SSH2_AGENT_IDENTITIES_ANSWER) {
+ if ((r = sshbuf_get_u32(msg, &nkeys)) != 0)
+ fatal_fr(r, "parse nkeys");
+@@ -349,7 +548,7 @@ pkcs11_add_provider(char *name, char *pin, struct sshkey ***keysp,
+ fatal_fr(r, "parse key");
+ if ((r = sshkey_from_blob(blob, blen, &k)) != 0)
+ fatal_fr(r, "decode key");
+- wrap_key(k);
++ wrap_key(helper, k);
+ (*keysp)[i] = k;
+ if (labelsp)
+ (*labelsp)[i] = label;
+@@ -370,22 +569,15 @@ pkcs11_add_provider(char *name, char *pin, struct sshkey ***keysp,
+ int
+ pkcs11_del_provider(char *name)
+ {
+- int r, ret = -1;
+- struct sshbuf *msg;
+-
+- if ((msg = sshbuf_new()) == NULL)
+- fatal_f("sshbuf_new failed");
+- if ((r = sshbuf_put_u8(msg, SSH_AGENTC_REMOVE_SMARTCARD_KEY)) != 0 ||
+- (r = sshbuf_put_cstring(msg, name)) != 0 ||
+- (r = sshbuf_put_cstring(msg, "")) != 0)
+- fatal_fr(r, "compose");
+- send_msg(msg);
+- sshbuf_reset(msg);
+-
+- if (recv_msg(msg) == SSH_AGENT_SUCCESS)
+- ret = 0;
+- sshbuf_free(msg);
+- return (ret);
++ struct helper *helper;
++
++ /*
++ * ssh-agent deletes keys before calling this, so the helper entry
++ * should be gone before we get here.
++ */
++ debug3_f("delete %s", name);
++ if ((helper = helper_by_provider(name)) != NULL)
++ helper_terminate(helper);
++ return 0;
+ }
+-
+ #endif /* ENABLE_PKCS11 */
+--
+2.40.0
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0002.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0002.patch
new file mode 100644
index 0000000000..81f4cc5fba
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0002.patch
@@ -0,0 +1,173 @@
+From 29ef8a04866ca14688d5b7fed7b8b9deab851f77 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Wed, 19 Jul 2023 14:02:27 +0000
+Subject: [PATCH 2/4] upstream: Ensure FIDO/PKCS11 libraries contain expected
+ symbols
+
+This checks via nlist(3) that candidate provider libraries contain one
+of the symbols that we will require prior to dlopen(), which can cause
+a number of side effects, including execution of constructors.
+
+Feedback deraadt; ok markus
+
+OpenBSD-Commit-ID: 1508a5fbd74e329e69a55b56c453c292029aefbe
+
+Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/29ef8a04866ca14688d5b7fed7b8b9deab851f77]
+
+CVE: CVE-2023-38408
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ misc.c | 77 ++++++++++++++++++++++++++++++++++++++++++++++++++++
+ misc.h | 1 +
+ ssh-pkcs11.c | 4 +++
+ ssh-sk.c | 6 ++--
+ 4 files changed, 86 insertions(+), 2 deletions(-)
+
+diff --git a/misc.c b/misc.c
+index 417498d..d0270e7 100644
+--- a/misc.c
++++ b/misc.c
+@@ -22,6 +22,7 @@
+
+ #include <sys/types.h>
+ #include <sys/ioctl.h>
++#include <sys/mman.h>
+ #include <sys/socket.h>
+ #include <sys/stat.h>
+ #include <sys/time.h>
+@@ -35,6 +36,9 @@
+ #ifdef HAVE_POLL_H
+ #include <poll.h>
+ #endif
++#ifdef HAVE_NLIST_H
++#include <nlist.h>
++#endif
+ #include <signal.h>
+ #include <stdarg.h>
+ #include <stdio.h>
+@@ -2784,3 +2788,76 @@ lookup_env_in_list(const char *env, char * const *envs, size_t nenvs)
+ }
+ return NULL;
+ }
++
++
++/*
++ * Returns zero if the library at 'path' contains symbol 's', nonzero
++ * otherwise.
++ */
++int
++lib_contains_symbol(const char *path, const char *s)
++{
++#ifdef HAVE_NLIST_H
++ struct nlist nl[2];
++ int ret = -1, r;
++
++ memset(nl, 0, sizeof(nl));
++ nl[0].n_name = xstrdup(s);
++ nl[1].n_name = NULL;
++ if ((r = nlist(path, nl)) == -1) {
++ error_f("nlist failed for %s", path);
++ goto out;
++ }
++ if (r != 0 || nl[0].n_value == 0 || nl[0].n_type == 0) {
++ error_f("library %s does not contain symbol %s", path, s);
++ goto out;
++ }
++ /* success */
++ ret = 0;
++ out:
++ free(nl[0].n_name);
++ return ret;
++#else /* HAVE_NLIST_H */
++ int fd, ret = -1;
++ struct stat st;
++ void *m = NULL;
++ size_t sz = 0;
++
++ memset(&st, 0, sizeof(st));
++ if ((fd = open(path, O_RDONLY)) < 0) {
++ error_f("open %s: %s", path, strerror(errno));
++ return -1;
++ }
++ if (fstat(fd, &st) != 0) {
++ error_f("fstat %s: %s", path, strerror(errno));
++ goto out;
++ }
++ if (!S_ISREG(st.st_mode)) {
++ error_f("%s is not a regular file", path);
++ goto out;
++ }
++ if (st.st_size < 0 ||
++ (size_t)st.st_size < strlen(s) ||
++ st.st_size >= INT_MAX/2) {
++ error_f("%s bad size %lld", path, (long long)st.st_size);
++ goto out;
++ }
++ sz = (size_t)st.st_size;
++ if ((m = mmap(NULL, sz, PROT_READ, MAP_PRIVATE, fd, 0)) == MAP_FAILED ||
++ m == NULL) {
++ error_f("mmap %s: %s", path, strerror(errno));
++ goto out;
++ }
++ if (memmem(m, sz, s, strlen(s)) == NULL) {
++ error_f("%s does not contain expected string %s", path, s);
++ goto out;
++ }
++ /* success */
++ ret = 0;
++ out:
++ if (m != NULL && m != MAP_FAILED)
++ munmap(m, sz);
++ close(fd);
++ return ret;
++#endif /* HAVE_NLIST_H */
++}
+diff --git a/misc.h b/misc.h
+index 2e1b5fe..3f48315 100644
+--- a/misc.h
++++ b/misc.h
+@@ -96,6 +96,7 @@ int parse_absolute_time(const char *, uint64_t *);
+ void format_absolute_time(uint64_t, char *, size_t);
+ int path_absolute(const char *);
+ int stdfd_devnull(int, int, int);
++int lib_contains_symbol(const char *, const char *);
+
+ void sock_set_v6only(int);
+
+diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
+index b2e2b32..5eb28e9 100644
+--- a/ssh-pkcs11.c
++++ b/ssh-pkcs11.c
+@@ -1532,6 +1532,10 @@ pkcs11_register_provider(char *provider_id, char *pin,
+ debug_f("provider already registered: %s", provider_id);
+ goto fail;
+ }
++ if (lib_contains_symbol(provider_id, "C_GetFunctionList") != 0) {
++ error("provider %s is not a PKCS11 library", provider_id);
++ goto fail;
++ }
+ /* open shared pkcs11-library */
+ if ((handle = dlopen(provider_id, RTLD_NOW)) == NULL) {
+ error("dlopen %s failed: %s", provider_id, dlerror());
+diff --git a/ssh-sk.c b/ssh-sk.c
+index a1ff5cc..1042bf6 100644
+--- a/ssh-sk.c
++++ b/ssh-sk.c
+@@ -132,10 +132,12 @@ sshsk_open(const char *path)
+ #endif
+ return ret;
+ }
+- if ((ret->dlhandle = dlopen(path, RTLD_NOW)) == NULL) {
+- error("Provider \"%s\" dlopen failed: %s", path, dlerror());
++ if (lib_contains_symbol(path, "sk_api_version") != 0) {
++ error("provider %s is not an OpenSSH FIDO library", path);
+ goto fail;
+ }
++ if ((ret->dlhandle = dlopen(path, RTLD_NOW)) == NULL)
++ fatal("Provider \"%s\" dlopen failed: %s", path, dlerror());
+ if ((ret->sk_api_version = dlsym(ret->dlhandle,
+ "sk_api_version")) == NULL) {
+ error("Provider \"%s\" dlsym(sk_api_version) failed: %s",
+--
+2.40.0
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0003.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0003.patch
new file mode 100644
index 0000000000..f226f12edc
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0003.patch
@@ -0,0 +1,36 @@
+From 892506b13654301f69f9545f48213fc210e5c5cc Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Wed, 19 Jul 2023 13:55:53 +0000
+Subject: [PATCH 3/4] upstream: terminate process if requested to load a
+ PKCS#11 provider that isn't a PKCS#11 provider; from / ok markus@
+
+OpenBSD-Commit-ID: 39532cf18b115881bb4cfaee32084497aadfa05c
+
+Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/892506b13654301f69f9545f48213fc210e5c5cc]
+
+CVE: CVE-2023-38408
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ ssh-pkcs11.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
+index 5eb28e9..0aef379 100644
+--- a/ssh-pkcs11.c
++++ b/ssh-pkcs11.c
+@@ -1541,10 +1541,8 @@ pkcs11_register_provider(char *provider_id, char *pin,
+ error("dlopen %s failed: %s", provider_id, dlerror());
+ goto fail;
+ }
+- if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) {
+- error("dlsym(C_GetFunctionList) failed: %s", dlerror());
+- goto fail;
+- }
++ if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL)
++ fatal("dlsym(C_GetFunctionList) failed: %s", dlerror());
+ p = xcalloc(1, sizeof(*p));
+ p->name = xstrdup(provider_id);
+ p->handle = handle;
+--
+2.40.0
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0004.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0004.patch
new file mode 100644
index 0000000000..1ff8505938
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0004.patch
@@ -0,0 +1,114 @@
+From 1f2731f5d7a8f8a8385c6031667ed29072c0d92a Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Wed, 19 Jul 2023 13:56:33 +0000
+Subject: [PATCH 4/4] upstream: Disallow remote addition of FIDO/PKCS11
+ provider libraries to ssh-agent by default.
+
+The old behaviour of allowing remote clients from loading providers
+can be restored using `ssh-agent -O allow-remote-pkcs11`.
+
+Detection of local/remote clients requires a ssh(1) that supports
+the `session-bind@openssh.com` extension. Forwarding access to a
+ssh-agent socket using non-OpenSSH tools may circumvent this control.
+
+ok markus@
+
+OpenBSD-Commit-ID: 4c2bdf79b214ae7e60cc8c39a45501344fa7bd7c
+
+Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/1f2731f5d7a8f8a8385c6031667ed29072c0d92a]
+
+CVE: CVE-2023-38408
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ ssh-agent.1 | 21 +++++++++++++++++++++
+ ssh-agent.c | 21 ++++++++++++++++++++-
+ 2 files changed, 41 insertions(+), 1 deletion(-)
+
+diff --git a/ssh-agent.1 b/ssh-agent.1
+index ed8c870..15d0a47 100644
+--- a/ssh-agent.1
++++ b/ssh-agent.1
+@@ -102,6 +102,27 @@ The default is
+ Kill the current agent (given by the
+ .Ev SSH_AGENT_PID
+ environment variable).
++Currently two options are supported:
++.Cm allow-remote-pkcs11
++and
++.Cm no-restrict-websafe .
++.Pp
++The
++.Cm allow-remote-pkcs11
++option allows clients of a forwarded
++.Nm
++to load PKCS#11 or FIDO provider libraries.
++By default only local clients may perform this operation.
++Note that signalling that a
++.Nm
++client remote is performed by
++.Xr ssh 1 ,
++and use of other tools to forward access to the agent socket may circumvent
++this restriction.
++.Pp
++The
++.Cm no-restrict-websafe ,
++instructs
+ .It Fl P Ar allowed_providers
+ Specify a pattern-list of acceptable paths for PKCS#11 provider and FIDO
+ authenticator middleware shared libraries that may be used with the
+diff --git a/ssh-agent.c b/ssh-agent.c
+index 03ae2b0..19eeaae 100644
+--- a/ssh-agent.c
++++ b/ssh-agent.c
+@@ -171,6 +171,12 @@ char socket_dir[PATH_MAX];
+ /* Pattern-list of allowed PKCS#11/Security key paths */
+ static char *allowed_providers;
+
++/*
++ * Allows PKCS11 providers or SK keys that use non-internal providers to
++ * be added over a remote connection (identified by session-bind@openssh.com).
++ */
++static int remote_add_provider;
++
+ /* locking */
+ #define LOCK_SIZE 32
+ #define LOCK_SALT_SIZE 16
+@@ -1239,6 +1245,12 @@ process_add_identity(SocketEntry *e)
+ if (strcasecmp(sk_provider, "internal") == 0) {
+ debug_f("internal provider");
+ } else {
++ if (e->nsession_ids != 0 && !remote_add_provider) {
++ verbose("failed add of SK provider \"%.100s\": "
++ "remote addition of providers is disabled",
++ sk_provider);
++ goto out;
++ }
+ if (realpath(sk_provider, canonical_provider) == NULL) {
+ verbose("failed provider \"%.100s\": "
+ "realpath: %s", sk_provider,
+@@ -1402,6 +1414,11 @@ process_add_smartcard_key(SocketEntry *e)
+ error_f("failed to parse constraints");
+ goto send;
+ }
++ if (e->nsession_ids != 0 && !remote_add_provider) {
++ verbose("failed PKCS#11 add of \"%.100s\": remote addition of "
++ "providers is disabled", provider);
++ goto send;
++ }
+ if (realpath(provider, canonical_provider) == NULL) {
+ verbose("failed PKCS#11 add of \"%.100s\": realpath: %s",
+ provider, strerror(errno));
+@@ -2061,7 +2078,9 @@ main(int ac, char **av)
+ break;
+ case 'O':
+ if (strcmp(optarg, "no-restrict-websafe") == 0)
+- restrict_websafe = 0;
++ restrict_websafe = 0;
++ else if (strcmp(optarg, "allow-remote-pkcs11") == 0)
++ remote_add_provider = 1;
+ else
+ fatal("Unknown -O option");
+ break;
+--
+2.40.0
diff --git a/meta/recipes-connectivity/openssh/openssh_8.9p1.bb b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb
index b403b355a6..da7ab7716c 100644
--- a/meta/recipes-connectivity/openssh/openssh_8.9p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb
@@ -28,6 +28,10 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
file://0001-Default-to-not-using-sandbox-when-cross-compiling.patch \
file://7280401bdd77ca54be6867a154cc01e0d72612e0.patch \
file://0001-upstream-include-destination-constraints-for-smartca.patch \
+ file://CVE-2023-38408-0001.patch \
+ file://CVE-2023-38408-0002.patch \
+ file://CVE-2023-38408-0003.patch \
+ file://CVE-2023-38408-0004.patch \
"
SRC_URI[sha256sum] = "fd497654b7ab1686dac672fb83dfb4ba4096e8b5ffcdaccd262380ae58bec5e7"
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 08/30] dmidecode: fix CVE-2023-30630
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (6 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 07/30] openssh: fix CVE-2023-38408 Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 09/30] python3: upgrade 3.10.9 -> 3.10.12 Steve Sakoman
` (22 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Yogita Urade <yogita.urade@windriver.com>
Dmidecode before 3.5 allows -dump-bin to overwrite a local file.
This has security relevance because, for example, execution of
Dmidecode via Sudo is plausible.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-30630
https://lists.nongnu.org/archive/html/dmidecode-devel/2023-04/msg00016.html
https://lists.nongnu.org/archive/html/dmidecode-devel/2023-04/msg00017.html
Backport: fixes fuzz in the CVE-2023-30630_2.patch in kirkstone
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit f92e59a0894145a828dc9ac74bf8c7a9355e0587)
Signed-off-by: Dhairya Nagodra <dnagodra@cisco.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../dmidecode/CVE-2023-30630_1.patch | 237 ++++++++++++++++++
.../dmidecode/CVE-2023-30630_2.patch | 80 ++++++
.../dmidecode/CVE-2023-30630_3.patch | 69 +++++
.../dmidecode/CVE-2023-30630_4.patch | 137 ++++++++++
.../dmidecode/dmidecode_3.3.bb | 4 +
5 files changed, 527 insertions(+)
create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1.patch
create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch
create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_3.patch
create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch
diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1.patch
new file mode 100644
index 0000000000..53480d6299
--- /dev/null
+++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1.patch
@@ -0,0 +1,237 @@
+From d8cfbc808f387e87091c25e7d5b8c2bb348bb206 Mon Sep 17 00:00:00 2001
+From: Jean Delvare <jdelvare@suse.de>
+Date: Tue, 27 Jun 2023 09:40:23 +0000
+Subject: [PATCH] dmidecode: Write the whole dump file at once
+
+When option --dump-bin is used, write the whole dump file at once,
+instead of opening and closing the file separately for the table
+and then for the entry point.
+
+As the file writing function is no longer generic, it gets moved
+from util.c to dmidecode.c.
+
+One minor functional change resulting from the new implementation is
+that the entry point is written first now, so the messages printed
+are swapped.
+
+Signed-off-by: Jean Delvare <jdelvare@suse.de>
+Reviewed-by: Jerry Hoemann <jerry.hoemann@hpe.com>
+
+CVE: CVE-2023-30630
+
+Reference: https://github.com/mirror/dmidecode/commit/39b2dd7b6ab719b920e96ed832cfb4bdd664e808
+
+Upstream-Status: Backport [https://github.com/mirror/dmidecode/commit/d8cfbc808f387e87091c25e7d5b8c2bb348bb206]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ dmidecode.c | 79 +++++++++++++++++++++++++++++++++++++++--------------
+ util.c | 40 ---------------------------
+ util.h | 1 -
+ 3 files changed, 58 insertions(+), 62 deletions(-)
+
+diff --git a/dmidecode.c b/dmidecode.c
+index 9aeff91..5477309 100644
+--- a/dmidecode.c
++++ b/dmidecode.c
+@@ -5427,11 +5427,56 @@ static void dmi_table_string(const struct dmi_header *h, const u8 *data, u16 ver
+ }
+ }
+
+-static void dmi_table_dump(const u8 *buf, u32 len)
++static int dmi_table_dump(const u8 *ep, u32 ep_len, const u8 *table,
++ u32 table_len)
+ {
++ FILE *f;
++
++ f = fopen(opt.dumpfile, "wb");
++ if (!f)
++ {
++ fprintf(stderr, "%s: ", opt.dumpfile);
++ perror("fopen");
++ return -1;
++ }
++
++ if (!(opt.flags & FLAG_QUIET))
++ pr_comment("Writing %d bytes to %s.", ep_len, opt.dumpfile);
++ if (fwrite(ep, ep_len, 1, f) != 1)
++ {
++ fprintf(stderr, "%s: ", opt.dumpfile);
++ perror("fwrite");
++ goto err_close;
++ }
++
++ if (fseek(f, 32, SEEK_SET) != 0)
++ {
++ fprintf(stderr, "%s: ", opt.dumpfile);
++ perror("fseek");
++ goto err_close;
++ }
++
+ if (!(opt.flags & FLAG_QUIET))
+- pr_comment("Writing %d bytes to %s.", len, opt.dumpfile);
+- write_dump(32, len, buf, opt.dumpfile, 0);
++ pr_comment("Writing %d bytes to %s.", table_len, opt.dumpfile);
++ if (fwrite(table, table_len, 1, f) != 1)
++ {
++ fprintf(stderr, "%s: ", opt.dumpfile);
++ perror("fwrite");
++ goto err_close;
++ }
++
++ if (fclose(f))
++ {
++ fprintf(stderr, "%s: ", opt.dumpfile);
++ perror("fclose");
++ return -1;
++ }
++
++ return 0;
++
++err_close:
++ fclose(f);
++ return -1;
+ }
+
+ static void dmi_table_decode(u8 *buf, u32 len, u16 num, u16 ver, u32 flags)
+@@ -5648,11 +5693,6 @@ static void dmi_table(off_t base, u32 len, u16 num, u32 ver, const char *devmem,
+ return;
+ }
+
+- if (opt.flags & FLAG_DUMP_BIN)
+- dmi_table_dump(buf, len);
+- else
+- dmi_table_decode(buf, len, num, ver >> 8, flags);
+-
+ free(buf);
+ }
+
+@@ -5688,8 +5728,9 @@ static void overwrite_smbios3_address(u8 *buf)
+
+ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
+ {
+- u32 ver;
++ u32 ver, len;
+ u64 offset;
++ u8 *table;
+
+ /* Don't let checksum run beyond the buffer */
+ if (buf[0x06] > 0x20)
+@@ -5725,10 +5766,7 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
+ memcpy(crafted, buf, 32);
+ overwrite_smbios3_address(crafted);
+
+- if (!(opt.flags & FLAG_QUIET))
+- pr_comment("Writing %d bytes to %s.", crafted[0x06],
+- opt.dumpfile);
+- write_dump(0, crafted[0x06], crafted, opt.dumpfile, 1);
++ dmi_table_dump(crafted, crafted[0x06], table, len);
+ }
+
+ return 1;
+@@ -5737,6 +5775,8 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
+ static int smbios_decode(u8 *buf, const char *devmem, u32 flags)
+ {
+ u16 ver;
++ u32 len;
++ u8 *table;
+
+ /* Don't let checksum run beyond the buffer */
+ if (buf[0x05] > 0x20)
+@@ -5786,10 +5826,7 @@ static int smbios_decode(u8 *buf, const char *devmem, u32 flags)
+ memcpy(crafted, buf, 32);
+ overwrite_dmi_address(crafted + 0x10);
+
+- if (!(opt.flags & FLAG_QUIET))
+- pr_comment("Writing %d bytes to %s.", crafted[0x05],
+- opt.dumpfile);
+- write_dump(0, crafted[0x05], crafted, opt.dumpfile, 1);
++ dmi_table_dump(crafted, crafted[0x05], table, len);
+ }
+
+ return 1;
+@@ -5797,6 +5834,9 @@ static int smbios_decode(u8 *buf, const char *devmem, u32 flags)
+
+ static int legacy_decode(u8 *buf, const char *devmem, u32 flags)
+ {
++ u32 len;
++ u8 *table;
++
+ if (!checksum(buf, 0x0F))
+ return 0;
+
+@@ -5815,10 +5855,7 @@ static int legacy_decode(u8 *buf, const char *devmem, u32 flags)
+ memcpy(crafted, buf, 16);
+ overwrite_dmi_address(crafted);
+
+- if (!(opt.flags & FLAG_QUIET))
+- pr_comment("Writing %d bytes to %s.", 0x0F,
+- opt.dumpfile);
+- write_dump(0, 0x0F, crafted, opt.dumpfile, 1);
++ dmi_table_dump(crafted, 0x0F, table, len);
+ }
+
+ return 1;
+diff --git a/util.c b/util.c
+index 04aaadd..1547096 100644
+--- a/util.c
++++ b/util.c
+@@ -259,46 +259,6 @@ out:
+ return p;
+ }
+
+-int write_dump(size_t base, size_t len, const void *data, const char *dumpfile, int add)
+-{
+- FILE *f;
+-
+- f = fopen(dumpfile, add ? "r+b" : "wb");
+- if (!f)
+- {
+- fprintf(stderr, "%s: ", dumpfile);
+- perror("fopen");
+- return -1;
+- }
+-
+- if (fseek(f, base, SEEK_SET) != 0)
+- {
+- fprintf(stderr, "%s: ", dumpfile);
+- perror("fseek");
+- goto err_close;
+- }
+-
+- if (fwrite(data, len, 1, f) != 1)
+- {
+- fprintf(stderr, "%s: ", dumpfile);
+- perror("fwrite");
+- goto err_close;
+- }
+-
+- if (fclose(f))
+- {
+- fprintf(stderr, "%s: ", dumpfile);
+- perror("fclose");
+- return -1;
+- }
+-
+- return 0;
+-
+-err_close:
+- fclose(f);
+- return -1;
+-}
+-
+ /* Returns end - start + 1, assuming start < end */
+ u64 u64_range(u64 start, u64 end)
+ {
+diff --git a/util.h b/util.h
+index 3094cf8..ef24eb9 100644
+--- a/util.h
++++ b/util.h
+@@ -27,5 +27,4 @@
+ int checksum(const u8 *buf, size_t len);
+ void *read_file(off_t base, size_t *len, const char *filename);
+ void *mem_chunk(off_t base, size_t len, const char *devmem);
+-int write_dump(size_t base, size_t len, const void *data, const char *dumpfile, int add);
+ u64 u64_range(u64 start, u64 end);
+--
+2.35.5
diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch
new file mode 100644
index 0000000000..9f53a205ac
--- /dev/null
+++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch
@@ -0,0 +1,80 @@
+From 47101389dd52b50123a3ec59fed4d2021752e489 Mon Sep 17 00:00:00 2001
+From: Jean Delvare <jdelvare@suse.de>
+Date: Tue, 27 Jun 2023 10:03:53 +0000
+Subject: [PATCH] dmidecode: Do not let --dump-bin overwrite an existing file
+
+Make sure that the file passed to option --dump-bin does not already
+exist. In practice, it is rather unlikely that an honest user would
+want to overwrite an existing dump file, while this possibility
+could be used by a rogue user to corrupt a system file.
