[OE-core][nanbield 00/12] Patch review

[OE-core][nanbield 00/12] Patch review

[Steve Sakoman]

Please review this set of changes for nanbield and have comments back by
end of day Monday, January 15

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6437

The following changes since commit ff595b937d37d2315386aebf315cea719e2362ea:

  build-appliance-image: Update to nanbield head revision (2024-01-04 04:13:37 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/nanbield-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/nanbield-nut

Jason Andryuk (3):
  linux-firmware: Package iwlwifi .pnvm files
  linux-firmware: Change bnx2 packaging
  linux-firmware: Create bnx2x subpackage

Joao Marcos Costa (1):
  documentation.conf: fix do_menuconfig description

Jose Quaresma (2):
  go: update 1.20.10 -> 1.20.11
  go: update 1.20.11 -> 1.20.12

Khem Raj (1):
  tiff: Backport fixes for CVE-2023-6277

Massimiliano Minella (1):
  zstd: fix LICENSE statement

Richard Purdie (1):
  pseudo: Update to pull in syncfs probe fix

Ross Burton (1):
  avahi: update URL for new project location

Xiangyu Chen (1):
  shadow: Fix for CVE-2023-4641

Zahir Hussain (1):
  cmake: Unset CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES

 meta/conf/documentation.conf                  |   2 +-
 meta/recipes-connectivity/avahi/avahi_0.8.bb  |   5 +-
 .../cmake/cmake/OEToolchainConfig.cmake       |   3 +
 .../go/{go-1.20.10.inc => go-1.20.12.inc}     |   2 +-
 ...1.20.10.bb => go-binary-native_1.20.12.bb} |   6 +-
 ....20.10.bb => go-cross-canadian_1.20.12.bb} |   0
 ...o-cross_1.20.10.bb => go-cross_1.20.12.bb} |   0
 ...ssdk_1.20.10.bb => go-crosssdk_1.20.12.bb} |   0
 ...native_1.20.10.bb => go-native_1.20.12.bb} |   0
 ...ntime_1.20.10.bb => go-runtime_1.20.12.bb} |   0
 .../go/{go_1.20.10.bb => go_1.20.12.bb}       |   0
 meta/recipes-devtools/pseudo/pseudo_git.bb    |   2 +-
 .../shadow/files/CVE-2023-4641.patch          | 147 ++++++++++++++++
 meta/recipes-extended/shadow/shadow.inc       |   1 +
 meta/recipes-extended/zstd/zstd_1.5.5.bb      |   2 +-
 .../linux-firmware/linux-firmware_20231030.bb |  26 ++-
 ...277-Apply-1-suggestion-s-to-1-file-s.patch |  27 +++
 ...ompare-data-size-of-some-tags-data-2.patch |  36 ++++
 ...-compare-data-size-of-some-tags-data.patch | 162 ++++++++++++++++++
 meta/recipes-multimedia/libtiff/tiff_4.6.0.bb |   3 +
 20 files changed, 408 insertions(+), 16 deletions(-)
 rename meta/recipes-devtools/go/{go-1.20.10.inc => go-1.20.12.inc} (89%)
 rename meta/recipes-devtools/go/{go-binary-native_1.20.10.bb => go-binary-native_1.20.12.bb} (78%)
 rename meta/recipes-devtools/go/{go-cross-canadian_1.20.10.bb => go-cross-canadian_1.20.12.bb} (100%)
 rename meta/recipes-devtools/go/{go-cross_1.20.10.bb => go-cross_1.20.12.bb} (100%)
 rename meta/recipes-devtools/go/{go-crosssdk_1.20.10.bb => go-crosssdk_1.20.12.bb} (100%)
 rename meta/recipes-devtools/go/{go-native_1.20.10.bb => go-native_1.20.12.bb} (100%)
 rename meta/recipes-devtools/go/{go-runtime_1.20.10.bb => go-runtime_1.20.12.bb} (100%)
 rename meta/recipes-devtools/go/{go_1.20.10.bb => go_1.20.12.bb} (100%)
 create mode 100644 meta/recipes-extended/shadow/files/CVE-2023-4641.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-Apply-1-suggestion-s-to-1-file-s.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-At-image-reading-compare-data-size-of-some-tags-data-2.patch
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2023-6277-At-image-reading-compare-data-size-of-some-tags-data.patch

-- 
2.34.1

[OE-core][nanbield 00/12] Patch review

[Steve Sakoman]

Please review this set of changes for nanbield and have comments back by
end of day Friday, January 26

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6481

The following changes since commit ff0dc585479136e3d031da08ef15e8e5c6e92c8d:

  pseudo: Update to pull in syncfs probe fix (2024-01-10 04:20:39 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/nanbield-nut
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/nanbield-nut

Anuj Mittal (2):
  base-passwd: upgrade 3.6.2 -> 3.6.3
  glib-2.0: upgrade 2.78.1 -> 2.78.3

Chen Qi (1):
  sudo: upgrade from 1.9.15p2 to 1.9.15p5

Jeremy A. Puhlman (1):
  create-spdx-2.2: combine spdx can try to write before dir creation

Joshua Watt (1):
  rpcbind: Specify state directory under /run

Lee Chee Yang (2):
  curl: Fix CVE-2023-46219
  qemu: 8.1.2 -> 8.1.4

Peter Kjellerstedt (1):
  devtool: modify: Handle recipes with a menuconfig task correctly

Richard Purdie (1):
  sstate: Fix dir ownership issues in SSTATE_DIR

Robert Yang (1):
  nfs-utils: Upgrade 2.6.3 -> 2.6.4

Wang Mingyu (1):
  xwayland: upgrade 23.2.2 -> 23.2.3

Xiangyu Chen (1):
  sudo: upgrade 1.9.14p3 -> 1.9.15p2

 meta/classes-global/sstate.bbclass            |   9 +-
 meta/classes/create-spdx-2.2.bbclass          |   2 +-
 ...event-and-libsqlite3-checked-when-nf.patch |  80 -----------
 ...nclude-unistd.h-to-compile-with-musl.patch |  34 +++++
 ...{nfs-utils_2.6.3.bb => nfs-utils_2.6.4.bb} |   8 +-
 ...e-passwd_3.6.2.bb => base-passwd_3.6.3.bb} |   2 +-
 ...t-write-bindir-into-pkg-config-files.patch |   4 +-
 ...0001-Fix-DATADIRNAME-on-uclibc-Linux.patch |   3 +-
 ...-gio-querymodules-as-libexec_PROGRAM.patch |   6 +-
 ...ng-about-deprecated-paths-in-schemas.patch |   4 +-
 ...-correctly-when-building-with-mingw3.patch |  18 +--
 ...ces.c-comment-out-a-build-host-only-.patch |   6 +-
 ...on-Run-atomics-test-on-clang-as-well.patch |   6 +-
 ...ot-enable-pidfd-features-on-native-g.patch |   8 +-
 ...dcode-python-path-into-various-tools.patch |   6 +-
 .../glib-2.0/glib-2.0/relocate-modules.patch  |   2 +-
 ...{glib-2.0_2.78.1.bb => glib-2.0_2.78.3.bb} |   2 +-
 ...u-native_8.1.2.bb => qemu-native_8.1.4.bb} |   0
 ...e_8.1.2.bb => qemu-system-native_8.1.4.bb} |   0
 meta/recipes-devtools/qemu/qemu.inc           |   2 +-
 .../qemu/{qemu_8.1.2.bb => qemu_8.1.4.bb}     |   0
 .../recipes-extended/rpcbind/rpcbind_1.2.6.bb |   2 +-
 .../{sudo_1.9.14p3.bb => sudo_1.9.15p5.bb}    |   2 +-
 ...{xwayland_23.2.2.bb => xwayland_23.2.3.bb} |   2 +-
 .../curl/curl/CVE-2023-46219.patch            | 131 ++++++++++++++++++
 meta/recipes-support/curl/curl_8.4.0.bb       |   1 +
 scripts/lib/devtool/standard.py               |   2 +-
 27 files changed, 215 insertions(+), 127 deletions(-)
 delete mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure.ac-libevent-and-libsqlite3-checked-when-nf.patch
 create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch
 rename meta/recipes-connectivity/nfs-utils/{nfs-utils_2.6.3.bb => nfs-utils_2.6.4.bb} (94%)
 rename meta/recipes-core/base-passwd/{base-passwd_3.6.2.bb => base-passwd_3.6.3.bb} (98%)
 rename meta/recipes-core/glib-2.0/{glib-2.0_2.78.1.bb => glib-2.0_2.78.3.bb} (96%)
 rename meta/recipes-devtools/qemu/{qemu-native_8.1.2.bb => qemu-native_8.1.4.bb} (100%)
 rename meta/recipes-devtools/qemu/{qemu-system-native_8.1.2.bb => qemu-system-native_8.1.4.bb} (100%)
 rename meta/recipes-devtools/qemu/{qemu_8.1.2.bb => qemu_8.1.4.bb} (100%)
 rename meta/recipes-extended/sudo/{sudo_1.9.14p3.bb => sudo_1.9.15p5.bb} (96%)
 rename meta/recipes-graphics/xwayland/{xwayland_23.2.2.bb => xwayland_23.2.3.bb} (95%)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-46219.patch