+
+Signed-off-by: Jean Delvare <jdelvare@suse.de>
+Reviewed-by: Jerry Hoemann <jerry.hoemann@hpe.com>
+
+CVE: CVE-2023-30630
+
+Upstream-Status: Backport
+[https://github.com/mirror/dmidecode/commit/6ca381c1247c81f74e1ca4e7706f70bdda72e6f2]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+
+---
+ dmidecode.c | 14 ++++++++++++--
+ man/dmidecode.8 | 3 ++-
+ 2 files changed, 14 insertions(+), 3 deletions(-)
+
+diff --git a/dmidecode.c b/dmidecode.c
+index ae461de..6446040 100644
+--- a/dmidecode.c
++++ b/dmidecode.c
+@@ -60,6 +60,7 @@
+ * https://www.dmtf.org/sites/default/files/DSP0270_1.0.1.pdf
+ */
+
++#include <fcntl.h>
+ #include <stdio.h>
+ #include <string.h>
+ #include <strings.h>
+@@ -5133,13 +5134,22 @@ static void dmi_table_string(const struct dmi_header *h, const u8 *data, u16 ver
+ static int dmi_table_dump(const u8 *ep, u32 ep_len, const u8 *table,
+ u32 table_len)
+ {
++ int fd;
+ FILE *f;
+
+- f = fopen(opt.dumpfile, "wb");
++ fd = open(opt.dumpfile, O_WRONLY|O_CREAT|O_EXCL, 0666);
++ if (fd == -1)
++ {
++ fprintf(stderr, "%s: ", opt.dumpfile);
++ perror("open");
++ return -1;
++ }
++
++ f = fdopen(fd, "wb");
+ if (!f)
+ {
+ fprintf(stderr, "%s: ", opt.dumpfile);
+- perror("fopen");
++ perror("fdopen");
+ return -1;
+ }
+
+diff --git a/man/dmidecode.8 b/man/dmidecode.8
+index 64dc7e7..d5b7f01 100644
+--- a/man/dmidecode.8
++++ b/man/dmidecode.8
+@@ -1,4 +1,4 @@
+-.TH DMIDECODE 8 "January 2019" "dmidecode"
++.TH DMIDECODE 8 "February 2023" "dmidecode"
+ .\"
+ .SH NAME
+ dmidecode \- \s-1DMI\s0 table decoder
+@@ -132,6 +132,7 @@ hexadecimal and \s-1ASCII\s0. This option is mainly useful for debugging.
+ Do not decode the entries, instead dump the DMI data to a file in binary
+ form. The generated file is suitable to pass to \fB--from-dump\fR
+ later.
++\fIFILE\fP must not exist.
+ .TP
+ .BR " " " " "--from-dump FILE"
+ Read the DMI data from a binary file previously generated using
diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_3.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_3.patch
new file mode 100644
index 0000000000..01d0d1f867
--- /dev/null
+++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_3.patch
@@ -0,0 +1,69 @@
+From c76ddda0ba0aa99a55945e3290095c2ec493c892 Mon Sep 17 00:00:00 2001
+From: Jean Delvare <jdelvare@suse.de>
+Date: Tue, 27 Jun 2023 10:25:50 +0000
+Subject: [PATCH] Consistently use read_file() when reading from a dump file
+
+Use read_file() instead of mem_chunk() to read the entry point from a
+dump file. This is faster, and consistent with how we then read the
+actual DMI table from that dump file.
+
+This made no functional difference so far, which is why it went
+unnoticed for years. But now that a file type check was added to the
+mem_chunk() function, we must stop using it to read from regular
+files.
+
+This will again allow root to use the --from-dump option.
+
+Signed-off-by: Jean Delvare <jdelvare@suse.de>
+Tested-by: Jerry Hoemann <jerry.hoemann@hpe.com>
+
+CVE: CVE-2023-30630
+
+Upstream-Status: Backport [https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=c76ddda0ba0aa99a55945e3290095c2ec493c892]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ dmidecode.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/dmidecode.c b/dmidecode.c
+index 98f9692..b4dbc9d 100644
+--- a/dmidecode.c
++++ b/dmidecode.c
+@@ -5997,17 +5997,25 @@ int main(int argc, char * const argv[])
+ pr_comment("dmidecode %s", VERSION);
+
+ /* Read from dump if so instructed */
++ size = 0x20;
+ if (opt.flags & FLAG_FROM_DUMP)
+ {
+ if (!(opt.flags & FLAG_QUIET))
+ pr_info("Reading SMBIOS/DMI data from file %s.",
+ opt.dumpfile);
+- if ((buf = mem_chunk(0, 0x20, opt.dumpfile)) == NULL)
++ if ((buf = read_file(0, &size, opt.dumpfile)) == NULL)
+ {
+ ret = 1;
+ goto exit_free;
+ }
+
++ /* Truncated entry point can't be processed */
++ if (size < 0x20)
++ {
++ ret = 1;
++ goto done;
++ }
++
+ if (memcmp(buf, "_SM3_", 5) == 0)
+ {
+ if (smbios3_decode(buf, opt.dumpfile, 0))
+@@ -6031,7 +6039,6 @@ int main(int argc, char * const argv[])
+ * contain one of several types of entry points, so read enough for
+ * the largest one, then determine what type it contains.
+ */
+- size = 0x20;
+ if (!(opt.flags & FLAG_NO_SYSFS)
+ && (buf = read_file(0, &size, SYS_ENTRY_FILE)) != NULL)
+ {
+--
+2.40.0
diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch
new file mode 100644
index 0000000000..5fa72b4f9b
--- /dev/null
+++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch
@@ -0,0 +1,137 @@
+From 2b83c4b898f8325313162f588765411e8e3e5561 Mon Sep 17 00:00:00 2001
+From: Jean Delvare <jdelvare@suse.de>
+Date: Tue, 27 Jun 2023 10:58:11 +0000
+Subject: [PATCH] Don't read beyond sysfs entry point buffer
+
+Functions smbios_decode() and smbios3_decode() include a check
+against buffer overrun. This check assumes that the buffer length is
+always 32 bytes. This is true when reading from /dev/mem or from a
+dump file, however when reading from sysfs, the buffer length is the
+size of the actual sysfs attribute file, typically 31 bytes for an
+SMBIOS 2.x entry point and 24 bytes for an SMBIOS 3.x entry point.
+
+In the unlikely event of a malformed entry point, with encoded length
+larger than expected but smaller than or equal to 32, we would hit a
+buffer overrun. So properly pass the actual buffer length as an
+argument and perform the check against it.
+
+In practice, this will never happen, because on the Linux kernel
+side, the size of the sysfs attribute file is decided from the entry
+point length field. So it is technically impossible for them not to
+match. But user-space code should not make such assumptions.
+
+Signed-off-by: Jean Delvare <jdelvare@suse.de>
+
+CVE: CVE-2023-30630
+
+Upstream-Status: Backport
+[https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=2b83c4b898f8325313162f588765411e8e3e5561]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ dmidecode.c | 24 ++++++++++++------------
+ 1 file changed, 12 insertions(+), 12 deletions(-)
+
+diff --git a/dmidecode.c b/dmidecode.c
+index b4dbc9d..870d94e 100644
+--- a/dmidecode.c
++++ b/dmidecode.c
+@@ -5736,14 +5736,14 @@ static void overwrite_smbios3_address(u8 *buf)
+ buf[0x17] = 0;
+ }
+
+-static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
++static int smbios3_decode(u8 *buf, size_t buf_len, const char *devmem, u32 flags)
+ {
+ u32 ver, len;
+ u64 offset;
+ u8 *table;
+
+ /* Don't let checksum run beyond the buffer */
+- if (buf[0x06] > 0x20)
++ if (buf[0x06] > buf_len)
+ {
+ fprintf(stderr,
+ "Entry point length too large (%u bytes, expected %u).\n",
+@@ -5782,14 +5782,14 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
+ return 1;
+ }
+
+-static int smbios_decode(u8 *buf, const char *devmem, u32 flags)
++static int smbios_decode(u8 *buf, size_t buf_len, const char *devmem, u32 flags)
+ {
+ u16 ver;
+ u32 len;
+ u8 *table;
+
+ /* Don't let checksum run beyond the buffer */
+- if (buf[0x05] > 0x20)
++ if (buf[0x05] > buf_len)
+ {
+ fprintf(stderr,
+ "Entry point length too large (%u bytes, expected %u).\n",
+@@ -6018,12 +6018,12 @@ int main(int argc, char * const argv[])
+
+ if (memcmp(buf, "_SM3_", 5) == 0)
+ {
+- if (smbios3_decode(buf, opt.dumpfile, 0))
++ if (smbios3_decode(buf, size, opt.dumpfile, 0))
+ found++;
+ }
+ else if (memcmp(buf, "_SM_", 4) == 0)
+ {
+- if (smbios_decode(buf, opt.dumpfile, 0))
++ if (smbios_decode(buf, size, opt.dumpfile, 0))
+ found++;
+ }
+ else if (memcmp(buf, "_DMI_", 5) == 0)
+@@ -6046,12 +6046,12 @@ int main(int argc, char * const argv[])
+ pr_info("Getting SMBIOS data from sysfs.");
+ if (size >= 24 && memcmp(buf, "_SM3_", 5) == 0)
+ {
+- if (smbios3_decode(buf, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
++ if (smbios3_decode(buf, size, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
+ found++;
+ }
+ else if (size >= 31 && memcmp(buf, "_SM_", 4) == 0)
+ {
+- if (smbios_decode(buf, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
++ if (smbios_decode(buf, size, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
+ found++;
+ }
+ else if (size >= 15 && memcmp(buf, "_DMI_", 5) == 0)
+@@ -6088,12 +6088,12 @@ int main(int argc, char * const argv[])
+
+ if (memcmp(buf, "_SM3_", 5) == 0)
+ {
+- if (smbios3_decode(buf, opt.devmem, 0))
++ if (smbios3_decode(buf, 0x20, opt.devmem, 0))
+ found++;
+ }
+ else if (memcmp(buf, "_SM_", 4) == 0)
+ {
+- if (smbios_decode(buf, opt.devmem, 0))
++ if (smbios_decode(buf, 0x20, opt.devmem, 0))
+ found++;
+ }
+ goto done;
+@@ -6114,7 +6114,7 @@ memory_scan:
+ {
+ if (memcmp(buf + fp, "_SM3_", 5) == 0)
+ {
+- if (smbios3_decode(buf + fp, opt.devmem, 0))
++ if (smbios3_decode(buf + fp, 0x20, opt.devmem, 0))
+ {
+ found++;
+ goto done;
+@@ -6127,7 +6127,7 @@ memory_scan:
+ {
+ if (memcmp(buf + fp, "_SM_", 4) == 0 && fp <= 0xFFE0)
+ {
+- if (smbios_decode(buf + fp, opt.devmem, 0))
++ if (smbios_decode(buf + fp, 0x20, opt.devmem, 0))
+ {
+ found++;
+ goto done;
+--
+2.35.5
diff --git a/meta/recipes-devtools/dmidecode/dmidecode_3.3.bb b/meta/recipes-devtools/dmidecode/dmidecode_3.3.bb
index 23540b2703..b99c2ea99d 100644
--- a/meta/recipes-devtools/dmidecode/dmidecode_3.3.bb
+++ b/meta/recipes-devtools/dmidecode/dmidecode_3.3.bb
@@ -6,6 +6,10 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263"
SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/dmidecode/${BP}.tar.xz \
file://0001-Committing-changes-from-do_unpack_extra.patch \
+ file://CVE-2023-30630_1.patch \
+ file://CVE-2023-30630_2.patch \
+ file://CVE-2023-30630_3.patch \
+ file://CVE-2023-30630_4.patch \
"
COMPATIBLE_HOST = "(i.86|x86_64|aarch64|arm|powerpc|powerpc64).*-linux"
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 09/30] python3: upgrade 3.10.9 -> 3.10.12
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (7 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 08/30] dmidecode: fix CVE-2023-30630 Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 10/30] diffutils: update 3.9 -> 3.10 Steve Sakoman
` (21 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Tim Orling <ticotimo@gmail.com>
Security and bugfix updates.
* Drop cve-2023-24329.patch as it is merged in 3.10.12
CVE: CVE-2023-24329
Includes openssl 1.1.1u which addresses:
CVE: CVE-2023-0286
CVE: CVE-2022-4304
CVE: CVE-2022-4203
https://docs.python.org/release/3.10.12/whatsnew/changelog.html#python-3-10-12-final
https://docs.python.org/release/3.10.12/whatsnew/changelog.html#python-3-10-11-final
https://docs.python.org/release/3.10.12/whatsnew/changelog.html#python-3-10-10-final
License-Update: Update Copyright years to include 2023
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../python/python3/cve-2023-24329.patch | 50 -------------------
.../{python3_3.10.9.bb => python3_3.10.12.bb} | 5 +-
2 files changed, 2 insertions(+), 53 deletions(-)
delete mode 100644 meta/recipes-devtools/python/python3/cve-2023-24329.patch
rename meta/recipes-devtools/python/{python3_3.10.9.bb => python3_3.10.12.bb} (98%)
diff --git a/meta/recipes-devtools/python/python3/cve-2023-24329.patch b/meta/recipes-devtools/python/python3/cve-2023-24329.patch
deleted file mode 100644
index d47425d239..0000000000
--- a/meta/recipes-devtools/python/python3/cve-2023-24329.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 72d356e3584ebfb8e813a8e9f2cd3dccf233c0d9 Mon Sep 17 00:00:00 2001
-From: "Miss Islington (bot)"
- <31488909+miss-islington@users.noreply.github.com>
-Date: Sun, 13 Nov 2022 11:00:25 -0800
-Subject: [PATCH] gh-99418: Make urllib.parse.urlparse enforce that a scheme
- must begin with an alphabetical ASCII character. (GH-99421)
-
-Prevent urllib.parse.urlparse from accepting schemes that don't begin with an alphabetical ASCII character.
-
-RFC 3986 defines a scheme like this: `scheme = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )`
-RFC 2234 defines an ALPHA like this: `ALPHA = %x41-5A / %x61-7A`
-
-The WHATWG URL spec defines a scheme like this:
-`"A URL-scheme string must be one ASCII alpha, followed by zero or more of ASCII alphanumeric, U+002B (+), U+002D (-), and U+002E (.)."`
-(cherry picked from commit 439b9cfaf43080e91c4ad69f312f21fa098befc7)
-
-Co-authored-by: Ben Kallus <49924171+kenballus@users.noreply.github.com>
---- end original header ---
-
-CVE: CVE-2023-24329
-
-Upstream-Status: Backport [see below]
-
-Taken from https://github.com/python/cpython.git
-commit 72d356e3584ebfb8e813a8e9f2cd3dccf233c0d9
-
-CVE fix extracted; test case and update to NEWS abandoned.
-Defuzzed.
-
-Signed-off-by: Joe Slater <joe.slater@windriver.com>
----
- Lib/urllib/parse.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Lib/urllib/parse.py b/Lib/urllib/parse.py
-index 26ddf30..1c53acb 100644
---- a/Lib/urllib/parse.py
-+++ b/Lib/urllib/parse.py
-@@ -469,7 +469,7 @@ def urlsplit(url, scheme='', allow_fragments=True):
- clear_cache()
- netloc = query = fragment = ''
- i = url.find(':')
-- if i > 0:
-+ if i > 0 and url[0].isascii() and url[0].isalpha():
- for c in url[:i]:
- if c not in scheme_chars:
- break
---
-2.25.1
-
diff --git a/meta/recipes-devtools/python/python3_3.10.9.bb b/meta/recipes-devtools/python/python3_3.10.12.bb
similarity index 98%
rename from meta/recipes-devtools/python/python3_3.10.9.bb
rename to meta/recipes-devtools/python/python3_3.10.12.bb
index 4ecc7614bb..74f1defc95 100644
--- a/meta/recipes-devtools/python/python3_3.10.9.bb
+++ b/meta/recipes-devtools/python/python3_3.10.12.bb
@@ -4,7 +4,7 @@ DESCRIPTION = "Python is a programming language that lets you work more quickly
LICENSE = "PSF-2.0"
SECTION = "devel/python"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=a1822df8d0f068628ca6090aedc5bfc8"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=fcf6b249c2641540219a727f35d8d2c2"
SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
file://run-ptest \
@@ -35,7 +35,6 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
file://0001-setup.py-Do-not-detect-multiarch-paths-when-cross-co.patch \
file://deterministic_imports.patch \
file://0001-Avoid-shebang-overflow-on-python-config.py.patch \
- file://cve-2023-24329.patch \
"
SRC_URI:append:class-native = " \
@@ -44,7 +43,7 @@ SRC_URI:append:class-native = " \
file://12-distutils-prefix-is-inside-staging-area.patch \
file://0001-Don-t-search-system-for-headers-libraries.patch \
"
-SRC_URI[sha256sum] = "5ae03e308260164baba39921fdb4dbf8e6d03d8235a939d4582b33f0b5e46a83"
+SRC_URI[sha256sum] = "afb74bf19130e7a47d10312c8f5e784f24e0527981eab68e20546cfb865830b8"
# exclude pre-releases for both python 2.x and 3.x
UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 10/30] diffutils: update 3.9 -> 3.10
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (8 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 09/30] python3: upgrade 3.10.9 -> 3.10.12 Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 11/30] libassuan: upgrade 2.5.5 -> 2.5.6 Steve Sakoman
` (20 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Alexander Kanavin <alex.kanavin@gmail.com>
* Noteworthy changes in release 3.10 (2023-05-21) [stable]
** Bug fixes
cmp/diff can again work with file dates past Y2K38
[bug introduced in 3.9]
diff -D no longer fails to output #ifndef lines.
[bug#61193 introduced in 3.9]
Remove the comment addition from the patch body, as it
increases likelyhood of rebase conflicts, and repeats what
the commit says.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 925155acc6922f7e9df2afa45e79ad1b2c57ba24)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 21e40166870fadee986fb36be80019d3bcdb69e5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...001-Skip-strip-trailing-cr-test-case.patch | 19 +++++++------------
.../{diffutils_3.9.bb => diffutils_3.10.bb} | 2 +-
2 files changed, 8 insertions(+), 13 deletions(-)
rename meta/recipes-extended/diffutils/{diffutils_3.9.bb => diffutils_3.10.bb} (93%)
diff --git a/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch b/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch
index 8b88c308f2..32793233f9 100644
--- a/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch
+++ b/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch
@@ -1,4 +1,4 @@
-From 027229d25392b22d7280c0abbc3efde4f467d167 Mon Sep 17 00:00:00 2001
+From f31395c931bc633206eccfcfaaaa5d15021a3e86 Mon Sep 17 00:00:00 2001
From: Peiran Hong <peiran.hong@windriver.com>
Date: Thu, 5 Sep 2019 15:42:22 -0400
Subject: [PATCH] Skip strip-trailing-cr test case
@@ -12,23 +12,18 @@ Upstream-Status: Inappropriate [embedded specific]
Signed-off-by: Peiran Hong <peiran.hong@windriver.com>
---
- tests/Makefile.am | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
+ tests/Makefile.am | 1 -
+ 1 file changed, 1 deletion(-)
diff --git a/tests/Makefile.am b/tests/Makefile.am
-index d98df82..757ea52 100644
+index 79bacfb..4adb4d7 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
-@@ -21,9 +21,11 @@ TESTS = \
+@@ -22,7 +22,6 @@ TESTS = \
stdin \
strcoll-0-names \
filename-quoting \
- strip-trailing-cr \
timezone \
- colors
-+# Skipping this test since it requires valgrind
-+# and thus is too heavy for diffutils package
-+# strip-trailing-cr
-
- XFAIL_TESTS = large-subopt
-
+ colors \
+ y2038-vs-32bit
diff --git a/meta/recipes-extended/diffutils/diffutils_3.9.bb b/meta/recipes-extended/diffutils/diffutils_3.10.bb
similarity index 93%
rename from meta/recipes-extended/diffutils/diffutils_3.9.bb
rename to meta/recipes-extended/diffutils/diffutils_3.10.bb
index 2bb9e6f32d..08e8305612 100644
--- a/meta/recipes-extended/diffutils/diffutils_3.9.bb
+++ b/meta/recipes-extended/diffutils/diffutils_3.10.bb
@@ -8,7 +8,7 @@ SRC_URI = "${GNU_MIRROR}/diffutils/diffutils-${PV}.tar.xz \
file://0001-Skip-strip-trailing-cr-test-case.patch \
"
-SRC_URI[sha256sum] = "d80d3be90a201868de83d78dad3413ad88160cc53bcc36eb9eaf7c20dbf023f1"
+SRC_URI[sha256sum] = "90e5e93cc724e4ebe12ede80df1634063c7a855692685919bfe60b556c9bd09e"
EXTRA_OECONF += "ac_cv_path_PR_PROGRAM=${bindir}/pr --without-libsigsegv-prefix"
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 11/30] libassuan: upgrade 2.5.5 -> 2.5.6
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (9 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 10/30] diffutils: update 3.9 -> 3.10 Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 12/30] libksba: upgrade 1.6.3 -> 1.6.4 Steve Sakoman
` (19 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Wang Mingyu <wangmy@fujitsu.com>
Changelog:
===========
* Fix logging of confidential data. [rA0fc31770fa]
* Fix memory wiping. [T5977]
* Fix macOS build problem. [T5440,T5610]
* Upgrade autoconf stuff.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 90126be6dc32170c08eb90223b6a6cc06c2133ce)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libassuan/{libassuan_2.5.5.bb => libassuan_2.5.6.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-support/libassuan/{libassuan_2.5.5.bb => libassuan_2.5.6.bb} (93%)
diff --git a/meta/recipes-support/libassuan/libassuan_2.5.5.bb b/meta/recipes-support/libassuan/libassuan_2.5.6.bb
similarity index 93%
rename from meta/recipes-support/libassuan/libassuan_2.5.5.bb
rename to meta/recipes-support/libassuan/libassuan_2.5.6.bb
index 2bab3ac955..7e899e7399 100644
--- a/meta/recipes-support/libassuan/libassuan_2.5.5.bb
+++ b/meta/recipes-support/libassuan/libassuan_2.5.6.bb
@@ -20,7 +20,7 @@ SRC_URI = "${GNUPG_MIRROR}/libassuan/libassuan-${PV}.tar.bz2 \
file://libassuan-add-pkgconfig-support.patch \
"
-SRC_URI[sha256sum] = "8e8c2fcc982f9ca67dcbb1d95e2dc746b1739a4668bc20b3a3c5be632edb34e4"
+SRC_URI[sha256sum] = "e9fd27218d5394904e4e39788f9b1742711c3e6b41689a31aa3380bd5aa4f426"
BINCONFIG = "${bindir}/libassuan-config"
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 12/30] libksba: upgrade 1.6.3 -> 1.6.4
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (10 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 11/30] libassuan: upgrade 2.5.5 -> 2.5.6 Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 13/30] lttng-ust: upgrade 2.13.5 -> 2.13.6 Steve Sakoman
` (18 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Wang Mingyu <wangmy@fujitsu.com>
Changelog:
Correctly detect CMS write errors.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0296cf63007542c1cb209a4288be1c82aa2ba843)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libksba/{libksba_1.6.3.bb => libksba_1.6.4.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-support/libksba/{libksba_1.6.3.bb => libksba_1.6.4.bb} (94%)
diff --git a/meta/recipes-support/libksba/libksba_1.6.3.bb b/meta/recipes-support/libksba/libksba_1.6.4.bb
similarity index 94%
rename from meta/recipes-support/libksba/libksba_1.6.3.bb
rename to meta/recipes-support/libksba/libksba_1.6.4.bb
index dc39693be4..f9636f9433 100644
--- a/meta/recipes-support/libksba/libksba_1.6.3.bb
+++ b/meta/recipes-support/libksba/libksba_1.6.4.bb
@@ -24,7 +24,7 @@ UPSTREAM_CHECK_URI = "https://gnupg.org/download/index.html"
SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
file://ksba-add-pkgconfig-support.patch"
-SRC_URI[sha256sum] = "3f72c68db30971ebbf14367527719423f0a4d5f8103fc9f4a1c01a9fa440de5c"
+SRC_URI[sha256sum] = "bbb43f032b9164d86c781ffe42213a83bf4f2fee91455edfa4654521b8b03b6b"
do_configure:prepend () {
# Else these could be used in preference to those in aclocal-copy
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 13/30] lttng-ust: upgrade 2.13.5 -> 2.13.6
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (11 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 12/30] libksba: upgrade 1.6.3 -> 1.6.4 Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 14/30] gcc : upgrade to v11.4 Steve Sakoman
` (17 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Wang Mingyu <wangmy@fujitsu.com>
Changelog:
===========
* Fix: segmentation fault on filter interpretation in "switch" mode
* Fix: `ip` context is expressed as a base-10 field
* Fix: c99: use __asm__ __volatile__
* Fix: c99: static assert: clang build fails due to multiple typedef
* Fix: Reevaluate LTTNG_UST_TRACEPOINT_DEFINE each time tracepoint.h is included
* Fix: trace events in C++ constructors/destructors
* Fix: trace events in C constructors/destructors
* Fix: use unaligned pointer accesses for lttng_inline_memcpy
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 656470b4b0db579308d218d1ece77bdacd168d14)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../lttng/{lttng-ust_2.13.5.bb => lttng-ust_2.13.6.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-kernel/lttng/{lttng-ust_2.13.5.bb => lttng-ust_2.13.6.bb} (95%)
diff --git a/meta/recipes-kernel/lttng/lttng-ust_2.13.5.bb b/meta/recipes-kernel/lttng/lttng-ust_2.13.6.bb
similarity index 95%
rename from meta/recipes-kernel/lttng/lttng-ust_2.13.5.bb
rename to meta/recipes-kernel/lttng/lttng-ust_2.13.6.bb
index 916408bff0..424b0fa645 100644
--- a/meta/recipes-kernel/lttng/lttng-ust_2.13.5.bb
+++ b/meta/recipes-kernel/lttng/lttng-ust_2.13.6.bb
@@ -34,7 +34,7 @@ SRC_URI = "https://lttng.org/files/lttng-ust/lttng-ust-${PV}.tar.bz2 \
file://0001-Makefile.am-update-rpath-link.patch \
"
-SRC_URI[sha256sum] = "f1d7bb4984a3dc5dacd3b7bcb4c10c04b041b0eecd7cba1fef3d8f86aff02bd6"
+SRC_URI[sha256sum] = "e7e04596dd73ac7aa99e27cd000f949dbb0fed51bd29099f9b08a25c1df0ced5"
CVE_PRODUCT = "ust"
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 14/30] gcc : upgrade to v11.4
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (12 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 13/30] lttng-ust: upgrade 2.13.5 -> 2.13.6 Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 15/30] libxcrypt: fix build with perl-5.38 and use master branch Steve Sakoman
` (16 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Sundeep KOKKONDA <sundeep.kokkonda@windriver.com>
gcc stable version upgraded from v11.3 to v11.4
For changes in v11.4 see - https://gcc.gnu.org/gcc-11/changes.html
Below is the bug fix list for v11.4
https://gcc.gnu.org/bugzilla/buglist.cgi?bug_status=RESOLVED&order=short_desc%2Cbug_status%2Cpriority%2Cassigned_to%2Cbug_id&query_format=advanced&resolution=FIXED&target_milestone=11.4
There are a total 115 bugs are fixed in this release, below is the list of bugs fixed excluding the regression fixes.
ID Product Comp Resolution Summary▲
108199 gcc tree-opt FIXE Bitfields, unions and SRA and storage_order_attribute
107801 gcc libstdc+ FIXE Building cross compiler for H8 family fails in libstdc++ (c++17/memory_resource.cc)
108265 gcc libstdc+ FIXE chrono::hh_mm_ss can't be constructed from unsigned durations
104443 gcc libstdc+ FIXE common_iterator<I, S>::operator-> is not correctly implemented
98056 gcc c++ FIXE coroutines: ICE tree check: expected record_type or union_type or qual_union_type, have array_type since r11-2183-g0f66b8486cea8668
107061 gcc target FIXE ENCODEKEY128 clobbers xmm4-xmm6
105433 gcc testsuit FIXE FAIL: gcc.target/i386/iamcu/test_3_element_struct_and_unions.c
105095 gcc testsuit FIXE gcc.dg/vect/complex/fast-math-complex-* tests are not executed
100474 gcc c++ FIXE ICE: in diagnose_trait_expr, at cp/constraint.cc:3706
105854 gcc target FIXE ICE: in extract_constrain_insn, at recog.cc:2692 (insn does not satisfy its constraints: sse2_lshrv1ti3)
104462 gcc target FIXE ICE: in extract_constrain_insn_cached, at recog.cc:2682 with -mavx512fp16 -mno-xsave
106045 gcc libgomp FIXE Incorrect testcase in libgomp.c/target-31.c at -O0
56189 gcc c++ FIXE Infinite recursion with noexcept when instantiating function template
100295 gcc c++ FIXE Internal compiler error from generic lambda capturing parameter pack and expanding it in if constexpr
100613 gcc jit FIXE libgccjit should produce dylib on macOS
104875 gcc libstdc+ FIXE libstdc++-v3/src/c++11/codecvt.cc:312:24: warning: left shift count >= width of type
107471 gcc libstdc+ FIXE mismatching constraints in common_iterator
105284 gcc libstdc+ FIXE missing syncstream and spanstream forward decl. in <iosfwd>
98821 gcc c++ FIXE modules : c++tools configures with CC but code fragments assume CXX.
109846 gcc fortran FIXE Pointer-valued function reference rejected as actual argument
101324 gcc target FIXE powerpc64le: hashst appears before mflr at -O1 or higher
102479 gcc c++ FIXE segfault when deducing class template arguments for tuple with libc++-14
105128 gcc libstdc+ FIXE source_location compile error for latest clang 15
106183 gcc libstdc+ FIXE std::atomic::wait might fail to be unblocked by notify_one/all on platforms without platform_wait()
102994 gcc libstdc+ FIXE std::atomic<ptr>::wait is not marked const
105324 gcc libstdc+ FIXE std::from_chars() assertion at floating_from_chars.cc:78 when parsing 1.11111111....
105375 gcc libstdc+ FIXE std::packaged_task has no deduction guide.
104602 gcc libstdc+ FIXE std::source_location::current uses cast from void*
106808 gcc libstdc+ FIXE std::string_view range concept requirement causes compile error with Boost.Filesystem
105725 gcc c++ FIXE [ICE] segfault with `-Wmismatched-tags`
105920 gcc target FIXE __builtin_cpu_supports ("f16c") should check AVX
Signed-off-by: Sundeep KOKKONDA <sundeep.kokkonda@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/conf/distro/include/maintainers.inc | 2 +-
.../gcc/{gcc-11.3.inc => gcc-11.4.inc} | 6 +-
...ian_11.3.bb => gcc-cross-canadian_11.4.bb} | 0
.../{gcc-cross_11.3.bb => gcc-cross_11.4.bb} | 0
...-crosssdk_11.3.bb => gcc-crosssdk_11.4.bb} | 0
...cc-runtime_11.3.bb => gcc-runtime_11.4.bb} | 0
...itizers_11.3.bb => gcc-sanitizers_11.4.bb} | 0
...{gcc-source_11.3.bb => gcc-source_11.4.bb} | 0
...rch64-Update-Neoverse-N2-core-defini.patch | 20 ++--
...rm-add-armv9-a-architecture-to-march.patch | 54 +++++-----
...AMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch | 102 +++++++++---------
...s-fix-v4bx-to-linker-to-support-EABI.patch | 6 +-
.../gcc/{gcc_11.3.bb => gcc_11.4.bb} | 0
...initial_11.3.bb => libgcc-initial_11.4.bb} | 0
.../gcc/{libgcc_11.3.bb => libgcc_11.4.bb} | 0
...ibgfortran_11.3.bb => libgfortran_11.4.bb} | 0
16 files changed, 93 insertions(+), 97 deletions(-)
rename meta/recipes-devtools/gcc/{gcc-11.3.inc => gcc-11.4.inc} (97%)
rename meta/recipes-devtools/gcc/{gcc-cross-canadian_11.3.bb => gcc-cross-canadian_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-cross_11.3.bb => gcc-cross_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-crosssdk_11.3.bb => gcc-crosssdk_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-runtime_11.3.bb => gcc-runtime_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-sanitizers_11.3.bb => gcc-sanitizers_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc-source_11.3.bb => gcc-source_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{gcc_11.3.bb => gcc_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{libgcc-initial_11.3.bb => libgcc-initial_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{libgcc_11.3.bb => libgcc_11.4.bb} (100%)
rename meta/recipes-devtools/gcc/{libgfortran_11.3.bb => libgfortran_11.4.bb} (100%)
diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc
index 1d5e070223..bfc14951fe 100644
--- a/meta/conf/distro/include/maintainers.inc
+++ b/meta/conf/distro/include/maintainers.inc
@@ -189,7 +189,7 @@ RECIPE_MAINTAINER:pn-gcc-cross-canadian-${TRANSLATED_TARGET_ARCH} = "Khem Raj <r
RECIPE_MAINTAINER:pn-gcc-crosssdk-${SDK_SYS} = "Khem Raj <raj.khem@gmail.com>"
RECIPE_MAINTAINER:pn-gcc-runtime = "Khem Raj <raj.khem@gmail.com>"
RECIPE_MAINTAINER:pn-gcc-sanitizers = "Khem Raj <raj.khem@gmail.com>"
-RECIPE_MAINTAINER:pn-gcc-source-11.3.0 = "Khem Raj <raj.khem@gmail.com>"
+RECIPE_MAINTAINER:pn-gcc-source-11.4.0 = "Khem Raj <raj.khem@gmail.com>"
RECIPE_MAINTAINER:pn-gconf = "Ross Burton <ross.burton@arm.com>"
RECIPE_MAINTAINER:pn-gcr = "Alexander Kanavin <alex.kanavin@gmail.com>"
RECIPE_MAINTAINER:pn-gdb = "Khem Raj <raj.khem@gmail.com>"
diff --git a/meta/recipes-devtools/gcc/gcc-11.3.inc b/meta/recipes-devtools/gcc/gcc-11.4.inc
similarity index 97%
rename from meta/recipes-devtools/gcc/gcc-11.3.inc
rename to meta/recipes-devtools/gcc/gcc-11.4.inc
index ab2ece3cce..a907661df4 100644
--- a/meta/recipes-devtools/gcc/gcc-11.3.inc
+++ b/meta/recipes-devtools/gcc/gcc-11.4.inc
@@ -2,11 +2,11 @@ require gcc-common.inc
# Third digit in PV should be incremented after a minor release
-PV = "11.3.0"
+PV = "11.4.0"
# BINV should be incremented to a revision after a minor gcc release
-BINV = "11.3.0"
+BINV = "11.4.0"
FILESEXTRAPATHS =. "${FILE_DIRNAME}/gcc:${FILE_DIRNAME}/gcc/backport:"
@@ -70,7 +70,7 @@ SRC_URI = "\
file://0004-arm-add-armv9-a-architecture-to-march.patch \
"
-SRC_URI[sha256sum] = "b47cf2818691f5b1e21df2bb38c795fac2cfbd640ede2d0a5e1c89e338a3ac39"
+SRC_URI[sha256sum] = "3f2db222b007e8a4a23cd5ba56726ef08e8b1f1eb2055ee72c1402cea73a8dd9"
S = "${TMPDIR}/work-shared/gcc-${PV}-${PR}/gcc-${PV}"
diff --git a/meta/recipes-devtools/gcc/gcc-cross-canadian_11.3.bb b/meta/recipes-devtools/gcc/gcc-cross-canadian_11.4.bb
similarity index 100%
rename from meta/recipes-devtools/gcc/gcc-cross-canadian_11.3.bb
rename to meta/recipes-devtools/gcc/gcc-cross-canadian_11.4.bb
diff --git a/meta/recipes-devtools/gcc/gcc-cross_11.3.bb b/meta/recipes-devtools/gcc/gcc-cross_11.4.bb
similarity index 100%
rename from meta/recipes-devtools/gcc/gcc-cross_11.3.bb
rename to meta/recipes-devtools/gcc/gcc-cross_11.4.bb
diff --git a/meta/recipes-devtools/gcc/gcc-crosssdk_11.3.bb b/meta/recipes-devtools/gcc/gcc-crosssdk_11.4.bb
similarity index 100%
rename from meta/recipes-devtools/gcc/gcc-crosssdk_11.3.bb
rename to meta/recipes-devtools/gcc/gcc-crosssdk_11.4.bb
diff --git a/meta/recipes-devtools/gcc/gcc-runtime_11.3.bb b/meta/recipes-devtools/gcc/gcc-runtime_11.4.bb
similarity index 100%
rename from meta/recipes-devtools/gcc/gcc-runtime_11.3.bb
rename to meta/recipes-devtools/gcc/gcc-runtime_11.4.bb
diff --git a/meta/recipes-devtools/gcc/gcc-sanitizers_11.3.bb b/meta/recipes-devtools/gcc/gcc-sanitizers_11.4.bb
similarity index 100%
rename from meta/recipes-devtools/gcc/gcc-sanitizers_11.3.bb
rename to meta/recipes-devtools/gcc/gcc-sanitizers_11.4.bb
diff --git a/meta/recipes-devtools/gcc/gcc-source_11.3.bb b/meta/recipes-devtools/gcc/gcc-source_11.4.bb
similarity index 100%
rename from meta/recipes-devtools/gcc/gcc-source_11.3.bb
rename to meta/recipes-devtools/gcc/gcc-source_11.4.bb
diff --git a/meta/recipes-devtools/gcc/gcc/0001-aarch64-Update-Neoverse-N2-core-defini.patch b/meta/recipes-devtools/gcc/gcc/0001-aarch64-Update-Neoverse-N2-core-defini.patch
index 8429242348..a0c9db72e1 100644
--- a/meta/recipes-devtools/gcc/gcc/0001-aarch64-Update-Neoverse-N2-core-defini.patch
+++ b/meta/recipes-devtools/gcc/gcc/0001-aarch64-Update-Neoverse-N2-core-defini.patch
@@ -19,24 +19,20 @@ diff --git a/gcc/config/aarch64/aarch64-cores.def b/gcc/config/aarch64/aarch64-c
index 4643e0e27..3478e567a 100644
--- a/gcc/config/aarch64/aarch64-cores.def
+++ b/gcc/config/aarch64/aarch64-cores.def
-@@ -145,9 +145,6 @@ AARCH64_CORE("neoverse-512tvb", neoverse512tvb, cortexa57, 8_4A, AARCH64_FL_FOR
- /* Qualcomm ('Q') cores. */
- AARCH64_CORE("saphira", saphira, saphira, 8_4A, AARCH64_FL_FOR_ARCH8_4 | AARCH64_FL_CRYPTO | AARCH64_FL_RCPC, saphira, 0x51, 0xC01, -1)
-
--/* Armv8.5-A Architecture Processors. */
+@@ -147,7 +147,6 @@
+ AARCH64_CORE("saphira", saphira, saphira, 8_4A, AARCH64_FL_FOR_ARCH8_4 | AARCH64_FL_CRYPTO, saphira, 0x51, 0xC01, -1)
+
+ /* Armv8.5-A Architecture Processors. */
-AARCH64_CORE("neoverse-n2", neoversen2, cortexa57, 8_5A, AARCH64_FL_FOR_ARCH8_5 | AARCH64_FL_I8MM | AARCH64_FL_BF16 | AARCH64_FL_F16 | AARCH64_FL_SVE | AARCH64_FL_SVE2 | AARCH64_FL_SVE2_BITPERM | AARCH64_FL_RNG | AARCH64_FL_MEMTAG, neoversen2, 0x41, 0xd49, -1)
--
+ AARCH64_CORE("neoverse-v2", neoversev2, cortexa57, 8_5A, AARCH64_FL_FOR_ARCH8_5 | AARCH64_FL_I8MM | AARCH64_FL_BF16 | AARCH64_FL_F16 | AARCH64_FL_SVE | AARCH64_FL_SVE2 | AARCH64_FL_SVE2_BITPERM | AARCH64_FL_RNG | AARCH64_FL_MEMTAG, neoverse512tvb, 0x41, 0xd4f, -1)
+
/* ARMv8-A big.LITTLE implementations. */
-
- AARCH64_CORE("cortex-a57.cortex-a53", cortexa57cortexa53, cortexa53, 8A, AARCH64_FL_FOR_ARCH8 | AARCH64_FL_CRC, cortexa57, 0x41, AARCH64_BIG_LITTLE (0xd07, 0xd03), -1)
-@@ -163,4 +160,7 @@ AARCH64_CORE("cortex-a76.cortex-a55", cortexa76cortexa55, cortexa53, 8_2A, AAR
+@@ -165,4 +164,7 @@
/* Armv8-R Architecture Processors. */
AARCH64_CORE("cortex-r82", cortexr82, cortexa53, 8R, AARCH64_FL_FOR_ARCH8_R, cortexa53, 0x41, 0xd15, -1)
-
+
+/* Armv9-A Architecture Processors. */
+AARCH64_CORE("neoverse-n2", neoversen2, cortexa57, 9A, AARCH64_FL_FOR_ARCH9 | AARCH64_FL_I8MM | AARCH64_FL_BF16 | AARCH64_FL_SVE2_BITPERM | AARCH64_FL_RNG | AARCH64_FL_MEMTAG | AARCH64_FL_PROFILE, neoversen2, 0x41, 0xd49, -1)
+
#undef AARCH64_CORE
---
-2.32.0
diff --git a/meta/recipes-devtools/gcc/gcc/0004-arm-add-armv9-a-architecture-to-march.patch b/meta/recipes-devtools/gcc/gcc/0004-arm-add-armv9-a-architecture-to-march.patch
index 864c8b3017..b9b0988d5a 100644
--- a/meta/recipes-devtools/gcc/gcc/0004-arm-add-armv9-a-architecture-to-march.patch
+++ b/meta/recipes-devtools/gcc/gcc/0004-arm-add-armv9-a-architecture-to-march.patch
@@ -43,10 +43,10 @@ Signed-off-by: Ruiqiang Hao <Ruiqiang.Hao@windriver.com>
gcc/testsuite/lib/target-supports.exp | 3 ++-
9 files changed, 79 insertions(+), 8 deletions(-)
-Index: gcc-11.3.0/gcc/config/arm/arm-cpus.in
+Index: gcc/gcc/config/arm/arm-cpus.in
===================================================================
---- gcc-11.3.0.orig/gcc/config/arm/arm-cpus.in
-+++ gcc-11.3.0/gcc/config/arm/arm-cpus.in
+--- a/gcc/config/arm/arm-cpus.in
++++ b/gcc/config/arm/arm-cpus.in
@@ -132,6 +132,9 @@ define feature cmse
# Architecture rel 8.1-M.
define feature armv8_1m_main
@@ -87,10 +87,10 @@ Index: gcc-11.3.0/gcc/config/arm/arm-cpus.in
begin arch iwmmxt
tune for iwmmxt
tune flags LDSCHED STRONG XSCALE
-Index: gcc-11.3.0/gcc/config/arm/arm-tables.opt
+Index: gcc/gcc/config/arm/arm-tables.opt
===================================================================
---- gcc-11.3.0.orig/gcc/config/arm/arm-tables.opt
-+++ gcc-11.3.0/gcc/config/arm/arm-tables.opt
+--- a/gcc/config/arm/arm-tables.opt
++++ b/gcc/config/arm/arm-tables.opt
@@ -380,10 +380,13 @@ EnumValue
Enum(arm_arch) String(armv8.1-m.main) Value(30)
@@ -107,10 +107,10 @@ Index: gcc-11.3.0/gcc/config/arm/arm-tables.opt
Enum
Name(arm_fpu) Type(enum fpu_type)
-Index: gcc-11.3.0/gcc/config/arm/arm.h
+Index: gcc/gcc/config/arm/arm.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/arm/arm.h
-+++ gcc-11.3.0/gcc/config/arm/arm.h
+--- a/gcc/config/arm/arm.h
++++ b/gcc/config/arm/arm.h
@@ -456,7 +456,8 @@ enum base_architecture
BASE_ARCH_8A = 8,
BASE_ARCH_8M_BASE = 8,
@@ -121,10 +121,10 @@ Index: gcc-11.3.0/gcc/config/arm/arm.h
};
/* The major revision number of the ARM Architecture implemented by the target. */
-Index: gcc-11.3.0/gcc/config/arm/t-aprofile
+Index: gcc/gcc/config/arm/t-aprofile
===================================================================
---- gcc-11.3.0.orig/gcc/config/arm/t-aprofile
-+++ gcc-11.3.0/gcc/config/arm/t-aprofile
+--- a/gcc/config/arm/t-aprofile
++++ b/gcc/config/arm/t-aprofile
@@ -26,8 +26,8 @@
# Arch and FPU variants to build libraries with
@@ -180,10 +180,10 @@ Index: gcc-11.3.0/gcc/config/arm/t-aprofile
- $(foreach ARCH, armv7-a armv8-a, \
+ $(foreach ARCH, armv7-a armv8-a armv9-a, \
mthumb/march.$(ARCH)/mfloat-abi.soft=m$(MODE)/march.$(ARCH)/mfloat-abi.softfp))
-Index: gcc-11.3.0/gcc/config/arm/t-arm-elf
+Index: gcc/gcc/config/arm/t-arm-elf
===================================================================
---- gcc-11.3.0.orig/gcc/config/arm/t-arm-elf
-+++ gcc-11.3.0/gcc/config/arm/t-arm-elf
+--- a/gcc/config/arm/t-arm-elf
++++ b/gcc/config/arm/t-arm-elf
@@ -38,6 +38,8 @@ v7ve_fps := vfpv3-d16 vfpv3 vfpv3-d16-fp
# it seems to work ok.
v8_fps := simd fp16 crypto fp16+crypto dotprod fp16fml
@@ -214,10 +214,10 @@ Index: gcc-11.3.0/gcc/config/arm/t-arm-elf
MULTILIB_MATCHES += $(foreach ARCH, armv7e-m armv8-m.mainline, \
march?armv7+fp=march?$(ARCH)+fp.dp)
-Index: gcc-11.3.0/gcc/config/arm/t-multilib
+Index: gcc/gcc/config/arm/t-multilib
===================================================================
---- gcc-11.3.0.orig/gcc/config/arm/t-multilib
-+++ gcc-11.3.0/gcc/config/arm/t-multilib
+--- a/gcc/config/arm/t-multilib
++++ b/gcc/config/arm/t-multilib
@@ -78,6 +78,8 @@ v8_4_a_simd_variants := $(call all_feat_
v8_5_a_simd_variants := $(call all_feat_combs, simd fp16 crypto i8mm bf16)
v8_6_a_simd_variants := $(call all_feat_combs, simd fp16 crypto i8mm bf16)
@@ -244,10 +244,10 @@ Index: gcc-11.3.0/gcc/config/arm/t-multilib
endif # Not APROFILE.
# Use Thumb libraries for everything.
-Index: gcc-11.3.0/gcc/doc/invoke.texi
+Index: gcc/gcc/doc/invoke.texi
===================================================================
---- gcc-11.3.0.orig/gcc/doc/invoke.texi
-+++ gcc-11.3.0/gcc/doc/invoke.texi
+--- a/gcc/doc/invoke.texi
++++ b/gcc/doc/invoke.texi
@@ -19701,6 +19701,7 @@ Permissible names are:
@samp{armv7-m}, @samp{armv7e-m},
@samp{armv8-m.base}, @samp{armv8-m.main},
@@ -256,10 +256,10 @@ Index: gcc-11.3.0/gcc/doc/invoke.texi
@samp{iwmmxt} and @samp{iwmmxt2}.
Additionally, the following architectures, which lack support for the
-Index: gcc-11.3.0/gcc/testsuite/gcc.target/arm/multilib.exp
+Index: gcc/gcc/testsuite/gcc.target/arm/multilib.exp
===================================================================
---- gcc-11.3.0.orig/gcc/testsuite/gcc.target/arm/multilib.exp
-+++ gcc-11.3.0/gcc/testsuite/gcc.target/arm/multilib.exp
+--- a/gcc/testsuite/gcc.target/arm/multilib.exp
++++ b/gcc/testsuite/gcc.target/arm/multilib.exp
@@ -135,6 +135,14 @@ if {[multilib_config "aprofile"] } {
{-march=armv8.6-a+simd+fp16 -mfloat-abi=softfp} "thumb/v8-a+simd/softfp"
{-march=armv8.6-a+simd+fp16+nofp -mfloat-abi=softfp} "thumb/v8-a/nofp"
@@ -275,10 +275,10 @@ Index: gcc-11.3.0/gcc/testsuite/gcc.target/arm/multilib.exp
{-mcpu=cortex-a53+crypto -mfloat-abi=hard} "thumb/v8-a+simd/hard"
{-mcpu=cortex-a53+nofp -mfloat-abi=softfp} "thumb/v8-a/nofp"
{-march=armv8-a+crc -mfloat-abi=hard -mfpu=vfp} "thumb/v8-a+simd/hard"
-Index: gcc-11.3.0/gcc/testsuite/lib/target-supports.exp
+Index: gcc/gcc/testsuite/lib/target-supports.exp
===================================================================
---- gcc-11.3.0.orig/gcc/testsuite/lib/target-supports.exp
-+++ gcc-11.3.0/gcc/testsuite/lib/target-supports.exp
+--- a/gcc/testsuite/lib/target-supports.exp
++++ b/gcc/testsuite/lib/target-supports.exp
@@ -4820,7 +4820,8 @@ foreach { armfunc armflag armdefs } {
v8m_base "-march=armv8-m.base -mthumb -mfloat-abi=soft"
__ARM_ARCH_8M_BASE__
diff --git a/meta/recipes-devtools/gcc/gcc/0006-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch b/meta/recipes-devtools/gcc/gcc/0006-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch
index b3515c9734..ece5873258 100644
--- a/meta/recipes-devtools/gcc/gcc/0006-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch
+++ b/meta/recipes-devtools/gcc/gcc/0006-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch
@@ -39,10 +39,10 @@ Signed-off-by: Pavel Zhukov <pavel@zhukoff.net>
gcc/config/sparc/linux64.h | 4 ++--
17 files changed, 53 insertions(+), 58 deletions(-)
-Index: gcc-11.3.0/gcc/config/aarch64/aarch64-linux.h
+Index: gcc/gcc/config/aarch64/aarch64-linux.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/aarch64/aarch64-linux.h
-+++ gcc-11.3.0/gcc/config/aarch64/aarch64-linux.h
+--- a/gcc/config/aarch64/aarch64-linux.h
++++ b/gcc/config/aarch64/aarch64-linux.h
@@ -21,10 +21,10 @@
#ifndef GCC_AARCH64_LINUX_H
#define GCC_AARCH64_LINUX_H
@@ -56,10 +56,10 @@ Index: gcc-11.3.0/gcc/config/aarch64/aarch64-linux.h
#undef ASAN_CC1_SPEC
#define ASAN_CC1_SPEC "%{%:sanitize(address):-funwind-tables}"
-Index: gcc-11.3.0/gcc/config/alpha/linux-elf.h
+Index: gcc/gcc/config/alpha/linux-elf.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/alpha/linux-elf.h
-+++ gcc-11.3.0/gcc/config/alpha/linux-elf.h
+--- a/gcc/config/alpha/linux-elf.h
++++ b/gcc/config/alpha/linux-elf.h
@@ -23,8 +23,8 @@ along with GCC; see the file COPYING3.