-- 
2.34.1

[OE-core][nanbield 01/12] curl: Fix CVE-2023-46219

[Steve Sakoman]

From: Lee Chee Yang <chee.yang.lee@intel.com>

Upstream docs for CVE-2023-46219:
https://curl.se/docs/CVE-2023-46219.html

Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../curl/curl/CVE-2023-46219.patch            | 131 ++++++++++++++++++
 meta/recipes-support/curl/curl_8.4.0.bb       |   1 +
 2 files changed, 132 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-46219.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2023-46219.patch b/meta/recipes-support/curl/curl/CVE-2023-46219.patch
new file mode 100644
index 0000000000..d6c8925218
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2023-46219.patch
@@ -0,0 +1,131 @@
+CVE: CVE-2023-46219
+Upstream-Status: Backport [ https://github.com/curl/curl/commit/73b65e94f3531179de45 ]
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+
+From 73b65e94f3531179de45c6f3c836a610e3d0a846 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 23 Nov 2023 08:23:17 +0100
+Subject: [PATCH] fopen: create short(er) temporary file name
+
+Only using random letters in the name plus a ".tmp" extension. Not by
+appending characters to the final file name.
+
+Reported-by: Maksymilian Arciemowicz
+
+Closes #12388
+---
+ lib/fopen.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++++-----
+ 1 file changed, 60 insertions(+), 5 deletions(-)
+
+diff --git a/lib/fopen.c b/lib/fopen.c
+index 75b8a7aa534085..a73ac068ea3016 100644
+--- a/lib/fopen.c
++++ b/lib/fopen.c
+@@ -39,6 +39,51 @@
+ #include "curl_memory.h"
+ #include "memdebug.h"
+ 
++/*
++  The dirslash() function breaks a null-terminated pathname string into
++  directory and filename components then returns the directory component up
++  to, *AND INCLUDING*, a final '/'.  If there is no directory in the path,
++  this instead returns a "" string.
++
++  This function returns a pointer to malloc'ed memory.
++
++  The input path to this function is expected to have a file name part.
++*/
++
++#ifdef _WIN32
++#define PATHSEP "\\"
++#define IS_SEP(x) (((x) == '/') || ((x) == '\\'))
++#elif defined(MSDOS) || defined(__EMX__) || defined(OS2)
++#define PATHSEP "\\"
++#define IS_SEP(x) ((x) == '\\')
++#else
++#define PATHSEP "/"
++#define IS_SEP(x) ((x) == '/')
++#endif
++
++static char *dirslash(const char *path)
++{
++  size_t n;
++  struct dynbuf out;
++  DEBUGASSERT(path);
++  Curl_dyn_init(&out, CURL_MAX_INPUT_LENGTH);
++  n = strlen(path);
++  if(n) {
++    /* find the rightmost path separator, if any */
++    while(n && !IS_SEP(path[n-1]))
++      --n;
++    /* skip over all the path separators, if any */
++    while(n && IS_SEP(path[n-1]))
++      --n;
++  }
++  if(Curl_dyn_addn(&out, path, n))
++    return NULL;
++  /* if there was a directory, append a single trailing slash */
++  if(n && Curl_dyn_addn(&out, PATHSEP, 1))
++    return NULL;
++  return Curl_dyn_ptr(&out);
++}
++
+ /*
+  * Curl_fopen() opens a file for writing with a temp name, to be renamed
+  * to the final name when completed. If there is an existing file using this
+@@ -50,25 +95,34 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename,
+                     FILE **fh, char **tempname)
+ {
+   CURLcode result = CURLE_WRITE_ERROR;
+-  unsigned char randsuffix[9];
++  unsigned char randbuf[41];
+   char *tempstore = NULL;
+   struct_stat sb;
+   int fd = -1;
++  char *dir;
+   *tempname = NULL;
+ 
++  dir = dirslash(filename);
++  if(!dir)
++    goto fail;
++
+   *fh = fopen(filename, FOPEN_WRITETEXT);
+   if(!*fh)
+     goto fail;
+-  if(fstat(fileno(*fh), &sb) == -1 || !S_ISREG(sb.st_mode))
++  if(fstat(fileno(*fh), &sb) == -1 || !S_ISREG(sb.st_mode)) {
++    free(dir);
+     return CURLE_OK;
++  }
+   fclose(*fh);
+   *fh = NULL;
+ 
+-  result = Curl_rand_alnum(data, randsuffix, sizeof(randsuffix));
++  result = Curl_rand_alnum(data, randbuf, sizeof(randbuf));
+   if(result)
+     goto fail;
+ 
+-  tempstore = aprintf("%s.%s.tmp", filename, randsuffix);
++  /* The temp file name should not end up too long for the target file
++     system */
++  tempstore = aprintf("%s%s.tmp", dir, randbuf);
+   if(!tempstore) {
+     result = CURLE_OUT_OF_MEMORY;
+     goto fail;
+@@ -95,6 +149,7 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename,
+   if(!*fh)
+     goto fail;
+ 
++  free(dir);
+   *tempname = tempstore;
+   return CURLE_OK;
+ 
+@@ -105,7 +160,7 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename,
+   }
+ 
+   free(tempstore);
+-
++  free(dir);
+   return result;
+ }
+ 
diff --git a/meta/recipes-support/curl/curl_8.4.0.bb b/meta/recipes-support/curl/curl_8.4.0.bb
index 8f1ba52692..977404c963 100644
--- a/meta/recipes-support/curl/curl_8.4.0.bb
+++ b/meta/recipes-support/curl/curl_8.4.0.bb
@@ -14,6 +14,7 @@ SRC_URI = " \
     file://run-ptest \
     file://disable-tests \
     file://CVE-2023-46218.patch \
+    file://CVE-2023-46219.patch \
 "
 SRC_URI[sha256sum] = "16c62a9c4af0f703d28bda6d7bbf37ba47055ad3414d70dec63e2e6336f2a82d"
 
-- 
2.34.1

[OE-core][nanbield 02/12] nfs-utils: Upgrade 2.6.3 -> 2.6.4

[Steve Sakoman]

From: Robert Yang <liezhi.yang@windriver.com>

* Remove backported patch 0001-configure.ac-libevent-and-libsqlite3-checked-when-nf.patch.
* Add 0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch to fix build with musl