#define EXTRA_SPECS \
{ "elf_dynamic_linker", ELF_DYNAMIC_LINKER },
@@ -71,10 +71,10 @@ Index: gcc-11.3.0/gcc/config/alpha/linux-elf.h
#if DEFAULT_LIBC == LIBC_UCLIBC
#define CHOOSE_DYNAMIC_LINKER(G, U) "%{mglibc:" G ";:" U "}"
#elif DEFAULT_LIBC == LIBC_GLIBC
-Index: gcc-11.3.0/gcc/config/arm/linux-eabi.h
+Index: gcc/gcc/config/arm/linux-eabi.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/arm/linux-eabi.h
-+++ gcc-11.3.0/gcc/config/arm/linux-eabi.h
+--- a/gcc/config/arm/linux-eabi.h
++++ b/gcc/config/arm/linux-eabi.h
@@ -65,8 +65,8 @@
GLIBC_DYNAMIC_LINKER_DEFAULT and TARGET_DEFAULT_FLOAT_ABI. */
@@ -95,10 +95,10 @@ Index: gcc-11.3.0/gcc/config/arm/linux-eabi.h
/* At this point, bpabi.h will have clobbered LINK_SPEC. We want to
use the GNU/Linux version, not the generic BPABI version. */
-Index: gcc-11.3.0/gcc/config/arm/linux-elf.h
+Index: gcc/gcc/config/arm/linux-elf.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/arm/linux-elf.h
-+++ gcc-11.3.0/gcc/config/arm/linux-elf.h
+--- a/gcc/config/arm/linux-elf.h
++++ b/gcc/config/arm/linux-elf.h
@@ -60,7 +60,7 @@
#define LIBGCC_SPEC "%{mfloat-abi=soft*:-lfloat} -lgcc"
@@ -108,10 +108,10 @@ Index: gcc-11.3.0/gcc/config/arm/linux-elf.h
#define LINUX_TARGET_LINK_SPEC "%{h*} \
%{static:-Bstatic} \
-Index: gcc-11.3.0/gcc/config/i386/linux.h
+Index: gcc/gcc/config/i386/linux.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/i386/linux.h
-+++ gcc-11.3.0/gcc/config/i386/linux.h
+--- a/gcc/config/i386/linux.h
++++ b/gcc/config/i386/linux.h
@@ -20,7 +20,7 @@ along with GCC; see the file COPYING3.
<http://www.gnu.org/licenses/>. */
@@ -122,10 +122,10 @@ Index: gcc-11.3.0/gcc/config/i386/linux.h
#undef MUSL_DYNAMIC_LINKER
-#define MUSL_DYNAMIC_LINKER "/lib/ld-musl-i386.so.1"
+#define MUSL_DYNAMIC_LINKER SYSTEMLIBS_DIR "ld-musl-i386.so.1"
-Index: gcc-11.3.0/gcc/config/i386/linux64.h
+Index: gcc/gcc/config/i386/linux64.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/i386/linux64.h
-+++ gcc-11.3.0/gcc/config/i386/linux64.h
+--- a/gcc/config/i386/linux64.h
++++ b/gcc/config/i386/linux64.h
@@ -27,13 +27,13 @@ see the files COPYING3 and COPYING.RUNTI
#define GNU_USER_LINK_EMULATION64 "elf_x86_64"
#define GNU_USER_LINK_EMULATIONX32 "elf32_x86_64"
@@ -146,10 +146,10 @@ Index: gcc-11.3.0/gcc/config/i386/linux64.h
#undef MUSL_DYNAMIC_LINKERX32
-#define MUSL_DYNAMIC_LINKERX32 "/lib/ld-musl-x32.so.1"
+#define MUSL_DYNAMIC_LINKERX32 SYSTEMLIBS_DIR "ld-musl-x32.so.1"
-Index: gcc-11.3.0/gcc/config/linux.h
+Index: gcc/gcc/config/linux.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/linux.h
-+++ gcc-11.3.0/gcc/config/linux.h
+--- a/gcc/config/linux.h
++++ b/gcc/config/linux.h
@@ -94,10 +94,10 @@ see the files COPYING3 and COPYING.RUNTI
GLIBC_DYNAMIC_LINKER must be defined for each target using them, or
GLIBC_DYNAMIC_LINKER32 and GLIBC_DYNAMIC_LINKER64 for targets
@@ -165,10 +165,10 @@ Index: gcc-11.3.0/gcc/config/linux.h
#define BIONIC_DYNAMIC_LINKER "/system/bin/linker"
#define BIONIC_DYNAMIC_LINKER32 "/system/bin/linker"
#define BIONIC_DYNAMIC_LINKER64 "/system/bin/linker64"
-Index: gcc-11.3.0/gcc/config/microblaze/linux.h
+Index: gcc/gcc/config/microblaze/linux.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/microblaze/linux.h
-+++ gcc-11.3.0/gcc/config/microblaze/linux.h
+--- a/gcc/config/microblaze/linux.h
++++ b/gcc/config/microblaze/linux.h
@@ -28,7 +28,7 @@
#undef TLS_NEEDS_GOT
#define TLS_NEEDS_GOT 1
@@ -187,10 +187,10 @@ Index: gcc-11.3.0/gcc/config/microblaze/linux.h
#undef SUBTARGET_EXTRA_SPECS
#define SUBTARGET_EXTRA_SPECS \
-Index: gcc-11.3.0/gcc/config/mips/linux.h
+Index: gcc/gcc/config/mips/linux.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/mips/linux.h
-+++ gcc-11.3.0/gcc/config/mips/linux.h
+--- a/gcc/config/mips/linux.h
++++ b/gcc/config/mips/linux.h
@@ -22,29 +22,29 @@ along with GCC; see the file COPYING3.
#define GNU_USER_LINK_EMULATIONN32 "elf32%{EB:b}%{EL:l}tsmipn32"
@@ -230,10 +230,10 @@ Index: gcc-11.3.0/gcc/config/mips/linux.h
#define BIONIC_DYNAMIC_LINKERN32 "/system/bin/linker32"
#define GNU_USER_DYNAMIC_LINKERN32 \
-Index: gcc-11.3.0/gcc/config/nios2/linux.h
+Index: gcc/gcc/config/nios2/linux.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/nios2/linux.h
-+++ gcc-11.3.0/gcc/config/nios2/linux.h
+--- a/gcc/config/nios2/linux.h
++++ b/gcc/config/nios2/linux.h
@@ -29,7 +29,7 @@
#undef CPP_SPEC
#define CPP_SPEC "%{posix:-D_POSIX_SOURCE} %{pthread:-D_REENTRANT}"
@@ -243,10 +243,10 @@ Index: gcc-11.3.0/gcc/config/nios2/linux.h
#undef LINK_SPEC
#define LINK_SPEC LINK_SPEC_ENDIAN \
-Index: gcc-11.3.0/gcc/config/riscv/linux.h
+Index: gcc/gcc/config/riscv/linux.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/riscv/linux.h
-+++ gcc-11.3.0/gcc/config/riscv/linux.h
+--- a/gcc/config/riscv/linux.h
++++ b/gcc/config/riscv/linux.h
@@ -22,7 +22,7 @@ along with GCC; see the file COPYING3.
GNU_USER_TARGET_OS_CPP_BUILTINS(); \
} while (0)
@@ -265,10 +265,10 @@ Index: gcc-11.3.0/gcc/config/riscv/linux.h
/* Because RISC-V only has word-sized atomics, it requries libatomic where
others do not. So link libatomic by default, as needed. */
-Index: gcc-11.3.0/gcc/config/rs6000/linux64.h
+Index: gcc/gcc/config/rs6000/linux64.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/rs6000/linux64.h
-+++ gcc-11.3.0/gcc/config/rs6000/linux64.h
+--- a/gcc/config/rs6000/linux64.h
++++ b/gcc/config/rs6000/linux64.h
@@ -336,24 +336,19 @@ extern int dot_symbols;
#undef LINK_OS_DEFAULT_SPEC
#define LINK_OS_DEFAULT_SPEC "%(link_os_linux)"
@@ -299,10 +299,10 @@ Index: gcc-11.3.0/gcc/config/rs6000/linux64.h
#undef DEFAULT_ASM_ENDIAN
#if (TARGET_DEFAULT & MASK_LITTLE_ENDIAN)
-Index: gcc-11.3.0/gcc/config/rs6000/sysv4.h
+Index: gcc/gcc/config/rs6000/sysv4.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/rs6000/sysv4.h
-+++ gcc-11.3.0/gcc/config/rs6000/sysv4.h
+--- a/gcc/config/rs6000/sysv4.h
++++ b/gcc/config/rs6000/sysv4.h
@@ -780,10 +780,10 @@ GNU_USER_TARGET_CC1_SPEC
#define MUSL_DYNAMIC_LINKER_E ENDIAN_SELECT("","le","")
@@ -316,10 +316,10 @@ Index: gcc-11.3.0/gcc/config/rs6000/sysv4.h
#ifndef GNU_USER_DYNAMIC_LINKER
#define GNU_USER_DYNAMIC_LINKER GLIBC_DYNAMIC_LINKER
-Index: gcc-11.3.0/gcc/config/s390/linux.h
+Index: gcc/gcc/config/s390/linux.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/s390/linux.h
-+++ gcc-11.3.0/gcc/config/s390/linux.h
+--- a/gcc/config/s390/linux.h
++++ b/gcc/config/s390/linux.h
@@ -72,13 +72,13 @@ along with GCC; see the file COPYING3.
#define MULTILIB_DEFAULTS { "m31" }
#endif
@@ -338,10 +338,10 @@ Index: gcc-11.3.0/gcc/config/s390/linux.h
#undef LINK_SPEC
#define LINK_SPEC \
-Index: gcc-11.3.0/gcc/config/sh/linux.h
+Index: gcc/gcc/config/sh/linux.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/sh/linux.h
-+++ gcc-11.3.0/gcc/config/sh/linux.h
+--- a/gcc/config/sh/linux.h
++++ b/gcc/config/sh/linux.h
@@ -61,10 +61,10 @@ along with GCC; see the file COPYING3.
#undef MUSL_DYNAMIC_LINKER
@@ -355,10 +355,10 @@ Index: gcc-11.3.0/gcc/config/sh/linux.h
#undef SUBTARGET_LINK_EMUL_SUFFIX
#define SUBTARGET_LINK_EMUL_SUFFIX "%{mfdpic:_fd;:_linux}"
-Index: gcc-11.3.0/gcc/config/sparc/linux.h
+Index: gcc/gcc/config/sparc/linux.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/sparc/linux.h
-+++ gcc-11.3.0/gcc/config/sparc/linux.h
+--- a/gcc/config/sparc/linux.h
++++ b/gcc/config/sparc/linux.h
@@ -78,7 +78,7 @@ extern const char *host_detect_local_cpu
When the -shared link option is used a final link is not being
done. */
@@ -368,10 +368,10 @@ Index: gcc-11.3.0/gcc/config/sparc/linux.h
#undef LINK_SPEC
#define LINK_SPEC "-m elf32_sparc %{shared:-shared} \
-Index: gcc-11.3.0/gcc/config/sparc/linux64.h
+Index: gcc/gcc/config/sparc/linux64.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/sparc/linux64.h
-+++ gcc-11.3.0/gcc/config/sparc/linux64.h
+--- a/gcc/config/sparc/linux64.h
++++ b/gcc/config/sparc/linux64.h
@@ -78,8 +78,8 @@ along with GCC; see the file COPYING3.
When the -shared link option is used a final link is not being
done. */
diff --git a/meta/recipes-devtools/gcc/gcc/0009-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch b/meta/recipes-devtools/gcc/gcc/0009-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch
index 0f94936140..1ec942e977 100644
--- a/meta/recipes-devtools/gcc/gcc/0009-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch
+++ b/meta/recipes-devtools/gcc/gcc/0009-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch
@@ -18,10 +18,10 @@ Upstream-Status: Pending
gcc/config/arm/linux-eabi.h | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
-Index: gcc-11.3.0/gcc/config/arm/linux-eabi.h
+Index: gcc/gcc/config/arm/linux-eabi.h
===================================================================
---- gcc-11.3.0.orig/gcc/config/arm/linux-eabi.h
-+++ gcc-11.3.0/gcc/config/arm/linux-eabi.h
+--- a/gcc/config/arm/linux-eabi.h
++++ b/gcc/config/arm/linux-eabi.h
@@ -91,10 +91,14 @@
#define MUSL_DYNAMIC_LINKER \
SYSTEMLIBS_DIR "ld-musl-arm" MUSL_DYNAMIC_LINKER_E "%{mfloat-abi=hard:hf}%{mfdpic:-fdpic}.so.1"
diff --git a/meta/recipes-devtools/gcc/gcc_11.3.bb b/meta/recipes-devtools/gcc/gcc_11.4.bb
similarity index 100%
rename from meta/recipes-devtools/gcc/gcc_11.3.bb
rename to meta/recipes-devtools/gcc/gcc_11.4.bb
diff --git a/meta/recipes-devtools/gcc/libgcc-initial_11.3.bb b/meta/recipes-devtools/gcc/libgcc-initial_11.4.bb
similarity index 100%
rename from meta/recipes-devtools/gcc/libgcc-initial_11.3.bb
rename to meta/recipes-devtools/gcc/libgcc-initial_11.4.bb
diff --git a/meta/recipes-devtools/gcc/libgcc_11.3.bb b/meta/recipes-devtools/gcc/libgcc_11.4.bb
similarity index 100%
rename from meta/recipes-devtools/gcc/libgcc_11.3.bb
rename to meta/recipes-devtools/gcc/libgcc_11.4.bb
diff --git a/meta/recipes-devtools/gcc/libgfortran_11.3.bb b/meta/recipes-devtools/gcc/libgfortran_11.4.bb
similarity index 100%
rename from meta/recipes-devtools/gcc/libgfortran_11.3.bb
rename to meta/recipes-devtools/gcc/libgfortran_11.4.bb
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 15/30] libxcrypt: fix build with perl-5.38 and use master branch
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (13 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 14/30] gcc : upgrade to v11.4 Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 16/30] kernel: add missing path to search for debug files Steve Sakoman
` (15 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Martin Jansa <martin.jansa@gmail.com>
* fixes do_configure failure:
checking whether all ucontext.h functions are available... yes
when is deprecated at libxcrypt/4.4.30-r0/git/build-aux/scripts/BuildCommon.pm line 522.
Compilation failed in require at ../git/build-aux/scripts/expand-selected-hashes line 28.
BEGIN failed--compilation aborted at ../git/build-aux/scripts/expand-selected-hashes line 28.
configure: error: bad value 'all' for --enable-hashes
NOTE: The following config.log files may provide further information.
* with this patch backported it works OK:
libxcrypt/4.4.30-r0/git $ perl build-aux/scripts/expand-selected-hashes
usage: expand-selected-hashes hashes.conf names,of,selected,hashes
* similarly do_compile failure:
../git/build-aux/scripts/move-if-change crypt-hashes.h.T crypt-hashes.h
../git/build-aux/scripts/move-if-change crypt-symbol-vers.h.T crypt-symbol-vers.h
given is deprecated at ../git/build-aux/scripts/gen-crypt-h line 41.
Makefile:3818: Makefile.deps: No such file or directory
make: *** [Makefile:3715: crypt.h.stamp] Error 255
* also use master branch instead of develop, the SRCREV exists in both
but stable metadata branches should track stable component branches
libxcrypt/4.4.30-r0/git $ git branch -a --contains d7fe1ac04c326dba7e0440868889d1dccb41a175 | tee
* develop
remotes/origin/HEAD -> origin/develop
remotes/origin/develop
remotes/origin/master
and oe-core master also uses master SRCBRANCH since:
https://git.openembedded.org/openembedded-core/commit/?id=d18e89bd2b46c6e266cc39dbe9fdb6c032f5f1fe
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...ommon.pm-compatible-with-latest-perl.patch | 50 +++++++++++++++
...ve-smartmatch-usage-from-gen-crypt-h.patch | 62 +++++++++++++++++++
meta/recipes-core/libxcrypt/libxcrypt.inc | 7 ++-
3 files changed, 117 insertions(+), 2 deletions(-)
create mode 100644 meta/recipes-core/libxcrypt/files/0001-Make-BuildCommon.pm-compatible-with-latest-perl.patch
create mode 100644 meta/recipes-core/libxcrypt/files/0002-Remove-smartmatch-usage-from-gen-crypt-h.patch
diff --git a/meta/recipes-core/libxcrypt/files/0001-Make-BuildCommon.pm-compatible-with-latest-perl.patch b/meta/recipes-core/libxcrypt/files/0001-Make-BuildCommon.pm-compatible-with-latest-perl.patch
new file mode 100644
index 0000000000..b3e43d5815
--- /dev/null
+++ b/meta/recipes-core/libxcrypt/files/0001-Make-BuildCommon.pm-compatible-with-latest-perl.patch
@@ -0,0 +1,50 @@
+From c3ec04f1aee68970b82e4b033bee1477e76798f9 Mon Sep 17 00:00:00 2001
+From: Leon Timmermans <fawaka@gmail.com>
+Date: Tue, 6 Jun 2023 17:03:57 +0200
+Subject: [PATCH] Make BuildCommon.pm compatible with latest perl
+
+It was previously using an experimental feature that has since been dropped.
+This removes the use of that feature.
+
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+Upstream-Status: Backport [v4.4.35 https://github.com/besser82/libxcrypt/commit/ce562f4d33dc090fcd8f6ea1af3ba32cdc2b3c9c]
+---
+ build-aux/scripts/BuildCommon.pm | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/build-aux/scripts/BuildCommon.pm b/build-aux/scripts/BuildCommon.pm
+index 0e6f2a3..c38ba21 100644
+--- a/build-aux/scripts/BuildCommon.pm
++++ b/build-aux/scripts/BuildCommon.pm
+@@ -11,7 +11,6 @@ use v5.14; # implicit use strict, use feature ':5.14'
+ use warnings FATAL => 'all';
+ use utf8;
+ use open qw(:utf8);
+-no if $] >= 5.018, warnings => 'experimental::smartmatch';
+ no if $] >= 5.022, warnings => 'experimental::re_strict';
+ use if $] >= 5.022, re => 'strict';
+
+@@ -519,19 +518,19 @@ sub parse_symver_args {
+ my $COMPAT_ABI;
+ local $_;
+ for (@args) {
+- when (/^SYMVER_MIN=(.+)$/) {
++ if (/^SYMVER_MIN=(.+)$/) {
+ $usage_error->() if defined $SYMVER_MIN;
+ $SYMVER_MIN = $1;
+ }
+- when (/^SYMVER_FLOOR=(.+)$/) {
++ elsif (/^SYMVER_FLOOR=(.+)$/) {
+ $usage_error->() if defined $SYMVER_FLOOR;
+ $SYMVER_FLOOR = $1;
+ }
+- when (/^COMPAT_ABI=(.+)$/) {
++ elsif (/^COMPAT_ABI=(.+)$/) {
+ $usage_error->() if defined $COMPAT_ABI;
+ $COMPAT_ABI = $1;
+ }
+- default {
++ else {
+ $usage_error->() if defined $map_in;
+ $map_in = $_;
+ }
diff --git a/meta/recipes-core/libxcrypt/files/0002-Remove-smartmatch-usage-from-gen-crypt-h.patch b/meta/recipes-core/libxcrypt/files/0002-Remove-smartmatch-usage-from-gen-crypt-h.patch
new file mode 100644
index 0000000000..603f52f792
--- /dev/null
+++ b/meta/recipes-core/libxcrypt/files/0002-Remove-smartmatch-usage-from-gen-crypt-h.patch
@@ -0,0 +1,62 @@
+From 95d6e03ae37f4ec948474d111105bbdd2938aba2 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Andreas=20K=2E=20H=C3=BCttel?= <dilfridge@gentoo.org>
+Date: Sun, 25 Jun 2023 01:35:08 +0200
+Subject: [PATCH] Remove smartmatch usage from gen-crypt-h
+
+Needed for Perl 5.38
+
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+Upstream-Status: Backport [v4.4.36 https://github.com/besser82/libxcrypt/commit/95d6e03ae37f4ec948474d111105bbdd2938aba2]
+---
+ build-aux/scripts/gen-crypt-h | 31 ++++++++++++++-----------------
+ 1 file changed, 14 insertions(+), 17 deletions(-)
+
+diff --git a/build-aux/scripts/gen-crypt-h b/build-aux/scripts/gen-crypt-h
+index 12aecf6..b113b79 100644
+--- a/build-aux/scripts/gen-crypt-h
++++ b/build-aux/scripts/gen-crypt-h
+@@ -12,7 +12,6 @@ use v5.14; # implicit use strict, use feature ':5.14'
+ use warnings FATAL => 'all';
+ use utf8;
+ use open qw(:std :utf8);
+-no if $] >= 5.018, warnings => 'experimental::smartmatch';
+ no if $] >= 5.022, warnings => 'experimental::re_strict';
+ use if $] >= 5.022, re => 'strict';
+
+@@ -37,22 +36,20 @@ sub process_config_h {
+ local $_;
+ while (<$fh>) {
+ chomp;
+- # Yes, 'given $_' is really required here.
+- given ($_) {
+- when ('#define HAVE_SYS_CDEFS_H 1') {
+- $have_sys_cdefs_h = 1;
+- }
+- when ('#define HAVE_SYS_CDEFS_BEGIN_END_DECLS 1') {
+- $have_sys_cdefs_begin_end_decls = 1;
+- }
+- when ('#define HAVE_SYS_CDEFS_THROW 1') {
+- $have_sys_cdefs_throw = 1;
+- }
+- when (/^#define PACKAGE_VERSION "((\d+)\.(\d+)\.\d+)"$/) {
+- $substs{XCRYPT_VERSION_STR} = $1;
+- $substs{XCRYPT_VERSION_MAJOR} = $2;
+- $substs{XCRYPT_VERSION_MINOR} = $3;
+- }
++
++ if ($_ eq '#define HAVE_SYS_CDEFS_H 1') {
++ $have_sys_cdefs_h = 1;
++ }
++ elsif ($_ eq '#define HAVE_SYS_CDEFS_BEGIN_END_DECLS 1') {
++ $have_sys_cdefs_begin_end_decls = 1;
++ }
++ elsif ($_ eq '#define HAVE_SYS_CDEFS_THROW 1') {
++ $have_sys_cdefs_throw = 1;
++ }
++ elsif (/^#define PACKAGE_VERSION "((\d+)\.(\d+)\.\d+)"$/) {
++ $substs{XCRYPT_VERSION_STR} = $1;
++ $substs{XCRYPT_VERSION_MAJOR} = $2;
++ $substs{XCRYPT_VERSION_MINOR} = $3;
+ }
+ }
+
diff --git a/meta/recipes-core/libxcrypt/libxcrypt.inc b/meta/recipes-core/libxcrypt/libxcrypt.inc
index 454a55d73d..342cbd0d06 100644
--- a/meta/recipes-core/libxcrypt/libxcrypt.inc
+++ b/meta/recipes-core/libxcrypt/libxcrypt.inc
@@ -11,9 +11,12 @@ inherit autotools pkgconfig
SRC_URI = "git://github.com/besser82/libxcrypt.git;branch=${SRCBRANCH};protocol=https"
SRCREV = "d7fe1ac04c326dba7e0440868889d1dccb41a175"
-SRCBRANCH ?= "develop"
+SRCBRANCH ?= "master"
-SRC_URI += "file://fix_cflags_handling.patch"
+SRC_URI += "file://fix_cflags_handling.patch \
+ file://0001-Make-BuildCommon.pm-compatible-with-latest-perl.patch \
+ file://0002-Remove-smartmatch-usage-from-gen-crypt-h.patch \
+"
PROVIDES = "virtual/crypt"
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 16/30] kernel: add missing path to search for debug files
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (14 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 15/30] libxcrypt: fix build with perl-5.38 and use master branch Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 17/30] recipetool: Fix inherit in created -native* recipes Steve Sakoman
` (14 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Andrej Valek <andrej.valek@siemens.com>
Since explicit debug package creation via ${KERNEL_PACKAGE_NAME}-dbg has
been added to kernel, it has to cover all PACKAGE_DEBUG_SPLIT_STYLE
options. For ex. when the variable "debug-file-directory" package search
path has to be set explicitly, otherwise it will not find any files.
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9c39da147683dcaaa244b3ddc4531c4408ad5c9e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/kernel.bbclass | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/classes/kernel.bbclass b/meta/classes/kernel.bbclass
index fc48737869..a82e4cf942 100644
--- a/meta/classes/kernel.bbclass
+++ b/meta/classes/kernel.bbclass
@@ -672,6 +672,7 @@ FILES:${KERNEL_PACKAGE_NAME}-image = ""
FILES:${KERNEL_PACKAGE_NAME}-dev = "/${KERNEL_IMAGEDEST}/System.map* /${KERNEL_IMAGEDEST}/Module.symvers* /${KERNEL_IMAGEDEST}/config* ${KERNEL_SRC_PATH} ${nonarch_base_libdir}/modules/${KERNEL_VERSION}/build"
FILES:${KERNEL_PACKAGE_NAME}-vmlinux = "/${KERNEL_IMAGEDEST}/vmlinux-${KERNEL_VERSION_NAME}"
FILES:${KERNEL_PACKAGE_NAME}-modules = ""
+FILES:${KERNEL_PACKAGE_NAME}-dbg = "/usr/lib/debug /usr/src/debug"
RDEPENDS:${KERNEL_PACKAGE_NAME} = "${KERNEL_PACKAGE_NAME}-base (= ${EXTENDPKGV})"
# Allow machines to override this dependency if kernel image files are
# not wanted in images as standard
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 17/30] recipetool: Fix inherit in created -native* recipes
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (15 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 16/30] kernel: add missing path to search for debug files Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 18/30] systemd-systemctl: fix errors in instance name expansion Steve Sakoman
` (13 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Yoann Congal <yoann.congal@smile.fr>
native and nativesdk classes are special and must be inherited last :
put them at the end of the gathered classes to inherit.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a6614fd800cbe791264aeb102d379ba79bd145c2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
scripts/lib/recipetool/create.py | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/scripts/lib/recipetool/create.py b/scripts/lib/recipetool/create.py
index 220465ed2f..67894fb4d0 100644
--- a/scripts/lib/recipetool/create.py
+++ b/scripts/lib/recipetool/create.py
@@ -745,6 +745,10 @@ def create_recipe(args):
for handler in handlers:
handler.process(srctree_use, classes, lines_before, lines_after, handled, extravalues)
+ # native and nativesdk classes are special and must be inherited last
+ # If present, put them at the end of the classes list
+ classes.sort(key=lambda c: c in ("native", "nativesdk"))
+
extrafiles = extravalues.pop('extrafiles', {})
extra_pn = extravalues.pop('PN', None)
extra_pv = extravalues.pop('PV', None)
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 18/30] systemd-systemctl: fix errors in instance name expansion
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (16 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 17/30] recipetool: Fix inherit in created -native* recipes Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 19/30] uboot-extlinux-config.bbclass: fix old override syntax in comment Steve Sakoman
` (12 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Yuta Hayama <hayama@lineo.co.jp>
If the instance name indicated by %i begins with a number, the meaning of the
replacement string "\\1{}".format(instance) is ambiguous.
To indicate group number 1 regardless of the instance name, use "\g<1>".
Signed-off-by: Yuta Hayama <hayama@lineo.co.jp>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d18b939fb08b37380ce95934da38e6522392621c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-core/systemd/systemd-systemctl/systemctl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-core/systemd/systemd-systemctl/systemctl b/meta/recipes-core/systemd/systemd-systemctl/systemctl
index c8b5c9efe3..0fd7e24085 100755
--- a/meta/recipes-core/systemd/systemd-systemctl/systemctl
+++ b/meta/recipes-core/systemd/systemd-systemctl/systemctl
@@ -191,7 +191,7 @@ class SystemdUnit():
try:
for dependent in config.get('Install', prop):
# expand any %i to instance (ignoring escape sequence %%)
- dependent = re.sub("([^%](%%)*)%i", "\\1{}".format(instance), dependent)
+ dependent = re.sub("([^%](%%)*)%i", "\\g<1>{}".format(instance), dependent)
wants = systemdir / "{}.{}".format(dependent, dirstem) / service
add_link(wants, target)
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 19/30] uboot-extlinux-config.bbclass: fix old override syntax in comment
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (17 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 18/30] systemd-systemctl: fix errors in instance name expansion Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 20/30] mdadm: fix util-linux ptest dependency Steve Sakoman
` (11 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Quentin Schulz <quentin.schulz@theobroma-systems.com>
The comment specifies how to use the variables but uses the older and
now unsupported override syntax. Let's update to match the newer syntax.
Cc: Quentin Schulz <foss+yocto@0leil.net>
(From OE-Core rev: 0a381eea4d50ff1c6e7c7d0d4df62eb581454b48)
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bb64f3fed29b9532e6ddc9a2ba0283d373622d87)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/uboot-extlinux-config.bbclass | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/meta/classes/uboot-extlinux-config.bbclass b/meta/classes/uboot-extlinux-config.bbclass
index dcebe7ff31..5495ba0256 100644
--- a/meta/classes/uboot-extlinux-config.bbclass
+++ b/meta/classes/uboot-extlinux-config.bbclass
@@ -33,11 +33,11 @@
# UBOOT_EXTLINUX_DEFAULT_LABEL ??= "Linux Default"
# UBOOT_EXTLINUX_TIMEOUT ??= "30"
#
-# UBOOT_EXTLINUX_KERNEL_IMAGE_default ??= "../zImage"
-# UBOOT_EXTLINUX_MENU_DESCRIPTION_default ??= "Linux Default"
+# UBOOT_EXTLINUX_KERNEL_IMAGE:default ??= "../zImage"
+# UBOOT_EXTLINUX_MENU_DESCRIPTION:default ??= "Linux Default"
#
-# UBOOT_EXTLINUX_KERNEL_IMAGE_fallback ??= "../zImage-fallback"
-# UBOOT_EXTLINUX_MENU_DESCRIPTION_fallback ??= "Linux Fallback"
+# UBOOT_EXTLINUX_KERNEL_IMAGE:fallback ??= "../zImage-fallback"
+# UBOOT_EXTLINUX_MENU_DESCRIPTION:fallback ??= "Linux Fallback"
#
# Results:
#
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 20/30] mdadm: fix util-linux ptest dependency
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (18 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 19/30] uboot-extlinux-config.bbclass: fix old override syntax in comment Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 21/30] mdadm: fix 07revert-inplace ptest Steve Sakoman
` (10 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Ovidiu Panait <ovidiu.panait@windriver.com>
Trying to run mdadm-ptest in a core-image-minimal build will result in:
root@qemux86-64:~# ptest-runner mdadm
START: ptest-runner
BEGIN: /usr/lib/mdadm/ptest
which: no lsblk in (/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin)
lsblk command not found!
DURATION: 0
END: /usr/lib/mdadm/ptest
2023-06-28T10:14
STOP: ptest-runner
TOTAL: 1 FAIL: 0
Remove util-linux from RRECOMMENDS and only add util-linux-lsblk and
util-linux-losetup to RDEPENDS.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3004f7589974c135cc82630d980ea281b97ecd83)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-extended/mdadm/mdadm_4.2.bb | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/meta/recipes-extended/mdadm/mdadm_4.2.bb b/meta/recipes-extended/mdadm/mdadm_4.2.bb
index 4aa3737562..af486e6d9c 100644
--- a/meta/recipes-extended/mdadm/mdadm_4.2.bb
+++ b/meta/recipes-extended/mdadm/mdadm_4.2.bb
@@ -99,10 +99,9 @@ do_install_ptest() {
}
RDEPENDS:${PN} += "bash"
-RDEPENDS:${PN}-ptest += "bash e2fsprogs-mke2fs"
+RDEPENDS:${PN}-ptest += "bash e2fsprogs-mke2fs util-linux-lsblk util-linux-losetup"
RRECOMMENDS:${PN}-ptest += " \
coreutils \
- util-linux \
kernel-module-loop \
kernel-module-linear \
kernel-module-raid0 \
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 21/30] mdadm: fix 07revert-inplace ptest
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (19 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 20/30] mdadm: fix util-linux ptest dependency Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 22/30] mdadm: fix segfaults when running ptests Steve Sakoman
` (9 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Ovidiu Panait <ovidiu.panait@windriver.com>
Testcase 07revert-inplace fails if strace is not installed:
...
strace -o /tmp/str ./mdadm -A /dev/md0 --update=revert-reshape /dev/<...>
tests/07revert-inplace: line 40: strace: command not found
Add strace to mdadm-ptest RDEPENDS to make sure the testcase passes even with
a core-image-minimal build.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7d9386663ac52ab69812867a0823c6055aedbc18)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-extended/mdadm/mdadm_4.2.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-extended/mdadm/mdadm_4.2.bb b/meta/recipes-extended/mdadm/mdadm_4.2.bb
index af486e6d9c..aa97eef3ce 100644
--- a/meta/recipes-extended/mdadm/mdadm_4.2.bb
+++ b/meta/recipes-extended/mdadm/mdadm_4.2.bb
@@ -99,7 +99,7 @@ do_install_ptest() {
}
RDEPENDS:${PN} += "bash"
-RDEPENDS:${PN}-ptest += "bash e2fsprogs-mke2fs util-linux-lsblk util-linux-losetup"
+RDEPENDS:${PN}-ptest += "bash e2fsprogs-mke2fs util-linux-lsblk util-linux-losetup strace"
RRECOMMENDS:${PN}-ptest += " \
coreutils \
kernel-module-loop \
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 22/30] mdadm: fix segfaults when running ptests
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (20 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 21/30] mdadm: fix 07revert-inplace ptest Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 23/30] mdadm: skip running known broken ptests Steve Sakoman
` (8 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Ovidiu Panait <ovidiu.panait@windriver.com>
Currently, some segfaults are reported when running ptest:
mdadm[12333]: segfault at 0 ip 00007fe855924060 sp 00007ffc4d6caf88 error 4 in libc.so.6[7f)
Code: d2 0f 84 b7 0f 00 00 48 83 fa 01 0f 84 b9 0f 00 00 49 89 d3 89 f1 89 f8 48 83 e1 3f 4f
Backport the following upstream commits to fix them:
679bd9508a30 ("DDF: Cleanup validate_geometry_ddf_container()")
2b93288a5650 ("DDF: Fix NULL pointer dereference in validate_geometry_ddf()")
548e9b916f86 ("mdadm/Grow: Fix use after close bug by closing after fork")
9ae62977b51d ("monitor: Avoid segfault when calling NULL get_bad_blocks")
The fixes are part of the "Bug fixes and testing improvments" patchset [1].
[1] https://www.spinics.net/lists/raid/msg70621.html
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9585009e3e505b361cd32b14e0e85e77e7822878)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...anup-validate_geometry_ddf_container.patch | 148 ++++++++++++++++++
...nter-dereference-in-validate_geometr.patch | 56 +++++++
...se-after-close-bug-by-closing-after-.patch | 91 +++++++++++
...gfault-when-calling-NULL-get_bad_blo.patch | 42 +++++
meta/recipes-extended/mdadm/mdadm_4.2.bb | 4 +
5 files changed, 341 insertions(+)
create mode 100644 meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch
create mode 100644 meta/recipes-extended/mdadm/files/0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch
create mode 100644 meta/recipes-extended/mdadm/files/0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch
create mode 100644 meta/recipes-extended/mdadm/files/0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch
diff --git a/meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch b/meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch
new file mode 100644
index 0000000000..cea435f83b
--- /dev/null
+++ b/meta/recipes-extended/mdadm/files/0001-DDF-Cleanup-validate_geometry_ddf_container.patch
@@ -0,0 +1,148 @@
+From ca458f4dcc4de9403298f67543466ce4bbc8f8ae Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe <logang@deltatee.com>
+Date: Wed, 22 Jun 2022 14:25:07 -0600
+Subject: [PATCH 1/4] DDF: Cleanup validate_geometry_ddf_container()
+
+Move the function up so that the function declaration is not necessary
+and remove the unused arguments to the function.
+
+No functional changes are intended but will help with a bug fix in the
+next patch.
+
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=679bd9508a30
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ super-ddf.c | 88 ++++++++++++++++++++++++-----------------------------
+ 1 file changed, 39 insertions(+), 49 deletions(-)
+
+diff --git a/super-ddf.c b/super-ddf.c
+index 3f304cd..65cf727 100644
+--- a/super-ddf.c
++++ b/super-ddf.c
+@@ -503,13 +503,6 @@ struct ddf_super {
+ static int load_super_ddf_all(struct supertype *st, int fd,
+ void **sbp, char *devname);
+ static int get_svd_state(const struct ddf_super *, const struct vcl *);
+-static int
+-validate_geometry_ddf_container(struct supertype *st,
+- int level, int layout, int raiddisks,
+- int chunk, unsigned long long size,
+- unsigned long long data_offset,
+- char *dev, unsigned long long *freesize,
+- int verbose);
+
+ static int validate_geometry_ddf_bvd(struct supertype *st,
+ int level, int layout, int raiddisks,
+@@ -3322,6 +3315,42 @@ static int reserve_space(struct supertype *st, int raiddisks,
+ return 1;
+ }
+
++static int
++validate_geometry_ddf_container(struct supertype *st,
++ int level, int raiddisks,
++ unsigned long long data_offset,
++ char *dev, unsigned long long *freesize,
++ int verbose)
++{
++ int fd;
++ unsigned long long ldsize;
++
++ if (level != LEVEL_CONTAINER)
++ return 0;
++ if (!dev)
++ return 1;
++
++ fd = dev_open(dev, O_RDONLY|O_EXCL);
++ if (fd < 0) {
++ if (verbose)
++ pr_err("ddf: Cannot open %s: %s\n",
++ dev, strerror(errno));
++ return 0;
++ }
++ if (!get_dev_size(fd, dev, &ldsize)) {
++ close(fd);
++ return 0;
++ }
++ close(fd);
++ if (freesize) {
++ *freesize = avail_size_ddf(st, ldsize >> 9, INVALID_SECTORS);
++ if (*freesize == 0)
++ return 0;
++ }
++
++ return 1;
++}
++
+ static int validate_geometry_ddf(struct supertype *st,
+ int level, int layout, int raiddisks,
+ int *chunk, unsigned long long size,
+@@ -3347,11 +3376,9 @@ static int validate_geometry_ddf(struct supertype *st,
+ level = LEVEL_CONTAINER;
+ if (level == LEVEL_CONTAINER) {
+ /* Must be a fresh device to add to a container */
+- return validate_geometry_ddf_container(st, level, layout,
+- raiddisks, *chunk,
+- size, data_offset, dev,
+- freesize,
+- verbose);
++ return validate_geometry_ddf_container(st, level, raiddisks,
++ data_offset, dev,
++ freesize, verbose);
+ }
+
+ if (!dev) {
+@@ -3449,43 +3476,6 @@ static int validate_geometry_ddf(struct supertype *st,
+ return 1;
+ }
+
+-static int
+-validate_geometry_ddf_container(struct supertype *st,
+- int level, int layout, int raiddisks,
+- int chunk, unsigned long long size,
+- unsigned long long data_offset,
+- char *dev, unsigned long long *freesize,
+- int verbose)
+-{
+- int fd;
+- unsigned long long ldsize;
+-
+- if (level != LEVEL_CONTAINER)
+- return 0;
+- if (!dev)
+- return 1;
+-
+- fd = dev_open(dev, O_RDONLY|O_EXCL);
+- if (fd < 0) {
+- if (verbose)
+- pr_err("ddf: Cannot open %s: %s\n",
+- dev, strerror(errno));
+- return 0;
+- }
+- if (!get_dev_size(fd, dev, &ldsize)) {
+- close(fd);
+- return 0;
+- }
+- close(fd);
+- if (freesize) {
+- *freesize = avail_size_ddf(st, ldsize >> 9, INVALID_SECTORS);
+- if (*freesize == 0)
+- return 0;
+- }
+-
+- return 1;
+-}
+-
+ static int validate_geometry_ddf_bvd(struct supertype *st,
+ int level, int layout, int raiddisks,
+ int *chunk, unsigned long long size,
+--
+2.39.1
+
diff --git a/meta/recipes-extended/mdadm/files/0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch b/meta/recipes-extended/mdadm/files/0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch
new file mode 100644
index 0000000000..fafe88b49c
--- /dev/null
+++ b/meta/recipes-extended/mdadm/files/0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch
@@ -0,0 +1,56 @@
+From 14f110f0286d38e29ef5e51d7f72e049c2f18323 Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe <logang@deltatee.com>
+Date: Wed, 22 Jun 2022 14:25:08 -0600
+Subject: [PATCH 2/4] DDF: Fix NULL pointer dereference in
+ validate_geometry_ddf()
+
+A relatively recent patch added a call to validate_geometry() in
+Manage_add() that has level=LEVEL_CONTAINER and chunk=NULL.
+
+This causes some ddf tests to segfault which aborts the test suite.
+
+To fix this, avoid dereferencing chunk when the level is
+LEVEL_CONTAINER or LEVEL_NONE.
+
+Fixes: 1f5d54a06df0 ("Manage: Call validate_geometry when adding drive to external container")
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=2b93288a5650
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ super-ddf.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/super-ddf.c b/super-ddf.c
+index 65cf727..3ef1293 100644
+--- a/super-ddf.c
++++ b/super-ddf.c
+@@ -3369,9 +3369,6 @@ static int validate_geometry_ddf(struct supertype *st,
+ * If given BVDs, we make an SVD, changing all the GUIDs in the process.
+ */
+
+- if (*chunk == UnSet)
+- *chunk = DEFAULT_CHUNK;
+-
+ if (level == LEVEL_NONE)
+ level = LEVEL_CONTAINER;
+ if (level == LEVEL_CONTAINER) {
+@@ -3381,6 +3378,9 @@ static int validate_geometry_ddf(struct supertype *st,
+ freesize, verbose);
+ }
+
++ if (*chunk == UnSet)
++ *chunk = DEFAULT_CHUNK;
++
+ if (!dev) {
+ mdu_array_info_t array = {
+ .level = level,
+--
+2.39.1
+
diff --git a/meta/recipes-extended/mdadm/files/0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch b/meta/recipes-extended/mdadm/files/0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch
new file mode 100644
index 0000000000..a954ab027a
--- /dev/null
+++ b/meta/recipes-extended/mdadm/files/0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch
@@ -0,0 +1,91 @@
+From bd064da1469a6a07331b076a0294a8c6c3c38526 Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe <logang@deltatee.com>
+Date: Wed, 22 Jun 2022 14:25:09 -0600
+Subject: [PATCH 3/4] mdadm/Grow: Fix use after close bug by closing after fork
+
+The test 07reshape-grow fails most of the time. But it succeeds around
+1 in 5 times. When it does succeed, it causes the tests to die because
+mdadm has segfaulted.
+
+The segfault was caused by mdadm attempting to repoen a file
+descriptor that was already closed. The backtrace of the segfault
+was:
+
+ #0 __strncmp_avx2 () at ../sysdeps/x86_64/multiarch/strcmp-avx2.S:101
+ #1 0x000056146e31d44b in devnm2devid (devnm=0x0) at util.c:956
+ #2 0x000056146e31dab4 in open_dev_flags (devnm=0x0, flags=0)
+ at util.c:1072
+ #3 0x000056146e31db22 in open_dev (devnm=0x0) at util.c:1079
+ #4 0x000056146e3202e8 in reopen_mddev (mdfd=4) at util.c:2244
+ #5 0x000056146e329f36 in start_array (mdfd=4,
+ mddev=0x7ffc55342450 "/dev/md0", content=0x7ffc55342860,
+ st=0x56146fc78660, ident=0x7ffc55342f70, best=0x56146fc6f5d0,
+ bestcnt=10, chosen_drive=0, devices=0x56146fc706b0, okcnt=5,
+ sparecnt=0, rebuilding_cnt=0, journalcnt=0, c=0x7ffc55342e90,
+ clean=1, avail=0x56146fc78720 "\001\001\001\001\001",
+ start_partial_ok=0, err_ok=0, was_forced=0)
+ at Assemble.c:1206
+ #6 0x000056146e32c36e in Assemble (st=0x56146fc78660,
+ mddev=0x7ffc55342450 "/dev/md0", ident=0x7ffc55342f70,
+ devlist=0x56146fc6e2d0, c=0x7ffc55342e90)
+ at Assemble.c:1914
+ #7 0x000056146e312ac9 in main (argc=11, argv=0x7ffc55343238)
+ at mdadm.c:1510
+
+The file descriptor was closed early in Grow_continue(). The noted commit
+moved the close() call to close the fd above the fork which caused the
+parent process to return with a closed fd.
+
+This meant reshape_array() and Grow_continue() would return in the parent
+with the fd forked. The fd would eventually be passed to reopen_mddev()
+which returned an unhandled NULL from fd2devnm() which would then be
+dereferenced in devnm2devid.
+
+Fix this by moving the close() call below the fork. This appears to
+fix the 07revert-grow test. While we're at it, switch to using
+close_fd() to invalidate the file descriptor.
+
+Fixes: 77b72fa82813 ("mdadm/Grow: prevent md's fd from being occupied during delayed time")
+Cc: Alex Wu <alexwu@synology.com>
+Cc: BingJing Chang <bingjingc@synology.com>
+Cc: Danny Shih <dannyshih@synology.com>
+Cc: ChangSyun Peng <allenpeng@synology.com>
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=548e9b916f86
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ Grow.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/Grow.c b/Grow.c
+index 9c6fc95..a8e4e83 100644
+--- a/Grow.c
++++ b/Grow.c
+@@ -3501,7 +3501,6 @@ started:
+ return 0;
+ }
+
+- close(fd);
+ /* Now we just need to kick off the reshape and watch, while
+ * handling backups of the data...
+ * This is all done by a forked background process.
+@@ -3522,6 +3521,9 @@ started:
+ break;
+ }
+
++ /* Close unused file descriptor in the forked process */
++ close_fd(&fd);
++
+ /* If another array on the same devices is busy, the
+ * reshape will wait for them. This would mean that
+ * the first section that we suspend will stay suspended
+--
+2.39.1
+
diff --git a/meta/recipes-extended/mdadm/files/0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch b/meta/recipes-extended/mdadm/files/0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch
new file mode 100644
index 0000000000..72cb40f782
--- /dev/null
+++ b/meta/recipes-extended/mdadm/files/0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch
@@ -0,0 +1,42 @@
+From 2296a4a441b4b8546e2eb32403930f1bb8f3ee4a Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe <logang@deltatee.com>
+Date: Wed, 22 Jun 2022 14:25:10 -0600
+Subject: [PATCH 4/4] monitor: Avoid segfault when calling NULL get_bad_blocks
+
+Not all struct superswitch implement a get_bad_blocks() function,
+yet mdmon seems to call it without checking for NULL and thus
+occasionally segfaults in the test 10ddf-geometry.
+
+Fix this by checking for NULL before calling it.
+
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=9ae62977b51d
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ monitor.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/monitor.c b/monitor.c
+index afc3e50..8e43c0d 100644
+--- a/monitor.c
++++ b/monitor.c
+@@ -312,6 +312,9 @@ static int check_for_cleared_bb(struct active_array *a, struct mdinfo *mdi)
+ struct md_bb *bb;
+ int i;
+
++ if (!ss->get_bad_blocks)
++ return -1;
++
+ /*
+ * Get a list of bad blocks for an array, then read list of
+ * acknowledged bad blocks from kernel and compare it against metadata
+--
+2.39.1
+
diff --git a/meta/recipes-extended/mdadm/mdadm_4.2.bb b/meta/recipes-extended/mdadm/mdadm_4.2.bb
index aa97eef3ce..1851e058fd 100644
--- a/meta/recipes-extended/mdadm/mdadm_4.2.bb
+++ b/meta/recipes-extended/mdadm/mdadm_4.2.bb
@@ -30,6 +30,10 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/raid/mdadm/${BPN}-${PV}.tar.xz \
file://0001-tests-fix-raid0-tests-for-0.90-metadata.patch \
file://0001-tests-00readonly-Run-udevadm-settle-before-setting-r.patch \
file://0001-tests-04update-metadata-avoid-passing-chunk-size-to.patch \
+ file://0001-DDF-Cleanup-validate_geometry_ddf_container.patch \
+ file://0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch \
+ file://0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch \
+ file://0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch \
"
SRC_URI[sha256sum] = "461c215670864bb74a4d1a3620684aa2b2f8296dffa06743f26dda5557acf01d"
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 23/30] mdadm: skip running known broken ptests
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (21 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 22/30] mdadm: fix segfaults when running ptests Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 24/30] python3: fix missing comma in get_module_deps3.py Steve Sakoman
` (7 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Ovidiu Panait <ovidiu.panait@windriver.com>
Upstream marked some testcases as "KNOWN BROKEN" and introduced the
"--skip-broken" flag to ignore them when running the testsuite (commits [1]
and [2]). Backport these two commits to get rid of the last remaining ptest
failures.
Also, add the "--skip-broken" option to the run-ptest script.
[1] https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=28520bf114b3
[2] https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=daa86d663476
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 62148b978b26b5fcd1a2fa3a0ff82ef814f4e7ec)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...Mark-and-ignore-broken-test-failures.patch | 128 +++++
...dd-broken-files-for-all-broken-tests.patch | 454 ++++++++++++++++++
meta/recipes-extended/mdadm/files/run-ptest | 2 +-
meta/recipes-extended/mdadm/mdadm_4.2.bb | 2 +
4 files changed, 585 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch
create mode 100644 meta/recipes-extended/mdadm/files/0006-tests-Add-broken-files-for-all-broken-tests.patch
diff --git a/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch b/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch
new file mode 100644
index 0000000000..c55bfb125b
--- /dev/null
+++ b/meta/recipes-extended/mdadm/files/0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch
@@ -0,0 +1,128 @@
+From feab1f72fcf032a4d21d0a69eb61b23a5ddb3352 Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe <logang@deltatee.com>
+Date: Wed, 22 Jun 2022 14:25:18 -0600
+Subject: [PATCH 5/6] mdadm/test: Mark and ignore broken test failures
+
+Add functionality to continue if a test marked as broken fails.
+
+To mark a test as broken, a file with the same name but with the suffix
+'.broken' should exist. The first line in the file will be printed with
+a KNOWN BROKEN message; the rest of the file can describe the how the
+test is broken.
+
+Also adds --skip-broken and --skip-always-broken to skip all the tests
+that have a .broken file or to skip all tests whose .broken file's first
+line contains the keyword always.
+
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=28520bf114b3
+
+[OP: adjusted context for mdadm-4.2]
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ test | 37 +++++++++++++++++++++++++++++++++++--
+ 1 file changed, 35 insertions(+), 2 deletions(-)
+
+diff --git a/test b/test
+index 8f189d9..ee8fba1 100755
+--- a/test
++++ b/test
+@@ -10,6 +10,8 @@ devlist=
+
+ savelogs=0
+ exitonerror=1
++ctrl_c_error=0
++skipbroken=0
+ prefix='[0-9][0-9]'
+
+ # use loop devices by default if doesn't specify --dev
+@@ -35,6 +37,7 @@ die() {
+
+ ctrl_c() {
+ exitonerror=1
++ ctrl_c_error=1
+ }
+
+ # mdadm always adds --quiet, and we want to see any unexpected messages
+@@ -79,8 +82,21 @@ mdadm() {
+ do_test() {
+ _script=$1
+ _basename=`basename $_script`
++ _broken=0
++
+ if [ -f "$_script" ]
+ then
++ if [ -f "${_script}.broken" ]; then
++ _broken=1
++ _broken_msg=$(head -n1 "${_script}.broken" | tr -d '\n')
++ if [ "$skipbroken" == "all" ]; then
++ return
++ elif [ "$skipbroken" == "always" ] &&
++ [[ "$_broken_msg" == *always* ]]; then
++ return
++ fi
++ fi
++
+ rm -f $targetdir/stderr
+ # this might have been reset: restore the default.