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit ff416e9fd6a1a65cf59ecd662613581b6190e05e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...event-and-libsqlite3-checked-when-nf.patch | 80 -------------------
 ...nclude-unistd.h-to-compile-with-musl.patch | 34 ++++++++
 ...{nfs-utils_2.6.3.bb => nfs-utils_2.6.4.bb} |  8 +-
 3 files changed, 38 insertions(+), 84 deletions(-)
 delete mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure.ac-libevent-and-libsqlite3-checked-when-nf.patch
 create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch
 rename meta/recipes-connectivity/nfs-utils/{nfs-utils_2.6.3.bb => nfs-utils_2.6.4.bb} (94%)

diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure.ac-libevent-and-libsqlite3-checked-when-nf.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure.ac-libevent-and-libsqlite3-checked-when-nf.patch
deleted file mode 100644
index 5afc714f19..0000000000
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure.ac-libevent-and-libsqlite3-checked-when-nf.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From b62a3fe424026b73ec6b1934483b16863c7dff23 Mon Sep 17 00:00:00 2001
-From: Wiktor Jaskulski <wjaskulski@adva.com>
-Date: Thu, 11 May 2023 15:28:23 -0400
-Subject: [PATCH] configure.ac: libevent and libsqlite3 checked when nfsv4 is
- disabled
-
-Upstream-Status: Backport
-(http://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=bc4a5deef9f820c55fdac3c0070364c17cd91cca)
-
-Signed-off-by: Steve Dickson <steved@redhat.com>
-Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
----
- configure.ac | 38 +++++++++++++++-----------------------
- 1 file changed, 15 insertions(+), 23 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 4ade528d..519cacbf 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -335,42 +335,34 @@ AC_CHECK_HEADER(rpc/rpc.h, ,
-                 AC_MSG_ERROR([Header file rpc/rpc.h not found - maybe try building with --enable-tirpc]))
- CPPFLAGS="${nfsutils_save_CPPFLAGS}"
- 
-+dnl check for libevent libraries and headers
-+AC_LIBEVENT
-+
-+dnl Check for sqlite3
-+AC_SQLITE3_VERS
-+
-+case $libsqlite3_cv_is_recent in
-+yes) ;;
-+unknown)
-+   dnl do not fail when cross-compiling
-+   AC_MSG_WARN([assuming sqlite is at least v3.3]) ;;
-+*)
-+   AC_MSG_ERROR([nfsdcld requires sqlite-devel]) ;;
-+esac
-+
- if test "$enable_nfsv4" = yes; then
--  dnl check for libevent libraries and headers
--  AC_LIBEVENT
- 
-   dnl check for the keyutils libraries and headers
-   AC_KEYUTILS
- 
--  dnl Check for sqlite3
--  AC_SQLITE3_VERS
--
-   if test "$enable_nfsdcld" = "yes"; then
- 	AC_CHECK_HEADERS([libgen.h sys/inotify.h], ,
- 		AC_MSG_ERROR([Cannot find header needed for nfsdcld]))
--
--    case $libsqlite3_cv_is_recent in
--    yes) ;;
--    unknown)
--      dnl do not fail when cross-compiling
--      AC_MSG_WARN([assuming sqlite is at least v3.3]) ;;
--    *)
--      AC_MSG_ERROR([nfsdcld requires sqlite-devel]) ;;
--    esac
-   fi
- 
-   if test "$enable_nfsdcltrack" = "yes"; then
- 	AC_CHECK_HEADERS([libgen.h sys/inotify.h], ,
- 		AC_MSG_ERROR([Cannot find header needed for nfsdcltrack]))
--
--    case $libsqlite3_cv_is_recent in
--    yes) ;;
--    unknown)
--      dnl do not fail when cross-compiling
--      AC_MSG_WARN([assuming sqlite is at least v3.3]) ;;
--    *)
--      AC_MSG_ERROR([nfsdcltrack requires sqlite-devel]) ;;
--    esac
-   fi
- 
- else
--- 
-2.41.0
-
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch
new file mode 100644
index 0000000000..8607b64cb1
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch
@@ -0,0 +1,34 @@
+From 45597a58e98f351b18db8444292b1cf6dd0cd810 Mon Sep 17 00:00:00 2001
+From: Robert Yang <liezhi.yang@windriver.com>
+Date: Sat, 9 Dec 2023 23:34:08 -0800
+Subject: [PATCH] reexport.h: Include unistd.h to compile with musl
+
+Fixed error when compile with musl
+reexport.c: In function 'reexpdb_init':
+reexport.c:62:17: error: implicit declaration of function 'sleep' [-Werror=implicit-function-declaration]
+   62 |                 sleep(1);
+
+
+Upstream-Status: Pending
+
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+---
+ support/reexport/reexport.h | 1 +
+ 1 files changed, 1 insertions(+)
+
+diff --git a/support/reexport/reexport.h b/support/reexport/reexport.h
+index 85fd59c..02f8684 100644
+--- a/support/reexport/reexport.h
++++ b/support/reexport/reexport.h
+@@ -1,6 +1,8 @@
+ #ifndef REEXPORT_H
+ #define REEXPORT_H
+ 
++#include <unistd.h>
++
+ #include "nfslib.h"
+ 
+ enum {
+-- 
+2.42.0
+
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.6.3.bb b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.6.4.bb
similarity index 94%
rename from meta/recipes-connectivity/nfs-utils/nfs-utils_2.6.3.bb
rename to meta/recipes-connectivity/nfs-utils/nfs-utils_2.6.4.bb
index 35cf6af6d4..2f2644f9a8 100644
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.6.3.bb
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.6.4.bb
@@ -30,11 +30,11 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.x
            file://bugfix-adjust-statd-service-name.patch \
            file://0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch \
            file://clang-warnings.patch \
-           file://0001-configure.ac-libevent-and-libsqlite3-checked-when-nf.patch \
-	   file://0001-locktest-Makefile.am-Do-not-use-build-flags.patch \
-	   file://0001-tools-locktest-Use-intmax_t-to-print-off_t.patch \
+           file://0001-locktest-Makefile.am-Do-not-use-build-flags.patch \
+           file://0001-tools-locktest-Use-intmax_t-to-print-off_t.patch \
+           file://0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch \
            "
-SRC_URI[sha256sum] = "38d89e853a71d3c560ff026af3d969d75e24f782ff68324e76261fe0344459e1"
+SRC_URI[sha256sum] = "01b3b0fb9c7d0bbabf5114c736542030748c788ec2fd9734744201e9b0a1119d"
 
 # Only kernel-module-nfsd is required here (but can be built-in)  - the nfsd module will
 # pull in the remainder of the dependencies.
-- 
2.34.1

[OE-core][nanbield 03/12] xwayland: upgrade 23.2.2 -> 23.2.3

[Steve Sakoman]

From: Wang Mingyu <wangmy@fujitsu.com>

upgrade include fix for CVE-2023-6377 CVE-2023-6478

(Cherry-pick from OE-Core rev: bf0bb7b94ed4930145af5f1fb3836157daceb6bb)

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../xwayland/{xwayland_23.2.2.bb => xwayland_23.2.3.bb}         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-graphics/xwayland/{xwayland_23.2.2.bb => xwayland_23.2.3.bb} (95%)

diff --git a/meta/recipes-graphics/xwayland/xwayland_23.2.2.bb b/meta/recipes-graphics/xwayland/xwayland_23.2.3.bb
similarity index 95%
rename from meta/recipes-graphics/xwayland/xwayland_23.2.2.bb
rename to meta/recipes-graphics/xwayland/xwayland_23.2.3.bb
index 9feac147db..9aa7b4dfcd 100644
--- a/meta/recipes-graphics/xwayland/xwayland_23.2.2.bb
+++ b/meta/recipes-graphics/xwayland/xwayland_23.2.3.bb
@@ -10,7 +10,7 @@ LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://COPYING;md5=5df87950af51ac2c5822094553ea1880"
 
 SRC_URI = "https://www.x.org/archive/individual/xserver/xwayland-${PV}.tar.xz"
-SRC_URI[sha256sum] = "9f7c0938d2a41e941ffa04f99c35e5db2bcd3eec034afe8d35d5c810a22eb0a8"
+SRC_URI[sha256sum] = "eb9d9aa7232c47412c8835ec15a97c575f03563726c787754ff0c019bd07e302"
 