+ echo 2000 > /proc/sys/dev/raid/speed_limit_max
+@@ -97,10 +113,15 @@ do_test() {
+ else
+ save_log fail
+ _fail=1
++ if [ "$_broken" == "1" ]; then
++ echo " (KNOWN BROKEN TEST: $_broken_msg)"
++ fi
+ fi
+ [ "$savelogs" == "1" ] &&
+ mv -f $targetdir/log $logdir/$_basename.log
+- [ "$_fail" == "1" -a "$exitonerror" == "1" ] && exit 1
++ [ "$ctrl_c_error" == "1" ] && exit 1
++ [ "$_fail" == "1" -a "$exitonerror" == "1" \
++ -a "$_broken" == "0" ] && exit 1
+ fi
+ }
+
+@@ -117,6 +138,8 @@ do_help() {
+ --logdir=directory Directory to save all logfiles in
+ --save-logs Usually use with --logdir together
+ --keep-going | --no-error Don't stop on error, ie. run all tests
++ --skip-broken Skip tests that are known to be broken
++ --skip-always-broken Skip tests that are known to always fail
+ --dev=loop|lvm|ram|disk Use loop devices (default), LVM, RAM or disk
+ --disks= Provide a bunch of physical devices for test
+ --volgroup=name LVM volume group for LVM test
+@@ -211,6 +234,12 @@ parse_args() {
+ --keep-going | --no-error )
+ exitonerror=0
+ ;;
++ --skip-broken )
++ skipbroken=all
++ ;;
++ --skip-always-broken )
++ skipbroken=always
++ ;;
+ --disable-multipath )
+ unset MULTIPATH
+ ;;
+@@ -275,7 +304,11 @@ main() {
+ if [ $script == "$testdir/11spare-migration" ];then
+ continue
+ fi
+- do_test $script
++ case $script in
++ *.broken) ;;
++ *)
++ do_test $script
++ esac
+ done
+ fi
+
+--
+2.39.1
+
diff --git a/meta/recipes-extended/mdadm/files/0006-tests-Add-broken-files-for-all-broken-tests.patch b/meta/recipes-extended/mdadm/files/0006-tests-Add-broken-files-for-all-broken-tests.patch
new file mode 100644
index 0000000000..115b23bac5
--- /dev/null
+++ b/meta/recipes-extended/mdadm/files/0006-tests-Add-broken-files-for-all-broken-tests.patch
@@ -0,0 +1,454 @@
+From fd1c26ba129b069d9f73afaefdbe53683de3814a Mon Sep 17 00:00:00 2001
+From: Logan Gunthorpe <logang@deltatee.com>
+Date: Wed, 22 Jun 2022 14:25:19 -0600
+Subject: [PATCH 6/6] tests: Add broken files for all broken tests
+
+Each broken file contains the rough frequency of brokeness as well
+as a brief explanation of what happens when it breaks. Estimates
+of failure rates are not statistically significant and can vary
+run to run.
+
+This is really just a view from my window. Tests were done on a
+small VM with the default loop devices, not real hardware. We've
+seen different kernel configurations can cause bugs to appear as well
+(ie. different block schedulers). It may also be that different race
+conditions will be seen on machines with different performance
+characteristics.
+
+These annotations were done with the kernel currently in md/md-next:
+
+ facef3b96c5b ("md: Notify sysfs sync_completed in md_reap_sync_thread()")
+
+Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
+Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=daa86d663476
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ tests/01r5integ.broken | 7 ++++
+ tests/01raid6integ.broken | 7 ++++
+ tests/04r5swap.broken | 7 ++++
+ tests/07autoassemble.broken | 8 ++++
+ tests/07autodetect.broken | 5 +++
+ tests/07changelevelintr.broken | 9 +++++
+ tests/07changelevels.broken | 9 +++++
+ tests/07reshape5intr.broken | 45 ++++++++++++++++++++++
+ tests/07revert-grow.broken | 31 +++++++++++++++
+ tests/07revert-shrink.broken | 9 +++++
+ tests/07testreshape5.broken | 12 ++++++
+ tests/09imsm-assemble.broken | 6 +++
+ tests/09imsm-create-fail-rebuild.broken | 5 +++
+ tests/09imsm-overlap.broken | 7 ++++
+ tests/10ddf-assemble-missing.broken | 6 +++
+ tests/10ddf-fail-create-race.broken | 7 ++++
+ tests/10ddf-fail-two-spares.broken | 5 +++
+ tests/10ddf-incremental-wrong-order.broken | 9 +++++
+ tests/14imsm-r1_2d-grow-r1_3d.broken | 5 +++
+ tests/14imsm-r1_2d-takeover-r0_2d.broken | 6 +++
+ tests/18imsm-r10_4d-takeover-r0_2d.broken | 5 +++
+ tests/18imsm-r1_2d-takeover-r0_1d.broken | 6 +++
+ tests/19raid6auto-repair.broken | 5 +++
+ tests/19raid6repair.broken | 5 +++
+ 24 files changed, 226 insertions(+)
+ create mode 100644 tests/01r5integ.broken
+ create mode 100644 tests/01raid6integ.broken
+ create mode 100644 tests/04r5swap.broken
+ create mode 100644 tests/07autoassemble.broken
+ create mode 100644 tests/07autodetect.broken
+ create mode 100644 tests/07changelevelintr.broken
+ create mode 100644 tests/07changelevels.broken
+ create mode 100644 tests/07reshape5intr.broken
+ create mode 100644 tests/07revert-grow.broken
+ create mode 100644 tests/07revert-shrink.broken
+ create mode 100644 tests/07testreshape5.broken
+ create mode 100644 tests/09imsm-assemble.broken
+ create mode 100644 tests/09imsm-create-fail-rebuild.broken
+ create mode 100644 tests/09imsm-overlap.broken
+ create mode 100644 tests/10ddf-assemble-missing.broken
+ create mode 100644 tests/10ddf-fail-create-race.broken
+ create mode 100644 tests/10ddf-fail-two-spares.broken
+ create mode 100644 tests/10ddf-incremental-wrong-order.broken
+ create mode 100644 tests/14imsm-r1_2d-grow-r1_3d.broken
+ create mode 100644 tests/14imsm-r1_2d-takeover-r0_2d.broken
+ create mode 100644 tests/18imsm-r10_4d-takeover-r0_2d.broken
+ create mode 100644 tests/18imsm-r1_2d-takeover-r0_1d.broken
+ create mode 100644 tests/19raid6auto-repair.broken
+ create mode 100644 tests/19raid6repair.broken
+
+diff --git a/tests/01r5integ.broken b/tests/01r5integ.broken
+new file mode 100644
+index 0000000..2073763
+--- /dev/null
++++ b/tests/01r5integ.broken
+@@ -0,0 +1,7 @@
++fails rarely
++
++Fails about 1 in every 30 runs with a sha mismatch error:
++
++ c49ab26e1b01def7874af9b8a6d6d0c29fdfafe6 /dev/md0 does not match
++ 15dc2f73262f811ada53c65e505ceec9cf025cb9 /dev/md0 with /dev/loop3
++ missing
+diff --git a/tests/01raid6integ.broken b/tests/01raid6integ.broken
+new file mode 100644
+index 0000000..1df735f
+--- /dev/null
++++ b/tests/01raid6integ.broken
+@@ -0,0 +1,7 @@
++fails infrequently
++
++Fails about 1 in 5 with a sha mismatch:
++
++ 8286c2bc045ae2cfe9f8b7ae3a898fa25db6926f /dev/md0 does not match
++ a083a0738b58caab37fd568b91b177035ded37df /dev/md0 with /dev/loop2 and
++ /dev/loop3 missing
+diff --git a/tests/04r5swap.broken b/tests/04r5swap.broken
+new file mode 100644
+index 0000000..e38987d
+--- /dev/null
++++ b/tests/04r5swap.broken
+@@ -0,0 +1,7 @@
++always fails
++
++Fails with errors:
++
++ mdadm: /dev/loop0 has no superblock - assembly aborted
++
++ ERROR: no recovery happening
+diff --git a/tests/07autoassemble.broken b/tests/07autoassemble.broken
+new file mode 100644
+index 0000000..8be0940
+--- /dev/null
++++ b/tests/07autoassemble.broken
+@@ -0,0 +1,8 @@
++always fails
++
++Prints lots of messages, but the array doesn't assemble. Error
++possibly related to:
++
++ mdadm: /dev/md/1 is busy - skipping
++ mdadm: no recogniseable superblock on /dev/md/testing:0
++ mdadm: /dev/md/2 is busy - skipping
+diff --git a/tests/07autodetect.broken b/tests/07autodetect.broken
+new file mode 100644
+index 0000000..294954a
+--- /dev/null
++++ b/tests/07autodetect.broken
+@@ -0,0 +1,5 @@
++always fails
++
++Fails with error:
++
++ ERROR: no resync happening
+diff --git a/tests/07changelevelintr.broken b/tests/07changelevelintr.broken
+new file mode 100644
+index 0000000..284b490
+--- /dev/null
++++ b/tests/07changelevelintr.broken
+@@ -0,0 +1,9 @@
++always fails
++
++Fails with errors:
++
++ mdadm: this change will reduce the size of the array.
++ use --grow --array-size first to truncate array.
++ e.g. mdadm --grow /dev/md0 --array-size 56832
++
++ ERROR: no reshape happening
+diff --git a/tests/07changelevels.broken b/tests/07changelevels.broken
+new file mode 100644
+index 0000000..9b930d9
+--- /dev/null
++++ b/tests/07changelevels.broken
+@@ -0,0 +1,9 @@
++always fails
++
++Fails with errors:
++
++ mdadm: /dev/loop0 is smaller than given size. 18976K < 19968K + metadata
++ mdadm: /dev/loop1 is smaller than given size. 18976K < 19968K + metadata
++ mdadm: /dev/loop2 is smaller than given size. 18976K < 19968K + metadata
++
++ ERROR: /dev/md0 isn't a block device.
+diff --git a/tests/07reshape5intr.broken b/tests/07reshape5intr.broken
+new file mode 100644
+index 0000000..efe52a6
+--- /dev/null
++++ b/tests/07reshape5intr.broken
+@@ -0,0 +1,45 @@
++always fails
++
++This patch, recently added to md-next causes the test to always fail:
++
++7e6ba434cc60 ("md: don't unregister sync_thread with reconfig_mutex
++held")
++
++The new error is simply:
++
++ ERROR: no reshape happening
++
++Before the patch, the error seen is below.
++
++--
++
++fails infrequently
++
++Fails roughly 1 in 4 runs with errors:
++
++ mdadm: Merging with already-assembled /dev/md/0
++ mdadm: cannot re-read metadata from /dev/loop6 - aborting
++
++ ERROR: no reshape happening
++
++Also have seen a random deadlock:
++
++ INFO: task mdadm:109702 blocked for more than 30 seconds.
++ Not tainted 5.18.0-rc3-eid-vmlocalyes-dbg-00095-g3c2b5427979d #2040
++ "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
++ task:mdadm state:D stack: 0 pid:109702 ppid: 1 flags:0x00004000
++ Call Trace:
++ <TASK>
++ __schedule+0x67e/0x13b0
++ schedule+0x82/0x110
++ mddev_suspend+0x2e1/0x330
++ suspend_lo_store+0xbd/0x140
++ md_attr_store+0xcb/0x130
++ sysfs_kf_write+0x89/0xb0
++ kernfs_fop_write_iter+0x202/0x2c0
++ new_sync_write+0x222/0x330
++ vfs_write+0x3bc/0x4d0
++ ksys_write+0xd9/0x180
++ __x64_sys_write+0x43/0x50
++ do_syscall_64+0x3b/0x90
++ entry_SYSCALL_64_after_hwframe+0x44/0xae
+diff --git a/tests/07revert-grow.broken b/tests/07revert-grow.broken
+new file mode 100644
+index 0000000..9b6db86
+--- /dev/null
++++ b/tests/07revert-grow.broken
+@@ -0,0 +1,31 @@
++always fails
++
++This patch, recently added to md-next causes the test to always fail:
++
++7e6ba434cc60 ("md: don't unregister sync_thread with reconfig_mutex held")
++
++The errors are:
++
++ mdadm: No active reshape to revert on /dev/loop0
++ ERROR: active raid5 not found
++
++Before the patch, the error seen is below.
++
++--
++
++fails rarely
++
++Fails about 1 in every 30 runs with errors:
++
++ mdadm: Merging with already-assembled /dev/md/0
++ mdadm: backup file /tmp/md-backup inaccessible: No such file or directory
++ mdadm: failed to add /dev/loop1 to /dev/md/0: Invalid argument
++ mdadm: failed to add /dev/loop2 to /dev/md/0: Invalid argument
++ mdadm: failed to add /dev/loop3 to /dev/md/0: Invalid argument
++ mdadm: failed to add /dev/loop0 to /dev/md/0: Invalid argument
++ mdadm: /dev/md/0 assembled from 1 drive - need all 5 to start it
++ (use --run to insist).
++
++ grep: /sys/block/md*/md/sync_action: No such file or directory
++
++ ERROR: active raid5 not found
+diff --git a/tests/07revert-shrink.broken b/tests/07revert-shrink.broken
+new file mode 100644
+index 0000000..c33c39e
+--- /dev/null
++++ b/tests/07revert-shrink.broken
+@@ -0,0 +1,9 @@
++always fails
++
++Fails with errors:
++
++ mdadm: this change will reduce the size of the array.
++ use --grow --array-size first to truncate array.
++ e.g. mdadm --grow /dev/md0 --array-size 53760
++
++ ERROR: active raid5 not found
+diff --git a/tests/07testreshape5.broken b/tests/07testreshape5.broken
+new file mode 100644
+index 0000000..a8ce03e
+--- /dev/null
++++ b/tests/07testreshape5.broken
+@@ -0,0 +1,12 @@
++always fails
++
++Test seems to run 'test_stripe' at $dir directory, but $dir is never
++set. If $dir is adjusted to $PWD, the test still fails with:
++
++ mdadm: /dev/loop2 is not suitable for this array.
++ mdadm: create aborted
++ ++ return 1
++ ++ cmp -s -n 8192 /dev/md0 /tmp/RandFile
++ ++ echo cmp failed
++ cmp failed
++ ++ exit 2
+diff --git a/tests/09imsm-assemble.broken b/tests/09imsm-assemble.broken
+new file mode 100644
+index 0000000..a6d4d5c
+--- /dev/null
++++ b/tests/09imsm-assemble.broken
+@@ -0,0 +1,6 @@
++fails infrequently
++
++Fails roughly 1 in 10 runs with errors:
++
++ mdadm: /dev/loop2 is still in use, cannot remove.
++ /dev/loop2 removal from /dev/md/container should have succeeded
+diff --git a/tests/09imsm-create-fail-rebuild.broken b/tests/09imsm-create-fail-rebuild.broken
+new file mode 100644
+index 0000000..40c4b29
+--- /dev/null
++++ b/tests/09imsm-create-fail-rebuild.broken
+@@ -0,0 +1,5 @@
++always fails
++
++Fails with error:
++
++ **Error**: Array size mismatch - expected 3072, actual 16384
+diff --git a/tests/09imsm-overlap.broken b/tests/09imsm-overlap.broken
+new file mode 100644
+index 0000000..e7ccab7
+--- /dev/null
++++ b/tests/09imsm-overlap.broken
+@@ -0,0 +1,7 @@
++always fails
++
++Fails with errors:
++
++ **Error**: Offset mismatch - expected 15360, actual 0
++ **Error**: Offset mismatch - expected 15360, actual 0
++ /dev/md/vol3 failed check
+diff --git a/tests/10ddf-assemble-missing.broken b/tests/10ddf-assemble-missing.broken
+new file mode 100644
+index 0000000..bfd8d10
+--- /dev/null
++++ b/tests/10ddf-assemble-missing.broken
+@@ -0,0 +1,6 @@
++always fails
++
++Fails with errors:
++
++ ERROR: /dev/md/vol0 has unexpected state on /dev/loop10
++ ERROR: unexpected number of online disks on /dev/loop10
+diff --git a/tests/10ddf-fail-create-race.broken b/tests/10ddf-fail-create-race.broken
+new file mode 100644
+index 0000000..6c0df02
+--- /dev/null
++++ b/tests/10ddf-fail-create-race.broken
+@@ -0,0 +1,7 @@
++usually fails
++
++Fails about 9 out of 10 times with many errors:
++
++ mdadm: cannot open MISSING: No such file or directory
++ ERROR: non-degraded array found
++ ERROR: disk 0 not marked as failed in meta data
+diff --git a/tests/10ddf-fail-two-spares.broken b/tests/10ddf-fail-two-spares.broken
+new file mode 100644
+index 0000000..eeea56d
+--- /dev/null
++++ b/tests/10ddf-fail-two-spares.broken
+@@ -0,0 +1,5 @@
++fails infrequently
++
++Fails roughly 1 in 3 with error:
++
++ ERROR: /dev/md/vol1 should be optimal in meta data
+diff --git a/tests/10ddf-incremental-wrong-order.broken b/tests/10ddf-incremental-wrong-order.broken
+new file mode 100644
+index 0000000..a5af3ba
+--- /dev/null
++++ b/tests/10ddf-incremental-wrong-order.broken
+@@ -0,0 +1,9 @@
++always fails
++
++Fails with errors:
++ ERROR: sha1sum of /dev/md/vol0 has changed
++ ERROR: /dev/md/vol0 has unexpected state on /dev/loop10
++ ERROR: unexpected number of online disks on /dev/loop10
++ ERROR: /dev/md/vol0 has unexpected state on /dev/loop8
++ ERROR: unexpected number of online disks on /dev/loop8
++ ERROR: sha1sum of /dev/md/vol0 has changed
+diff --git a/tests/14imsm-r1_2d-grow-r1_3d.broken b/tests/14imsm-r1_2d-grow-r1_3d.broken
+new file mode 100644
+index 0000000..4ef1d40
+--- /dev/null
++++ b/tests/14imsm-r1_2d-grow-r1_3d.broken
+@@ -0,0 +1,5 @@
++always fails
++
++Fails with error:
++
++ mdadm/tests/func.sh: line 325: dvsize/chunk: division by 0 (error token is "chunk")
+diff --git a/tests/14imsm-r1_2d-takeover-r0_2d.broken b/tests/14imsm-r1_2d-takeover-r0_2d.broken
+new file mode 100644
+index 0000000..89cd4e5
+--- /dev/null
++++ b/tests/14imsm-r1_2d-takeover-r0_2d.broken
+@@ -0,0 +1,6 @@
++always fails
++
++Fails with error:
++
++ tests/func.sh: line 325: dvsize/chunk: division by 0 (error token
++ is "chunk")
+diff --git a/tests/18imsm-r10_4d-takeover-r0_2d.broken b/tests/18imsm-r10_4d-takeover-r0_2d.broken
+new file mode 100644
+index 0000000..a27399f
+--- /dev/null
++++ b/tests/18imsm-r10_4d-takeover-r0_2d.broken
+@@ -0,0 +1,5 @@
++fails rarely
++
++Fails about 1 run in 100 with message:
++
++ ERROR: size is wrong for /dev/md/vol0: 2 * 5120 (chunk=128) = 20480, not 0
+diff --git a/tests/18imsm-r1_2d-takeover-r0_1d.broken b/tests/18imsm-r1_2d-takeover-r0_1d.broken
+new file mode 100644
+index 0000000..aa1982e
+--- /dev/null
++++ b/tests/18imsm-r1_2d-takeover-r0_1d.broken
+@@ -0,0 +1,6 @@
++always fails
++
++Fails with error:
++
++ tests/func.sh: line 325: dvsize/chunk: division by 0 (error token
++ is "chunk")
+diff --git a/tests/19raid6auto-repair.broken b/tests/19raid6auto-repair.broken
+new file mode 100644
+index 0000000..e91a142
+--- /dev/null
++++ b/tests/19raid6auto-repair.broken
+@@ -0,0 +1,5 @@
++always fails
++
++Fails with:
++
++ "should detect errors"
+diff --git a/tests/19raid6repair.broken b/tests/19raid6repair.broken
+new file mode 100644
+index 0000000..e91a142
+--- /dev/null
++++ b/tests/19raid6repair.broken
+@@ -0,0 +1,5 @@
++always fails
++
++Fails with:
++
++ "should detect errors"
+--
+2.39.1
+
diff --git a/meta/recipes-extended/mdadm/files/run-ptest b/meta/recipes-extended/mdadm/files/run-ptest
index fae8071d43..2380c322a9 100644
--- a/meta/recipes-extended/mdadm/files/run-ptest
+++ b/meta/recipes-extended/mdadm/files/run-ptest
@@ -2,6 +2,6 @@
mkdir -p /mdadm-testing-dir
# make the test continue to execute even one fail
-dir=. ./test --keep-going --disable-integrity
+dir=. ./test --keep-going --disable-integrity --skip-broken
rm -rf /mdadm-testing-dir/*
diff --git a/meta/recipes-extended/mdadm/mdadm_4.2.bb b/meta/recipes-extended/mdadm/mdadm_4.2.bb
index 1851e058fd..307e7abd9e 100644
--- a/meta/recipes-extended/mdadm/mdadm_4.2.bb
+++ b/meta/recipes-extended/mdadm/mdadm_4.2.bb
@@ -34,6 +34,8 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/raid/mdadm/${BPN}-${PV}.tar.xz \
file://0002-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch \
file://0003-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch \
file://0004-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch \
+ file://0005-mdadm-test-Mark-and-ignore-broken-test-failures.patch \
+ file://0006-tests-Add-broken-files-for-all-broken-tests.patch \
"
SRC_URI[sha256sum] = "461c215670864bb74a4d1a3620684aa2b2f8296dffa06743f26dda5557acf01d"
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 24/30] python3: fix missing comma in get_module_deps3.py
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (22 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 23/30] mdadm: skip running known broken ptests Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 25/30] meson.bbclass: Point to llvm-config from native sysroot Steve Sakoman
` (6 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
Wes Tarro <wes.tarro@azuresummit.com> noticed a missing comma in a
preplace() call, add it.
That said, calling replace() with one argument results in a TypeError,
so this is obviously dead code.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9b2e2c8d809e7ca34451ec9702b029a00dfb410b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/python/python3/get_module_deps3.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/python/python3/get_module_deps3.py b/meta/recipes-devtools/python/python3/get_module_deps3.py
index 0ca687d2eb..8e432b49af 100644
--- a/meta/recipes-devtools/python/python3/get_module_deps3.py
+++ b/meta/recipes-devtools/python/python3/get_module_deps3.py
@@ -32,7 +32,7 @@ def fix_path(dep_path):
dep_path = dep_path[dep_path.find(pivot)+len(pivot):]
if '/usr/bin' in dep_path:
- dep_path = dep_path.replace('/usr/bin''${bindir}')
+ dep_path = dep_path.replace('/usr/bin','${bindir}')
# Handle multilib, is there a better way?
if '/usr/lib32' in dep_path:
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 25/30] meson.bbclass: Point to llvm-config from native sysroot
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (23 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 24/30] python3: fix missing comma in get_module_deps3.py Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 26/30] oeqa/runtime/cases/rpm: fix wait_for_no_process_for_user failure case Steve Sakoman
` (5 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Khem Raj <raj.khem@gmail.com>
Default search in meson would grok /usr/bin for llvm-config and if found
will use it, which might add wrong paths into cflags/ldflags, since we
depend on llvm-native when building gallium support ( thats when
llvm-config is effective), its better to point llvm-config into native
sysroot so it can add correct paths into compiler/linker cmdline
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cc73360b9728812ed6123e30559b77d8e89cc21c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/meson.bbclass | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/classes/meson.bbclass b/meta/classes/meson.bbclass
index 19b54e0fdc..fb6660c1a2 100644
--- a/meta/classes/meson.bbclass
+++ b/meta/classes/meson.bbclass
@@ -105,6 +105,7 @@ nm = ${@meson_array('BUILD_NM', d)}
strip = ${@meson_array('BUILD_STRIP', d)}
readelf = ${@meson_array('BUILD_READELF', d)}
objcopy = ${@meson_array('BUILD_OBJCOPY', d)}
+llvm-config = '${STAGING_BINDIR_NATIVE}/llvm-config'
pkgconfig = 'pkg-config-native'
${@rust_tool(d, "BUILD_SYS")}
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 26/30] oeqa/runtime/cases/rpm: fix wait_for_no_process_for_user failure case
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (24 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 25/30] meson.bbclass: Point to llvm-config from native sysroot Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 27/30] oeqa/selftest/devtool: add unit test for "devtool add -b" Steve Sakoman
` (4 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross.burton@arm.com>
str.format() doesn't use % notation, update the formatting to work.
assertTrue() is a member of self not a global, and assertTrue(True) will
always pass. Change this to just self.fail() as this is the failure case.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 017f3a0b1265c1a3b69c20bdb56bbf446111977e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oeqa/runtime/cases/rpm.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/lib/oeqa/runtime/cases/rpm.py b/meta/lib/oeqa/runtime/cases/rpm.py
index 5bdce3d522..7226b8af6a 100644
--- a/meta/lib/oeqa/runtime/cases/rpm.py
+++ b/meta/lib/oeqa/runtime/cases/rpm.py
@@ -57,8 +57,8 @@ class RpmBasicTest(OERuntimeTestCase):
return
time.sleep(1)
user_pss = [ps for ps in output.split("\n") if u + ' ' in ps]
- msg = "There're %s 's process(es) still running: %s".format(u, "\n".join(user_pss))
- assertTrue(True, msg=msg)
+ msg = "User %s has processes still running: %s" % (u, "\n".join(user_pss))
+ self.fail(msg=msg)
def unset_up_test_user(u):
# ensure no test1 process in running
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 27/30] oeqa/selftest/devtool: add unit test for "devtool add -b"
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (25 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 26/30] oeqa/runtime/cases/rpm: fix wait_for_no_process_for_user failure case Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 28/30] openssl: add PERLEXTERNAL path to test its existence Steve Sakoman
` (3 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Yoann Congal <yoann.congal@smile.fr>
Fix [Yocto #15085]
Co-authored-by: Fawzi KHABER <fawzi.khaber@smile.fr>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d5eedf8ca689ccb433c2f5d0b324378f966dd627)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oeqa/selftest/cases/devtool.py | 32 +++++++++++++++++++++++++
1 file changed, 32 insertions(+)
diff --git a/meta/lib/oeqa/selftest/cases/devtool.py b/meta/lib/oeqa/selftest/cases/devtool.py
index 64179d4004..aea2ad6561 100644
--- a/meta/lib/oeqa/selftest/cases/devtool.py
+++ b/meta/lib/oeqa/selftest/cases/devtool.py
@@ -348,6 +348,38 @@ class DevtoolAddTests(DevtoolBase):
bindir = bindir[1:]
self.assertTrue(os.path.isfile(os.path.join(installdir, bindir, 'pv')), 'pv binary not found in D')
+ def test_devtool_add_binary(self):
+ # Create a binary package containing a known test file
+ tempdir = tempfile.mkdtemp(prefix='devtoolqa')
+ self.track_for_cleanup(tempdir)
+ pn = 'tst-bin'
+ pv = '1.0'
+ test_file_dir = "var/lib/%s/" % pn
+ test_file_name = "test_file"
+ test_file_content = "TEST CONTENT"
+ test_file_package_root = os.path.join(tempdir, pn)
+ test_file_dir_full = os.path.join(test_file_package_root, test_file_dir)
+ bb.utils.mkdirhier(test_file_dir_full)
+ with open(os.path.join(test_file_dir_full, test_file_name), "w") as f:
+ f.write(test_file_content)
+ bin_package_path = os.path.join(tempdir, "%s.tar.gz" % pn)
+ runCmd("tar czf %s -C %s ." % (bin_package_path, test_file_package_root))
+
+ # Test devtool add -b on the binary package
+ self.track_for_cleanup(self.workspacedir)
+ self.add_command_to_tearDown('bitbake -c cleansstate %s' % pn)
+ self.add_command_to_tearDown('bitbake-layers remove-layer */workspace')
+ result = runCmd('devtool add -b %s %s' % (pn, bin_package_path))
+ self.assertExists(os.path.join(self.workspacedir, 'conf', 'layer.conf'), 'Workspace directory not created')
+
+ # Build the resulting recipe
+ result = runCmd('devtool build %s' % pn)
+ installdir = get_bb_var('D', pn)
+ self.assertTrue(installdir, 'Could not query installdir variable')
+
+ # Check that a known file from the binary package has indeed been installed
+ self.assertTrue(os.path.isfile(os.path.join(installdir, test_file_dir, test_file_name)), '%s not found in D' % test_file_name)
+
def test_devtool_add_git_local(self):
# We need dbus built so that DEPENDS recognition works
bitbake('dbus')
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 28/30] openssl: add PERLEXTERNAL path to test its existence
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (26 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 27/30] oeqa/selftest/devtool: add unit test for "devtool add -b" Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 29/30] openssl: use a glob on the PERLEXTERNAL to track updates on the path Steve Sakoman
` (2 subsequent siblings)
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Jose Quaresma <quaresma.jose@gmail.com>
When upstream change is better to fail or removing the PERL5LIB
if they are not need anymore.
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 337ac1159644678508990927923ef8af30f34cd7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-connectivity/openssl/openssl_3.0.9.bb | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.9.bb b/meta/recipes-connectivity/openssl/openssl_3.0.9.bb
index 849bd7e5a6..ba31418b4a 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.0.9.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.0.9.bb
@@ -137,7 +137,9 @@ do_configure () {
fi
# WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the
# environment variables set by bitbake. Adjust the environment variables instead.
- HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \
+ PERLEXTERNAL="${S}/external/perl/Text-Template-1.46/lib"
+ test -d "$PERLEXTERNAL" || bberror "PERLEXTERNAL '$PERLEXTERNAL' not found!"
+ HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="$PERLEXTERNAL" \
perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=$useprefix --openssldir=${libdir}/ssl-3 --libdir=${libdir} $target
perl ${B}/configdata.pm --dump
}
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 29/30] openssl: use a glob on the PERLEXTERNAL to track updates on the path
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (27 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 28/30] openssl: add PERLEXTERNAL path to test its existence Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 30/30] util-linux: add alternative links for ipcs,ipcrm Steve Sakoman
[not found] ` <1776B726C0E12BA1.27447@lists.openembedded.org>
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Jose Quaresma <quaresma.jose@gmail.com>
The Text-Template was updated from 1.46 to 1.56
| ERROR: openssl-native-3.1.1-r0 do_configure: PERLEXTERNAL '/build/tmp/work/x86_64-linux/openssl-native/3.1.1-r0/openssl-3.1.1/external/perl/Text-Template-1.46/lib' not found!
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b9a7739b01e31d0cc8358d99255e3e1b02a0a1a8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-connectivity/openssl/openssl_3.0.9.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.9.bb b/meta/recipes-connectivity/openssl/openssl_3.0.9.bb
index ba31418b4a..9738d36902 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.0.9.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.0.9.bb
@@ -137,7 +137,7 @@ do_configure () {
fi
# WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the
# environment variables set by bitbake. Adjust the environment variables instead.
- PERLEXTERNAL="${S}/external/perl/Text-Template-1.46/lib"
+ PERLEXTERNAL="$(realpath ${S}/external/perl/Text-Template-*/lib)"
test -d "$PERLEXTERNAL" || bberror "PERLEXTERNAL '$PERLEXTERNAL' not found!"
HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="$PERLEXTERNAL" \
perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=$useprefix --openssldir=${libdir}/ssl-3 --libdir=${libdir} $target
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* [OE-core][kirkstone 30/30] util-linux: add alternative links for ipcs,ipcrm
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
` (28 preceding siblings ...)
2023-07-30 18:00 ` [OE-core][kirkstone 29/30] openssl: use a glob on the PERLEXTERNAL to track updates on the path Steve Sakoman
@ 2023-07-30 18:00 ` Steve Sakoman
[not found] ` <1776B726C0E12BA1.27447@lists.openembedded.org>
30 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-30 18:00 UTC (permalink / raw)
To: openembedded-core
From: Benjamin Bouvier <benjamin.bouvier@ekinops.com>
When enabling ipcs and ipcrm configuration into busybox, both tools are
built and then deployed during do_rootfs. These operation lead to below
issue (similar behavior happens for ipcs):
do_rootfs: Postinstall scriptlets of ['busybox'] have failed. If the intention is to defer them to first boot,
then please place them into pkg_postinst_ontarget:${PN} ().
update-alternatives: Error: not linking .../build/tmp/work/board-poky-linux/board-image/1.0-r0/rootfs/usr/bin/ipcrm
to /bin/busybox since .../build/tmp/work/board-poky-linux/board-image/1.0-r0/rootfs/usr/bin/ipcrm exists and is not a link
Binaries enter in conflict with same named util-linux utilities during
do_rootfs step.
Adding ALTERNATIVE_LINK_NAME for both tools fix the issue.
Signed-off-by: Benjamin Bouvier <benjamin.bouvier@ekinops.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e4d60408b869c9cc2ccff794d4e271d993ec8a97)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-core/util-linux/util-linux_2.37.4.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-core/util-linux/util-linux_2.37.4.bb b/meta/recipes-core/util-linux/util-linux_2.37.4.bb
index f6d3ea2bc1..8866120eed 100644
--- a/meta/recipes-core/util-linux/util-linux_2.37.4.bb
+++ b/meta/recipes-core/util-linux/util-linux_2.37.4.bb
@@ -233,6 +233,8 @@ ALTERNATIVE_TARGET[getty] = "${base_sbindir}/agetty"
ALTERNATIVE_LINK_NAME[hexdump] = "${bindir}/hexdump"
ALTERNATIVE_LINK_NAME[hwclock] = "${base_sbindir}/hwclock"
ALTERNATIVE_LINK_NAME[ionice] = "${bindir}/ionice"
+ALTERNATIVE_LINK_NAME[ipcrm] = "${bindir}/ipcrm"
+ALTERNATIVE_LINK_NAME[ipcs] = "${bindir}/ipcs"
ALTERNATIVE_LINK_NAME[kill] = "${base_bindir}/kill"
ALTERNATIVE:${PN}-last = "last lastb"
ALTERNATIVE_LINK_NAME[last] = "${bindir}/last"
--
2.34.1
^ permalink raw reply related [flat|nested] 33+ messages in thread
* Re: [OE-core][kirkstone 14/30] gcc : upgrade to v11.4
[not found] ` <1776B726C0E12BA1.27447@lists.openembedded.org>
@ 2023-07-31 18:11 ` Steve Sakoman
0 siblings, 0 replies; 33+ messages in thread
From: Steve Sakoman @ 2023-07-31 18:11 UTC (permalink / raw)
To: steve; +Cc: openembedded-core
I see that there is some discussion on the list about possible
regressions from this patch, so I will remove it from this patch set
until the issues are resolved.
Steve
On Sun, Jul 30, 2023 at 8:01 AM Steve Sakoman via
lists.openembedded.org <steve=sakoman.com@lists.openembedded.org>
wrote:
>
> From: Sundeep KOKKONDA <sundeep.kokkonda@windriver.com>
>
> gcc stable version upgraded from v11.3 to v11.4
>
> For changes in v11.4 see - https://gcc.gnu.org/gcc-11/changes.html
>
> Below is the bug fix list for v11.4
> https://gcc.gnu.org/bugzilla/buglist.cgi?bug_status=RESOLVED&order=short_desc%2Cbug_status%2Cpriority%2Cassigned_to%2Cbug_id&query_format=advanced&resolution=FIXED&target_milestone=11.4
>
> There are a total 115 bugs are fixed in this release, below is the list of bugs fixed excluding the regression fixes.
>
> ID Product Comp Resolution Summary▲
> 108199 gcc tree-opt FIXE Bitfields, unions and SRA and storage_order_attribute
> 107801 gcc libstdc+ FIXE Building cross compiler for H8 family fails in libstdc++ (c++17/memory_resource.cc)
> 108265 gcc libstdc+ FIXE chrono::hh_mm_ss can't be constructed from unsigned durations
> 104443 gcc libstdc+ FIXE common_iterator<I, S>::operator-> is not correctly implemented
> 98056 gcc c++ FIXE coroutines: ICE tree check: expected record_type or union_type or qual_union_type, have array_type since r11-2183-g0f66b8486cea8668
> 107061 gcc target FIXE ENCODEKEY128 clobbers xmm4-xmm6
> 105433 gcc testsuit FIXE FAIL: gcc.target/i386/iamcu/test_3_element_struct_and_unions.c
> 105095 gcc testsuit FIXE gcc.dg/vect/complex/fast-math-complex-* tests are not executed
> 100474 gcc c++ FIXE ICE: in diagnose_trait_expr, at cp/constraint.cc:3706
> 105854 gcc target FIXE ICE: in extract_constrain_insn, at recog.cc:2692 (insn does not satisfy its constraints: sse2_lshrv1ti3)
> 104462 gcc target FIXE ICE: in extract_constrain_insn_cached, at recog.cc:2682 with -mavx512fp16 -mno-xsave
> 106045 gcc libgomp FIXE Incorrect testcase in libgomp.c/target-31.c at -O0
> 56189 gcc c++ FIXE Infinite recursion with noexcept when instantiating function template
> 100295 gcc c++ FIXE Internal compiler error from generic lambda capturing parameter pack and expanding it in if constexpr
> 100613 gcc jit FIXE libgccjit should produce dylib on macOS
> 104875 gcc libstdc+ FIXE libstdc++-v3/src/c++11/codecvt.cc:312:24: warning: left shift count >= width of type
> 107471 gcc libstdc+ FIXE mismatching constraints in common_iterator
> 105284 gcc libstdc+ FIXE missing syncstream and spanstream forward decl. in <iosfwd>
> 98821 gcc c++ FIXE modules : c++tools configures with CC but code fragments assume CXX.
> 109846 gcc fortran FIXE Pointer-valued function reference rejected as actual argument
> 101324 gcc target FIXE powerpc64le: hashst appears before mflr at -O1 or higher
> 102479 gcc c++ FIXE segfault when deducing class template arguments for tuple with libc++-14
> 105128 gcc libstdc+ FIXE source_location compile error for latest clang 15
> 106183 gcc libstdc+ FIXE std::atomic::wait might fail to be unblocked by notify_one/all on platforms without platform_wait()
> 102994 gcc libstdc+ FIXE std::atomic<ptr>::wait is not marked const
> 105324 gcc libstdc+ FIXE std::from_chars() assertion at floating_from_chars.cc:78 when parsing 1.11111111....
> 105375 gcc libstdc+ FIXE std::packaged_task has no deduction guide.
> 104602 gcc libstdc+ FIXE std::source_location::current uses cast from void*
> 106808 gcc libstdc+ FIXE std::string_view range concept requirement causes compile error with Boost.Filesystem
> 105725 gcc c++ FIXE [ICE] segfault with `-Wmismatched-tags`
> 105920 gcc target FIXE __builtin_cpu_supports ("f16c") should check AVX
>
> Signed-off-by: Sundeep KOKKONDA <sundeep.kokkonda@windriver.com>
> Signed-off-by: Steve Sakoman <steve@sakoman.com>
> ---
> meta/conf/distro/include/maintainers.inc | 2 +-
> .../gcc/{gcc-11.3.inc => gcc-11.4.inc} | 6 +-
> ...ian_11.3.bb => gcc-cross-canadian_11.4.bb} | 0
> .../{gcc-cross_11.3.bb => gcc-cross_11.4.bb} | 0
> ...-crosssdk_11.3.bb => gcc-crosssdk_11.4.bb} | 0
> ...cc-runtime_11.3.bb => gcc-runtime_11.4.bb} | 0
> ...itizers_11.3.bb => gcc-sanitizers_11.4.bb} | 0
> ...{gcc-source_11.3.bb => gcc-source_11.4.bb} | 0
> ...rch64-Update-Neoverse-N2-core-defini.patch | 20 ++--
> ...rm-add-armv9-a-architecture-to-march.patch | 54 +++++-----
> ...AMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch | 102 +++++++++---------
> ...s-fix-v4bx-to-linker-to-support-EABI.patch | 6 +-
> .../gcc/{gcc_11.3.bb => gcc_11.4.bb} | 0
> ...initial_11.3.bb => libgcc-initial_11.4.bb} | 0
> .../gcc/{libgcc_11.3.bb => libgcc_11.4.bb} | 0
> ...ibgfortran_11.3.bb => libgfortran_11.4.bb} | 0
> 16 files changed, 93 insertions(+), 97 deletions(-)
> rename meta/recipes-devtools/gcc/{gcc-11.3.inc => gcc-11.4.inc} (97%)
> rename meta/recipes-devtools/gcc/{gcc-cross-canadian_11.3.bb => gcc-cross-canadian_11.4.bb} (100%)
> rename meta/recipes-devtools/gcc/{gcc-cross_11.3.bb => gcc-cross_11.4.bb} (100%)
> rename meta/recipes-devtools/gcc/{gcc-crosssdk_11.3.bb => gcc-crosssdk_11.4.bb} (100%)
> rename meta/recipes-devtools/gcc/{gcc-runtime_11.3.bb => gcc-runtime_11.4.bb} (100%)
> rename meta/recipes-devtools/gcc/{gcc-sanitizers_11.3.bb => gcc-sanitizers_11.4.bb} (100%)
> rename meta/recipes-devtools/gcc/{gcc-source_11.3.bb => gcc-source_11.4.bb} (100%)
> rename meta/recipes-devtools/gcc/{gcc_11.3.bb => gcc_11.4.bb} (100%)
> rename meta/recipes-devtools/gcc/{libgcc-initial_11.3.bb => libgcc-initial_11.4.bb} (100%)
> rename meta/recipes-devtools/gcc/{libgcc_11.3.bb => libgcc_11.4.bb} (100%)
> rename meta/recipes-devtools/gcc/{libgfortran_11.3.bb => libgfortran_11.4.bb} (100%)
>
> diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc
> index 1d5e070223..bfc14951fe 100644
> --- a/meta/conf/distro/include/maintainers.inc
> +++ b/meta/conf/distro/include/maintainers.inc
> @@ -189,7 +189,7 @@ RECIPE_MAINTAINER:pn-gcc-cross-canadian-${TRANSLATED_TARGET_ARCH} = "Khem Raj <r
> RECIPE_MAINTAINER:pn-gcc-crosssdk-${SDK_SYS} = "Khem Raj <raj.khem@gmail.com>"
> RECIPE_MAINTAINER:pn-gcc-runtime = "Khem Raj <raj.khem@gmail.com>"
> RECIPE_MAINTAINER:pn-gcc-sanitizers = "Khem Raj <raj.khem@gmail.com>"
> -RECIPE_MAINTAINER:pn-gcc-source-11.3.0 = "Khem Raj <raj.khem@gmail.com>"
> +RECIPE_MAINTAINER:pn-gcc-source-11.4.0 = "Khem Raj <raj.khem@gmail.com>"
> RECIPE_MAINTAINER:pn-gconf = "Ross Burton <ross.burton@arm.com>"
> RECIPE_MAINTAINER:pn-gcr = "Alexander Kanavin <alex.kanavin@gmail.com>"
> RECIPE_MAINTAINER:pn-gdb = "Khem Raj <raj.khem@gmail.com>"
> diff --git a/meta/recipes-devtools/gcc/gcc-11.3.inc b/meta/recipes-devtools/gcc/gcc-11.4.inc
> similarity index 97%
> rename from meta/recipes-devtools/gcc/gcc-11.3.inc
> rename to meta/recipes-devtools/gcc/gcc-11.4.inc
> index ab2ece3cce..a907661df4 100644
> --- a/meta/recipes-devtools/gcc/gcc-11.3.inc
> +++ b/meta/recipes-devtools/gcc/gcc-11.4.inc
> @@ -2,11 +2,11 @@ require gcc-common.inc
>
> # Third digit in PV should be incremented after a minor release
>
> -PV = "11.3.0"
> +PV = "11.4.0"
>
> # BINV should be incremented to a revision after a minor gcc release
>
> -BINV = "11.3.0"
> +BINV = "11.4.0"
>
> FILESEXTRAPATHS =. "${FILE_DIRNAME}/gcc:${FILE_DIRNAME}/gcc/backport:"
>
> @@ -70,7 +70,7 @@ SRC_URI = "\
> file://0004-arm-add-armv9-a-architecture-to-march.patch \
> "
>
> -SRC_URI[sha256sum] = "b47cf2818691f5b1e21df2bb38c795fac2cfbd640ede2d0a5e1c89e338a3ac39"
> +SRC_URI[sha256sum] = "3f2db222b007e8a4a23cd5ba56726ef08e8b1f1eb2055ee72c1402cea73a8dd9"
>
> S = "${TMPDIR}/work-shared/gcc-${PV}-${PR}/gcc-${PV}"
>
> diff --git a/meta/recipes-devtools/gcc/gcc-cross-canadian_11.3.bb b/meta/recipes-devtools/gcc/gcc-cross-canadian_11.4.bb
> similarity index 100%
> rename from meta/recipes-devtools/gcc/gcc-cross-canadian_11.3.bb
> rename to meta/recipes-devtools/gcc/gcc-cross-canadian_11.4.bb
> diff --git a/meta/recipes-devtools/gcc/gcc-cross_11.3.bb b/meta/recipes-devtools/gcc/gcc-cross_11.4.bb
> similarity index 100%
> rename from meta/recipes-devtools/gcc/gcc-cross_11.3.bb
> rename to meta/recipes-devtools/gcc/gcc-cross_11.4.bb
> diff --git a/meta/recipes-devtools/gcc/gcc-crosssdk_11.3.bb b/meta/recipes-devtools/gcc/gcc-crosssdk_11.4.bb
> similarity index 100%
> rename from meta/recipes-devtools/gcc/gcc-crosssdk_11.3.bb
> rename to meta/recipes-devtools/gcc/gcc-crosssdk_11.4.bb
> diff --git a/meta/recipes-devtools/gcc/gcc-runtime_11.3.bb b/meta/recipes-devtools/gcc/gcc-runtime_11.4.bb
> similarity index 100%
> rename from meta/recipes-devtools/gcc/gcc-runtime_11.3.bb
> rename to meta/recipes-devtools/gcc/gcc-runtime_11.4.bb
> diff --git a/meta/recipes-devtools/gcc/gcc-sanitizers_11.3.bb b/meta/recipes-devtools/gcc/gcc-sanitizers_11.4.bb
> similarity index 100%
> rename from meta/recipes-devtools/gcc/gcc-sanitizers_11.3.bb
> rename to meta/recipes-devtools/gcc/gcc-sanitizers_11.4.bb
> diff --git a/meta/recipes-devtools/gcc/gcc-source_11.3.bb b/meta/recipes-devtools/gcc/gcc-source_11.4.bb
> similarity index 100%
> rename from meta/recipes-devtools/gcc/gcc-source_11.3.bb
> rename to meta/recipes-devtools/gcc/gcc-source_11.4.bb
> diff --git a/meta/recipes-devtools/gcc/gcc/0001-aarch64-Update-Neoverse-N2-core-defini.patch b/meta/recipes-devtools/gcc/gcc/0001-aarch64-Update-Neoverse-N2-core-defini.patch
> index 8429242348..a0c9db72e1 100644
> --- a/meta/recipes-devtools/gcc/gcc/0001-aarch64-Update-Neoverse-N2-core-defini.patch
> +++ b/meta/recipes-devtools/gcc/gcc/0001-aarch64-Update-Neoverse-N2-core-defini.patch
> @@ -19,24 +19,20 @@ diff --git a/gcc/config/aarch64/aarch64-cores.def b/gcc/config/aarch64/aarch64-c
> index 4643e0e27..3478e567a 100644
> --- a/gcc/config/aarch64/aarch64-cores.def
> +++ b/gcc/config/aarch64/aarch64-cores.def
> -@@ -145,9 +145,6 @@ AARCH64_CORE("neoverse-512tvb", neoverse512tvb, cortexa57, 8_4A, AARCH64_FL_FOR
> - /* Qualcomm ('Q') cores. */
> - AARCH64_CORE("saphira", saphira, saphira, 8_4A, AARCH64_FL_FOR_ARCH8_4 | AARCH64_FL_CRYPTO | AARCH64_FL_RCPC, saphira, 0x51, 0xC01, -1)
> -
> --/* Armv8.5-A Architecture Processors. */
> +@@ -147,7 +147,6 @@
> + AARCH64_CORE("saphira", saphira, saphira, 8_4A, AARCH64_FL_FOR_ARCH8_4 | AARCH64_FL_CRYPTO, saphira, 0x51, 0xC01, -1)
> +
> + /* Armv8.5-A Architecture Processors. */
> -AARCH64_CORE("neoverse-n2", neoversen2, cortexa57, 8_5A, AARCH64_FL_FOR_ARCH8_5 | AARCH64_FL_I8MM | AARCH64_FL_BF16 | AARCH64_FL_F16 | AARCH64_FL_SVE | AARCH64_FL_SVE2 | AARCH64_FL_SVE2_BITPERM | AARCH64_FL_RNG | AARCH64_FL_MEMTAG, neoversen2, 0x41, 0xd49, -1)
> --
> + AARCH64_CORE("neoverse-v2", neoversev2, cortexa57, 8_5A, AARCH64_FL_FOR_ARCH8_5 | AARCH64_FL_I8MM | AARCH64_FL_BF16 | AARCH64_FL_F16 | AARCH64_FL_SVE | AARCH64_FL_SVE2 | AARCH64_FL_SVE2_BITPERM | AARCH64_FL_RNG | AARCH64_FL_MEMTAG, neoverse512tvb, 0x41, 0xd4f, -1)
> +
> /* ARMv8-A big.LITTLE implementations. */
> -
> - AARCH64_CORE("cortex-a57.cortex-a53", cortexa57cortexa53, cortexa53, 8A, AARCH64_FL_FOR_ARCH8 | AARCH64_FL_CRC, cortexa57, 0x41, AARCH64_BIG_LITTLE (0xd07, 0xd03), -1)
> -@@ -163,4 +160,7 @@ AARCH64_CORE("cortex-a76.cortex-a55", cortexa76cortexa55, cortexa53, 8_2A, AAR
> +@@ -165,4 +164,7 @@
> /* Armv8-R Architecture Processors. */
> AARCH64_CORE("cortex-r82", cortexr82, cortexa53, 8R, AARCH64_FL_FOR_ARCH8_R, cortexa53, 0x41, 0xd15, -1)
> -
> +
> +/* Armv9-A Architecture Processors. */
> +AARCH64_CORE("neoverse-n2", neoversen2, cortexa57, 9A, AARCH64_FL_FOR_ARCH9 | AARCH64_FL_I8MM | AARCH64_FL_BF16 | AARCH64_FL_SVE2_BITPERM | AARCH64_FL_RNG | AARCH64_FL_MEMTAG | AARCH64_FL_PROFILE, neoversen2, 0x41, 0xd49, -1)
> +
> #undef AARCH64_CORE
> ---
> -2.32.0
>
> diff --git a/meta/recipes-devtools/gcc/gcc/0004-arm-add-armv9-a-architecture-to-march.patch b/meta/recipes-devtools/gcc/gcc/0004-arm-add-armv9-a-architecture-to-march.patch
> index 864c8b3017..b9b0988d5a 100644
> --- a/meta/recipes-devtools/gcc/gcc/0004-arm-add-armv9-a-architecture-to-march.patch
> +++ b/meta/recipes-devtools/gcc/gcc/0004-arm-add-armv9-a-architecture-to-march.patch
> @@ -43,10 +43,10 @@ Signed-off-by: Ruiqiang Hao <Ruiqiang.Hao@windriver.com>
> gcc/testsuite/lib/target-supports.exp | 3 ++-
> 9 files changed, 79 insertions(+), 8 deletions(-)
>
> -Index: gcc-11.3.0/gcc/config/arm/arm-cpus.in
> +Index: gcc/gcc/config/arm/arm-cpus.in
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/arm/arm-cpus.in
> -+++ gcc-11.3.0/gcc/config/arm/arm-cpus.in
> +--- a/gcc/config/arm/arm-cpus.in
> ++++ b/gcc/config/arm/arm-cpus.in
> @@ -132,6 +132,9 @@ define feature cmse
> # Architecture rel 8.1-M.