 UPSTREAM_CHECK_REGEX = "xwayland-(?P<pver>\d+(\.(?!90\d)\d+)+)\.tar"
 
-- 
2.34.1

[OE-core][nanbield 04/12] base-passwd: upgrade 3.6.2 -> 3.6.3

[Steve Sakoman]

From: Anuj Mittal <anuj.mittal@intel.com>

Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 74d165f5baacd0cd94eb90396b0a3119281df91d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../base-passwd/{base-passwd_3.6.2.bb => base-passwd_3.6.3.bb}  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-core/base-passwd/{base-passwd_3.6.2.bb => base-passwd_3.6.3.bb} (98%)

diff --git a/meta/recipes-core/base-passwd/base-passwd_3.6.2.bb b/meta/recipes-core/base-passwd/base-passwd_3.6.3.bb
similarity index 98%
rename from meta/recipes-core/base-passwd/base-passwd_3.6.2.bb
rename to meta/recipes-core/base-passwd/base-passwd_3.6.3.bb
index bb4b49e6ab..9d7703b1c0 100644
--- a/meta/recipes-core/base-passwd/base-passwd_3.6.2.bb
+++ b/meta/recipes-core/base-passwd/base-passwd_3.6.3.bb
@@ -15,7 +15,7 @@ SRC_URI = "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar
            file://0001-base-passwd-Add-the-sgx-group.patch \
            "
 
-SRC_URI[sha256sum] = "06dc78352bf38a8df76ff295e15ab5654cdefe41e62368b15bfcbbab8e4ec2a0"
+SRC_URI[sha256sum] = "83575327d8318a419caf2d543341215c046044073d1afec2acc0ac4d8095ff39"
 
 # the package is taken from launchpad; that source is static and goes stale
 # so we check the latest upstream from a directory that does get updated
-- 
2.34.1

[OE-core][nanbield 05/12] glib-2.0: upgrade 2.78.1 -> 2.78.3

[Steve Sakoman]

From: Anuj Mittal <anuj.mittal@intel.com>

Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 419503d3d3402b683979696f248cd42f05c282b7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...ot-write-bindir-into-pkg-config-files.patch |  4 ++--
 .../0001-Fix-DATADIRNAME-on-uclibc-Linux.patch |  3 +--
 ...l-gio-querymodules-as-libexec_PROGRAM.patch |  6 +++---
 ...ing-about-deprecated-paths-in-schemas.patch |  4 ++--
 ...e-correctly-when-building-with-mingw3.patch | 18 +++++++++---------
 ...rces.c-comment-out-a-build-host-only-.patch |  6 +++---
 ...son-Run-atomics-test-on-clang-as-well.patch |  6 +++---
 ...not-enable-pidfd-features-on-native-g.patch |  8 +++-----
 ...rdcode-python-path-into-various-tools.patch |  6 +++---
 .../glib-2.0/glib-2.0/relocate-modules.patch   |  2 +-
 .../{glib-2.0_2.78.1.bb => glib-2.0_2.78.3.bb} |  2 +-
 11 files changed, 31 insertions(+), 34 deletions(-)
 rename meta/recipes-core/glib-2.0/{glib-2.0_2.78.1.bb => glib-2.0_2.78.3.bb} (96%)

diff --git a/meta/recipes-core/glib-2.0/glib-2.0/0001-Do-not-write-bindir-into-pkg-config-files.patch b/meta/recipes-core/glib-2.0/glib-2.0/0001-Do-not-write-bindir-into-pkg-config-files.patch
index 0d44ddf299..0e5f371cb5 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0/0001-Do-not-write-bindir-into-pkg-config-files.patch
+++ b/meta/recipes-core/glib-2.0/glib-2.0/0001-Do-not-write-bindir-into-pkg-config-files.patch
@@ -1,4 +1,4 @@
-From 9ec4eedeb3f67db0bff09f5d859318d05ff47964 Mon Sep 17 00:00:00 2001
+From cf7df91cc8c3b4811235ef8aec144c5f0cf90bdb Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Fri, 15 Feb 2019 11:17:27 +0100
 Subject: [PATCH] Do not write $bindir into pkg-config files
@@ -16,7 +16,7 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
  2 files changed, 11 insertions(+), 11 deletions(-)
 
 diff --git a/gio/meson.build b/gio/meson.build
-index a320c0f..86ce7c4 100644
+index 5f91586..1a95f4f 100644
 --- a/gio/meson.build
 +++ b/gio/meson.build
 @@ -884,14 +884,14 @@ pkg.generate(libgio,
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/0001-Fix-DATADIRNAME-on-uclibc-Linux.patch b/meta/recipes-core/glib-2.0/glib-2.0/0001-Fix-DATADIRNAME-on-uclibc-Linux.patch
index 16f2d31496..1254466063 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0/0001-Fix-DATADIRNAME-on-uclibc-Linux.patch
+++ b/meta/recipes-core/glib-2.0/glib-2.0/0001-Fix-DATADIRNAME-on-uclibc-Linux.patch
@@ -1,4 +1,4 @@
-From c94e669de98a3892c699bd8d0d2b5164b2de747e Mon Sep 17 00:00:00 2001
+From b907a6681c4c24e5d3745538d9fcd471cf1c4c4a Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Sat, 15 Mar 2014 22:42:29 -0700
 Subject: [PATCH] Fix DATADIRNAME on uclibc/Linux
@@ -9,7 +9,6 @@ based systems therefore lets set DATADIRNAME to "share".
 Signed-off-by: Khem Raj <raj.khem@gmail.com>
 Upstream-Status: Pending
 
-
 ---
  m4macros/glib-gettext.m4 | 4 ++++
  1 file changed, 4 insertions(+)
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/0001-Install-gio-querymodules-as-libexec_PROGRAM.patch b/meta/recipes-core/glib-2.0/glib-2.0/0001-Install-gio-querymodules-as-libexec_PROGRAM.patch
index 597864d9ac..50d369c24e 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0/0001-Install-gio-querymodules-as-libexec_PROGRAM.patch
+++ b/meta/recipes-core/glib-2.0/glib-2.0/0001-Install-gio-querymodules-as-libexec_PROGRAM.patch
@@ -1,4 +1,4 @@
-From 0015db45cd1bfefc04959dffab5dabeead93136f Mon Sep 17 00:00:00 2001
+From 6e2ddcb5465d10618345b12e0b4471ead0f14304 Mon Sep 17 00:00:00 2001
 From: Jussi Kukkonen <jussi.kukkonen@intel.com>
 Date: Tue, 22 Mar 2016 15:14:58 +0200
 Subject: [PATCH] Install gio-querymodules as libexec_PROGRAM
@@ -14,10 +14,10 @@ Upstream-Status: Inappropriate [OE specific]
  1 file changed, 1 insertion(+)
 
 diff --git a/gio/meson.build b/gio/meson.build
-index 2ef60ed..532b086 100644
+index f9fdf6e..5f91586 100644
 --- a/gio/meson.build
 +++ b/gio/meson.build
-@@ -936,6 +936,7 @@ gio_querymodules = executable('gio-querymodules', 'gio-querymodules.c', 'giomodu
+@@ -1005,6 +1005,7 @@ gio_querymodules = executable('gio-querymodules', 'gio-querymodules.c', 'giomodu
    c_args : gio_c_args,
    # intl.lib is not compatible with SAFESEH
    link_args : noseh_link_args,
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/0001-Remove-the-warning-about-deprecated-paths-in-schemas.patch b/meta/recipes-core/glib-2.0/glib-2.0/0001-Remove-the-warning-about-deprecated-paths-in-schemas.patch
index 6fd93526ce..f810574d97 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0/0001-Remove-the-warning-about-deprecated-paths-in-schemas.patch
+++ b/meta/recipes-core/glib-2.0/glib-2.0/0001-Remove-the-warning-about-deprecated-paths-in-schemas.patch
@@ -1,4 +1,4 @@
-From 4f47b8a8d650d185aa61aec2f56a283522a723c4 Mon Sep 17 00:00:00 2001
+From c8c223045821cac97f798cfa63f19853621a8a2a Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Fri, 12 Jun 2015 17:08:46 +0300
 Subject: [PATCH] Remove the warning about deprecated paths in schemas
@@ -15,7 +15,7 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
  1 file changed, 13 deletions(-)
 
 diff --git a/gio/glib-compile-schemas.c b/gio/glib-compile-schemas.c
-index 7888120..7acbd5b 100644
+index 04ef404..e791ce2 100644
 --- a/gio/glib-compile-schemas.c
 +++ b/gio/glib-compile-schemas.c
 @@ -1232,19 +1232,6 @@ parse_state_start_schema (ParseState  *state,
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/0001-Set-host_machine-correctly-when-building-with-mingw3.patch b/meta/recipes-core/glib-2.0/glib-2.0/0001-Set-host_machine-correctly-when-building-with-mingw3.patch
index 2e1e2313e8..e1d2fb0e54 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0/0001-Set-host_machine-correctly-when-building-with-mingw3.patch
+++ b/meta/recipes-core/glib-2.0/glib-2.0/0001-Set-host_machine-correctly-when-building-with-mingw3.patch
@@ -1,4 +1,4 @@
-From ba1728bc27c88597164957d000b70ec4be6edf28 Mon Sep 17 00:00:00 2001
+From bafde4eedc0a22b45e73ee6183b9a11393a1e400 Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Wed, 13 Feb 2019 15:32:05 +0100
 Subject: [PATCH] Set host_machine correctly when building with mingw32
@@ -13,7 +13,7 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
  3 files changed, 8 insertions(+), 5 deletions(-)
 
 diff --git a/gio/tests/meson.build b/gio/tests/meson.build
-index f644aa2..64a8684 100644
+index 4ef3343..e498e7e 100644
 --- a/gio/tests/meson.build
 +++ b/gio/tests/meson.build
 @@ -29,7 +29,7 @@ endif
@@ -25,7 +25,7 @@ index f644aa2..64a8684 100644
    common_gio_tests_deps += [iphlpapi_dep, winsock2, cc.find_library ('secur32')]
  endif
  
-@@ -210,7 +210,7 @@ if have_dbus_daemon
+@@ -230,7 +230,7 @@ if have_dbus_daemon
  endif
  
  #  Test programs buildable on UNIX only
@@ -34,7 +34,7 @@ index f644aa2..64a8684 100644
    gio_tests += {
      'file' : {},
      'gdbus-peer-object-manager' : {},
-@@ -462,7 +462,7 @@ if host_machine.system() != 'windows'
+@@ -562,7 +562,7 @@ if host_machine.system() != 'windows'
  endif # unix
  
  #  Test programs buildable on Windows only
@@ -43,7 +43,7 @@ index f644aa2..64a8684 100644
    gio_tests += {'win32-streams' : {}}
  endif
  
-@@ -532,7 +532,7 @@ if cc.get_id() != 'msvc' and cc.get_id() != 'clang-cl'
+@@ -632,7 +632,7 @@ if cc.get_id() != 'msvc' and cc.get_id() != 'clang-cl'
    }
  endif
  
@@ -53,10 +53,10 @@ index f644aa2..64a8684 100644
      'gdbus-example-unix-fd-client' : {
        'install' : false,
 diff --git a/glib/tests/meson.build b/glib/tests/meson.build
-index db01b54..6950817 100644
+index d80c86e..5329cda 100644
 --- a/glib/tests/meson.build
 +++ b/glib/tests/meson.build
-@@ -188,7 +188,7 @@ if glib_conf.has('HAVE_EVENTFD')
+@@ -216,7 +216,7 @@ if glib_conf.has('HAVE_EVENTFD')
    }
  endif
  
@@ -66,10 +66,10 @@ index db01b54..6950817 100644
      glib_tests += {
        'gpoll' : {
 diff --git a/meson.build b/meson.build
-index 43bb468..5f9b59c 100644
+index f7e936e..122f8b5 100644
 --- a/meson.build
 +++ b/meson.build
-@@ -43,6 +43,9 @@ else
+@@ -54,6 +54,9 @@ else
  endif
  
  host_system = host_machine.system()
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch b/meta/recipes-core/glib-2.0/glib-2.0/0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch
index d33fdd4d8b..e4c2f77459 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0/0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch
+++ b/meta/recipes-core/glib-2.0/glib-2.0/0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch
@@ -1,4 +1,4 @@
-From 92de6c7eb30b961b24a2dce812d5276487b7d23d Mon Sep 17 00:00:00 2001
+From 3f05b9418c88bbb83c08b57cc5529b006f26fff4 Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Wed, 8 Jan 2020 18:22:46 +0100
 Subject: [PATCH] gio/tests/resources.c: comment out a build host-only test
@@ -14,10 +14,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/gio/tests/resources.c b/gio/tests/resources.c
-index c44d214..e289a01 100644
+index f567914..b21b616 100644
 --- a/gio/tests/resources.c
 +++ b/gio/tests/resources.c
-@@ -993,7 +993,7 @@ main (int   argc,
+@@ -1068,7 +1068,7 @@ main (int   argc,
    g_test_add_func ("/resource/automatic", test_resource_automatic);
    /* This only uses automatic resources too, so it tests the constructors and destructors */
    g_test_add_func ("/resource/module", test_resource_module);
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/0001-meson-Run-atomics-test-on-clang-as-well.patch b/meta/recipes-core/glib-2.0/glib-2.0/0001-meson-Run-atomics-test-on-clang-as-well.patch
index 44482dd2b7..071e4a7c4d 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0/0001-meson-Run-atomics-test-on-clang-as-well.patch
+++ b/meta/recipes-core/glib-2.0/glib-2.0/0001-meson-Run-atomics-test-on-clang-as-well.patch
@@ -1,4 +1,4 @@
-From 4b97f457b7b44117e27d2a218c4b68e7fe3fe4ce Mon Sep 17 00:00:00 2001
+From 17d718640ae6f953e5eea714c1bd64eeb6e4799f Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Sat, 12 Oct 2019 17:46:26 -0700
 Subject: [PATCH] meson: Run atomics test on clang as well
@@ -15,10 +15,10 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/meson.build b/meson.build
-index afb6eaa..6aa70f5 100644
+index 122f8b5..f055079 100644
 --- a/meson.build
 +++ b/meson.build
-@@ -1692,7 +1692,7 @@ atomicdefine = '''
+@@ -1938,7 +1938,7 @@ atomicdefine = '''
  # We know that we can always use real ("lock free") atomic operations with MSVC
  if cc.get_id() == 'msvc' or cc.get_id() == 'clang-cl' or cc.links(atomictest, name : 'atomic ops')
    have_atomic_lock_free = true
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch b/meta/recipes-core/glib-2.0/glib-2.0/0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch
index 788f420d11..e03f9a3c84 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0/0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch
+++ b/meta/recipes-core/glib-2.0/glib-2.0/0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch
@@ -1,4 +1,4 @@
-From 9aa9574861fad39d0679025e35fe1e188345f685 Mon Sep 17 00:00:00 2001
+From 7865d698b5d392aac3a3d32e9ebd5fea45017d15 Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex@linutronix.de>
 Date: Sat, 16 Sep 2023 22:28:27 +0200
 Subject: [PATCH] meson.build: do not enable pidfd features on native glib
@@ -9,12 +9,13 @@ where these features are not implemented.
 
 Upstream-Status: Inappropriate [oe-core specific]
 Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+
 ---
  meson.build | 3 ++-
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/meson.build b/meson.build
-index 1c36993..bbf97fc 100644
+index f055079..77d78aa 100644
 --- a/meson.build
 +++ b/meson.build
 @@ -981,7 +981,8 @@ if cc.links('''#include <sys/syscall.h>
@@ -27,6 +28,3 @@ index 1c36993..bbf97fc 100644
  endif
  
  # Check for __uint128_t (gcc) by checking for 128-bit division
--- 
-2.30.2
-
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/0010-Do-not-hardcode-python-path-into-various-tools.patch b/meta/recipes-core/glib-2.0/glib-2.0/0010-Do-not-hardcode-python-path-into-various-tools.patch
index 1c645f3a9a..4b75167da6 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0/0010-Do-not-hardcode-python-path-into-various-tools.patch
+++ b/meta/recipes-core/glib-2.0/glib-2.0/0010-Do-not-hardcode-python-path-into-various-tools.patch
@@ -1,4 +1,4 @@
-From 79ce7e545dd3a93f77d2146d50b6fa061fbceed9 Mon Sep 17 00:00:00 2001
+From 53bcd4b6cd3fe3fe4246914462e6724761eecf51 Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Tue, 3 Oct 2017 10:45:55 +0300
 Subject: [PATCH] Do not hardcode python path into various tools
@@ -23,7 +23,7 @@ index 67d3675..4e92a7a 100755
  # GDBus - GLib D-Bus Library
  #
 diff --git a/gobject/glib-genmarshal.in b/gobject/glib-genmarshal.in
-index 7380f24..c8abeaa 100755
+index aa5af43..56e8e2e 100755
 --- a/gobject/glib-genmarshal.in
 +++ b/gobject/glib-genmarshal.in
 @@ -1,4 +1,4 @@
@@ -33,7 +33,7 @@ index 7380f24..c8abeaa 100755
  # pylint: disable=too-many-lines, missing-docstring, invalid-name
  
 diff --git a/gobject/glib-mkenums.in b/gobject/glib-mkenums.in
-index 91ad779..3ebef62 100755
+index 353e53a..8ed6c39 100755
 --- a/gobject/glib-mkenums.in
 +++ b/gobject/glib-mkenums.in
 @@ -1,4 +1,4 @@
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/relocate-modules.patch b/meta/recipes-core/glib-2.0/glib-2.0/relocate-modules.patch
index 841fedef8a..95a73298d8 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0/relocate-modules.patch
+++ b/meta/recipes-core/glib-2.0/glib-2.0/relocate-modules.patch
@@ -1,4 +1,4 @@
-From b90d13900dd2777c2ab90c5b0be1a872c10a17da Mon Sep 17 00:00:00 2001
+From 03a069cb8066d3e8ef72a43f7b1db5c9625e9cc2 Mon Sep 17 00:00:00 2001
 From: Ross Burton <ross.burton@intel.com>
 Date: Fri, 11 Mar 2016 15:35:55 +0000
 Subject: [PATCH] glib-2.0: relocate the GIO module directory for native builds
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.78.1.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.78.3.bb
similarity index 96%
rename from meta/recipes-core/glib-2.0/glib-2.0_2.78.1.bb
rename to meta/recipes-core/glib-2.0/glib-2.0_2.78.3.bb
index a490262112..13d4b38e22 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0_2.78.1.bb
+++ b/meta/recipes-core/glib-2.0/glib-2.0_2.78.3.bb
@@ -19,7 +19,7 @@ SRC_URI:append:class-native = " file://relocate-modules.patch \
                                 file://0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch \
                               "
 
-SRC_URI[sha256sum] = "915bc3d0f8507d650ead3832e2f8fb670fce59aac4d7754a7dab6f1e6fed78b2"
+SRC_URI[sha256sum] = "609801dd373796e515972bf95fc0b2daa44545481ee2f465c4f204d224b2bc21"
 
 # Find any meson cross files in FILESPATH that are relevant for the current
 # build (using siteinfo) and add them to EXTRA_OEMESON.
-- 
2.34.1

[OE-core][nanbield 06/12] qemu: 8.1.2 -> 8.1.4

[Steve Sakoman]

From: Lee Chee Yang <chee.yang.lee@intel.com>

update include fix for CVE-2023-3019.
CVE-2023-3019 : https://github.com/qemu/qemu/commit/88e79a2dfda319f9ebec2cc8a5c3c9733716d13f

Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../qemu/{qemu-native_8.1.2.bb => qemu-native_8.1.4.bb}         | 0
 ...{qemu-system-native_8.1.2.bb => qemu-system-native_8.1.4.bb} | 0
 meta/recipes-devtools/qemu/qemu.inc                             | 2 +-
 meta/recipes-devtools/qemu/{qemu_8.1.2.bb => qemu_8.1.4.bb}     | 0
 4 files changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/qemu/{qemu-native_8.1.2.bb => qemu-native_8.1.4.bb} (100%)
 rename meta/recipes-devtools/qemu/{qemu-system-native_8.1.2.bb => qemu-system-native_8.1.4.bb} (100%)
 rename meta/recipes-devtools/qemu/{qemu_8.1.2.bb => qemu_8.1.4.bb} (100%)

diff --git a/meta/recipes-devtools/qemu/qemu-native_8.1.2.bb b/meta/recipes-devtools/qemu/qemu-native_8.1.4.bb
similarity index 100%
rename from meta/recipes-devtools/qemu/qemu-native_8.1.2.bb
rename to meta/recipes-devtools/qemu/qemu-native_8.1.4.bb
diff --git a/meta/recipes-devtools/qemu/qemu-system-native_8.1.2.bb b/meta/recipes-devtools/qemu/qemu-system-native_8.1.4.bb
similarity index 100%
rename from meta/recipes-devtools/qemu/qemu-system-native_8.1.2.bb
rename to meta/recipes-devtools/qemu/qemu-system-native_8.1.4.bb
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 5ab2cb83b4..0ea23ecdc3 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -37,7 +37,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
 UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
 
 
-SRC_URI[sha256sum] = "541526a764576eb494d2ff5ec46aeb253e62ea29035d1c23c0a8af4e6cd4f087"
+SRC_URI[sha256sum] = "176dd6d0bdcc4c71a94172d12ddb7a3b2e8e20d638e5db26138165a382be2dbd"
 
 SRC_URI:append:class-target = " file://cross.patch"
 SRC_URI:append:class-nativesdk = " file://cross.patch"
diff --git a/meta/recipes-devtools/qemu/qemu_8.1.2.bb b/meta/recipes-devtools/qemu/qemu_8.1.4.bb
similarity index 100%
rename from meta/recipes-devtools/qemu/qemu_8.1.2.bb
rename to meta/recipes-devtools/qemu/qemu_8.1.4.bb
-- 
2.34.1

[OE-core][nanbield 07/12] sudo: upgrade 1.9.14p3 -> 1.9.15p2

[Steve Sakoman]

From: Xiangyu Chen <xiangyu.chen@windriver.com>

Changelog:
===========
1.9.15p2:
- Fixed a bug on BSD systems where sudo would not restore the
terminal settings on exit if the terminal had parity enabled.

1.9.15p1:
- Fixed a bug introduced in sudo 1.9.15 that prevented LDAP-based
sudoers from being able to read the ldap.conf file.

1.9.15:
- Fixed an undefined symbol problem on older versions of macOS
when "intercept" or "log_subcmds" are enabled in sudoers.
- Fixed "make check" failure related to getpwent(3) wrapping
on NetBSD.
- Fixed the warning message for "sudo -l command" when the command
is not permitted.  There was a missing space between "list" and
the actual command due to changes in sudo 1.9.14.
- Fixed a bug where output could go to the wrong terminal if
"use_pty" is enabled (the default) and the standard input, output
or error is redirected to a different terminal.  Bug #1056.
- The visudo utility will no longer create an empty file when the
specified sudoers file does not exist and the user exits the
editor without making any changes.  GitHub issue #294.
- The AIX and Solaris sudo packages on www.sudo.ws now support
"log_subcmds" and "intercept" with both 32-bit and 64-bit
binaries.  Previously, they only worked when running binaries
with the same word size as the sudo binary.  GitHub issue #289.
- The sudoers source is now logged in the JSON event log.  This
makes it possible to tell which rule resulted in a match.
Running "sudo -ll command" now produces verbose output that
includes matching rule as well as the path to the sudoers file
the matching rule came from.  For LDAP sudoers, the name of the
matching sudoRole is printed instead.
- The embedded copy of zlib has been updated to version 1.3.
- The sudoers plugin has been modified to make it more resilient
to ROWHAMMER attacks on authentication and policy matching.
This addresses CVE-2023-42465.
- The sudoers plugin now constructs the user time stamp file path
name using the user-ID instead of the user name.  This avoids a
potential problem with user names that contain a path separator
('/') being interpreted as part of the path name.  A similar
issue in sudo-rs has been assigned CVE-2023-42456.
- A path separator ('/') in a user, group or host name is now
replaced with an underbar character ('_') when expanding escapes
in @include and @includedir directives as well as the "iolog_file"
and "iolog_dir" sudoers Default settings.
- The "intercept_verify" sudoers option is now only applied when
the "intercept" option is set in sudoers.  Previously, it was
also applied when "log_subcmds" was enabled.  Sudo 1.9.14
contained an incorrect fix for this.  Bug #1058.
- Changes to terminal settings are now performed atomically, where
possible.  If the command is being run in a pseudo-terminal and
the user's terminal is already in raw mode, sudo will not change
the user's terminal settings.  This prevents concurrent sudo
processes from restoring the terminal settings to the wrong values.
GitHub issue #312.
- Reverted a change from sudo 1.9.4 that resulted in PAM session
modules being called with the environment of the command to be
run instead of the environment of the invoking user.
GitHub issue #318.
- New Indonesian translation from translationproject.org.
- The sudo_logsrvd server will now raise its open file descriptor
limit to the maximum allowed value when it starts up.  Each
connection can require up to nine open file descriptors so the
default soft limit may be too low.
- Better log message when rejecting a command if the "intercept"
option is enabled and the "intercept_allow_setid" option is
disabled.  Previously, "command not allowed" would be logged and
the user had no way of knowing what the actual problem was.
- Sudo will now log the invoking user's environment as "submitenv"
in the JSON logs.  The command's environment ("runenv") is no
longer logged for commands rejected by the sudoers file or an
approval plugin.

(cherry picked from OE-Core rev 5ea298680a8f17d3b808a2c43b0182e9c391f663)

Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../sudo/{sudo_1.9.14p3.bb => sudo_1.9.15p2.bb}                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-extended/sudo/{sudo_1.9.14p3.bb => sudo_1.9.15p2.bb} (96%)

diff --git a/meta/recipes-extended/sudo/sudo_1.9.14p3.bb b/meta/recipes-extended/sudo/sudo_1.9.15p2.bb
similarity index 96%
rename from meta/recipes-extended/sudo/sudo_1.9.14p3.bb
rename to meta/recipes-extended/sudo/sudo_1.9.15p2.bb
index d5c5718ea5..431dfba3c2 100644
--- a/meta/recipes-extended/sudo/sudo_1.9.14p3.bb
+++ b/meta/recipes-extended/sudo/sudo_1.9.15p2.bb
@@ -7,7 +7,7 @@ SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \
 
 PAM_SRC_URI = "file://sudo.pam"
 
-SRC_URI[sha256sum] = "a08318b1c4bc8582c004d4cd9ae2903abc549e7e46ba815e41fe81d1c0782b62"
+SRC_URI[sha256sum] = "199c0cdbfa7efcfffa9c88684a8e2fb206a62b70a316507e4a91c89c873bbcc8"
 
 DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
 RDEPENDS:${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}"
-- 
2.34.1

[OE-core][nanbield 08/12] sudo: upgrade from 1.9.15p2 to 1.9.15p5

[Steve Sakoman]

From: Chen Qi <Qi.Chen@windriver.com>

(cherry picked from OE-Core rev 4b2eccc0ee3f2906f9b04de194b9df6e24c2cdf4)

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../sudo/{sudo_1.9.15p2.bb => sudo_1.9.15p5.bb}                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-extended/sudo/{sudo_1.9.15p2.bb => sudo_1.9.15p5.bb} (96%)

diff --git a/meta/recipes-extended/sudo/sudo_1.9.15p2.bb b/meta/recipes-extended/sudo/sudo_1.9.15p5.bb
similarity index 96%
rename from meta/recipes-extended/sudo/sudo_1.9.15p2.bb
rename to meta/recipes-extended/sudo/sudo_1.9.15p5.bb
index 431dfba3c2..8e542015ad 100644
--- a/meta/recipes-extended/sudo/sudo_1.9.15p2.bb
+++ b/meta/recipes-extended/sudo/sudo_1.9.15p5.bb
@@ -7,7 +7,7 @@ SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \
 
 PAM_SRC_URI = "file://sudo.pam"
 
-SRC_URI[sha256sum] = "199c0cdbfa7efcfffa9c88684a8e2fb206a62b70a316507e4a91c89c873bbcc8"
+SRC_URI[sha256sum] = "558d10b9a1991fb3b9fa7fa7b07ec4405b7aefb5b3cb0b0871dbc81e3a88e558"
 
 DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
 RDEPENDS:${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}"
-- 
2.34.1

[OE-core][nanbield 09/12] sstate: Fix dir ownership issues in SSTATE_DIR

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

We currently use mkdir -p to create missing parent directories within SSTATE_DIR.
Reading the man page for mkdir mentions that parent directories are created with
the current umask, *not* the mode passed upon the commandline.

We could fix this by setting and resetting the umask but since we already have
decent python code able to do this, move to using that injecting a python function
into the chain of functions already present.

This should help fix the occasional sstate directory creation with the wrong
permissions.

[YOCTO #14385]

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ae642a4b038c6946e6c8aa9778bf09099d938a31)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes-global/sstate.bbclass | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/meta/classes-global/sstate.bbclass b/meta/classes-global/sstate.bbclass
index 5b27a1f0f9..0f11a528b5 100644
--- a/meta/classes-global/sstate.bbclass
+++ b/meta/classes-global/sstate.bbclass
@@ -703,7 +703,7 @@ def sstate_package(ss, d):
     if d.getVar('SSTATE_SKIP_CREATION') == '1':
         return
 
-    sstate_create_package = ['sstate_report_unihash', 'sstate_create_package']
+    sstate_create_package = ['sstate_report_unihash', 'sstate_create_pkgdirs', 'sstate_create_package']
     if d.getVar('SSTATE_SIG_KEY'):
         sstate_create_package.append('sstate_sign_package')
 
@@ -810,6 +810,12 @@ python sstate_task_postfunc () {
 }
 sstate_task_postfunc[dirs] = "${WORKDIR}"
 
+python sstate_create_pkgdirs () {
+    # report_unihash can change SSTATE_PKG and mkdir -p in shell doesn't own intermediate directories
+    # correctly so do this in an intermediate python task
+    with bb.utils.umask(0o002):
+        bb.utils.mkdirhier(os.path.dirname(d.getVar('SSTATE_PKG')))
+}
 
 #
 # Shell function to generate a sstate package from a directory
@@ -822,7 +828,6 @@ sstate_create_package () {
 		return
 	fi
 
-	mkdir --mode=0775 -p `dirname ${SSTATE_PKG}`
 	TFILE=`mktemp ${SSTATE_PKG}.XXXXXXXX`
 
 	OPT="-cS"
-- 
2.34.1

[OE-core][nanbield 10/12] devtool: modify: Handle recipes with a menuconfig task correctly

[Steve Sakoman]

From: Peter Kjellerstedt <peter.kjellerstedt@axis.com>

This avoids the following error when running `devtool modify` on a
recipe that has a menuconfig task, but does not have
KCONFIG_CONFIG_ENABLE_MENUCONFIG set.

  .../temp/run.do_configure.4163366: line 152:
  ${@ oe.types.boolean('${KCONFIG_CONFIG_ENABLE_MENUCONFIG}') }: bad substitution
  WARNING: .../temp/run.do_configure.4163366:152 exit 1 from
  '[ ${@ oe.types.boolean('${KCONFIG_CONFIG_ENABLE_MENUCONFIG}') } = True ]'

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e87e6fa84a0c4b5ac8e736dc62f6e08390ba2436)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 scripts/lib/devtool/standard.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/lib/devtool/standard.py b/scripts/lib/devtool/standard.py
index 55fa38ccfb..0126f75022 100644
--- a/scripts/lib/devtool/standard.py
+++ b/scripts/lib/devtool/standard.py
@@ -971,7 +971,7 @@ def modify(args, config, basepath, workspace):
                         '}\n')
             if rd.getVarFlag('do_menuconfig','task'):
                 f.write('\ndo_configure:append() {\n'
-                '    if [ ${@ oe.types.boolean(\'${KCONFIG_CONFIG_ENABLE_MENUCONFIG}\') } = True ]; then\n'
+                '    if [ ${@oe.types.boolean(d.getVar("KCONFIG_CONFIG_ENABLE_MENUCONFIG"))} = True ]; then\n'
                 '        cp ${KCONFIG_CONFIG_ROOTDIR}/.config ${S}/.config.baseline\n'
                 '        ln -sfT ${KCONFIG_CONFIG_ROOTDIR}/.config ${S}/.config.new\n'
                 '    fi\n'
-- 
2.34.1

[OE-core][nanbield 11/12] create-spdx-2.2: combine spdx can try to write before dir creation

[Steve Sakoman]

From: "Jeremy A. Puhlman" <jpuhlman@mvista.com>

On occasion a file is attmpeded to be opened prior to the
creation of the spdx_workdir. Create the directory before
the open, just in case.

File: '/build/layers/poky/meta/classes/create-spdx-2.2.bbclass', lineno: 1081, function: combine_spdx
     1077:        )
     1078:
     1079:    image_spdx_path = spdx_workdir / (rootfs_name + ".spdx.json")
     1080:
 *** 1081:    with image_spdx_path.open("wb") as f:
     1082:        doc.to_json(f, sort_keys=True, indent=get_json_indent(d))

Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bb9f2a9c0ff5dcdeaf1a0beb6a614d0d022a2481)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/create-spdx-2.2.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/create-spdx-2.2.bbclass b/meta/classes/create-spdx-2.2.bbclass
index b0aef80db1..486efadba9 100644
--- a/meta/classes/create-spdx-2.2.bbclass
+++ b/meta/classes/create-spdx-2.2.bbclass
@@ -1075,7 +1075,7 @@ def combine_spdx(d, rootfs_name, rootfs_deploydir, rootfs_spdxid, packages, spdx
             "%s:%s" % (runtime_ref.externalDocumentId, runtime_doc.SPDXID),
             comment="Runtime dependencies for %s" % name
         )
-
+    bb.utils.mkdirhier(spdx_workdir)
     image_spdx_path = spdx_workdir / (rootfs_name + ".spdx.json")
 
     with image_spdx_path.open("wb") as f:
-- 
2.34.1

[OE-core][nanbield 12/12] rpcbind: Specify state directory under /run

[Steve Sakoman]

From: Joshua Watt <JPEWhacker@gmail.com>

The state directory must be correctly specified as under /run because
RequiresMountsFor doesn't follow symbolic links which means the unit may
run before /run is mounted if the default of /var/run/rpcbind is kept

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 561e853e97e2cfa325ed310233577a5e124d9049)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-extended/rpcbind/rpcbind_1.2.6.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-extended/rpcbind/rpcbind_1.2.6.bb b/meta/recipes-extended/rpcbind/rpcbind_1.2.6.bb
index dd89726afc..dbd4d32e0a 100644
--- a/meta/recipes-extended/rpcbind/rpcbind_1.2.6.bb
+++ b/meta/recipes-extended/rpcbind/rpcbind_1.2.6.bb
@@ -40,7 +40,7 @@ PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir}/
                           systemd \
 "
 
-EXTRA_OECONF += " --enable-warmstarts --with-rpcuser=rpc"
+EXTRA_OECONF += " --enable-warmstarts --with-rpcuser=rpc --with-statedir=${runtimedir}/rpcbind"
 
 do_install:append () {
 	install -d ${D}${sysconfdir}/init.d
-- 
2.34.1

Re: [OE-core][nanbield 12/12] rpcbind: Specify state directory under /run

[Böszörményi Zoltán]

2024. 01. 24. 15:01 keltezéssel, Steve Sakoman írta:
> From: Joshua Watt <JPEWhacker@gmail.com>
>
> The state directory must be correctly specified as under /run because
> RequiresMountsFor doesn't follow symbolic links which means the unit may
> run before /run is mounted if the default of /var/run/rpcbind is kept
>
> Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> (cherry picked from commit 561e853e97e2cfa325ed310233577a5e124d9049)
> Signed-off-by: Steve Sakoman <steve@sakoman.com>
> ---
>   meta/recipes-extended/rpcbind/rpcbind_1.2.6.bb | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta/recipes-extended/rpcbind/rpcbind_1.2.6.bb b/meta/recipes-extended/rpcbind/rpcbind_1.2.6.bb
> index dd89726afc..dbd4d32e0a 100644
> --- a/meta/recipes-extended/rpcbind/rpcbind_1.2.6.bb
> +++ b/meta/recipes-extended/rpcbind/rpcbind_1.2.6.bb
> @@ -40,7 +40,7 @@ PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir}/
>                             systemd \
>   "
>   
> -EXTRA_OECONF += " --enable-warmstarts --with-rpcuser=rpc"
> +EXTRA_OECONF += " --enable-warmstarts --with-rpcuser=rpc --with-statedir=${runtimedir}/rpcbind"

This backport didn't fix the rpcbind.service failure that
I can also reproduce in scarthgap.

The change requires "runtimedir" to be set, but it's empty.
rpcbind.service ends up with:

RequiresMountsFor=/rpcbind

instead of

RequiresMountsFor=/run/rpcbind

When editing the service manually or leaving it as,
rpcbind.service fails during boot with:

rpcbind[455]: rpcbind: /var/run/rpcbind.lock: Read-only file system

FWIW, the "runtimedir" variable in bitbake.conf was introduced
in scarthgap

commit 90bc18108230f6d41a50cebc8348444e119e95bf
Author: Joshua Watt <JPEWhacker@gmail.com>
Date:   Mon Dec 18 08:38:02 2023 -0700

     bitbake.conf: Add runtimedir

     Adds the path to the runtime state directory (/run). In particular,
     systemd units need to have the correct path to the runtime directory
     because RequiresMountsFor doesn't follow symbolic links. This means that
     if a unit calls out a directory in /var/run (a symbolic link to /run),
     it may actually start before /run is mounted. The fix is to have the
     unit specify a directory in /run instead.

     Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
     Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf
index e7826e7af9..83b12cbc15 100644
--- a/meta/conf/bitbake.conf
+++ b/meta/conf/bitbake.conf
@@ -31,6 +31,7 @@ export sysconfdir = "${base_prefix}/etc"
  export servicedir = "${base_prefix}/srv"
  export sharedstatedir = "${base_prefix}/com"
  export localstatedir = "${base_prefix}/var"
+runtimedir = "${base_prefix}/run"
  export datadir = "${prefix}/share"
  export infodir = "${datadir}/info"
  export mandir = "${datadir}/man"

This commit (with or without the export that other variables have around it)
applied to nanbield does not fix the rpcbind.service failure.

I just sent the hopefully proper fix for master that will also need
to be backported to scarthgap and nanbield, plus the runtimedir
commit to nanbield.

>   
>   do_install:append () {
>   	install -d ${D}${sysconfdir}/init.d
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#194288): https://lists.openembedded.org/g/openembedded-core/message/194288
> Mute This Topic: https://lists.openembedded.org/mt/103931999/3617728
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [zboszor@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>