> define feature armv8_1m_main
> @@ -87,10 +87,10 @@ Index: gcc-11.3.0/gcc/config/arm/arm-cpus.in
> begin arch iwmmxt
> tune for iwmmxt
> tune flags LDSCHED STRONG XSCALE
> -Index: gcc-11.3.0/gcc/config/arm/arm-tables.opt
> +Index: gcc/gcc/config/arm/arm-tables.opt
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/arm/arm-tables.opt
> -+++ gcc-11.3.0/gcc/config/arm/arm-tables.opt
> +--- a/gcc/config/arm/arm-tables.opt
> ++++ b/gcc/config/arm/arm-tables.opt
> @@ -380,10 +380,13 @@ EnumValue
> Enum(arm_arch) String(armv8.1-m.main) Value(30)
>
> @@ -107,10 +107,10 @@ Index: gcc-11.3.0/gcc/config/arm/arm-tables.opt
>
> Enum
> Name(arm_fpu) Type(enum fpu_type)
> -Index: gcc-11.3.0/gcc/config/arm/arm.h
> +Index: gcc/gcc/config/arm/arm.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/arm/arm.h
> -+++ gcc-11.3.0/gcc/config/arm/arm.h
> +--- a/gcc/config/arm/arm.h
> ++++ b/gcc/config/arm/arm.h
> @@ -456,7 +456,8 @@ enum base_architecture
> BASE_ARCH_8A = 8,
> BASE_ARCH_8M_BASE = 8,
> @@ -121,10 +121,10 @@ Index: gcc-11.3.0/gcc/config/arm/arm.h
> };
>
> /* The major revision number of the ARM Architecture implemented by the target. */
> -Index: gcc-11.3.0/gcc/config/arm/t-aprofile
> +Index: gcc/gcc/config/arm/t-aprofile
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/arm/t-aprofile
> -+++ gcc-11.3.0/gcc/config/arm/t-aprofile
> +--- a/gcc/config/arm/t-aprofile
> ++++ b/gcc/config/arm/t-aprofile
> @@ -26,8 +26,8 @@
>
> # Arch and FPU variants to build libraries with
> @@ -180,10 +180,10 @@ Index: gcc-11.3.0/gcc/config/arm/t-aprofile
> - $(foreach ARCH, armv7-a armv8-a, \
> + $(foreach ARCH, armv7-a armv8-a armv9-a, \
> mthumb/march.$(ARCH)/mfloat-abi.soft=m$(MODE)/march.$(ARCH)/mfloat-abi.softfp))
> -Index: gcc-11.3.0/gcc/config/arm/t-arm-elf
> +Index: gcc/gcc/config/arm/t-arm-elf
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/arm/t-arm-elf
> -+++ gcc-11.3.0/gcc/config/arm/t-arm-elf
> +--- a/gcc/config/arm/t-arm-elf
> ++++ b/gcc/config/arm/t-arm-elf
> @@ -38,6 +38,8 @@ v7ve_fps := vfpv3-d16 vfpv3 vfpv3-d16-fp
> # it seems to work ok.
> v8_fps := simd fp16 crypto fp16+crypto dotprod fp16fml
> @@ -214,10 +214,10 @@ Index: gcc-11.3.0/gcc/config/arm/t-arm-elf
> MULTILIB_MATCHES += $(foreach ARCH, armv7e-m armv8-m.mainline, \
> march?armv7+fp=march?$(ARCH)+fp.dp)
>
> -Index: gcc-11.3.0/gcc/config/arm/t-multilib
> +Index: gcc/gcc/config/arm/t-multilib
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/arm/t-multilib
> -+++ gcc-11.3.0/gcc/config/arm/t-multilib
> +--- a/gcc/config/arm/t-multilib
> ++++ b/gcc/config/arm/t-multilib
> @@ -78,6 +78,8 @@ v8_4_a_simd_variants := $(call all_feat_
> v8_5_a_simd_variants := $(call all_feat_combs, simd fp16 crypto i8mm bf16)
> v8_6_a_simd_variants := $(call all_feat_combs, simd fp16 crypto i8mm bf16)
> @@ -244,10 +244,10 @@ Index: gcc-11.3.0/gcc/config/arm/t-multilib
> endif # Not APROFILE.
>
> # Use Thumb libraries for everything.
> -Index: gcc-11.3.0/gcc/doc/invoke.texi
> +Index: gcc/gcc/doc/invoke.texi
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/doc/invoke.texi
> -+++ gcc-11.3.0/gcc/doc/invoke.texi
> +--- a/gcc/doc/invoke.texi
> ++++ b/gcc/doc/invoke.texi
> @@ -19701,6 +19701,7 @@ Permissible names are:
> @samp{armv7-m}, @samp{armv7e-m},
> @samp{armv8-m.base}, @samp{armv8-m.main},
> @@ -256,10 +256,10 @@ Index: gcc-11.3.0/gcc/doc/invoke.texi
> @samp{iwmmxt} and @samp{iwmmxt2}.
>
> Additionally, the following architectures, which lack support for the
> -Index: gcc-11.3.0/gcc/testsuite/gcc.target/arm/multilib.exp
> +Index: gcc/gcc/testsuite/gcc.target/arm/multilib.exp
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/testsuite/gcc.target/arm/multilib.exp
> -+++ gcc-11.3.0/gcc/testsuite/gcc.target/arm/multilib.exp
> +--- a/gcc/testsuite/gcc.target/arm/multilib.exp
> ++++ b/gcc/testsuite/gcc.target/arm/multilib.exp
> @@ -135,6 +135,14 @@ if {[multilib_config "aprofile"] } {
> {-march=armv8.6-a+simd+fp16 -mfloat-abi=softfp} "thumb/v8-a+simd/softfp"
> {-march=armv8.6-a+simd+fp16+nofp -mfloat-abi=softfp} "thumb/v8-a/nofp"
> @@ -275,10 +275,10 @@ Index: gcc-11.3.0/gcc/testsuite/gcc.target/arm/multilib.exp
> {-mcpu=cortex-a53+crypto -mfloat-abi=hard} "thumb/v8-a+simd/hard"
> {-mcpu=cortex-a53+nofp -mfloat-abi=softfp} "thumb/v8-a/nofp"
> {-march=armv8-a+crc -mfloat-abi=hard -mfpu=vfp} "thumb/v8-a+simd/hard"
> -Index: gcc-11.3.0/gcc/testsuite/lib/target-supports.exp
> +Index: gcc/gcc/testsuite/lib/target-supports.exp
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/testsuite/lib/target-supports.exp
> -+++ gcc-11.3.0/gcc/testsuite/lib/target-supports.exp
> +--- a/gcc/testsuite/lib/target-supports.exp
> ++++ b/gcc/testsuite/lib/target-supports.exp
> @@ -4820,7 +4820,8 @@ foreach { armfunc armflag armdefs } {
> v8m_base "-march=armv8-m.base -mthumb -mfloat-abi=soft"
> __ARM_ARCH_8M_BASE__
> diff --git a/meta/recipes-devtools/gcc/gcc/0006-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch b/meta/recipes-devtools/gcc/gcc/0006-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch
> index b3515c9734..ece5873258 100644
> --- a/meta/recipes-devtools/gcc/gcc/0006-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch
> +++ b/meta/recipes-devtools/gcc/gcc/0006-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch
> @@ -39,10 +39,10 @@ Signed-off-by: Pavel Zhukov <pavel@zhukoff.net>
> gcc/config/sparc/linux64.h | 4 ++--
> 17 files changed, 53 insertions(+), 58 deletions(-)
>
> -Index: gcc-11.3.0/gcc/config/aarch64/aarch64-linux.h
> +Index: gcc/gcc/config/aarch64/aarch64-linux.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/aarch64/aarch64-linux.h
> -+++ gcc-11.3.0/gcc/config/aarch64/aarch64-linux.h
> +--- a/gcc/config/aarch64/aarch64-linux.h
> ++++ b/gcc/config/aarch64/aarch64-linux.h
> @@ -21,10 +21,10 @@
> #ifndef GCC_AARCH64_LINUX_H
> #define GCC_AARCH64_LINUX_H
> @@ -56,10 +56,10 @@ Index: gcc-11.3.0/gcc/config/aarch64/aarch64-linux.h
>
> #undef ASAN_CC1_SPEC
> #define ASAN_CC1_SPEC "%{%:sanitize(address):-funwind-tables}"
> -Index: gcc-11.3.0/gcc/config/alpha/linux-elf.h
> +Index: gcc/gcc/config/alpha/linux-elf.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/alpha/linux-elf.h
> -+++ gcc-11.3.0/gcc/config/alpha/linux-elf.h
> +--- a/gcc/config/alpha/linux-elf.h
> ++++ b/gcc/config/alpha/linux-elf.h
> @@ -23,8 +23,8 @@ along with GCC; see the file COPYING3.
> #define EXTRA_SPECS \
> { "elf_dynamic_linker", ELF_DYNAMIC_LINKER },
> @@ -71,10 +71,10 @@ Index: gcc-11.3.0/gcc/config/alpha/linux-elf.h
> #if DEFAULT_LIBC == LIBC_UCLIBC
> #define CHOOSE_DYNAMIC_LINKER(G, U) "%{mglibc:" G ";:" U "}"
> #elif DEFAULT_LIBC == LIBC_GLIBC
> -Index: gcc-11.3.0/gcc/config/arm/linux-eabi.h
> +Index: gcc/gcc/config/arm/linux-eabi.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/arm/linux-eabi.h
> -+++ gcc-11.3.0/gcc/config/arm/linux-eabi.h
> +--- a/gcc/config/arm/linux-eabi.h
> ++++ b/gcc/config/arm/linux-eabi.h
> @@ -65,8 +65,8 @@
> GLIBC_DYNAMIC_LINKER_DEFAULT and TARGET_DEFAULT_FLOAT_ABI. */
>
> @@ -95,10 +95,10 @@ Index: gcc-11.3.0/gcc/config/arm/linux-eabi.h
>
> /* At this point, bpabi.h will have clobbered LINK_SPEC. We want to
> use the GNU/Linux version, not the generic BPABI version. */
> -Index: gcc-11.3.0/gcc/config/arm/linux-elf.h
> +Index: gcc/gcc/config/arm/linux-elf.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/arm/linux-elf.h
> -+++ gcc-11.3.0/gcc/config/arm/linux-elf.h
> +--- a/gcc/config/arm/linux-elf.h
> ++++ b/gcc/config/arm/linux-elf.h
> @@ -60,7 +60,7 @@
>
> #define LIBGCC_SPEC "%{mfloat-abi=soft*:-lfloat} -lgcc"
> @@ -108,10 +108,10 @@ Index: gcc-11.3.0/gcc/config/arm/linux-elf.h
>
> #define LINUX_TARGET_LINK_SPEC "%{h*} \
> %{static:-Bstatic} \
> -Index: gcc-11.3.0/gcc/config/i386/linux.h
> +Index: gcc/gcc/config/i386/linux.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/i386/linux.h
> -+++ gcc-11.3.0/gcc/config/i386/linux.h
> +--- a/gcc/config/i386/linux.h
> ++++ b/gcc/config/i386/linux.h
> @@ -20,7 +20,7 @@ along with GCC; see the file COPYING3.
> <http://www.gnu.org/licenses/>. */
>
> @@ -122,10 +122,10 @@ Index: gcc-11.3.0/gcc/config/i386/linux.h
> #undef MUSL_DYNAMIC_LINKER
> -#define MUSL_DYNAMIC_LINKER "/lib/ld-musl-i386.so.1"
> +#define MUSL_DYNAMIC_LINKER SYSTEMLIBS_DIR "ld-musl-i386.so.1"
> -Index: gcc-11.3.0/gcc/config/i386/linux64.h
> +Index: gcc/gcc/config/i386/linux64.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/i386/linux64.h
> -+++ gcc-11.3.0/gcc/config/i386/linux64.h
> +--- a/gcc/config/i386/linux64.h
> ++++ b/gcc/config/i386/linux64.h
> @@ -27,13 +27,13 @@ see the files COPYING3 and COPYING.RUNTI
> #define GNU_USER_LINK_EMULATION64 "elf_x86_64"
> #define GNU_USER_LINK_EMULATIONX32 "elf32_x86_64"
> @@ -146,10 +146,10 @@ Index: gcc-11.3.0/gcc/config/i386/linux64.h
> #undef MUSL_DYNAMIC_LINKERX32
> -#define MUSL_DYNAMIC_LINKERX32 "/lib/ld-musl-x32.so.1"
> +#define MUSL_DYNAMIC_LINKERX32 SYSTEMLIBS_DIR "ld-musl-x32.so.1"
> -Index: gcc-11.3.0/gcc/config/linux.h
> +Index: gcc/gcc/config/linux.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/linux.h
> -+++ gcc-11.3.0/gcc/config/linux.h
> +--- a/gcc/config/linux.h
> ++++ b/gcc/config/linux.h
> @@ -94,10 +94,10 @@ see the files COPYING3 and COPYING.RUNTI
> GLIBC_DYNAMIC_LINKER must be defined for each target using them, or
> GLIBC_DYNAMIC_LINKER32 and GLIBC_DYNAMIC_LINKER64 for targets
> @@ -165,10 +165,10 @@ Index: gcc-11.3.0/gcc/config/linux.h
> #define BIONIC_DYNAMIC_LINKER "/system/bin/linker"
> #define BIONIC_DYNAMIC_LINKER32 "/system/bin/linker"
> #define BIONIC_DYNAMIC_LINKER64 "/system/bin/linker64"
> -Index: gcc-11.3.0/gcc/config/microblaze/linux.h
> +Index: gcc/gcc/config/microblaze/linux.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/microblaze/linux.h
> -+++ gcc-11.3.0/gcc/config/microblaze/linux.h
> +--- a/gcc/config/microblaze/linux.h
> ++++ b/gcc/config/microblaze/linux.h
> @@ -28,7 +28,7 @@
> #undef TLS_NEEDS_GOT
> #define TLS_NEEDS_GOT 1
> @@ -187,10 +187,10 @@ Index: gcc-11.3.0/gcc/config/microblaze/linux.h
>
> #undef SUBTARGET_EXTRA_SPECS
> #define SUBTARGET_EXTRA_SPECS \
> -Index: gcc-11.3.0/gcc/config/mips/linux.h
> +Index: gcc/gcc/config/mips/linux.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/mips/linux.h
> -+++ gcc-11.3.0/gcc/config/mips/linux.h
> +--- a/gcc/config/mips/linux.h
> ++++ b/gcc/config/mips/linux.h
> @@ -22,29 +22,29 @@ along with GCC; see the file COPYING3.
> #define GNU_USER_LINK_EMULATIONN32 "elf32%{EB:b}%{EL:l}tsmipn32"
>
> @@ -230,10 +230,10 @@ Index: gcc-11.3.0/gcc/config/mips/linux.h
>
> #define BIONIC_DYNAMIC_LINKERN32 "/system/bin/linker32"
> #define GNU_USER_DYNAMIC_LINKERN32 \
> -Index: gcc-11.3.0/gcc/config/nios2/linux.h
> +Index: gcc/gcc/config/nios2/linux.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/nios2/linux.h
> -+++ gcc-11.3.0/gcc/config/nios2/linux.h
> +--- a/gcc/config/nios2/linux.h
> ++++ b/gcc/config/nios2/linux.h
> @@ -29,7 +29,7 @@
> #undef CPP_SPEC
> #define CPP_SPEC "%{posix:-D_POSIX_SOURCE} %{pthread:-D_REENTRANT}"
> @@ -243,10 +243,10 @@ Index: gcc-11.3.0/gcc/config/nios2/linux.h
>
> #undef LINK_SPEC
> #define LINK_SPEC LINK_SPEC_ENDIAN \
> -Index: gcc-11.3.0/gcc/config/riscv/linux.h
> +Index: gcc/gcc/config/riscv/linux.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/riscv/linux.h
> -+++ gcc-11.3.0/gcc/config/riscv/linux.h
> +--- a/gcc/config/riscv/linux.h
> ++++ b/gcc/config/riscv/linux.h
> @@ -22,7 +22,7 @@ along with GCC; see the file COPYING3.
> GNU_USER_TARGET_OS_CPP_BUILTINS(); \
> } while (0)
> @@ -265,10 +265,10 @@ Index: gcc-11.3.0/gcc/config/riscv/linux.h
>
> /* Because RISC-V only has word-sized atomics, it requries libatomic where
> others do not. So link libatomic by default, as needed. */
> -Index: gcc-11.3.0/gcc/config/rs6000/linux64.h
> +Index: gcc/gcc/config/rs6000/linux64.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/rs6000/linux64.h
> -+++ gcc-11.3.0/gcc/config/rs6000/linux64.h
> +--- a/gcc/config/rs6000/linux64.h
> ++++ b/gcc/config/rs6000/linux64.h
> @@ -336,24 +336,19 @@ extern int dot_symbols;
> #undef LINK_OS_DEFAULT_SPEC
> #define LINK_OS_DEFAULT_SPEC "%(link_os_linux)"
> @@ -299,10 +299,10 @@ Index: gcc-11.3.0/gcc/config/rs6000/linux64.h
>
> #undef DEFAULT_ASM_ENDIAN
> #if (TARGET_DEFAULT & MASK_LITTLE_ENDIAN)
> -Index: gcc-11.3.0/gcc/config/rs6000/sysv4.h
> +Index: gcc/gcc/config/rs6000/sysv4.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/rs6000/sysv4.h
> -+++ gcc-11.3.0/gcc/config/rs6000/sysv4.h
> +--- a/gcc/config/rs6000/sysv4.h
> ++++ b/gcc/config/rs6000/sysv4.h
> @@ -780,10 +780,10 @@ GNU_USER_TARGET_CC1_SPEC
>
> #define MUSL_DYNAMIC_LINKER_E ENDIAN_SELECT("","le","")
> @@ -316,10 +316,10 @@ Index: gcc-11.3.0/gcc/config/rs6000/sysv4.h
>
> #ifndef GNU_USER_DYNAMIC_LINKER
> #define GNU_USER_DYNAMIC_LINKER GLIBC_DYNAMIC_LINKER
> -Index: gcc-11.3.0/gcc/config/s390/linux.h
> +Index: gcc/gcc/config/s390/linux.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/s390/linux.h
> -+++ gcc-11.3.0/gcc/config/s390/linux.h
> +--- a/gcc/config/s390/linux.h
> ++++ b/gcc/config/s390/linux.h
> @@ -72,13 +72,13 @@ along with GCC; see the file COPYING3.
> #define MULTILIB_DEFAULTS { "m31" }
> #endif
> @@ -338,10 +338,10 @@ Index: gcc-11.3.0/gcc/config/s390/linux.h
>
> #undef LINK_SPEC
> #define LINK_SPEC \
> -Index: gcc-11.3.0/gcc/config/sh/linux.h
> +Index: gcc/gcc/config/sh/linux.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/sh/linux.h
> -+++ gcc-11.3.0/gcc/config/sh/linux.h
> +--- a/gcc/config/sh/linux.h
> ++++ b/gcc/config/sh/linux.h
> @@ -61,10 +61,10 @@ along with GCC; see the file COPYING3.
>
> #undef MUSL_DYNAMIC_LINKER
> @@ -355,10 +355,10 @@ Index: gcc-11.3.0/gcc/config/sh/linux.h
>
> #undef SUBTARGET_LINK_EMUL_SUFFIX
> #define SUBTARGET_LINK_EMUL_SUFFIX "%{mfdpic:_fd;:_linux}"
> -Index: gcc-11.3.0/gcc/config/sparc/linux.h
> +Index: gcc/gcc/config/sparc/linux.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/sparc/linux.h
> -+++ gcc-11.3.0/gcc/config/sparc/linux.h
> +--- a/gcc/config/sparc/linux.h
> ++++ b/gcc/config/sparc/linux.h
> @@ -78,7 +78,7 @@ extern const char *host_detect_local_cpu
> When the -shared link option is used a final link is not being
> done. */
> @@ -368,10 +368,10 @@ Index: gcc-11.3.0/gcc/config/sparc/linux.h
>
> #undef LINK_SPEC
> #define LINK_SPEC "-m elf32_sparc %{shared:-shared} \
> -Index: gcc-11.3.0/gcc/config/sparc/linux64.h
> +Index: gcc/gcc/config/sparc/linux64.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/sparc/linux64.h
> -+++ gcc-11.3.0/gcc/config/sparc/linux64.h
> +--- a/gcc/config/sparc/linux64.h
> ++++ b/gcc/config/sparc/linux64.h
> @@ -78,8 +78,8 @@ along with GCC; see the file COPYING3.
> When the -shared link option is used a final link is not being
> done. */
> diff --git a/meta/recipes-devtools/gcc/gcc/0009-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch b/meta/recipes-devtools/gcc/gcc/0009-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch
> index 0f94936140..1ec942e977 100644
> --- a/meta/recipes-devtools/gcc/gcc/0009-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch
> +++ b/meta/recipes-devtools/gcc/gcc/0009-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch
> @@ -18,10 +18,10 @@ Upstream-Status: Pending
> gcc/config/arm/linux-eabi.h | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> -Index: gcc-11.3.0/gcc/config/arm/linux-eabi.h
> +Index: gcc/gcc/config/arm/linux-eabi.h
> ===================================================================
> ---- gcc-11.3.0.orig/gcc/config/arm/linux-eabi.h
> -+++ gcc-11.3.0/gcc/config/arm/linux-eabi.h
> +--- a/gcc/config/arm/linux-eabi.h
> ++++ b/gcc/config/arm/linux-eabi.h
> @@ -91,10 +91,14 @@
> #define MUSL_DYNAMIC_LINKER \
> SYSTEMLIBS_DIR "ld-musl-arm" MUSL_DYNAMIC_LINKER_E "%{mfloat-abi=hard:hf}%{mfdpic:-fdpic}.so.1"
> diff --git a/meta/recipes-devtools/gcc/gcc_11.3.bb b/meta/recipes-devtools/gcc/gcc_11.4.bb
> similarity index 100%
> rename from meta/recipes-devtools/gcc/gcc_11.3.bb
> rename to meta/recipes-devtools/gcc/gcc_11.4.bb
> diff --git a/meta/recipes-devtools/gcc/libgcc-initial_11.3.bb b/meta/recipes-devtools/gcc/libgcc-initial_11.4.bb
> similarity index 100%
> rename from meta/recipes-devtools/gcc/libgcc-initial_11.3.bb
> rename to meta/recipes-devtools/gcc/libgcc-initial_11.4.bb
> diff --git a/meta/recipes-devtools/gcc/libgcc_11.3.bb b/meta/recipes-devtools/gcc/libgcc_11.4.bb
> similarity index 100%
> rename from meta/recipes-devtools/gcc/libgcc_11.3.bb
> rename to meta/recipes-devtools/gcc/libgcc_11.4.bb
> diff --git a/meta/recipes-devtools/gcc/libgfortran_11.3.bb b/meta/recipes-devtools/gcc/libgfortran_11.4.bb
> similarity index 100%
> rename from meta/recipes-devtools/gcc/libgfortran_11.3.bb
> rename to meta/recipes-devtools/gcc/libgfortran_11.4.bb
> --
> 2.34.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#185092): https://lists.openembedded.org/g/openembedded-core/message/185092
> Mute This Topic: https://lists.openembedded.org/mt/100447625/3620601
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 33+ messages in thread
end of thread, other threads:[~2023-07-31 18:11 UTC | newest]
Thread overview: 33+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-07-30 18:00 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 01/30] libjpeg-turbo: patch CVE-2023-2804 Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 02/30] python3: ignore CVE-2023-36632 Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 03/30] tiff: fix multiple CVEs Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 04/30] go: fix CVE-2023-29406 net/http insufficient sanitization of Host header Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 05/30] tiff: fix multiple CVEs Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 06/30] libtiff: fix CVE-2023-26965 heap-based use after free Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 07/30] openssh: fix CVE-2023-38408 Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 08/30] dmidecode: fix CVE-2023-30630 Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 09/30] python3: upgrade 3.10.9 -> 3.10.12 Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 10/30] diffutils: update 3.9 -> 3.10 Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 11/30] libassuan: upgrade 2.5.5 -> 2.5.6 Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 12/30] libksba: upgrade 1.6.3 -> 1.6.4 Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 13/30] lttng-ust: upgrade 2.13.5 -> 2.13.6 Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 14/30] gcc : upgrade to v11.4 Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 15/30] libxcrypt: fix build with perl-5.38 and use master branch Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 16/30] kernel: add missing path to search for debug files Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 17/30] recipetool: Fix inherit in created -native* recipes Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 18/30] systemd-systemctl: fix errors in instance name expansion Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 19/30] uboot-extlinux-config.bbclass: fix old override syntax in comment Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 20/30] mdadm: fix util-linux ptest dependency Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 21/30] mdadm: fix 07revert-inplace ptest Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 22/30] mdadm: fix segfaults when running ptests Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 23/30] mdadm: skip running known broken ptests Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 24/30] python3: fix missing comma in get_module_deps3.py Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 25/30] meson.bbclass: Point to llvm-config from native sysroot Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 26/30] oeqa/runtime/cases/rpm: fix wait_for_no_process_for_user failure case Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 27/30] oeqa/selftest/devtool: add unit test for "devtool add -b" Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 28/30] openssl: add PERLEXTERNAL path to test its existence Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 29/30] openssl: use a glob on the PERLEXTERNAL to track updates on the path Steve Sakoman
2023-07-30 18:00 ` [OE-core][kirkstone 30/30] util-linux: add alternative links for ipcs,ipcrm Steve Sakoman
[not found] ` <1776B726C0E12BA1.27447@lists.openembedded.org>
2023-07-31 18:11 ` [OE-core][kirkstone 14/30] gcc : upgrade to v11.4 Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2022-07-03 19:35 [OE-core][kirkstone 00/30] Patch review Steve Sakoman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox