aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-support
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-support')
-rw-r--r--meta/recipes-support/apr/apr/CVE-2021-35940.patch58
-rw-r--r--meta/recipes-support/apr/apr_1.7.0.bb1
-rw-r--r--meta/recipes-support/aspell/aspell_0.60.8.bb4
-rw-r--r--meta/recipes-support/aspell/files/CVE-2019-25051.patch101
-rw-r--r--meta/recipes-support/atk/at-spi2-core/0001-Ensure-x11_dep-is-defined.patch33
-rw-r--r--meta/recipes-support/atk/at-spi2-core_2.42.0.bb (renamed from meta/recipes-support/atk/at-spi2-core_2.40.3.bb)6
-rw-r--r--meta/recipes-support/boost/boost-1.77.0.inc (renamed from meta/recipes-support/boost/boost-1.76.0.inc)2
-rw-r--r--meta/recipes-support/boost/boost/0001-Fixes-wrong-type-for-mutex-in-regex-v5.patch54
-rw-r--r--meta/recipes-support/boost/boost_1.77.0.bb (renamed from meta/recipes-support/boost/boost_1.76.0.bb)4
-rw-r--r--meta/recipes-support/consolekit/consolekit_0.4.6.bb2
-rw-r--r--meta/recipes-support/curl/curl/cve-2021-22945.patch34
-rw-r--r--meta/recipes-support/curl/curl/cve-2021-22946.patch332
-rw-r--r--meta/recipes-support/curl/curl/cve-2021-22947.patch355
-rw-r--r--meta/recipes-support/curl/curl_7.78.0.bb4
-rw-r--r--meta/recipes-support/diffoscope/diffoscope_182.bb (renamed from meta/recipes-support/diffoscope/diffoscope_178.bb)2
-rw-r--r--meta/recipes-support/enchant/enchant2_2.3.1.bb (renamed from meta/recipes-support/enchant/enchant2_2.3.0.bb)2
-rw-r--r--meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch6
-rw-r--r--meta/recipes-support/gnupg/gnupg/relocate.patch39
-rw-r--r--meta/recipes-support/gnupg/gnupg_2.3.2.bb (renamed from meta/recipes-support/gnupg/gnupg_2.3.1.bb)3
-rw-r--r--meta/recipes-support/itstool/itstool/0001-Native-Don-t-use-build-time-hardcoded-python-binary-.patch8
-rw-r--r--meta/recipes-support/itstool/itstool_2.0.7.bb (renamed from meta/recipes-support/itstool/itstool_2.0.6.bb)6
-rw-r--r--meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch36
-rw-r--r--meta/recipes-support/libcap/files/0001-tests-do-not-statically-link-a-test.patch52
-rw-r--r--meta/recipes-support/libcap/files/0002-tests-do-not-run-target-executables.patch10
-rw-r--r--meta/recipes-support/libcap/libcap_2.54.bb (renamed from meta/recipes-support/libcap/libcap_2.51.bb)9
-rw-r--r--meta/recipes-support/libevent/libevent/0003-test-mark-util-monotonic_prc_fallback-as-retriable.patch28
-rw-r--r--meta/recipes-support/libevent/libevent/0004-test-retriable-tests-are-marked-failed-only-when-all-a.patch81
-rw-r--r--meta/recipes-support/libevent/libevent/run-ptest10
-rw-r--r--meta/recipes-support/libevent/libevent_2.1.12.bb6
-rw-r--r--meta/recipes-support/libexif/files/CVE-2020-0198.patch66
-rw-r--r--meta/recipes-support/libexif/files/CVE-2020-0452.patch39
-rw-r--r--meta/recipes-support/libexif/libexif_0.6.23.bb (renamed from meta/recipes-support/libexif/libexif_0.6.22.bb)6
-rw-r--r--meta/recipes-support/libgcrypt/libgcrypt_1.9.4.bb (renamed from meta/recipes-support/libgcrypt/libgcrypt_1.9.3.bb)2
-rw-r--r--meta/recipes-support/libgit2/libgit2_1.2.0.bb (renamed from meta/recipes-support/libgit2/libgit2_1.1.1.bb)8
-rw-r--r--meta/recipes-support/libical/libical_3.0.11.bb (renamed from meta/recipes-support/libical/libical_3.0.10.bb)4
-rw-r--r--meta/recipes-support/libjitterentropy/libjitterentropy/0001-Makefile-restore-build-reproducibility.patch27
-rw-r--r--meta/recipes-support/libjitterentropy/libjitterentropy_3.1.0.bb (renamed from meta/recipes-support/libjitterentropy/libjitterentropy_3.0.2.bb)18
-rw-r--r--meta/recipes-support/libseccomp/files/0001-arch-Add-riscv32-architecture-support.patch162
-rw-r--r--meta/recipes-support/libseccomp/files/0002-man-Add-RISCV64-to-arch-list.patch28
-rw-r--r--meta/recipes-support/libseccomp/files/0003-syscalls-update-the-syscall-defs-for-Linux-v5.15.0-r.patch (renamed from meta/recipes-support/libseccomp/files/0002-Regenerate-syscall-cvs-file-from-5.13-rc5-kernel.patch)60
-rw-r--r--meta/recipes-support/libseccomp/files/0004-syscalls-Add-quotactl_path.patch40
-rw-r--r--meta/recipes-support/libseccomp/libseccomp_2.5.2.bb (renamed from meta/recipes-support/libseccomp/libseccomp_2.5.1.bb)6
-rw-r--r--meta/recipes-support/libsoup/libsoup-2.4_2.72.0.bb4
-rw-r--r--meta/recipes-support/libsoup/libsoup_3.0.1.bb44
-rw-r--r--meta/recipes-support/libssh2/files/0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch6
-rw-r--r--meta/recipes-support/libssh2/files/0001-configure-Conditionally-undefine-backend-m4-macro.patch30
-rw-r--r--meta/recipes-support/libssh2/files/0001-kex.c-move-EC-macro-outside-of-if-check-549-550.patch112
-rw-r--r--meta/recipes-support/libssh2/files/CVE-2019-17498.patch131
-rw-r--r--meta/recipes-support/libssh2/libssh2_1.10.0.bb (renamed from meta/recipes-support/libssh2/libssh2_1.9.0.bb)12
-rw-r--r--meta/recipes-support/lz4/files/CVE-2021-3520.patch27
-rw-r--r--meta/recipes-support/lz4/files/run-ptest43
-rw-r--r--meta/recipes-support/lz4/lz4_1.9.3.bb4
-rw-r--r--meta/recipes-support/lzo/lzo_2.10.bb2
-rw-r--r--meta/recipes-support/nghttp2/nghttp2/0001-fetch-ocsp-response-use-python3.patch27
-rw-r--r--meta/recipes-support/nghttp2/nghttp2_1.45.1.bb35
-rw-r--r--meta/recipes-support/pinentry/pinentry-1.2.0/gpg-error_pkconf.patch (renamed from meta/recipes-support/pinentry/pinentry-1.1.1/gpg-error_pkconf.patch)126
-rw-r--r--meta/recipes-support/pinentry/pinentry-1.2.0/libassuan_pkgconf.patch (renamed from meta/recipes-support/pinentry/pinentry-1.1.1/libassuan_pkgconf.patch)0
-rw-r--r--meta/recipes-support/pinentry/pinentry_1.2.0.bb (renamed from meta/recipes-support/pinentry/pinentry_1.1.1.bb)2
-rw-r--r--meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb (renamed from meta/recipes-support/ptest-runner/ptest-runner_2.4.1.bb)8
-rw-r--r--meta/recipes-support/re2c/re2c_2.2.bb (renamed from meta/recipes-support/re2c/re2c_2.1.1.bb)2
-rw-r--r--meta/recipes-support/rng-tools/rng-tools/0001-Adding-ability-to-detect-non-posix-extensions-for-pt.patch41
-rw-r--r--meta/recipes-support/rng-tools/rng-tools/0002-Allow-for-use-of-either-pthread-affinity-set-methods.patch47
-rw-r--r--meta/recipes-support/rng-tools/rng-tools/rngd.service1
-rw-r--r--meta/recipes-support/rng-tools/rng-tools_6.14.bb (renamed from meta/recipes-support/rng-tools/rng-tools_6.13.bb)15
-rw-r--r--meta/recipes-support/serf/serf/0001-buckets-ssl_buckets.c-do-not-use-ERR_GET_FUNC.patch28
-rw-r--r--meta/recipes-support/serf/serf_1.3.9.bb1
-rw-r--r--meta/recipes-support/shared-mime-info/shared-mime-info_git.bb2
-rw-r--r--meta/recipes-support/sqlite/sqlite3_3.36.0.bb2
-rw-r--r--meta/recipes-support/vim/files/CVE-2021-3778.patch46
-rw-r--r--meta/recipes-support/vim/files/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch207
-rw-r--r--meta/recipes-support/vim/vim.inc8
71 files changed, 1956 insertions, 811 deletions
diff --git a/meta/recipes-support/apr/apr/CVE-2021-35940.patch b/meta/recipes-support/apr/apr/CVE-2021-35940.patch
new file mode 100644
index 0000000000..00befdacee
--- /dev/null
+++ b/meta/recipes-support/apr/apr/CVE-2021-35940.patch
@@ -0,0 +1,58 @@
+
+SECURITY: CVE-2021-35940 (cve.mitre.org)
+
+Restore fix for CVE-2017-12613 which was missing in 1.7.x branch, though
+was addressed in 1.6.x in 1.6.3 and later via r1807976.
+
+The fix was merged back to 1.7.x in r1891198.
+
+Since this was a regression in 1.7.0, a new CVE name has been assigned
+to track this, CVE-2021-35940.
+
+Thanks to Iveta Cesalova <icesalov redhat.com> for reporting this issue.
+
+https://svn.apache.org/viewvc?view=revision&revision=1891198
+
+Upstream-Status: Backport
+CVE: CVE-2021-35940
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+
+Index: time/unix/time.c
+===================================================================
+--- a/time/unix/time.c (revision 1891197)
++++ b/time/unix/time.c (revision 1891198)
+@@ -142,6 +142,9 @@
+ static const int dayoffset[12] =
+ {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
+
++ if (xt->tm_mon < 0 || xt->tm_mon >= 12)
++ return APR_EBADDATE;
++
+ /* shift new year to 1st March in order to make leap year calc easy */
+
+ if (xt->tm_mon < 2)
+Index: time/win32/time.c
+===================================================================
+--- a/time/win32/time.c (revision 1891197)
++++ b/time/win32/time.c (revision 1891198)
+@@ -54,6 +54,9 @@
+ static const int dayoffset[12] =
+ {0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334};
+
++ if (tm->wMonth < 1 || tm->wMonth > 12)
++ return APR_EBADDATE;
++
+ /* Note; the caller is responsible for filling in detailed tm_usec,
+ * tm_gmtoff and tm_isdst data when applicable.
+ */
+@@ -228,6 +231,9 @@
+ static const int dayoffset[12] =
+ {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
+
++ if (xt->tm_mon < 0 || xt->tm_mon >= 12)
++ return APR_EBADDATE;
++
+ /* shift new year to 1st March in order to make leap year calc easy */
+
+ if (xt->tm_mon < 2)
diff --git a/meta/recipes-support/apr/apr_1.7.0.bb b/meta/recipes-support/apr/apr_1.7.0.bb
index 08d9edf3c2..5f8fd6a461 100644
--- a/meta/recipes-support/apr/apr_1.7.0.bb
+++ b/meta/recipes-support/apr/apr_1.7.0.bb
@@ -24,6 +24,7 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.bz2 \
file://libtoolize_check.patch \
file://0001-Add-option-to-disable-timed-dependant-tests.patch \
file://autoconf270.patch \
+ file://CVE-2021-35940.patch \
"
SRC_URI[md5sum] = "7a14a83d664e87599ea25ff4432e48a7"
diff --git a/meta/recipes-support/aspell/aspell_0.60.8.bb b/meta/recipes-support/aspell/aspell_0.60.8.bb
index 2fe8f66908..3c2b3d1666 100644
--- a/meta/recipes-support/aspell/aspell_0.60.8.bb
+++ b/meta/recipes-support/aspell/aspell_0.60.8.bb
@@ -13,7 +13,9 @@ HOMEPAGE = "http://aspell.net/"
LICENSE = "LGPLv2 | LGPLv2.1"
LIC_FILES_CHKSUM = "file://COPYING;md5=7fbc338309ac38fefcd64b04bb903e34"
-SRC_URI = "${GNU_MIRROR}/aspell/aspell-${PV}.tar.gz"
+SRC_URI = "${GNU_MIRROR}/aspell/aspell-${PV}.tar.gz \
+ file://CVE-2019-25051.patch \
+"
SRC_URI[md5sum] = "012fa9209203ae4e5a61c2a668fd10e3"
SRC_URI[sha256sum] = "f9b77e515334a751b2e60daab5db23499e26c9209f5e7b7443b05235ad0226f2"
diff --git a/meta/recipes-support/aspell/files/CVE-2019-25051.patch b/meta/recipes-support/aspell/files/CVE-2019-25051.patch
new file mode 100644
index 0000000000..8513f6de79
--- /dev/null
+++ b/meta/recipes-support/aspell/files/CVE-2019-25051.patch
@@ -0,0 +1,101 @@
+From 0718b375425aad8e54e1150313b862e4c6fd324a Mon Sep 17 00:00:00 2001
+From: Kevin Atkinson <kevina@gnu.org>
+Date: Sat, 21 Dec 2019 20:32:47 +0000
+Subject: [PATCH] objstack: assert that the alloc size will fit within a chunk
+ to prevent a buffer overflow
+
+Bug found using OSS-Fuze.
+
+Upstream-Status: Backport
+[https://github.com/gnuaspell/aspell/commit/0718b375425aad8e54e1150313b862e4c6fd324a]
+CVE: CVE-2019-25051
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ common/objstack.hpp | 18 ++++++++++++++----
+ 1 file changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/common/objstack.hpp b/common/objstack.hpp
+index 3997bf7..bd97ccd 100644
+--- a/common/objstack.hpp
++++ b/common/objstack.hpp
+@@ -5,6 +5,7 @@
+ #include "parm_string.hpp"
+ #include <stdlib.h>
+ #include <assert.h>
++#include <stddef.h>
+
+ namespace acommon {
+
+@@ -26,6 +27,12 @@ class ObjStack
+ byte * temp_end;
+ void setup_chunk();
+ void new_chunk();
++ bool will_overflow(size_t sz) const {
++ return offsetof(Node,data) + sz > chunk_size;
++ }
++ void check_size(size_t sz) {
++ assert(!will_overflow(sz));
++ }
+
+ ObjStack(const ObjStack &);
+ void operator=(const ObjStack &);
+@@ -56,7 +63,7 @@ class ObjStack
+ void * alloc_bottom(size_t size) {
+ byte * tmp = bottom;
+ bottom += size;
+- if (bottom > top) {new_chunk(); tmp = bottom; bottom += size;}
++ if (bottom > top) {check_size(size); new_chunk(); tmp = bottom; bottom += size;}
+ return tmp;
+ }
+ // This alloc_bottom will insure that the object is aligned based on the
+@@ -66,7 +73,7 @@ class ObjStack
+ align_bottom(align);
+ byte * tmp = bottom;
+ bottom += size;
+- if (bottom > top) {new_chunk(); goto loop;}
++ if (bottom > top) {check_size(size); new_chunk(); goto loop;}
+ return tmp;
+ }
+ char * dup_bottom(ParmString str) {
+@@ -79,7 +86,7 @@ class ObjStack
+ // always be aligned as such.
+ void * alloc_top(size_t size) {
+ top -= size;
+- if (top < bottom) {new_chunk(); top -= size;}
++ if (top < bottom) {check_size(size); new_chunk(); top -= size;}
+ return top;
+ }
+ // This alloc_top will insure that the object is aligned based on
+@@ -88,7 +95,7 @@ class ObjStack
+ {loop:
+ top -= size;
+ align_top(align);
+- if (top < bottom) {new_chunk(); goto loop;}
++ if (top < bottom) {check_size(size); new_chunk(); goto loop;}
+ return top;
+ }
+ char * dup_top(ParmString str) {
+@@ -117,6 +124,7 @@ class ObjStack
+ void * alloc_temp(size_t size) {
+ temp_end = bottom + size;
+ if (temp_end > top) {
++ check_size(size);
+ new_chunk();
+ temp_end = bottom + size;
+ }
+@@ -131,6 +139,7 @@ class ObjStack
+ } else {
+ size_t s = temp_end - bottom;
+ byte * p = bottom;
++ check_size(size);
+ new_chunk();
+ memcpy(bottom, p, s);
+ temp_end = bottom + size;
+@@ -150,6 +159,7 @@ class ObjStack
+ } else {
+ size_t s = temp_end - bottom;
+ byte * p = bottom;
++ check_size(size);
+ new_chunk();
+ memcpy(bottom, p, s);
+ temp_end = bottom + size;
diff --git a/meta/recipes-support/atk/at-spi2-core/0001-Ensure-x11_dep-is-defined.patch b/meta/recipes-support/atk/at-spi2-core/0001-Ensure-x11_dep-is-defined.patch
new file mode 100644
index 0000000000..4a9bbbcbb1
--- /dev/null
+++ b/meta/recipes-support/atk/at-spi2-core/0001-Ensure-x11_dep-is-defined.patch
@@ -0,0 +1,33 @@
+From 9e726133319298a835f724904c80e5adf78f475f Mon Sep 17 00:00:00 2001
+From: Tim Orling <timothy.t.orling@intel.com>
+Date: Fri, 15 Oct 2021 18:00:04 +0000
+Subject: [PATCH] Ensure x11_dep is defined
+
+bus/meson.build checks if x11_dep.found(), but this fails when
+-Dx11=no
+
+Upstream-Status: Submitted
+[https://gitlab.gnome.org/GNOME/at-spi2-core/-/merge_requests/60]
+
+References:
+ https://gitlab.gnome.org/GNOME/at-spi2-core/-/issues/42
+ https://mesonbuild.com/howtox.html#get-a-default-notfound-dependency
+
+Signed-off-by: Tim Orling <timothy.t.orling@intel.com>
+---
+ meson.build | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/meson.build b/meson.build
+index b5104c8..85d7a0e 100644
+--- a/meson.build
++++ b/meson.build
+@@ -62,6 +62,8 @@ endif
+
+ x11_deps = []
+ x11_option = get_option('x11')
++# ensure x11_dep is defined for use in bus/meson.build
++x11_dep = dependency('', required: false)
+ if x11_option != 'no'
+ x11_dep = dependency('x11', required: false)
+
diff --git a/meta/recipes-support/atk/at-spi2-core_2.40.3.bb b/meta/recipes-support/atk/at-spi2-core_2.42.0.bb
index 427ea7c165..e09c74ac7f 100644
--- a/meta/recipes-support/atk/at-spi2-core_2.40.3.bb
+++ b/meta/recipes-support/atk/at-spi2-core_2.42.0.bb
@@ -9,9 +9,11 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
MAJ_VER = "${@oe.utils.trim_version("${PV}", 2)}"
-SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz"
+SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \
+ file://0001-Ensure-x11_dep-is-defined.patch \
+ "
-SRC_URI[sha256sum] = "e49837c2ad30d71e1f29ca8e0968a54b95030272f7ff40b89b48968653f37a5c"
+SRC_URI[sha256sum] = "4b5da10e94fa3c6195f95222438f63a0234b99ef9df772c7640e82baeaa6e386"
X11DEPENDS = "virtual/libx11 libxi libxtst"
diff --git a/meta/recipes-support/boost/boost-1.76.0.inc b/meta/recipes-support/boost/boost-1.77.0.inc
index c02f38b047..6df06e76c7 100644
--- a/meta/recipes-support/boost/boost-1.76.0.inc
+++ b/meta/recipes-support/boost/boost-1.77.0.inc
@@ -12,7 +12,7 @@ BOOST_MAJ = "${@"_".join(d.getVar("PV").split(".")[0:2])}"
BOOST_P = "boost_${BOOST_VER}"
SRC_URI = "https://boostorg.jfrog.io/artifactory/main/release/${PV}/source/${BOOST_P}.tar.bz2"
-SRC_URI[sha256sum] = "f0397ba6e982c4450f27bf32a2a83292aba035b827a5623a14636ea583318c41"
+SRC_URI[sha256sum] = "fc9f85fc030e233142908241af7a846e60630aa7388de9a5fafb1f3a26840854"
UPSTREAM_CHECK_URI = "http://www.boost.org/users/download/"
UPSTREAM_CHECK_REGEX = "release/(?P<pver>.*)/source/"
diff --git a/meta/recipes-support/boost/boost/0001-Fixes-wrong-type-for-mutex-in-regex-v5.patch b/meta/recipes-support/boost/boost/0001-Fixes-wrong-type-for-mutex-in-regex-v5.patch
deleted file mode 100644
index a8305ff2e0..0000000000
--- a/meta/recipes-support/boost/boost/0001-Fixes-wrong-type-for-mutex-in-regex-v5.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From 6064875bff2e52ba63f01911eb4deb79259c5e3b Mon Sep 17 00:00:00 2001
-From: Carlos Miguel Ferreira <carlosmf.pt@gmail.com>
-Date: Thu, 3 Jun 2021 23:10:37 +0100
-Subject: [PATCH] Fixes wrong type for mutex in regex v5
-
-With the Boost.Regex to ehader-only library, the declaration
-of a mutex that should have been changed from boost::static_mutex
-to std::mutex was left behind. This was preventing regex from
-being built for older arm platforms [1]
-
-[1]: https://github.com/openwrt/packages/issues/15725
-
-Upstream-Status: Submitted [https://github.com/boostorg/regex/pull/132]
-
-Signed-off-by: Carlos Miguel Ferreira <carlosmf.pt@gmail.com>
-Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
----
- boost/regex/v5/mem_block_cache.hpp | 12 ++++--------
- 1 file changed, 4 insertions(+), 8 deletions(-)
-
-diff --git a/boost/regex/v5/mem_block_cache.hpp b/boost/regex/v5/mem_block_cache.hpp
-index 0af4eae1..eb3ec776 100644
---- a/boost/regex/v5/mem_block_cache.hpp
-+++ b/boost/regex/v5/mem_block_cache.hpp
-@@ -85,10 +85,10 @@ struct mem_block_node
- struct mem_block_cache
- {
- // this member has to be statically initialsed:
-- mem_block_node* next;
-- unsigned cached_blocks;
-+ mem_block_node* next { nullptr };
-+ unsigned cached_blocks { 0 };
- #ifdef BOOST_HAS_THREADS
-- boost::static_mutex mut;
-+ std::mutex mut;
- #endif
-
- ~mem_block_cache()
-@@ -133,11 +133,7 @@ struct mem_block_cache
- }
- static mem_block_cache& instance()
- {
--#ifdef BOOST_HAS_THREADS
-- static mem_block_cache block_cache = { 0, 0, BOOST_STATIC_MUTEX_INIT, };
--#else
-- static mem_block_cache block_cache = { 0, 0, };
--#endif
-+ static mem_block_cache block_cache;
- return block_cache;
- }
- };
---
-2.29.2
-
diff --git a/meta/recipes-support/boost/boost_1.76.0.bb b/meta/recipes-support/boost/boost_1.77.0.bb
index ae91b1c875..df8e08ad76 100644
--- a/meta/recipes-support/boost/boost_1.76.0.bb
+++ b/meta/recipes-support/boost/boost_1.77.0.bb
@@ -1,11 +1,9 @@
require boost-${PV}.inc
require boost.inc
-SRC_URI += " \
- file://boost-CVE-2012-2677.patch \
+SRC_URI += "file://boost-CVE-2012-2677.patch \
file://boost-math-disable-pch-for-gcc.patch \
file://0001-Don-t-set-up-arch-instruction-set-flags-we-do-that-o.patch \
file://0001-dont-setup-compiler-flags-m32-m64.patch \
file://0001-fiber-libs-Define-SYS_futex-if-it-does-not-exist.patch \
- file://0001-Fixes-wrong-type-for-mutex-in-regex-v5.patch \
"
diff --git a/meta/recipes-support/consolekit/consolekit_0.4.6.bb b/meta/recipes-support/consolekit/consolekit_0.4.6.bb
index 3d28ba2a24..95ce97ef34 100644
--- a/meta/recipes-support/consolekit/consolekit_0.4.6.bb
+++ b/meta/recipes-support/consolekit/consolekit_0.4.6.bb
@@ -29,7 +29,7 @@ PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam systemd polkit', d
PACKAGECONFIG[pam] = "--enable-pam-module --with-pam-module-dir=${base_libdir}/security,--disable-pam-module,libpam"
PACKAGECONFIG[polkit] = "--with-polkit,--without-polkit,polkit"
-PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_unitdir}/system/,--with-systemdsystemunitdir="
+PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir}/,--with-systemdsystemunitdir="
FILES:${PN} += "${exec_prefix}/lib/ConsoleKit \
${libdir}/ConsoleKit ${systemd_unitdir} ${base_libdir} \
diff --git a/meta/recipes-support/curl/curl/cve-2021-22945.patch b/meta/recipes-support/curl/curl/cve-2021-22945.patch
new file mode 100644
index 0000000000..2cbe110332
--- /dev/null
+++ b/meta/recipes-support/curl/curl/cve-2021-22945.patch
@@ -0,0 +1,34 @@
+CVE: CVE-2021-22945
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 92cb3059dab2f9ef3e6ea614dad5c86917d19807 Mon Sep 17 00:00:00 2001
+From: z2_ on hackerone <>
+Date: Tue, 24 Aug 2021 09:50:33 +0200
+Subject: [PATCH 1/3] mqtt: clear the leftovers pointer when sending succeeds
+
+CVE-2021-22945
+
+Bug: https://curl.se/docs/CVE-2021-22945.html
+---
+ lib/mqtt.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/lib/mqtt.c b/lib/mqtt.c
+index f077e6c3d..fcd40b41e 100644
+--- a/lib/mqtt.c
++++ b/lib/mqtt.c
+@@ -128,6 +128,10 @@ static CURLcode mqtt_send(struct Curl_easy *data,
+ mq->sendleftovers = sendleftovers;
+ mq->nsend = nsend;
+ }
++ else {
++ mq->sendleftovers = NULL;
++ mq->nsend = 0;
++ }
+ return result;
+ }
+
+--
+2.25.1
+
diff --git a/meta/recipes-support/curl/curl/cve-2021-22946.patch b/meta/recipes-support/curl/curl/cve-2021-22946.patch
new file mode 100644
index 0000000000..1a4b3e1144
--- /dev/null
+++ b/meta/recipes-support/curl/curl/cve-2021-22946.patch
@@ -0,0 +1,332 @@
+CVE: CVE-2021-22946
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 089e18aefcee9b5093a96e9e1aa92751dde1f991 Mon Sep 17 00:00:00 2001
+From: Patrick Monnerat <patrick@monnerat.net>
+Date: Wed, 8 Sep 2021 11:56:22 +0200
+Subject: [PATCH 2/3] ftp,imap,pop3: do not ignore --ssl-reqd
+
+In imap and pop3, check if TLS is required even when capabilities
+request has failed.
+
+In ftp, ignore preauthentication (230 status of server greeting) if TLS
+is required.
+
+Bug: https://curl.se/docs/CVE-2021-22946.html
+
+CVE-2021-22946
+---
+ lib/ftp.c | 9 ++++---
+ lib/imap.c | 24 ++++++++----------
+ lib/pop3.c | 33 +++++++++++-------------
+ tests/data/Makefile.inc | 2 ++
+ tests/data/test984 | 56 +++++++++++++++++++++++++++++++++++++++++
+ tests/data/test985 | 54 +++++++++++++++++++++++++++++++++++++++
+ tests/data/test986 | 53 ++++++++++++++++++++++++++++++++++++++
+ 7 files changed, 195 insertions(+), 36 deletions(-)
+ create mode 100644 tests/data/test984
+ create mode 100644 tests/data/test985
+ create mode 100644 tests/data/test986
+
+diff --git a/lib/ftp.c b/lib/ftp.c
+index 1a699de59..08d18ca74 100644
+--- a/lib/ftp.c
++++ b/lib/ftp.c
+@@ -2681,9 +2681,12 @@ static CURLcode ftp_statemachine(struct Curl_easy *data,
+ /* we have now received a full FTP server response */
+ switch(ftpc->state) {
+ case FTP_WAIT220:
+- if(ftpcode == 230)
+- /* 230 User logged in - already! */
+- return ftp_state_user_resp(data, ftpcode, ftpc->state);
++ if(ftpcode == 230) {
++ /* 230 User logged in - already! Take as 220 if TLS required. */
++ if(data->set.use_ssl <= CURLUSESSL_TRY ||
++ conn->bits.ftp_use_control_ssl)
++ return ftp_state_user_resp(data, ftpcode, ftpc->state);
++ }
+ else if(ftpcode != 220) {
+ failf(data, "Got a %03d ftp-server response when 220 was expected",
+ ftpcode);
+diff --git a/lib/imap.c b/lib/imap.c
+index ab4d412ee..efc0420ce 100644
+--- a/lib/imap.c
++++ b/lib/imap.c
+@@ -935,22 +935,18 @@ static CURLcode imap_state_capability_resp(struct Curl_easy *data,
+ line += wordlen;
+ }
+ }
+- else if(imapcode == IMAP_RESP_OK) {
+- if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {
+- /* We don't have a SSL/TLS connection yet, but SSL is requested */
+- if(imapc->tls_supported)
+- /* Switch to TLS connection now */
+- result = imap_perform_starttls(data, conn);
+- else if(data->set.use_ssl == CURLUSESSL_TRY)
+- /* Fallback and carry on with authentication */
+- result = imap_perform_authentication(data, conn);
+- else {
+- failf(data, "STARTTLS not supported.");
+- result = CURLE_USE_SSL_FAILED;
+- }
++ else if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {
++ /* PREAUTH is not compatible with STARTTLS. */
++ if(imapcode == IMAP_RESP_OK && imapc->tls_supported && !imapc->preauth) {
++ /* Switch to TLS connection now */
++ result = imap_perform_starttls(data, conn);
+ }
+- else
++ else if(data->set.use_ssl <= CURLUSESSL_TRY)
+ result = imap_perform_authentication(data, conn);
++ else {
++ failf(data, "STARTTLS not available.");
++ result = CURLE_USE_SSL_FAILED;
++ }
+ }
+ else
+ result = imap_perform_authentication(data, conn);
+diff --git a/lib/pop3.c b/lib/pop3.c
+index 5fdd6f3e0..f97e10eab 100644
+--- a/lib/pop3.c
++++ b/lib/pop3.c
+@@ -741,28 +741,23 @@ static CURLcode pop3_state_capa_resp(struct Curl_easy *data, int pop3code,
+ }
+ }
+ }
+- else if(pop3code == '+') {
+- if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {
+- /* We don't have a SSL/TLS connection yet, but SSL is requested */
+- if(pop3c->tls_supported)
+- /* Switch to TLS connection now */
+- result = pop3_perform_starttls(data, conn);
+- else if(data->set.use_ssl == CURLUSESSL_TRY)
+- /* Fallback and carry on with authentication */
+- result = pop3_perform_authentication(data, conn);
+- else {
+- failf(data, "STLS not supported.");
+- result = CURLE_USE_SSL_FAILED;
+- }
+- }
+- else
+- result = pop3_perform_authentication(data, conn);
+- }
+ else {
+ /* Clear text is supported when CAPA isn't recognised */
+- pop3c->authtypes |= POP3_TYPE_CLEARTEXT;
++ if(pop3code != '+')
++ pop3c->authtypes |= POP3_TYPE_CLEARTEXT;
+
+- result = pop3_perform_authentication(data, conn);
++ if(!data->set.use_ssl || conn->ssl[FIRSTSOCKET].use)
++ result = pop3_perform_authentication(data, conn);
++ else if(pop3code == '+' && pop3c->tls_supported)
++ /* Switch to TLS connection now */
++ result = pop3_perform_starttls(data, conn);
++ else if(data->set.use_ssl <= CURLUSESSL_TRY)
++ /* Fallback and carry on with authentication */
++ result = pop3_perform_authentication(data, conn);
++ else {
++ failf(data, "STLS not supported.");
++ result = CURLE_USE_SSL_FAILED;
++ }
+ }
+
+ return result;
+diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
+index 163696962..5cd092192 100644
+--- a/tests/data/Makefile.inc
++++ b/tests/data/Makefile.inc
+@@ -118,6 +118,8 @@ test954 test955 test956 test957 test958 test959 test960 test961 test962 \
+ test963 test964 test965 test966 test967 test968 test969 test970 test971 \
+ test972 \
+ \
++test984 test985 test986 \
++\
+ test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \
+ test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \
+ test1016 test1017 test1018 test1019 test1020 test1021 test1022 test1023 \
+diff --git a/tests/data/test984 b/tests/data/test984
+new file mode 100644
+index 000000000..e573f23c1
+--- /dev/null
++++ b/tests/data/test984
+@@ -0,0 +1,56 @@
++<testcase>
++<info>
++<keywords>
++IMAP
++STARTTLS
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++<servercmd>
++REPLY CAPABILITY A001 BAD Not implemented
++</servercmd>
++</reply>
++
++#
++# Client-side
++<client>
++<features>
++SSL
++</features>
++<server>
++imap
++</server>
++ <name>
++IMAP require STARTTLS with failing capabilities
++ </name>
++ <command>
++imap://%HOSTIP:%IMAPPORT/%TESTNUMBER -T log/upload%TESTNUMBER -u user:secret --ssl-reqd
++</command>
++<file name="log/upload%TESTNUMBER">
++Date: Mon, 7 Feb 1994 21:52:25 -0800 (PST)
++From: Fred Foobar <foobar@example.COM>
++Subject: afternoon meeting
++To: joe@example.com
++Message-Id: <B27397-0100000@example.COM>
++MIME-Version: 1.0
++Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
++
++Hello Joe, do you think we can meet at 3:30 tomorrow?
++</file>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++# 64 is CURLE_USE_SSL_FAILED
++<errorcode>
++64
++</errorcode>
++<protocol>
++A001 CAPABILITY
++</protocol>
++</verify>
++</testcase>
+diff --git a/tests/data/test985 b/tests/data/test985
+new file mode 100644
+index 000000000..d0db4aadf
+--- /dev/null
++++ b/tests/data/test985
+@@ -0,0 +1,54 @@
++<testcase>
++<info>
++<keywords>
++POP3
++STARTTLS
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++<servercmd>
++REPLY CAPA -ERR Not implemented
++</servercmd>
++<data nocheck="yes">
++From: me@somewhere
++To: fake@nowhere
++
++body
++
++--
++ yours sincerely
++</data>
++</reply>
++
++#
++# Client-side
++<client>
++<features>
++SSL
++</features>
++<server>
++pop3
++</server>
++ <name>
++POP3 require STARTTLS with failing capabilities
++ </name>
++ <command>
++pop3://%HOSTIP:%POP3PORT/%TESTNUMBER -u user:secret --ssl-reqd
++ </command>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++# 64 is CURLE_USE_SSL_FAILED
++<errorcode>
++64
++</errorcode>
++<protocol>
++CAPA
++</protocol>
++</verify>
++</testcase>
+diff --git a/tests/data/test986 b/tests/data/test986
+new file mode 100644
+index 000000000..a709437a4
+--- /dev/null
++++ b/tests/data/test986
+@@ -0,0 +1,53 @@
++<testcase>
++<info>
++<keywords>
++FTP
++STARTTLS
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++<servercmd>
++REPLY welcome 230 Welcome
++REPLY AUTH 500 unknown command
++</servercmd>
++</reply>
++
++# Client-side
++<client>
++<features>
++SSL
++</features>
++<server>
++ftp
++</server>
++ <name>
++FTP require STARTTLS while preauthenticated
++ </name>
++<file name="log/test%TESTNUMBER.txt">
++data
++ to
++ see
++that FTPS
++works
++ so does it?
++</file>
++ <command>
++--ssl-reqd --ftp-ssl-control ftp://%HOSTIP:%FTPPORT/%TESTNUMBER -T log/test%TESTNUMBER.txt -u user:secret
++</command>
++</client>
++
++# Verify data after the test has been "shot"
++<verify>
++# 64 is CURLE_USE_SSL_FAILED
++<errorcode>
++64
++</errorcode>
++<protocol>
++AUTH SSL
++AUTH TLS
++</protocol>
++</verify>
++</testcase>
+--
+2.25.1
+
diff --git a/meta/recipes-support/curl/curl/cve-2021-22947.patch b/meta/recipes-support/curl/curl/cve-2021-22947.patch
new file mode 100644
index 0000000000..8a5031275a
--- /dev/null
+++ b/meta/recipes-support/curl/curl/cve-2021-22947.patch
@@ -0,0 +1,355 @@
+CVE: CVE-2021-22947
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From aefa7370cb02801a571d51287d290d67068998b8 Mon Sep 17 00:00:00 2001
+From: Patrick Monnerat <patrick@monnerat.net>
+Date: Tue, 7 Sep 2021 13:26:42 +0200
+Subject: [PATCH 3/3] ftp,imap,pop3,smtp: reject STARTTLS server response
+ pipelining
+
+If a server pipelines future responses within the STARTTLS response, the
+former are preserved in the pingpong cache across TLS negotiation and
+used as responses to the encrypted commands.
+
+This fix detects pipelined STARTTLS responses and rejects them with an
+error.
+
+CVE-2021-22947
+
+Bug: https://curl.se/docs/CVE-2021-22947.html
+---
+ lib/ftp.c | 3 +++
+ lib/imap.c | 4 +++
+ lib/pop3.c | 4 +++
+ lib/smtp.c | 4 +++
+ tests/data/Makefile.inc | 2 +-
+ tests/data/test980 | 52 ++++++++++++++++++++++++++++++++++++
+ tests/data/test981 | 59 +++++++++++++++++++++++++++++++++++++++++
+ tests/data/test982 | 57 +++++++++++++++++++++++++++++++++++++++
+ tests/data/test983 | 52 ++++++++++++++++++++++++++++++++++++
+ 9 files changed, 236 insertions(+), 1 deletion(-)
+ create mode 100644 tests/data/test980
+ create mode 100644 tests/data/test981
+ create mode 100644 tests/data/test982
+ create mode 100644 tests/data/test983
+
+diff --git a/lib/ftp.c b/lib/ftp.c
+index 08d18ca74..0b9c9b732 100644
+--- a/lib/ftp.c
++++ b/lib/ftp.c
+@@ -2743,6 +2743,9 @@ static CURLcode ftp_statemachine(struct Curl_easy *data,
+ case FTP_AUTH:
+ /* we have gotten the response to a previous AUTH command */
+
++ if(pp->cache_size)
++ return CURLE_WEIRD_SERVER_REPLY; /* Forbid pipelining in response. */
++
+ /* RFC2228 (page 5) says:
+ *
+ * If the server is willing to accept the named security mechanism,
+diff --git a/lib/imap.c b/lib/imap.c
+index efc0420ce..d1a48d7e3 100644
+--- a/lib/imap.c
++++ b/lib/imap.c
+@@ -964,6 +964,10 @@ static CURLcode imap_state_starttls_resp(struct Curl_easy *data,
+
+ (void)instate; /* no use for this yet */
+
++ /* Pipelining in response is forbidden. */
++ if(data->conn->proto.imapc.pp.cache_size)
++ return CURLE_WEIRD_SERVER_REPLY;
++
+ if(imapcode != IMAP_RESP_OK) {
+ if(data->set.use_ssl != CURLUSESSL_TRY) {
+ failf(data, "STARTTLS denied");
+diff --git a/lib/pop3.c b/lib/pop3.c
+index f97e10eab..a06acb7b8 100644
+--- a/lib/pop3.c
++++ b/lib/pop3.c
+@@ -772,6 +772,10 @@ static CURLcode pop3_state_starttls_resp(struct Curl_easy *data,
+ CURLcode result = CURLE_OK;
+ (void)instate; /* no use for this yet */
+
++ /* Pipelining in response is forbidden. */
++ if(data->conn->proto.pop3c.pp.cache_size)
++ return CURLE_WEIRD_SERVER_REPLY;
++
+ if(pop3code != '+') {
+ if(data->set.use_ssl != CURLUSESSL_TRY) {
+ failf(data, "STARTTLS denied");
+diff --git a/lib/smtp.c b/lib/smtp.c
+index 1a3da1559..9b9403b3d 100644
+--- a/lib/smtp.c
++++ b/lib/smtp.c
+@@ -835,6 +835,10 @@ static CURLcode smtp_state_starttls_resp(struct Curl_easy *data,
+ CURLcode result = CURLE_OK;
+ (void)instate; /* no use for this yet */
+
++ /* Pipelining in response is forbidden. */
++ if(data->conn->proto.smtpc.pp.cache_size)
++ return CURLE_WEIRD_SERVER_REPLY;
++
+ if(smtpcode != 220) {
+ if(data->set.use_ssl != CURLUSESSL_TRY) {
+ failf(data, "STARTTLS denied, code %d", smtpcode);
+diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
+index 5cd092192..c524b993e 100644
+--- a/tests/data/Makefile.inc
++++ b/tests/data/Makefile.inc
+@@ -118,7 +118,7 @@ test954 test955 test956 test957 test958 test959 test960 test961 test962 \
+ test963 test964 test965 test966 test967 test968 test969 test970 test971 \
+ test972 \
+ \
+-test984 test985 test986 \
++test980 test981 test982 test983 test984 test985 test986 \
+ \
+ test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \
+ test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \
+diff --git a/tests/data/test980 b/tests/data/test980
+new file mode 100644
+index 000000000..97567f856
+--- /dev/null
++++ b/tests/data/test980
+@@ -0,0 +1,52 @@
++<testcase>
++<info>
++<keywords>
++SMTP
++STARTTLS
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++<servercmd>
++CAPA STARTTLS
++AUTH PLAIN
++REPLY STARTTLS 454 currently unavailable\r\n235 Authenticated\r\n250 2.1.0 Sender ok\r\n250 2.1.5 Recipient ok\r\n354 Enter mail\r\n250 2.0.0 Accepted
++REPLY AUTH 535 5.7.8 Authentication credentials invalid
++</servercmd>
++</reply>
++
++#
++# Client-side
++<client>
++<features>
++SSL
++</features>
++<server>
++smtp
++</server>
++ <name>
++SMTP STARTTLS pipelined server response
++ </name>
++<stdin>
++mail body
++</stdin>
++ <command>
++smtp://%HOSTIP:%SMTPPORT/%TESTNUMBER --mail-rcpt recipient@example.com --mail-from sender@example.com -u user:secret --ssl --sasl-ir -T -
++</command>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++# 8 is CURLE_WEIRD_SERVER_REPLY
++<errorcode>
++8
++</errorcode>
++<protocol>
++EHLO %TESTNUMBER
++STARTTLS
++</protocol>
++</verify>
++</testcase>
+diff --git a/tests/data/test981 b/tests/data/test981
+new file mode 100644
+index 000000000..2b98ce42a
+--- /dev/null
++++ b/tests/data/test981
+@@ -0,0 +1,59 @@
++<testcase>
++<info>
++<keywords>
++IMAP
++STARTTLS
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++<servercmd>
++CAPA STARTTLS
++REPLY STARTTLS A002 BAD currently unavailable\r\nA003 OK Authenticated\r\nA004 OK Accepted
++REPLY LOGIN A003 BAD Authentication credentials invalid
++</servercmd>
++</reply>
++
++#
++# Client-side
++<client>
++<features>
++SSL
++</features>
++<server>
++imap
++</server>
++ <name>
++IMAP STARTTLS pipelined server response
++ </name>
++ <command>
++imap://%HOSTIP:%IMAPPORT/%TESTNUMBER -T log/upload%TESTNUMBER -u user:secret --ssl
++</command>
++<file name="log/upload%TESTNUMBER">
++Date: Mon, 7 Feb 1994 21:52:25 -0800 (PST)
++From: Fred Foobar <foobar@example.COM>
++Subject: afternoon meeting
++To: joe@example.com
++Message-Id: <B27397-0100000@example.COM>
++MIME-Version: 1.0
++Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
++
++Hello Joe, do you think we can meet at 3:30 tomorrow?
++</file>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++# 8 is CURLE_WEIRD_SERVER_REPLY
++<errorcode>
++8
++</errorcode>
++<protocol>
++A001 CAPABILITY
++A002 STARTTLS
++</protocol>
++</verify>
++</testcase>
+diff --git a/tests/data/test982 b/tests/data/test982
+new file mode 100644
+index 000000000..9e07cc0b3
+--- /dev/null
++++ b/tests/data/test982
+@@ -0,0 +1,57 @@
++<testcase>
++<info>
++<keywords>
++POP3
++STARTTLS
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++<servercmd>
++CAPA STLS USER
++REPLY STLS -ERR currently unavailable\r\n+OK user accepted\r\n+OK authenticated
++REPLY PASS -ERR Authentication credentials invalid
++</servercmd>
++<data nocheck="yes">
++From: me@somewhere
++To: fake@nowhere
++
++body
++
++--
++ yours sincerely
++</data>
++</reply>
++
++#
++# Client-side
++<client>
++<features>
++SSL
++</features>
++<server>
++pop3
++</server>
++ <name>
++POP3 STARTTLS pipelined server response
++ </name>
++ <command>
++pop3://%HOSTIP:%POP3PORT/%TESTNUMBER -u user:secret --ssl
++ </command>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++# 8 is CURLE_WEIRD_SERVER_REPLY
++<errorcode>
++8
++</errorcode>
++<protocol>
++CAPA
++STLS
++</protocol>
++</verify>
++</testcase>
+diff --git a/tests/data/test983 b/tests/data/test983
+new file mode 100644
+index 000000000..300ec459c
+--- /dev/null
++++ b/tests/data/test983
+@@ -0,0 +1,52 @@
++<testcase>
++<info>
++<keywords>
++FTP
++STARTTLS
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++<servercmd>
++REPLY AUTH 500 unknown command\r\n500 unknown command\r\n331 give password\r\n230 Authenticated\r\n257 "/"\r\n200 OK\r\n200 OK\r\n200 OK\r\n226 Transfer complete
++REPLY PASS 530 Login incorrect
++</servercmd>
++</reply>
++
++# Client-side
++<client>
++<features>
++SSL
++</features>
++<server>
++ftp
++</server>
++ <name>
++FTP STARTTLS pipelined server response
++ </name>
++<file name="log/test%TESTNUMBER.txt">
++data
++ to
++ see
++that FTPS
++works
++ so does it?
++</file>
++ <command>
++--ssl --ftp-ssl-control ftp://%HOSTIP:%FTPPORT/%TESTNUMBER -T log/test%TESTNUMBER.txt -u user:secret -P %CLIENTIP
++</command>
++</client>
++
++# Verify data after the test has been "shot"
++<verify>
++# 8 is CURLE_WEIRD_SERVER_REPLY
++<errorcode>
++8
++</errorcode>
++<protocol>
++AUTH SSL
++</protocol>
++</verify>
++</testcase>
+--
+2.25.1
+
diff --git a/meta/recipes-support/curl/curl_7.78.0.bb b/meta/recipes-support/curl/curl_7.78.0.bb
index 2e2be66102..3f736d8da6 100644
--- a/meta/recipes-support/curl/curl_7.78.0.bb
+++ b/meta/recipes-support/curl/curl_7.78.0.bb
@@ -11,6 +11,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=425f6fdc767cc067518eef9bbdf4ab7b"
SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \
file://0001-replace-krb5-config-with-pkg-config.patch \
+ file://cve-2021-22945.patch \
+ file://cve-2021-22946.patch \
+ file://cve-2021-22947.patch \
"
SRC_URI[sha256sum] = "98530b317dc95ccb324bbe4f834f07bb642fbc393b794ddf3434f246a71ea44a"
@@ -73,6 +76,7 @@ do_install:append:class-target() {
-e 's,--sysroot=${STAGING_DIR_TARGET},,g' \
-e 's,--with-libtool-sysroot=${STAGING_DIR_TARGET},,g' \
-e 's|${DEBUG_PREFIX_MAP}||g' \
+ -e 's|${@" ".join(d.getVar("DEBUG_PREFIX_MAP").split())}||g' \
${D}${bindir}/curl-config
}
diff --git a/meta/recipes-support/diffoscope/diffoscope_178.bb b/meta/recipes-support/diffoscope/diffoscope_182.bb
index 7d685210b7..d5875423c4 100644
--- a/meta/recipes-support/diffoscope/diffoscope_178.bb
+++ b/meta/recipes-support/diffoscope/diffoscope_182.bb
@@ -12,7 +12,7 @@ PYPI_PACKAGE = "diffoscope"
inherit pypi setuptools3
-SRC_URI[sha256sum] = "7454cf417725ef81ffad16e8cc2f62753282f5171b1c651732b99c0b3c19e137"
+SRC_URI[sha256sum] = "5969c6f0060c5c553e5ae9fdff45fbd344f102ee8fb2c5673cf0c73999c50df4"
RDEPENDS:${PN} += "binutils vim squashfs-tools python3-libarchive-c python3-magic python3-rpm"
diff --git a/meta/recipes-support/enchant/enchant2_2.3.0.bb b/meta/recipes-support/enchant/enchant2_2.3.1.bb
index 165b08f871..72603045c8 100644
--- a/meta/recipes-support/enchant/enchant2_2.3.0.bb
+++ b/meta/recipes-support/enchant/enchant2_2.3.1.bb
@@ -12,7 +12,7 @@ DEPENDS = "glib-2.0"
inherit autotools pkgconfig
SRC_URI = "https://github.com/AbiWord/enchant/releases/download/v${PV}/enchant-${PV}.tar.gz"
-SRC_URI[sha256sum] = "df68063b6c13b245fa7246b0e098a03e74f7a91c6d8947bc5c4f42ce55e2e41d"
+SRC_URI[sha256sum] = "7b4b1afcf2cd8bfa691deea6188404d337f23174bbc39b9c2add2bf340736e9c"
UPSTREAM_CHECK_URI = "https://github.com/AbiWord/enchant/releases"
diff --git a/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch b/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
index ecd6263626..a66a8e62b0 100644
--- a/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
+++ b/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
@@ -1,4 +1,4 @@
-From 52ba9d34cd9317145ee8a93afd5d73dd0cbf3182 Mon Sep 17 00:00:00 2001
+From c873c85b1ee1c35ebbba0bc80c2352c64787a5fd Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Mon, 22 Jan 2018 18:00:21 +0200
Subject: [PATCH] configure.ac: use a custom value for the location of
@@ -14,10 +14,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
-index 7a2d410..14a7203 100644
+index d03ea3b..a6dfa19 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -1841,7 +1841,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf",
+@@ -1958,7 +1958,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf",
AC_DEFINE_UNQUOTED(GPGTAR_NAME, "gpgtar", [The name of the gpgtar tool])
diff --git a/meta/recipes-support/gnupg/gnupg/relocate.patch b/meta/recipes-support/gnupg/gnupg/relocate.patch
index 9b0f0a8ce0..f9f38c2876 100644
--- a/meta/recipes-support/gnupg/gnupg/relocate.patch
+++ b/meta/recipes-support/gnupg/gnupg/relocate.patch
@@ -1,4 +1,4 @@
-From d6992692d1c36983b709fe1ff049cc91ef2c408a Mon Sep 17 00:00:00 2001
+From 5a68a37ae2649e0988965cfe3a63a0142f0182a1 Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@intel.com>
Date: Wed, 19 Sep 2018 14:44:40 +0100
Subject: [PATCH] Allow the environment to override where gnupg looks for its
@@ -8,23 +8,23 @@ Upstream-Status: Inappropriate [OE-specific]
Signed-off-by: Ross Burton <ross.burton@intel.com>
---
- common/homedir.c | 16 ++++++++--------
- 1 file changed, 8 insertions(+), 8 deletions(-)
+ common/homedir.c | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/common/homedir.c b/common/homedir.c
-index 85e09c4..e1410e2 100644
+index 7969a2c..06b8016 100644
--- a/common/homedir.c
+++ b/common/homedir.c
-@@ -788,7 +788,7 @@ gnupg_socketdir (void)
+@@ -918,7 +918,7 @@ gnupg_socketdir (void)
if (!name)
{
unsigned int dummy;
- name = _gnupg_socketdir_internal (0, &dummy);
+ name = getenv("GNUPG_SOCKETDIR") ?: _gnupg_socketdir_internal (0, &dummy);
+ gpgrt_annotate_leaked_object (name);
}
- return name;
-@@ -814,7 +814,7 @@ gnupg_sysconfdir (void)
+@@ -946,7 +946,7 @@ gnupg_sysconfdir (void)
}
return name;
#else /*!HAVE_W32_SYSTEM*/
@@ -33,7 +33,7 @@ index 85e09c4..e1410e2 100644
#endif /*!HAVE_W32_SYSTEM*/
}
-@@ -843,7 +843,7 @@ gnupg_bindir (void)
+@@ -978,7 +978,7 @@ gnupg_bindir (void)
else
return rdir;
#else /*!HAVE_W32_SYSTEM*/
@@ -42,7 +42,7 @@ index 85e09c4..e1410e2 100644
#endif /*!HAVE_W32_SYSTEM*/
}
-@@ -856,7 +856,7 @@ gnupg_libexecdir (void)
+@@ -991,7 +991,7 @@ gnupg_libexecdir (void)
#ifdef HAVE_W32_SYSTEM
return gnupg_bindir ();
#else /*!HAVE_W32_SYSTEM*/
@@ -51,8 +51,8 @@ index 85e09c4..e1410e2 100644
#endif /*!HAVE_W32_SYSTEM*/
}
-@@ -870,7 +870,7 @@ gnupg_libdir (void)
- name = xstrconcat (w32_rootdir (), DIRSEP_S "lib" DIRSEP_S "gnupg", NULL);
+@@ -1008,7 +1008,7 @@ gnupg_libdir (void)
+ }
return name;
#else /*!HAVE_W32_SYSTEM*/
- return GNUPG_LIBDIR;
@@ -60,8 +60,8 @@ index 85e09c4..e1410e2 100644
#endif /*!HAVE_W32_SYSTEM*/
}
-@@ -884,7 +884,7 @@ gnupg_datadir (void)
- name = xstrconcat (w32_rootdir (), DIRSEP_S "share" DIRSEP_S "gnupg", NULL);
+@@ -1026,7 +1026,7 @@ gnupg_datadir (void)
+ }
return name;
#else /*!HAVE_W32_SYSTEM*/
- return GNUPG_DATADIR;
@@ -69,8 +69,8 @@ index 85e09c4..e1410e2 100644
#endif /*!HAVE_W32_SYSTEM*/
}
-@@ -900,7 +900,7 @@ gnupg_localedir (void)
- NULL);
+@@ -1045,7 +1045,7 @@ gnupg_localedir (void)
+ }
return name;
#else /*!HAVE_W32_SYSTEM*/
- return LOCALEDIR;
@@ -78,12 +78,3 @@ index 85e09c4..e1410e2 100644
#endif /*!HAVE_W32_SYSTEM*/
}
-@@ -971,7 +971,7 @@ gnupg_cachedir (void)
- }
- return dir;
- #else /*!HAVE_W32_SYSTEM*/
-- return GNUPG_LOCALSTATEDIR "/cache/" PACKAGE_NAME;
-+ return getenv("GNUPG_LOCALSTATEDIR") ?: GNUPG_LOCALSTATEDIR "/cache/" PACKAGE_NAME;
- #endif /*!HAVE_W32_SYSTEM*/
- }
-
diff --git a/meta/recipes-support/gnupg/gnupg_2.3.1.bb b/meta/recipes-support/gnupg/gnupg_2.3.2.bb
index b8b0314d2f..f3b277b0a8 100644
--- a/meta/recipes-support/gnupg/gnupg_2.3.1.bb
+++ b/meta/recipes-support/gnupg/gnupg_2.3.2.bb
@@ -24,13 +24,14 @@ SRC_URI:append:class-native = " file://0001-configure.ac-use-a-custom-value-for-
file://relocate.patch"
SRC_URI:append:class-nativesdk = " file://relocate.patch"
-SRC_URI[sha256sum] = "c498db346a9b9a4b399e514c8f56dfc0a888ce8f327f10376ff984452cd154ec"
+SRC_URI[sha256sum] = "e1d953e0e296072fca284215103ef168885eaac596c4660c5039a36a83e3041b"
EXTRA_OECONF = "--disable-ldap \
--disable-ccid-driver \
--with-zlib=${STAGING_LIBDIR}/.. \
--with-bzip2=${STAGING_LIBDIR}/.. \
--with-readline=${STAGING_LIBDIR}/.. \
+ --with-mailprog=${sbindir}/sendmail \
--enable-gpg-is-gpg2 \
"
diff --git a/meta/recipes-support/itstool/itstool/0001-Native-Don-t-use-build-time-hardcoded-python-binary-.patch b/meta/recipes-support/itstool/itstool/0001-Native-Don-t-use-build-time-hardcoded-python-binary-.patch
index 19a858bd75..fdcbe46fed 100644
--- a/meta/recipes-support/itstool/itstool/0001-Native-Don-t-use-build-time-hardcoded-python-binary-.patch
+++ b/meta/recipes-support/itstool/itstool/0001-Native-Don-t-use-build-time-hardcoded-python-binary-.patch
@@ -1,4 +1,4 @@
-From 335ef14fc801c9dfbe7e5692dc71cfbe72049d2b Mon Sep 17 00:00:00 2001
+From c47820450ce7f55d22c672cf94d20a5f9fd208bf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20M=C3=BCller?= <schnitzeltony@gmail.com>
Date: Sun, 27 Oct 2019 16:38:52 +0100
Subject: [PATCH] Native: Don't use build time hardcoded python binary path.
@@ -16,12 +16,13 @@ don't support it [2]
Upstream-Status: Inappropriate [OE specific]
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
+
---
itstool.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/itstool.in b/itstool.in
-index e64cd34..05d264f 100755
+index c21ad4b..daea177 100755
--- a/itstool.in
+++ b/itstool.in
@@ -1,4 +1,4 @@
@@ -30,6 +31,3 @@ index e64cd34..05d264f 100755
#
# Copyright (c) 2010-2018 Shaun McCance <shaunm@gnome.org>
#
---
-2.21.0
-
diff --git a/meta/recipes-support/itstool/itstool_2.0.6.bb b/meta/recipes-support/itstool/itstool_2.0.7.bb
index eba53e728d..2416835d37 100644
--- a/meta/recipes-support/itstool/itstool_2.0.6.bb
+++ b/meta/recipes-support/itstool/itstool_2.0.7.bb
@@ -11,13 +11,13 @@ inherit autotools python3native
DEPENDS = "libxml2-native"
-SRC_URI = "http://files.itstool.org/${BPN}/${BPN}-${PV}.tar.bz2"
+SRC_URI = "http://files.itstool.org/${BPN}/${BPN}-${PV}.tar.bz2 \
+ "
SRC_URI:append:class-native = " file://0001-Native-Don-t-use-build-time-hardcoded-python-binary-.patch"
SRC_URI:append:class-nativesdk = " file://0001-Native-Don-t-use-build-time-hardcoded-python-binary-.patch"
SRC_URI:append:class-target = " file://0002-Don-t-use-build-time-hardcoded-python-binary-path.patch"
-SRC_URI[md5sum] = "4306eeba4f4aee6b393d14f9c3c57ca1"
-SRC_URI[sha256sum] = "6233cc22726a9a5a83664bf67d1af79549a298c23185d926c3677afa917b92a9"
+SRC_URI[sha256sum] = "6b9a7cd29a12bb95598f5750e8763cee78836a1a207f85b74d8b3275b27e87ca"
BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch b/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch
new file mode 100644
index 0000000000..c7bf1a8b8c
--- /dev/null
+++ b/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch
@@ -0,0 +1,36 @@
+From 794cebc5732908636f22a1d9843fed3ae664899a Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Thu, 14 Oct 2021 15:57:36 +0800
+Subject: [PATCH] nativesdk-libcap: Raise the size of arrays containing dl
+ paths
+
+This patch puts the dynamic loader path in the binaries, SYSTEM_DIRS strings
+and lengths as well as ld.so.cache path in the dynamic loader to specific
+sections in memory. The sections that contain paths have been allocated a 4096
+byte section, which is the maximum path length in linux. This will allow the
+relocating script to parse the ELF binary, detect the section and easily replace
+the strings in a certain path.
+
+Upstream-Status: Inappropriate [SDK specific]
+
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ libcap/execable.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libcap/execable.h b/libcap/execable.h
+index 0bcc5d4..6e2a080 100644
+--- a/libcap/execable.h
++++ b/libcap/execable.h
+@@ -23,7 +23,7 @@
+ #endif
+ #define __EXECABLE_H
+
+-const char __execable_dl_loader[] __attribute((section(".interp"))) =
++const char __execable_dl_loader[4096] __attribute((section(".interp"))) =
+ SHARED_LOADER ;
+
+ static void __execable_parse_args(int *argc_p, char ***argv_p)
+--
+2.27.0
+
diff --git a/meta/recipes-support/libcap/files/0001-tests-do-not-statically-link-a-test.patch b/meta/recipes-support/libcap/files/0001-tests-do-not-statically-link-a-test.patch
deleted file mode 100644
index 55872aa8fa..0000000000
--- a/meta/recipes-support/libcap/files/0001-tests-do-not-statically-link-a-test.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 897900f3f9084c5542097851323bba3f2691df20 Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex.kanavin@gmail.com>
-Date: Wed, 15 Jan 2020 17:16:28 +0100
-Subject: [PATCH] tests: do not statically link a test
-
-This fails on e.g. centos 7
-
-Upstream-Status: Inappropriate [oe-core specific]
-Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
----
- progs/Makefile | 2 +-
- tests/Makefile | 4 ++--
- 2 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/progs/Makefile b/progs/Makefile
-index 3e82862..48533f3 100644
---- a/progs/Makefile
-+++ b/progs/Makefile
-@@ -49,7 +49,7 @@ capsh: capsh.c capshdoc.h.cf $(DEPS)
- $(CC) $(IPATH) $(CAPSH_SHELL) $(CFLAGS) -o $@ $< $(LIBCAPLIB) $(LDFLAGS)
-
- tcapsh-static: capsh.c capshdoc.h.cf $(DEPS)
-- $(CC) $(IPATH) $(CAPSH_SHELL) $(CFLAGS) -o $@ $< $(LIBCAPLIB) $(LDFLAGS) --static
-+ $(CC) $(IPATH) $(CAPSH_SHELL) $(CFLAGS) -o $@ $< $(LIBCAPLIB) $(LDFLAGS)
-
- uns_test: ../tests/uns_test.c
- $(MAKE) -C ../tests uns_test
-diff --git a/tests/Makefile b/tests/Makefile
-index 4a5f2f9..4266d86 100644
---- a/tests/Makefile
-+++ b/tests/Makefile
-@@ -22,7 +22,7 @@ ifeq ($(PTHREADS),yes)
- DEPS += ../libcap/libpsx.so
- endif
- else
--LDFLAGS += --static
-+LDFLAGS +=
- DEPS=../libcap/libcap.a
- ifeq ($(PTHREADS),yes)
- DEPS += ../libcap/libpsx.a
-@@ -113,7 +113,7 @@ noexploit: exploit.o $(DEPS)
-
- # This one runs in a chroot with no shared library files.
- noop: noop.c
-- $(CC) $(CFLAGS) $< -o $@ --static
-+ $(CC) $(CFLAGS) $< -o $@
-
- clean:
- rm -f psx_test libcap_psx_test libcap_launch_test uns_test *~
---
-2.25.1
-
diff --git a/meta/recipes-support/libcap/files/0002-tests-do-not-run-target-executables.patch b/meta/recipes-support/libcap/files/0002-tests-do-not-run-target-executables.patch
index 69287152eb..0fe7295a5f 100644
--- a/meta/recipes-support/libcap/files/0002-tests-do-not-run-target-executables.patch
+++ b/meta/recipes-support/libcap/files/0002-tests-do-not-run-target-executables.patch
@@ -1,4 +1,4 @@
-From 652071e430d5eea758965176b7648e79ad404daa Mon Sep 17 00:00:00 2001
+From cc97f84469ee7b266977a20d9cfa63c52f821384 Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Fri, 20 Dec 2019 16:54:05 +0100
Subject: [PATCH] tests: do not run target executables
@@ -11,20 +11,20 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
1 file changed, 2 deletions(-)
diff --git a/tests/Makefile b/tests/Makefile
-index fc39fee..3431df9 100644
+index d9ed248..2864f77 100644
--- a/tests/Makefile
+++ b/tests/Makefile
-@@ -59,13 +59,11 @@ endif
+@@ -63,13 +63,11 @@ endif
# unprivileged
run_psx_test: psx_test
- ./psx_test
psx_test: psx_test.c $(DEPS)
- $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) $(LDFLAGS)
+ $(CC) $(CFLAGS) $(CPPFLAGS) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) $(LDFLAGS)
run_libcap_psx_test: libcap_psx_test
- ./libcap_psx_test
libcap_psx_test: libcap_psx_test.c $(DEPS)
- $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB) $(LDFLAGS)
+ $(CC) $(CFLAGS) $(CPPFLAGS) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB) $(LDFLAGS)
diff --git a/meta/recipes-support/libcap/libcap_2.51.bb b/meta/recipes-support/libcap/libcap_2.54.bb
index 3e653e371e..fe29f05483 100644
--- a/meta/recipes-support/libcap/libcap_2.51.bb
+++ b/meta/recipes-support/libcap/libcap_2.54.bb
@@ -4,7 +4,7 @@ These allow giving various kinds of specific privileges to individual \
users, without giving them full root permissions."
HOMEPAGE = "http://sites.google.com/site/fullycapable/"
# no specific GPL version required
-LICENSE = "BSD | GPLv2"
+LICENSE = "BSD-3-Clause | GPLv2"
LIC_FILES_CHKSUM = "file://License;md5=e2370ba375efe9e1a095c26d37e483b8"
DEPENDS = "hostperl-runtime-native gperf-native"
@@ -12,9 +12,11 @@ DEPENDS = "hostperl-runtime-native gperf-native"
SRC_URI = "${KERNELORG_MIRROR}/linux/libs/security/linux-privs/${BPN}2/${BPN}-${PV}.tar.xz \
file://0001-ensure-the-XATTR_NAME_CAPS-is-defined-when-it-is-use.patch \
file://0002-tests-do-not-run-target-executables.patch \
- file://0001-tests-do-not-statically-link-a-test.patch \
"
-SRC_URI[sha256sum] = "6609f3ab7aebcc8f9277f53a577c657d9f3056d1352ea623da7fd7c0f00890f9"
+SRC_URI:append:class-nativesdk = " \
+ file://0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch \
+ "
+SRC_URI[sha256sum] = "5091b24247999fd7a5e62bd9ac8bc761cda29f9baa0d1a2ca6a46f13891b4f0f"
UPSTREAM_CHECK_URI = "https://www.kernel.org/pub/linux/libs/security/linux-privs/${BPN}2/"
@@ -42,6 +44,7 @@ do_compile() {
AR="${AR}" \
CC="${CC}" \
RANLIB="${RANLIB}" \
+ OBJCOPY="${OBJCOPY}" \
COPTS="${CFLAGS}" \
BUILD_COPTS="${BUILD_CFLAGS}"
}
diff --git a/meta/recipes-support/libevent/libevent/0003-test-mark-util-monotonic_prc_fallback-as-retriable.patch b/meta/recipes-support/libevent/libevent/0003-test-mark-util-monotonic_prc_fallback-as-retriable.patch
new file mode 100644
index 0000000000..8a2c78983e
--- /dev/null
+++ b/meta/recipes-support/libevent/libevent/0003-test-mark-util-monotonic_prc_fallback-as-retriable.patch
@@ -0,0 +1,28 @@
+From d01a57a998798da977c470f3b8d6a457c1adb144 Mon Sep 17 00:00:00 2001
+From: Azat Khuzhin <azat@libevent.org>
+Date: Sun, 19 Sep 2021 00:57:31 +0300
+Subject: [PATCH] test: mark util/monotonic_prc_fallback as retriable
+
+Refs: #1193
+
+Upstream-status: Backported
+---
+ test/regress_util.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/test/regress_util.c b/test/regress_util.c
+index 45caa2700a40..a9e80db20149 100644
+--- a/test/regress_util.c
++++ b/test/regress_util.c
+@@ -1672,7 +1672,7 @@ struct testcase_t util_testcases[] = {
+ { "monotonic_res_fallback", test_evutil_monotonic_res, TT_OFF_BY_DEFAULT, &basic_setup, (void*)"fallback" },
+ { "monotonic_prc", test_evutil_monotonic_prc, 0, &basic_setup, (void*)"" },
+ { "monotonic_prc_precise", test_evutil_monotonic_prc, TT_RETRIABLE, &basic_setup, (void*)"precise" },
+- { "monotonic_prc_fallback", test_evutil_monotonic_prc, 0, &basic_setup, (void*)"fallback" },
++ { "monotonic_prc_fallback", test_evutil_monotonic_prc, TT_RETRIABLE, &basic_setup, (void*)"fallback" },
+ { "date_rfc1123", test_evutil_date_rfc1123, 0, NULL, NULL },
+ { "evutil_v4addr_is_local", test_evutil_v4addr_is_local, 0, NULL, NULL },
+ { "evutil_v6addr_is_local", test_evutil_v6addr_is_local, 0, NULL, NULL },
+--
+2.31.1
+
diff --git a/meta/recipes-support/libevent/libevent/0004-test-retriable-tests-are-marked-failed-only-when-all-a.patch b/meta/recipes-support/libevent/libevent/0004-test-retriable-tests-are-marked-failed-only-when-all-a.patch
new file mode 100644
index 0000000000..ae7db0b7aa
--- /dev/null
+++ b/meta/recipes-support/libevent/libevent/0004-test-retriable-tests-are-marked-failed-only-when-all-a.patch
@@ -0,0 +1,81 @@
+From 36ebd92fa53c0097f1e2f9ec5aa5b5c6ec1b411d Mon Sep 17 00:00:00 2001
+From: Thomas Perrot <thomas.perrot@bootlin.com>
+Date: Wed, 29 Sep 2021 13:50:35 +0200
+Subject: [PATCH] test: retriable tests are marked failed only when all
+ attempts have failed
+
+Fixes: #1193
+
+Upstream-status: Pending
+
+Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
+---
+ test/tinytest.c | 13 ++++++-------
+ test/tinytest.h | 2 +-
+ 2 files changed, 7 insertions(+), 8 deletions(-)
+
+diff --git a/test/tinytest.c b/test/tinytest.c
+index 85dfe74a720e..bf2882418eb6 100644
+--- a/test/tinytest.c
++++ b/test/tinytest.c
+@@ -310,7 +310,8 @@ testcase_run_forked_(const struct testgroup_t *group,
+
+ int
+ testcase_run_one(const struct testgroup_t *group,
+- const struct testcase_t *testcase)
++ const struct testcase_t *testcase,
++ const int test_attempts)
+ {
+ enum outcome outcome;
+
+@@ -348,7 +349,7 @@ testcase_run_one(const struct testgroup_t *group,
+ if (opt_verbosity>0 && !opt_forked)
+ puts("SKIPPED");
+ } else {
+- if (!opt_forked)
++ if (!opt_forked && (testcase->flags & TT_RETRIABLE) && !test_attempts)
+ printf("\n [%s FAILED]\n", testcase->name);
+ }
+
+@@ -525,22 +526,20 @@ tinytest_main(int c, const char **v, struct testgroup_t *groups)
+ struct testgroup_t *group = &groups[i];
+ for (j = 0; group->cases[j].name; ++j) {
+ struct testcase_t *testcase = &group->cases[j];
+- int test_attempts = 3;
++ int test_attempts = (testcase->flags & TT_RETRIABLE) ? 3: 1;
+ int test_ret_err;
+
+ if (!(testcase->flags & TT_ENABLED_))
+ continue;
+
+ for (;;) {
+- test_ret_err = testcase_run_one(group, testcase);
++ test_ret_err = testcase_run_one(group, testcase, test_attempts);
+
+ if (test_ret_err == OK)
+ break;
+- if (!(testcase->flags & TT_RETRIABLE))
++ if (!--test_attempts)
+ break;
+ printf("\n [RETRYING %s (%i)]\n", testcase->name, test_attempts);
+- if (!test_attempts--)
+- break;
+ }
+
+ switch (test_ret_err) {
+diff --git a/test/tinytest.h b/test/tinytest.h
+index d321dd467542..c276b5339331 100644
+--- a/test/tinytest.h
++++ b/test/tinytest.h
+@@ -92,7 +92,7 @@ char *tinytest_format_hex_(const void *, unsigned long);
+ tinytest_set_flag_(groups, named, 1, TT_SKIP)
+
+ /** Run a single testcase in a single group. */
+-int testcase_run_one(const struct testgroup_t *,const struct testcase_t *);
++int testcase_run_one(const struct testgroup_t *,const struct testcase_t *, const int test_attempts);
+
+ void tinytest_set_aliases(const struct testlist_alias_t *aliases);
+
+--
+2.31.1
+
diff --git a/meta/recipes-support/libevent/libevent/run-ptest b/meta/recipes-support/libevent/libevent/run-ptest
index d3b5e793c3..ef4260d1c4 100644
--- a/meta/recipes-support/libevent/libevent/run-ptest
+++ b/meta/recipes-support/libevent/libevent/run-ptest
@@ -1,14 +1,14 @@
#!/bin/sh
# run-ptest - 'ptest' test infrastructure shell script that
-# wraps the libevent test scripts
+# wraps the libevent test scripts
#
# Trevor Gamblin <trevor.gamblin@windriver.com>
###############################################################
LIBEVENTLIB=@libdir@/libevent
LOG="${LIBEVENTLIB}/ptest/libevent_ptest_$(date +%Y%m%d-%H%M%S).log"
-cd ${LIBEVENTLIB}/ptest
+cd ${LIBEVENTLIB}/ptest
# Run only the libevent "regress" test. All other test scripts in the
# libevent "test" folder are related to performance, e.g. read/write
@@ -16,9 +16,9 @@ cd ${LIBEVENTLIB}/ptest
# in the ptest log.
./test/regress 2>&1| sed -e '/TESTS/d' -e '/tests/d' -e '/OK/ s/^/PASS: / ; /FAILED/ s/^/FAIL: / ; /SKIPPED/ s/^/SKIP: / ; /DISABLED/ s/^/SKIP: /' | cut -f1,2 -d ':' | tee -a ${LOG}
-passed=`grep PASS ${LOG}|wc -l`
-failed=`grep FAIL ${LOG}|wc -l`
-skipped=`grep -E SKIP ${LOG}|wc -l`
+passed=`grep PASS: ${LOG}|wc -l`
+failed=`grep FAIL: ${LOG}|wc -l`
+skipped=`grep -E SKIP: ${LOG}|wc -l`
all=$((passed + failed + skipped))
( echo "=== Test Summary ==="
diff --git a/meta/recipes-support/libevent/libevent_2.1.12.bb b/meta/recipes-support/libevent/libevent_2.1.12.bb
index 2a562fe2e9..e26e8a9b57 100644
--- a/meta/recipes-support/libevent/libevent_2.1.12.bb
+++ b/meta/recipes-support/libevent/libevent_2.1.12.bb
@@ -8,7 +8,7 @@ HOMEPAGE = "http://libevent.org/"
BUGTRACKER = "https://github.com/libevent/libevent/issues"
SECTION = "libs"
-LICENSE = "BSD & MIT"
+LICENSE = "BSD-3-Clause & MIT"
LIC_FILES_CHKSUM = "file://LICENSE;md5=17f20574c0b154d12236d5fbe964f549"
SRC_URI = "https://github.com/libevent/libevent/releases/download/release-${PV}-stable/${BP}-stable.tar.gz \
@@ -16,6 +16,8 @@ SRC_URI = "https://github.com/libevent/libevent/releases/download/release-${PV}-
file://run-ptest \
file://0001-test-regress_dns.c-patch-out-tests-that-require-a-wo.patch \
file://0002-test-regress.h-Increase-default-timeval-tolerance-50.patch \
+ file://0003-test-mark-util-monotonic_prc_fallback-as-retriable.patch \
+ file://0004-test-retriable-tests-are-marked-failed-only-when-all-a.patch \
"
SRC_URI[sha256sum] = "92e6de1be9ec176428fd2367677e61ceffc2ee1cb119035037a27d346b0403bb"
@@ -56,7 +58,7 @@ do_install_ptest() {
do
install -m 0755 $file ${D}${PTEST_PATH}/test
done
-
+
# handle multilib
sed -i s:@libdir@:${libdir}:g ${D}${PTEST_PATH}/run-ptest
}
diff --git a/meta/recipes-support/libexif/files/CVE-2020-0198.patch b/meta/recipes-support/libexif/files/CVE-2020-0198.patch
deleted file mode 100644
index 2a48844cb2..0000000000
--- a/meta/recipes-support/libexif/files/CVE-2020-0198.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-From ca71eda33fe8421f98fbe20eb4392473357c1c43 Mon Sep 17 00:00:00 2001
-From: Changqing Li <changqing.li@windriver.com>
-Date: Wed, 30 Dec 2020 10:22:47 +0800
-Subject: [PATCH] fixed another unsigned integer overflow
-
-first fixed by google in android fork,
-https://android.googlesource.com/platform/external/libexif/+/1e187b62682ffab5003c702657d6d725b4278f16%5E%21/#F0
-
-(use a more generic overflow check method, also check second overflow instance.)
-
-https://security-tracker.debian.org/tracker/CVE-2020-0198
-
-Upstream-Status: Backport[https://github.com/libexif/libexif/commit/ce03ad7ef4e8aeefce79192bf5b6f69fae396f0c]
-CVE: CVE-2020-0198
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
----
- libexif/exif-data.c | 10 ++++++----
- 1 file changed, 6 insertions(+), 4 deletions(-)
-
-diff --git a/libexif/exif-data.c b/libexif/exif-data.c
-index 8b280d3..34d58fc 100644
---- a/libexif/exif-data.c
-+++ b/libexif/exif-data.c
-@@ -47,6 +47,8 @@
- #undef JPEG_MARKER_APP1
- #define JPEG_MARKER_APP1 0xe1
-
-+#define CHECKOVERFLOW(offset,datasize,structsize) (( offset >= datasize) || (structsize > datasize) || (offset > datasize - structsize ))
-+
- static const unsigned char ExifHeader[] = {0x45, 0x78, 0x69, 0x66, 0x00, 0x00};
-
- struct _ExifDataPrivate
-@@ -327,7 +329,7 @@ exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d,
- exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail offset (%u).", o);
- return;
- }
-- if (s > ds - o) {
-+ if (CHECKOVERFLOW(o,ds,s)) {
- exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail size (%u), max would be %u.", s, ds-o);
- return;
- }
-@@ -420,9 +422,9 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
- }
-
- /* Read the number of entries */
-- if ((offset + 2 < offset) || (offset + 2 < 2) || (offset + 2 > ds)) {
-+ if (CHECKOVERFLOW(offset, ds, 2)) {
- exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData",
-- "Tag data past end of buffer (%u > %u)", offset+2, ds);
-+ "Tag data past end of buffer (%u+2 > %u)", offset, ds);
- return;
- }
- n = exif_get_short (d + offset, data->priv->order);
-@@ -431,7 +433,7 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
- offset += 2;
-
- /* Check if we have enough data. */
-- if (offset + 12 * n > ds) {
-+ if (CHECKOVERFLOW(offset, ds, 12*n)) {
- n = (ds - offset) / 12;
- exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
- "Short data; only loading %hu entries...", n);
---
-2.17.1
-
diff --git a/meta/recipes-support/libexif/files/CVE-2020-0452.patch b/meta/recipes-support/libexif/files/CVE-2020-0452.patch
deleted file mode 100644
index a117b8b369..0000000000
--- a/meta/recipes-support/libexif/files/CVE-2020-0452.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 302acd49eba0a125b0f20692df6abc6f7f7ca53e Mon Sep 17 00:00:00 2001
-From: Changqing Li <changqing.li@windriver.com>
-Date: Wed, 30 Dec 2020 10:18:51 +0800
-Subject: [PATCH] fixed a incorrect overflow check that could be optimized
- away.
-
-inspired by:
-https://android.googlesource.com/platform/external/libexif/+/8e7345f3bc0bad06ac369d6cbc1124c8ceaf7d4b
-
-https://source.android.com/security/bulletin/2020-11-01
-
-CVE-2020-0452
-
-Upsteam-Status: Backport[https://github.com/libexif/libexif/commit/9266d14b5ca4e29b970fa03272318e5f99386e06]
-CVE: CVE-2020-0452
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
----
- libexif/exif-entry.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/libexif/exif-entry.c b/libexif/exif-entry.c
-index 5de215f..3a6ce84 100644
---- a/libexif/exif-entry.c
-+++ b/libexif/exif-entry.c
-@@ -1371,8 +1371,8 @@ exif_entry_get_value (ExifEntry *e, char *val, unsigned int maxlen)
- {
- unsigned char *utf16;
-
-- /* Sanity check the size to prevent overflow */
-- if (e->size+sizeof(uint16_t)+1 < e->size) break;
-+ /* Sanity check the size to prevent overflow. Note EXIF files are 64kb at most. */
-+ if (e->size >= 65536 - sizeof(uint16_t)*2) break;
-
- /* The tag may not be U+0000-terminated , so make a local
- U+0000-terminated copy before converting it */
---
-2.17.1
-
diff --git a/meta/recipes-support/libexif/libexif_0.6.22.bb b/meta/recipes-support/libexif/libexif_0.6.23.bb
index 9ca96d548c..b33522dfc4 100644
--- a/meta/recipes-support/libexif/libexif_0.6.22.bb
+++ b/meta/recipes-support/libexif/libexif_0.6.23.bb
@@ -10,12 +10,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=243b725d71bb5df4a1e5920b344b86ad"
def version_underscore(v):
return "_".join(v.split("."))
-SRC_URI = "https://github.com/libexif/libexif/releases/download/libexif-${@version_underscore("${PV}")}-release/libexif-${PV}.tar.xz \
- file://CVE-2020-0198.patch \
- file://CVE-2020-0452.patch \
+SRC_URI = "https://github.com/libexif/libexif/releases/download/v${PV}/libexif-${PV}.tar.xz \
"
-SRC_URI[sha256sum] = "5048f1c8fc509cc636c2f97f4b40c293338b6041a5652082d5ee2cf54b530c56"
+SRC_URI[sha256sum] = "a740a99920eb81ae0aa802bb46e683ce6e0cde061c210f5d5bde5b8572380431"
UPSTREAM_CHECK_URI = "https://github.com/libexif/libexif/releases/"
diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.9.3.bb b/meta/recipes-support/libgcrypt/libgcrypt_1.9.4.bb
index dee936dbc4..4bc1dd8512 100644
--- a/meta/recipes-support/libgcrypt/libgcrypt_1.9.3.bb
+++ b/meta/recipes-support/libgcrypt/libgcrypt_1.9.4.bb
@@ -27,7 +27,7 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \
file://0004-tests-Makefile.am-fix-undefined-reference-to-pthread.patch \
file://0001-Makefile.am-add-a-missing-space.patch \
"
-SRC_URI[sha256sum] = "97ebe4f94e2f7e35b752194ce15a0f3c66324e0ff6af26659bbfb5ff2ec328fd"
+SRC_URI[sha256sum] = "ea849c83a72454e3ed4267697e8ca03390aee972ab421e7df69dfe42b65caaf7"
# Below whitelisted CVEs are disputed and not affecting crypto libraries for any distro.
CVE_CHECK_WHITELIST += "CVE-2018-12433 CVE-2018-12438"
diff --git a/meta/recipes-support/libgit2/libgit2_1.1.1.bb b/meta/recipes-support/libgit2/libgit2_1.2.0.bb
index ae30a7a100..6df42e473f 100644
--- a/meta/recipes-support/libgit2/libgit2_1.1.1.bb
+++ b/meta/recipes-support/libgit2/libgit2_1.2.0.bb
@@ -1,12 +1,12 @@
SUMMARY = "the Git linkable library"
HOMEPAGE = "http://libgit2.github.com/"
-LICENSE = "GPL-2.0-with-GCC-exception & MIT"
-LIC_FILES_CHKSUM = "file://COPYING;md5=5b002a195fb7ea2d8d583f07eaff3a8e"
+LICENSE = "GPL-2.0-with-GCC-exception & MIT & openssl"
+LIC_FILES_CHKSUM = "file://COPYING;md5=73fa96e40ce64f79bab087c7e1deeacd"
DEPENDS = "curl openssl zlib libssh2 libgcrypt libpcre2"
-SRC_URI = "git://github.com/libgit2/libgit2.git;branch=maint/v1.1"
-SRCREV = "8a0dc6783c340e61a44c179c48f832165ad2053c"
+SRC_URI = "git://github.com/libgit2/libgit2.git;branch=main"
+SRCREV = "4fd32be01c79a5c003bb47674ac1d76d948518b7"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-support/libical/libical_3.0.10.bb b/meta/recipes-support/libical/libical_3.0.11.bb
index aa5f11e817..b16081e9e2 100644
--- a/meta/recipes-support/libical/libical_3.0.10.bb
+++ b/meta/recipes-support/libical/libical_3.0.11.bb
@@ -14,12 +14,12 @@ SECTION = "libs"
SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BP}.tar.gz \
"
-SRC_URI[sha256sum] = "f933b3e6cf9d56a35bb5625e8e4a9c3a50239a85aea05ed842932c1a1dc336b4"
+SRC_URI[sha256sum] = "1e6c5e10c5a48f7a40c68958055f0e2759d9ab3563aca17273fe35a5df7dbbf1"
UPSTREAM_CHECK_URI = "https://github.com/libical/libical/releases"
inherit cmake pkgconfig
-DEPENDS:append:class-target = "libical-native"
+DEPENDS:append:class-target = " libical-native"
PACKAGECONFIG ??= "icu glib"
PACKAGECONFIG[bdb] = ",-DCMAKE_DISABLE_FIND_PACKAGE_BDB=True,db"
diff --git a/meta/recipes-support/libjitterentropy/libjitterentropy/0001-Makefile-restore-build-reproducibility.patch b/meta/recipes-support/libjitterentropy/libjitterentropy/0001-Makefile-restore-build-reproducibility.patch
new file mode 100644
index 0000000000..3290ff7b18
--- /dev/null
+++ b/meta/recipes-support/libjitterentropy/libjitterentropy/0001-Makefile-restore-build-reproducibility.patch
@@ -0,0 +1,27 @@
+From 905333229103510e9dee2fec29b261ccedb031d0 Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex.kanavin@gmail.com>
+Date: Fri, 20 Aug 2021 19:37:04 +0000
+Subject: [PATCH] Makefile: restore build reproducibility
+
+wildcards result in an unpredictable order, and thus different binary outputs
+in otherwise identical builds.
+
+Upstream-Status: Submitted [https://github.com/smuellerDD/jitterentropy-library/pull/67]
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index 42932d8..dfb96a8 100644
+--- a/Makefile
++++ b/Makefile
+@@ -36,7 +36,7 @@ LIBMINOR=$(shell cat $(SRCDIR)/jitterentropy-base.c | grep define | grep MINVERS
+ LIBPATCH=$(shell cat $(SRCDIR)/jitterentropy-base.c | grep define | grep PATCHLEVEL | awk '{print $$3}')
+ LIBVERSION := $(LIBMAJOR).$(LIBMINOR).$(LIBPATCH)
+
+-C_SRCS := $(wildcard $(SRCDIR)/*.c)
++C_SRCS := $(sort $(wildcard $(SRCDIR)/*.c))
+ C_OBJS := ${C_SRCS:.c=.o}
+ OBJS := $(C_OBJS)
+
diff --git a/meta/recipes-support/libjitterentropy/libjitterentropy_3.0.2.bb b/meta/recipes-support/libjitterentropy/libjitterentropy_3.1.0.bb
index 8e39974ef3..d9fbb5e9d6 100644
--- a/meta/recipes-support/libjitterentropy/libjitterentropy_3.0.2.bb
+++ b/meta/recipes-support/libjitterentropy/libjitterentropy_3.1.0.bb
@@ -4,15 +4,21 @@ It does not depend on any system resource other than a high-resolution time \
stamp. It is a small-scale, yet fast entropy source that is viable in almost \
all environments and on a lot of CPU architectures."
HOMEPAGE = "http://www.chronox.de/jent.html"
-LICENSE = "GPLv2+ | BSD"
-LIC_FILES_CHKSUM = "file://COPYING;md5=c69090e97c8fd6372d03099c0a5bc382 \
- file://COPYING.gplv2;md5=eb723b61539feef013de476e68b5c50a \
- file://COPYING.bsd;md5=66a5cedaf62c4b2637025f049f9b826f \
+LICENSE = "GPLv2+ | BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=1c94a9d191202a5552f381a023551396 \
+ file://LICENSE.gplv2;md5=eb723b61539feef013de476e68b5c50a \
+ file://LICENSE.bsd;md5=66a5cedaf62c4b2637025f049f9b826f \
"
-SRC_URI = "git://github.com/smuellerDD/jitterentropy-library.git"
-SRCREV = "a0c51e21c2d4322681a320a22de5e2ef13c08196"
+SRC_URI = "git://github.com/smuellerDD/jitterentropy-library.git \
+ file://0001-Makefile-restore-build-reproducibility.patch \
+ "
+SRCREV = "409828cfccf4b3b07edc40a7840a821ce074e2c3"
S = "${WORKDIR}/git"
+# remove at next version upgrade or when output changes
+PR = "r1"
+HASHEQUIV_HASH_VERSION .= ".2"
+
do_configure[noexec] = "1"
LDFLAGS += "-Wl,-O0"
diff --git a/meta/recipes-support/libseccomp/files/0001-arch-Add-riscv32-architecture-support.patch b/meta/recipes-support/libseccomp/files/0001-arch-Add-riscv32-architecture-support.patch
index 62bd61fb56..2fd22b1aa2 100644
--- a/meta/recipes-support/libseccomp/files/0001-arch-Add-riscv32-architecture-support.patch
+++ b/meta/recipes-support/libseccomp/files/0001-arch-Add-riscv32-architecture-support.patch
@@ -1,18 +1,18 @@
-From 6d127a0463ea2d7bb5021562678324e28e0407e5 Mon Sep 17 00:00:00 2001
+From e99b00a78acaf80236cba8b3fabaebdb3ef1987b Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Tue, 8 Jun 2021 19:45:34 -0700
-Subject: [PATCH 1/2] arch: Add riscv32 architecture support
+Subject: [PATCH 1/4] arch: Add riscv32 architecture support
Support for rv32 was upstreamed into 5.4+ kernel
-
Upstream-Status: Submitted [https://github.com/seccomp/libseccomp/pull/327]
+
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
CREDITS | 1 +
README.md | 1 +
doc/man/man1/scmp_sys_resolver.1 | 2 +-
doc/man/man3/seccomp_arch_add.3 | 1 +
- include/seccomp-syscalls.h | 31 ++++++++++++++++++
+ include/seccomp-syscalls.h | 32 +++++++++++++++++++
include/seccomp.h.in | 9 ++++++
src/Makefile.am | 1 +
src/arch-riscv32.c | 31 ++++++++++++++++++
@@ -24,7 +24,6 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
src/python/libseccomp.pxd | 1 +
src/python/seccomp.pyx | 2 ++
src/syscalls.c | 1 +
- src/syscalls.csv | 2 +-
src/syscalls.h | 2 ++
src/system.c | 1 +
tests/15-basic-resolver.c | 1 +
@@ -40,12 +39,12 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
tools/scmp_bpf_sim.c | 2 ++
tools/util.c | 6 +++-
tools/util.h | 7 ++++
- 32 files changed, 208 insertions(+), 7 deletions(-)
+ 31 files changed, 208 insertions(+), 6 deletions(-)
create mode 100644 src/arch-riscv32.c
create mode 100644 src/arch-riscv32.h
diff --git a/CREDITS b/CREDITS
-index d6bbc2a..ad2f7e0 100644
+index b685712..c1ffdb3 100644
--- a/CREDITS
+++ b/CREDITS
@@ -33,6 +33,7 @@ John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
@@ -55,9 +54,9 @@ index d6bbc2a..ad2f7e0 100644
+Khem Raj <raj.khem@gmail.com>
Kyle R. Conway <kyle.r.conway@gmail.com>
Kenta Tada <Kenta.Tada@sony.com>
- Luca Bruno <lucab@debian.org>
+ Kir Kolyshkin <kolyshkin@gmail.com>
diff --git a/README.md b/README.md
-index ba02186..2cd718f 100644
+index 579f226..8199a71 100644
--- a/README.md
+++ b/README.md
@@ -54,6 +54,7 @@ The libseccomp library currently supports the architectures listed below:
@@ -67,7 +66,7 @@ index ba02186..2cd718f 100644
+* 32-bit RISC-V (riscv32)
* 32-bit SuperH big endian (sheb)
* 32-bit SuperH (sh)
-
+
diff --git a/doc/man/man1/scmp_sys_resolver.1 b/doc/man/man1/scmp_sys_resolver.1
index 267187b..fc68d18 100644
--- a/doc/man/man1/scmp_sys_resolver.1
@@ -94,93 +93,94 @@ index 7baa21e..8966b3a 100644
.sp
.BI "uint32_t seccomp_arch_resolve_name(const char *" arch_name ");"
diff --git a/include/seccomp-syscalls.h b/include/seccomp-syscalls.h
-index c694db1..c6ea5ca 100644
+index 476f953..4ff814c 100644
--- a/include/seccomp-syscalls.h
+++ b/include/seccomp-syscalls.h
-@@ -275,6 +275,13 @@
- #define __PNR_ppoll -10241
+@@ -276,6 +276,14 @@
#define __PNR_renameat -10242
#define __PNR_riscv_flush_icache -10243
-+#define __PNR_fstat -10244
-+#define __PNR_futex -10245
-+#define __PNR_nanosleep -10246
-+#define __PNR_lseek -10247
-+#define __PNR_clock_gettime -10248
-+#define __PNR_clock_nanosleep -10249
-+#define __PNR_gettimeofday -10250
-
+ #define __PNR_memfd_secret -10244
++#define __PNR_fstat -10245
++#define __PNR_futex -10246
++#define __PNR_nanosleep -10247
++#define __PNR_lseek -10248
++#define __PNR_clock_gettime -10249
++#define __PNR_clock_nanosleep -10250
++#define __PNR_gettimeofday -10251
++#define __PNR_fcntl -10252
+
/*
* libseccomp syscall definitions
-@@ -442,7 +449,11 @@
+@@ -443,7 +451,11 @@
#define __SNR_clock_getres_time64 __PNR_clock_getres_time64
#endif
-
+
+#ifdef __NR_clock_gettime
#define __SNR_clock_gettime __NR_clock_gettime
+#else
+#define __SNR_clock_gettime __PNR_clock_gettime
+#endif
-
+
#ifdef __NR_clock_gettime64
#define __SNR_clock_gettime64 __NR_clock_gettime64
-@@ -450,7 +461,11 @@
+@@ -451,7 +463,11 @@
#define __SNR_clock_gettime64 __PNR_clock_gettime64
#endif
-
+
+#ifdef __NR_clock_nanosleep
#define __SNR_clock_nanosleep __NR_clock_nanosleep
+#else
+#define __SNR_clock_nanosleep __PNR_clock_nanosleep
+#endif
-
+
#ifdef __NR_clock_nanosleep_time64
#define __SNR_clock_nanosleep_time64 __NR_clock_nanosleep_time64
-@@ -710,7 +725,11 @@
+@@ -713,7 +729,11 @@
#define __SNR_ftruncate64 __PNR_ftruncate64
#endif
-
+
+#ifdef __NR_futex
#define __SNR_futex __NR_futex
+#else
+#define __SNR_futex __PNR_futex
+#endif
-
+
#ifdef __NR_futex_time64
#define __SNR_futex_time64 __NR_futex_time64
-@@ -896,7 +915,11 @@
-
+@@ -899,7 +919,11 @@
+
#define __SNR_gettid __NR_gettid
-
+
+#ifdef __NR_gettimeofday
#define __SNR_gettimeofday __NR_gettimeofday
+#else
+#define __SNR_gettimeofday __PNR_gettimeofday
+#endif
-
+
#ifdef __NR_getuid
#define __SNR_getuid __NR_getuid
-@@ -1046,7 +1069,11 @@
-
+@@ -1049,7 +1073,11 @@
+
#define __SNR_lremovexattr __NR_lremovexattr
-
+
+#ifdef __NR_lseek
#define __SNR_lseek __NR_lseek
+#else
+#define __SNR_lseek __PNR_lseek
+#endif
-
+
#define __SNR_lsetxattr __NR_lsetxattr
-
-@@ -1218,7 +1245,11 @@
-
+
+@@ -1227,7 +1255,11 @@
+
#define __SNR_name_to_handle_at __NR_name_to_handle_at
-
+
+#ifdef __NR_nanosleep
#define __SNR_nanosleep __NR_nanosleep
+#else
+#define __SNR_nanosleep __PNR_nanosleep
+#endif
-
+
#ifdef __NR_newfstatat
#define __SNR_newfstatat __NR_newfstatat
diff --git a/include/seccomp.h.in b/include/seccomp.h.in
@@ -201,14 +201,14 @@ index 333a89c..2e911db 100644
+
#define SCMP_ARCH_RISCV64 AUDIT_ARCH_RISCV64
+#define SCMP_ARCH_RISCV32 AUDIT_ARCH_RISCV32
-
+
/**
* The SuperH architecture tokens
diff --git a/src/Makefile.am b/src/Makefile.am
-index 7b59810..7961925 100644
+index 04e7ba5..a30bbc0 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
-@@ -44,6 +44,7 @@ SOURCES_ALL = \
+@@ -40,6 +40,7 @@ SOURCES_ALL = \
arch-ppc.h arch-ppc.c \
arch-ppc64.h arch-ppc64.c \
arch-riscv64.h arch-riscv64.c \
@@ -218,7 +218,7 @@ index 7b59810..7961925 100644
arch-sh.h arch-sh.c \
diff --git a/src/arch-riscv32.c b/src/arch-riscv32.c
new file mode 100644
-index 0000000..53b3126
+index 0000000..10418f4
--- /dev/null
+++ b/src/arch-riscv32.c
@@ -0,0 +1,31 @@
@@ -248,8 +248,8 @@ index 0000000..53b3126
+ .token_bpf = AUDIT_ARCH_RISCV32,
+ .size = ARCH_SIZE_32,
+ .endian = ARCH_ENDIAN_LITTLE,
-+ .syscall_resolve_name = riscv32_syscall_resolve_name,
-+ .syscall_resolve_num = riscv32_syscall_resolve_num,
++ .syscall_resolve_name_raw = riscv32_syscall_resolve_name,
++ .syscall_resolve_num_raw = riscv32_syscall_resolve_num,
+ .syscall_rewrite = NULL,
+ .rule_add = NULL,
+};
@@ -310,7 +310,7 @@ index 68bebef..85c7f3d 100755
@@ -519,6 +519,49 @@ function dump_lib_riscv64() {
dump_lib_arch riscv64 | mangle_lib_syscall riscv64
}
-
+
+#
+# Dump the riscv32 system syscall table
+#
@@ -385,9 +385,9 @@ index 68bebef..85c7f3d 100755
+ abi_list+=" riscv32 riscv64"
abi_list+=" s390 s390x"
abi_list+=" sh"
-
+
diff --git a/src/arch.c b/src/arch.c
-index 6ab922f..acf80af 100644
+index 921e455..07935a9 100644
--- a/src/arch.c
+++ b/src/arch.c
@@ -43,6 +43,7 @@
@@ -453,10 +453,10 @@ index 0629bf1..000d503 100644
SCMP_ARCH_S390X
+ SCMP_ARCH_RISCV32
SCMP_ARCH_RISCV64
-
+
cdef enum scmp_filter_attr:
diff --git a/src/python/seccomp.pyx b/src/python/seccomp.pyx
-index 1a9eb24..c94ad1d 100644
+index 2eeabc1..2895d78 100644
--- a/src/python/seccomp.pyx
+++ b/src/python/seccomp.pyx
@@ -214,6 +214,7 @@ cdef class Arch:
@@ -466,36 +466,29 @@ index 1a9eb24..c94ad1d 100644
+ RISCV32 - 32-bit RISC-V
RISCV64 - 64-bit RISC-V
"""
-
+
@@ -238,6 +239,7 @@ cdef class Arch:
PPC64LE = libseccomp.SCMP_ARCH_PPC64LE
S390 = libseccomp.SCMP_ARCH_S390
S390X = libseccomp.SCMP_ARCH_S390X
+ RISCV32 = libseccomp.SCMP_ARCH_RISCV32
RISCV64 = libseccomp.SCMP_ARCH_RISCV64
-
+
def __cinit__(self, arch=libseccomp.SCMP_ARCH_NATIVE):
diff --git a/src/syscalls.c b/src/syscalls.c
-index ddb84fa..34e08d9 100644
+index faddff0..15952ce 100644
--- a/src/syscalls.c
+++ b/src/syscalls.c
-@@ -55,3 +55,4 @@ ARCH_DEF(sh)
+@@ -59,6 +59,7 @@ ARCH_DEF(sh)
ARCH_DEF(x32)
ARCH_DEF(x86)
ARCH_DEF(riscv64)
+ARCH_DEF(riscv32)
-diff --git a/src/syscalls.csv b/src/syscalls.csv
-index fbd1058..0ee6c15 100644
---- a/src/syscalls.csv
-+++ b/src/syscalls.csv
-@@ -1,4 +1,4 @@
--#syscall (v5.12.0-rc7 2021-04-17),x86,x86_64,x32,arm,aarch64,mips,mips64,mips64n32,parisc,parisc64,ppc,ppc64,riscv64,s390,s390x,sh
-+#syscall (v5.12.0-rc7 2021-04-17),x86,x86_64,x32,arm,aarch64,mips,mips64,mips64n32,parisc,parisc64,ppc,ppc64,riscv32,riscv64,s390,s390x,sh
- accept,PNR,43,43,285,202,168,42,42,35,35,330,330,202,PNR,PNR,344
- accept4,364,288,288,366,242,334,293,297,320,320,344,344,242,364,364,358
- access,33,21,21,33,PNR,33,20,20,33,33,33,33,PNR,33,33,33
+
+ /**
+ * Resolve a syscall name to a number
diff --git a/src/syscalls.h b/src/syscalls.h
-index 4f959af..49887ba 100644
+index 58a788c..c6b5db5 100644
--- a/src/syscalls.h
+++ b/src/syscalls.h
@@ -28,6 +28,7 @@
@@ -503,7 +496,7 @@ index 4f959af..49887ba 100644
#include "arch-x86.h"
#include "arch-riscv64.h"
+#include "arch-riscv32.h"
-
+
/* NOTE: changes to the arch_syscall_table layout may require changes to the
* generate_syscalls_perf.sh and arch-syscall-validate scripts */
@@ -49,6 +50,7 @@ struct arch_syscall_table {
@@ -527,7 +520,7 @@ index ae445bf..063e6be 100644
break;
default:
diff --git a/tests/15-basic-resolver.c b/tests/15-basic-resolver.c
-index 2679270..57092f3 100644
+index c759dd1..fd94dbf 100644
--- a/tests/15-basic-resolver.c
+++ b/tests/15-basic-resolver.c
@@ -45,6 +45,7 @@ unsigned int arch_list[] = {
@@ -536,8 +529,8 @@ index 2679270..57092f3 100644
SCMP_ARCH_PARISC64,
+ SCMP_ARCH_RISCV32,
SCMP_ARCH_RISCV64,
+ SCMP_ARCH_SH,
-1
- };
diff --git a/tests/16-sim-arch_basic.c b/tests/16-sim-arch_basic.c
index 4fcbb5c..662e081 100644
--- a/tests/16-sim-arch_basic.c
@@ -587,7 +580,7 @@ index 08f030c..ec73224 100644
+ rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("riscv32"));
if (rc != 0)
goto out;
-
+
diff --git a/tests/23-sim-arch_all_le_basic.py b/tests/23-sim-arch_all_le_basic.py
index 12bb243..1eebc20 100755
--- a/tests/23-sim-arch_all_le_basic.py
@@ -622,10 +615,10 @@ index 77a5b89..2e860bf 100755
"ppc64le",
+ "riscv32",
"riscv64"]
-
+
def test_arch(arch, init):
diff --git a/tests/regression b/tests/regression
-index 53dab75..2869629 100755
+index d28b848..057ff67 100755
--- a/tests/regression
+++ b/tests/regression
@@ -26,7 +26,7 @@ GLBL_ARCH_LE_SUPPORT=" \
@@ -644,9 +637,9 @@ index 53dab75..2869629 100755
+ riscv32 \
s390 \
sheb sh"
-
-@@ -785,7 +786,7 @@ function run_test_live() {
-
+
+@@ -801,7 +802,7 @@ function run_test_live() {
+
# setup the arch specific return values
case "$arch" in
- x86|x86_64|x32|arm|aarch64|parisc|parisc64|ppc|ppc64|ppc64le|ppc|s390|s390x|riscv64|sh|sheb)
@@ -669,10 +662,10 @@ index b6bd2bb..7789970 100644
printf("unknown\n");
}
diff --git a/tools/scmp_bpf_disasm.c b/tools/scmp_bpf_disasm.c
-index b95cdeb..49a89c7 100644
+index b682de7..4f759fc 100644
--- a/tools/scmp_bpf_disasm.c
+++ b/tools/scmp_bpf_disasm.c
-@@ -510,6 +510,8 @@ int main(int argc, char *argv[])
+@@ -508,6 +508,8 @@ int main(int argc, char *argv[])
arch = AUDIT_ARCH_S390X;
else if (strcmp(optarg, "riscv64") == 0)
arch = AUDIT_ARCH_RISCV64;
@@ -719,7 +712,7 @@ index 6c2ca33..4d16e38 100644
@@ -79,6 +79,13 @@
#define AUDIT_ARCH_RISCV64 (EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
#endif /* AUDIT_ARCH_RISCV64 */
-
+
+#ifndef AUDIT_ARCH_RISCV32
+#ifndef EM_RISCV
+#define EM_RISCV 243
@@ -728,7 +721,8 @@ index 6c2ca33..4d16e38 100644
+#endif /* AUDIT_ARCH_RISCV32 */
+
extern uint32_t arch;
-
+
uint16_t ttoh16(uint32_t arch, uint16_t val);
---
-2.32.0
+--
+2.33.0
+
diff --git a/meta/recipes-support/libseccomp/files/0002-man-Add-RISCV64-to-arch-list.patch b/meta/recipes-support/libseccomp/files/0002-man-Add-RISCV64-to-arch-list.patch
new file mode 100644
index 0000000000..511d4576fc
--- /dev/null
+++ b/meta/recipes-support/libseccomp/files/0002-man-Add-RISCV64-to-arch-list.patch
@@ -0,0 +1,28 @@
+From e016ce3949caf34ee0f8fc6d976c52eb2fb019ce Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 28 Jul 2021 11:03:24 -0700
+Subject: [PATCH 2/4] man: Add RISCV64 to arch list
+
+Upstream-Status: Submitted [https://github.com/seccomp/libseccomp/pull/327]
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ doc/man/man1/scmp_sys_resolver.1 | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/doc/man/man1/scmp_sys_resolver.1 b/doc/man/man1/scmp_sys_resolver.1
+index fc68d18..74d8a8a 100644
+--- a/doc/man/man1/scmp_sys_resolver.1
++++ b/doc/man/man1/scmp_sys_resolver.1
+@@ -36,7 +36,7 @@ The architecture to use for resolving the system call. Valid
+ .I ARCH
+ values are "x86", "x86_64", "x32", "arm", "aarch64", "mips", "mipsel", "mips64",
+ "mipsel64", "mips64n32", "mipsel64n32", "parisc", "parisc64", "ppc", "ppc64",
+-"ppc64le", "riscv32", "s390", "s390x", "sheb" and "sh".
++"ppc64le", "riscv64", "riscv32", "s390", "s390x", "sheb" and "sh".
+ .TP
+ .B \-t
+ If necessary, translate the system call name to the proper system call number,
+--
+2.33.0
+
diff --git a/meta/recipes-support/libseccomp/files/0002-Regenerate-syscall-cvs-file-from-5.13-rc5-kernel.patch b/meta/recipes-support/libseccomp/files/0003-syscalls-update-the-syscall-defs-for-Linux-v5.15.0-r.patch
index 7ca861a7b2..150d9bd3a7 100644
--- a/meta/recipes-support/libseccomp/files/0002-Regenerate-syscall-cvs-file-from-5.13-rc5-kernel.patch
+++ b/meta/recipes-support/libseccomp/files/0003-syscalls-update-the-syscall-defs-for-Linux-v5.15.0-r.patch
@@ -1,46 +1,22 @@
-From ee4aba3f59b4bf52a74cb3917e64c704250de8ef Mon Sep 17 00:00:00 2001
+From 54d8136679f4a1238397f7b7a8b3e8cf4626f018 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
-Date: Tue, 8 Jun 2021 20:42:19 -0700
-Subject: [PATCH 2/2] Regenerate syscall cvs file from 5.13-rc5 kernel
+Date: Thu, 30 Sep 2021 21:35:15 -0700
+Subject: [PATCH 3/4] syscalls: update the syscall defs for Linux v5.15.0-rc3
+Include RISCV32 arch as well
Upstream-Status: Submitted [https://github.com/seccomp/libseccomp/pull/327]
+
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
- include/seccomp-syscalls.h | 7 +
- src/syscalls.csv | 952 +++++++++++++++++++------------------
- 2 files changed, 485 insertions(+), 474 deletions(-)
-
-diff --git a/include/seccomp-syscalls.h b/include/seccomp-syscalls.h
-index c6ea5ca..b7651bf 100644
---- a/include/seccomp-syscalls.h
-+++ b/include/seccomp-syscalls.h
-@@ -282,6 +282,7 @@
- #define __PNR_clock_gettime -10248
- #define __PNR_clock_nanosleep -10249
- #define __PNR_gettimeofday -10250
-+#define __PNR_quotactl_path -10251
+ src/syscalls.csv | 959 ++++++++++++++++++++++++-----------------------
+ 1 file changed, 480 insertions(+), 479 deletions(-)
- /*
- * libseccomp syscall definitions
-@@ -1547,6 +1548,12 @@
- #define __SNR_riscv_flush_icache __PNR_riscv_flush_icache
- #endif
-
-+#ifdef __NR_quotactl_path
-+#define __SNR_quotactl_path __NR_quotactl_path
-+#else
-+#define __SNR_quotactl_path __PNR_quotactl_path
-+#endif
-+
- #ifdef __NR_rmdir
- #define __SNR_rmdir __NR_rmdir
- #else
diff --git a/src/syscalls.csv b/src/syscalls.csv
-index 0ee6c15..eec8d21 100644
+index 5bd0c9f..37ddb3d 100644
--- a/src/syscalls.csv
+++ b/src/syscalls.csv
-@@ -1,474 +1,478 @@
--#syscall (v5.12.0-rc7 2021-04-17),x86,x86_64,x32,arm,aarch64,mips,mips64,mips64n32,parisc,parisc64,ppc,ppc64,riscv32,riscv64,s390,s390x,sh
+@@ -1,479 +1,480 @@
+-#syscall (v5.14.0-rc7 2021-08-23),x86,x86_64,x32,arm,aarch64,mips,mips64,mips64n32,parisc,parisc64,ppc,ppc64,riscv64,s390,s390x,sh
-accept,PNR,43,43,285,202,168,42,42,35,35,330,330,202,PNR,PNR,344
-accept4,364,288,288,366,242,334,293,297,320,320,344,344,242,364,364,358
-access,33,21,21,33,PNR,33,20,20,33,33,33,33,PNR,33,33,33
@@ -210,6 +186,9 @@ index 0ee6c15..eec8d21 100644
-kexec_load,283,246,528,347,104,311,270,274,300,300,268,268,104,277,277,283
-keyctl,288,250,250,311,219,282,241,245,266,266,271,271,219,280,280,287
-kill,37,62,62,37,129,37,60,60,37,37,37,37,129,37,37,37
+-landlock_add_rule,445,445,445,445,445,445,445,445,445,445,445,445,445,445,445,445
+-landlock_create_ruleset,444,444,444,444,444,444,444,444,444,444,444,444,444,444,444,444
+-landlock_restrict_self,446,446,446,446,446,446,446,446,446,446,446,446,446,446,446,446
-lchown,16,94,94,16,PNR,16,92,92,16,16,16,16,PNR,16,198,16
-lchown32,198,PNR,PNR,198,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,198,PNR,198
-lgetxattr,230,192,192,230,9,228,184,184,242,242,213,213,9,228,228,230
@@ -230,6 +209,7 @@ index 0ee6c15..eec8d21 100644
-mbind,274,237,237,319,235,268,227,231,260,260,259,259,235,268,268,274
-membarrier,375,324,324,389,283,358,318,322,343,343,365,365,283,356,356,378
-memfd_create,356,319,319,385,279,354,314,318,340,340,360,360,279,350,350,374
+-memfd_secret,447,447,447,PNR,447,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR
-migrate_pages,294,256,256,400,238,287,246,250,272,272,258,258,238,287,287,294
-mincore,218,27,27,219,232,217,26,26,72,72,206,206,232,218,218,218
-mkdir,39,83,83,39,PNR,39,81,81,39,39,39,39,PNR,39,39,39
@@ -319,6 +299,7 @@ index 0ee6c15..eec8d21 100644
-pwritev2,379,328,547,393,287,362,322,326,348,348,381,381,287,377,377,382
-query_module,167,178,PNR,PNR,PNR,187,171,171,PNR,PNR,166,166,PNR,167,167,PNR
-quotactl,131,179,179,131,60,131,172,172,131,131,131,131,60,131,131,131
+-quotactl_fd,443,443,443,443,443,443,443,443,443,443,443,443,443,443,443,443
-read,3,0,0,3,63,3,0,0,3,3,3,3,63,3,3,3
-readahead,225,187,187,225,213,223,179,179,207,207,191,191,213,222,222,225
-readdir,89,PNR,PNR,PNR,PNR,89,PNR,PNR,PNR,PNR,89,89,PNR,89,89,89
@@ -514,7 +495,7 @@ index 0ee6c15..eec8d21 100644
-waitpid,7,PNR,PNR,PNR,PNR,7,PNR,PNR,7,7,7,7,PNR,PNR,PNR,7
-write,4,1,1,4,64,4,1,1,4,4,4,4,64,4,4,4
-writev,146,20,516,146,66,146,19,19,146,146,146,146,66,146,146,146
-+#syscall (v5.13.0-rc5 2021-06-09),x86,x86_64,x32,arm,aarch64,mips,mips64,mips64n32,parisc,parisc64,ppc,ppc64,riscv32,riscv64,s390,s390x,sh
++#syscall (v5.15.0-rc3 2021-10-01),x86,x86_64,x32,arm,aarch64,mips,mips64,mips64n32,parisc,parisc64,ppc,ppc64,riscv32,riscv64,s390,s390x,sh
+accept,PNR,43,43,285,202,168,42,42,35,35,330,330,202,202,PNR,PNR,344
+accept4,364,288,288,366,242,334,293,297,320,320,344,344,242,242,364,364,358
+access,33,21,21,33,PNR,33,20,20,33,33,33,33,PNR,PNR,33,33,33
@@ -707,6 +688,7 @@ index 0ee6c15..eec8d21 100644
+mbind,274,237,237,319,235,268,227,231,260,260,259,259,235,235,268,268,274
+membarrier,375,324,324,389,283,358,318,322,343,343,365,365,283,283,356,356,378
+memfd_create,356,319,319,385,279,354,314,318,340,340,360,360,279,279,350,350,374
++memfd_secret,447,447,447,PNR,447,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR,PNR
+migrate_pages,294,256,256,400,238,287,246,250,272,272,258,258,238,238,287,287,294
+mincore,218,27,27,219,232,217,26,26,72,72,206,206,232,232,218,218,218
+mkdir,39,83,83,39,PNR,39,81,81,39,39,39,39,PNR,PNR,39,39,39
@@ -783,6 +765,7 @@ index 0ee6c15..eec8d21 100644
+preadv2,378,327,546,392,286,361,321,325,347,347,380,380,286,286,376,376,381
+prlimit64,340,302,302,369,261,338,297,302,321,321,325,325,261,261,334,334,339
+process_madvise,440,440,440,440,440,440,440,440,440,440,440,440,440,440,440,440,440
++process_mrelease,448,448,448,448,448,448,448,448,448,448,448,448,448,448,448,448,448
+process_vm_readv,347,310,539,376,270,345,304,309,330,330,351,351,270,270,340,340,365
+process_vm_writev,348,311,540,377,271,346,305,310,331,331,352,352,271,271,341,341,366
+prof,44,PNR,PNR,PNR,PNR,44,PNR,PNR,PNR,PNR,44,44,PNR,PNR,PNR,PNR,PNR
@@ -796,7 +779,7 @@ index 0ee6c15..eec8d21 100644
+pwritev2,379,328,547,393,287,362,322,326,348,348,381,381,287,287,377,377,382
+query_module,167,178,PNR,PNR,PNR,187,171,171,PNR,PNR,166,166,PNR,PNR,167,167,PNR
+quotactl,131,179,179,131,60,131,172,172,131,131,131,131,60,60,131,131,131
-+quotactl_path,PNR,PNR,PNR,PNR,443,PNR,PNR,PNR,PNR,PNR,PNR,PNR,443,443,PNR,PNR,PNR
++quotactl_fd,443,443,443,443,443,443,443,443,443,443,443,443,443,443,443,443,443
+read,3,0,0,3,63,3,0,0,3,3,3,3,63,63,3,3,3
+readahead,225,187,187,225,213,223,179,179,207,207,191,191,213,213,222,222,225
+readdir,89,PNR,PNR,PNR,PNR,89,PNR,PNR,PNR,PNR,89,89,PNR,PNR,89,89,89
@@ -992,5 +975,6 @@ index 0ee6c15..eec8d21 100644
+waitpid,7,PNR,PNR,PNR,PNR,7,PNR,PNR,7,7,7,7,PNR,PNR,PNR,PNR,7
+write,4,1,1,4,64,4,1,1,4,4,4,4,64,64,4,4,4
+writev,146,20,516,146,66,146,19,19,146,146,146,146,66,66,146,146,146
---
-2.32.0
+--
+2.33.0
+
diff --git a/meta/recipes-support/libseccomp/files/0004-syscalls-Add-quotactl_path.patch b/meta/recipes-support/libseccomp/files/0004-syscalls-Add-quotactl_path.patch
new file mode 100644
index 0000000000..bedf74844e
--- /dev/null
+++ b/meta/recipes-support/libseccomp/files/0004-syscalls-Add-quotactl_path.patch
@@ -0,0 +1,40 @@
+From d59e03b5a82b3e0debc3a3c77270bd160f4309f9 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Tue, 8 Jun 2021 20:42:19 -0700
+Subject: [PATCH 4/4] syscalls: Add quotactl_path
+
+Upstream-Status: Submitted [https://github.com/seccomp/libseccomp/pull/327]
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ include/seccomp-syscalls.h | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/include/seccomp-syscalls.h b/include/seccomp-syscalls.h
+index 4ff814c..dd347d3 100644
+--- a/include/seccomp-syscalls.h
++++ b/include/seccomp-syscalls.h
+@@ -284,6 +284,7 @@
+ #define __PNR_clock_nanosleep -10250
+ #define __PNR_gettimeofday -10251
+ #define __PNR_fcntl -10252
++#define __PNR_quotactl_path -10253
+
+ /*
+ * libseccomp syscall definitions
+@@ -1557,6 +1558,12 @@
+ #define __SNR_riscv_flush_icache __PNR_riscv_flush_icache
+ #endif
+
++#ifdef __NR_quotactl_path
++#define __SNR_quotactl_path __NR_quotactl_path
++#else
++#define __SNR_quotactl_path __PNR_quotactl_path
++#endif
++
+ #ifdef __NR_rmdir
+ #define __SNR_rmdir __NR_rmdir
+ #else
+--
+2.33.0
+
diff --git a/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb b/meta/recipes-support/libseccomp/libseccomp_2.5.2.bb
index 74bface4a1..3ec6f135c5 100644
--- a/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
+++ b/meta/recipes-support/libseccomp/libseccomp_2.5.2.bb
@@ -8,12 +8,14 @@ LIC_FILES_CHKSUM = "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357c
DEPENDS += "gperf-native"
PV .= "+git${SRCPV}"
-SRCREV = "5822e50c2920ce597d038077dea4a0eedf193f86"
+SRCREV = "2457dec1a90101d720e89e8027376742e2f3c327"
SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=main \
file://0001-configure.ac-Bump-version-to-2.5.99.patch \
file://0001-arch-Add-riscv32-architecture-support.patch \
- file://0002-Regenerate-syscall-cvs-file-from-5.13-rc5-kernel.patch \
+ file://0002-man-Add-RISCV64-to-arch-list.patch \
+ file://0003-syscalls-update-the-syscall-defs-for-Linux-v5.15.0-r.patch \
+ file://0004-syscalls-Add-quotactl_path.patch \
file://run-ptest \
"
diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.72.0.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.72.0.bb
index 3149896466..351bc9de73 100644
--- a/meta/recipes-support/libsoup/libsoup-2.4_2.72.0.bb
+++ b/meta/recipes-support/libsoup/libsoup-2.4_2.72.0.bb
@@ -7,7 +7,7 @@ SECTION = "x11/gnome/libs"
LICENSE = "LGPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2"
-DEPENDS = "glib-2.0 glib-2.0-native libxml2 sqlite3 intltool-native libpsl"
+DEPENDS = "glib-2.0 glib-2.0-native libxml2 sqlite3 libpsl"
SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"
@@ -20,6 +20,8 @@ S = "${WORKDIR}/libsoup-${PV}"
inherit meson gettext pkgconfig upstream-version-is-even gobject-introspection gtk-doc
+UPSTREAM_CHECK_REGEX = "libsoup-(?P<pver>2(\.(?!99)\d+)+)\.tar"
+
GIR_MESON_ENABLE_FLAG = 'enabled'
GIR_MESON_DISABLE_FLAG = 'disabled'
diff --git a/meta/recipes-support/libsoup/libsoup_3.0.1.bb b/meta/recipes-support/libsoup/libsoup_3.0.1.bb
new file mode 100644
index 0000000000..1e4d3b272b
--- /dev/null
+++ b/meta/recipes-support/libsoup/libsoup_3.0.1.bb
@@ -0,0 +1,44 @@
+SUMMARY = "An HTTP library implementation in C"
+DESCRIPTION = "libsoup is an HTTP client/server library for GNOME. It uses GObjects \
+and the glib main loop, to integrate well with GNOME applications."
+HOMEPAGE = "https://wiki.gnome.org/Projects/libsoup"
+BUGTRACKER = "https://bugzilla.gnome.org/"
+SECTION = "x11/gnome/libs"
+LICENSE = "LGPLv2"
+LIC_FILES_CHKSUM = "file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2"
+
+DEPENDS = "glib-2.0 glib-2.0-native libxml2 sqlite3 libpsl nghttp2"
+
+SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"
+
+SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz"
+SRC_URI[sha256sum] = "6f0c316d10f8458b96f564c7644be3c2011bd75ad5054c8db26afb0c9a91bc47"
+
+PROVIDES = "libsoup-3.0"
+CVE_PRODUCT = "libsoup"
+
+S = "${WORKDIR}/libsoup-${PV}"
+
+inherit meson gettext pkgconfig upstream-version-is-even gobject-introspection gtk-doc
+
+GIR_MESON_ENABLE_FLAG = 'enabled'
+GIR_MESON_DISABLE_FLAG = 'disabled'
+
+# libsoup-gnome is entirely deprecated and just stubs in 2.42 onwards. Disable by default.
+PACKAGECONFIG ??= ""
+PACKAGECONFIG[gssapi] = "-Dgssapi=enabled,-Dgssapi=disabled,krb5"
+
+EXTRA_OEMESON:append = " -Dvapi=disabled -Dtls_check=false"
+
+GTKDOC_MESON_OPTION = "gtk_doc"
+
+# When built without gnome support, libsoup will contain only one shared lib
+# and will therefore become subject to renaming by debian.bbclass. Prevent
+# renaming in order to keep the package name consistent regardless of whether
+# gnome support is enabled or disabled.
+DEBIAN_NOAUTONAME:${PN} = "1"
+
+# glib-networking is needed for SSL, proxies, etc.
+RRECOMMENDS:${PN} = "glib-networking"
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-support/libssh2/files/0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch b/meta/recipes-support/libssh2/files/0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch
index 5ff9bf8462..b1204e49eb 100644
--- a/meta/recipes-support/libssh2/files/0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch
+++ b/meta/recipes-support/libssh2/files/0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch
@@ -1,4 +1,4 @@
-From f9e3e2ee7b18ba5bb8efe083171f3e701eb0a663 Mon Sep 17 00:00:00 2001
+From f6abce5ba41a412a247250dcd80e387e53474466 Mon Sep 17 00:00:00 2001
From: Your Name <you@example.com>
Date: Mon, 28 Dec 2020 02:08:03 +0000
Subject: [PATCH] Don't let host enviroment to decide if a test is build
@@ -9,6 +9,7 @@ don't use SSHD on host to decide weither to build a test
Upstream-Status: Inappropriate[oe specific]
Signed-off-by: Changqing Li <changqing.li@windriver.com>
+
---
tests/Makefile.am | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
@@ -41,6 +42,3 @@ index dc0922f..6cbc35d 100644
-endif
\ No newline at end of file
+endif
---
-2.20.1
-
diff --git a/meta/recipes-support/libssh2/files/0001-configure-Conditionally-undefine-backend-m4-macro.patch b/meta/recipes-support/libssh2/files/0001-configure-Conditionally-undefine-backend-m4-macro.patch
deleted file mode 100644
index 1128c7ea0c..0000000000
--- a/meta/recipes-support/libssh2/files/0001-configure-Conditionally-undefine-backend-m4-macro.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From efe7101786193eaddb749c0583af6b54aec6f289 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Tue, 2 Feb 2021 18:45:16 -0800
-Subject: [PATCH] configure: Conditionally undefine backend m4 macro
-
-Unlike the M4 builtin, this macro fails if macro is not defined
-therefore recover the behavior of the builtin.
-
-Upstream-Status: Pending
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index fe5054a..758f8c2 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -127,7 +127,7 @@ fi
- m4_set_foreach([crypto_backends], [backend],
- [AM_CONDITIONAL(m4_toupper(backend), test "$found_crypto" = "backend")]
- )
--m4_undefine([backend])
-+m4_ifdef([backend], [m4_undefine([backend])])
-
-
- # libz
---
-2.30.0
-
diff --git a/meta/recipes-support/libssh2/files/0001-kex.c-move-EC-macro-outside-of-if-check-549-550.patch b/meta/recipes-support/libssh2/files/0001-kex.c-move-EC-macro-outside-of-if-check-549-550.patch
deleted file mode 100644
index b331c1bf81..0000000000
--- a/meta/recipes-support/libssh2/files/0001-kex.c-move-EC-macro-outside-of-if-check-549-550.patch
+++ /dev/null
@@ -1,112 +0,0 @@
-From 1f76151c92e1b52e9c24ebf06adc77fbd6c062bc Mon Sep 17 00:00:00 2001
-From: Will Cosgrove <will@panic.com>
-Date: Tue, 26 Jan 2021 11:41:21 -0800
-Subject: [PATCH] kex.c: move EC macro outside of if check #549 (#550)
-
-File: kex.c
-
-Notes:
-Moved the macro LIBSSH2_KEX_METHOD_EC_SHA_HASH_CREATE_VERIFY outside of the LIBSSH2_ECDSA since it's also now used by the ED25519 code.
-
-Sha 256, 384 and 512 need to be defined for all backends now even if they aren't used directly. I believe this is already the case, but just a heads up.
-
-Credit:
-Stefan-Ghinea
-
-Upstream-Status: Backport
-
-Reference to upstream patch:
-https://github.com/libssh2/libssh2/commit/1f76151c92e1b52e9c24ebf06adc77fbd6c062bc
-
-Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
----
- src/kex.c | 66 +++++++++++++++++++++++++++----------------------------
- 1 file changed, 33 insertions(+), 33 deletions(-)
-
-diff --git a/src/kex.c b/src/kex.c
-index cb16639..19ab6ec 100644
---- a/src/kex.c
-+++ b/src/kex.c
-@@ -1885,39 +1885,6 @@ kex_method_diffie_hellman_group_exchange_sha256_key_exchange
- }
-
-
--#if LIBSSH2_ECDSA
--
--/* kex_session_ecdh_curve_type
-- * returns the EC curve type by name used in key exchange
-- */
--
--static int
--kex_session_ecdh_curve_type(const char *name, libssh2_curve_type *out_type)
--{
-- int ret = 0;
-- libssh2_curve_type type;
--
-- if(name == NULL)
-- return -1;
--
-- if(strcmp(name, "ecdh-sha2-nistp256") == 0)
-- type = LIBSSH2_EC_CURVE_NISTP256;
-- else if(strcmp(name, "ecdh-sha2-nistp384") == 0)
-- type = LIBSSH2_EC_CURVE_NISTP384;
-- else if(strcmp(name, "ecdh-sha2-nistp521") == 0)
-- type = LIBSSH2_EC_CURVE_NISTP521;
-- else {
-- ret = -1;
-- }
--
-- if(ret == 0 && out_type) {
-- *out_type = type;
-- }
--
-- return ret;
--}
--
--
- /* LIBSSH2_KEX_METHOD_EC_SHA_HASH_CREATE_VERIFY
- *
- * Macro that create and verifies EC SHA hash with a given digest bytes
-@@ -2027,6 +1994,39 @@ kex_session_ecdh_curve_type(const char *name, libssh2_curve_type *out_type)
- } \
-
-
-+#if LIBSSH2_ECDSA
-+
-+/* kex_session_ecdh_curve_type
-+ * returns the EC curve type by name used in key exchange
-+ */
-+
-+static int
-+kex_session_ecdh_curve_type(const char *name, libssh2_curve_type *out_type)
-+{
-+ int ret = 0;
-+ libssh2_curve_type type;
-+
-+ if(name == NULL)
-+ return -1;
-+
-+ if(strcmp(name, "ecdh-sha2-nistp256") == 0)
-+ type = LIBSSH2_EC_CURVE_NISTP256;
-+ else if(strcmp(name, "ecdh-sha2-nistp384") == 0)
-+ type = LIBSSH2_EC_CURVE_NISTP384;
-+ else if(strcmp(name, "ecdh-sha2-nistp521") == 0)
-+ type = LIBSSH2_EC_CURVE_NISTP521;
-+ else {
-+ ret = -1;
-+ }
-+
-+ if(ret == 0 && out_type) {
-+ *out_type = type;
-+ }
-+
-+ return ret;
-+}
-+
-+
- /* ecdh_sha2_nistp
- * Elliptic Curve Diffie Hellman Key Exchange
- */
---
-2.17.1
-
diff --git a/meta/recipes-support/libssh2/files/CVE-2019-17498.patch b/meta/recipes-support/libssh2/files/CVE-2019-17498.patch
deleted file mode 100644
index 001080072b..0000000000
--- a/meta/recipes-support/libssh2/files/CVE-2019-17498.patch
+++ /dev/null
@@ -1,131 +0,0 @@
-From dedcbd106f8e52d5586b0205bc7677e4c9868f9c Mon Sep 17 00:00:00 2001
-From: Will Cosgrove <will@panic.com>
-Date: Fri, 30 Aug 2019 09:57:38 -0700
-Subject: [PATCH] packet.c: improve message parsing (#402)
-
-* packet.c: improve parsing of packets
-
-file: packet.c
-
-notes:
-Use _libssh2_get_string API in SSH_MSG_DEBUG/SSH_MSG_DISCONNECT. Additional uint32 bounds check in SSH_MSG_GLOBAL_REQUEST.
-
-Upstream-Status: Backport
-CVE: CVE-2019-17498
-Signed-off-by: Li Zhou <li.zhou@windriver.com>
----
- src/packet.c | 68 ++++++++++++++++++++++------------------------------
- 1 file changed, 29 insertions(+), 39 deletions(-)
-
-diff --git a/src/packet.c b/src/packet.c
-index 38ab629..2e01bfc 100644
---- a/src/packet.c
-+++ b/src/packet.c
-@@ -419,8 +419,8 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
- size_t datalen, int macstate)
- {
- int rc = 0;
-- char *message = NULL;
-- char *language = NULL;
-+ unsigned char *message = NULL;
-+ unsigned char *language = NULL;
- size_t message_len = 0;
- size_t language_len = 0;
- LIBSSH2_CHANNEL *channelp = NULL;
-@@ -472,33 +472,23 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
-
- case SSH_MSG_DISCONNECT:
- if(datalen >= 5) {
-- size_t reason = _libssh2_ntohu32(data + 1);
-+ uint32_t reason = 0;
-+ struct string_buf buf;
-+ buf.data = (unsigned char *)data;
-+ buf.dataptr = buf.data;
-+ buf.len = datalen;
-+ buf.dataptr++; /* advance past type */
-
-- if(datalen >= 9) {
-- message_len = _libssh2_ntohu32(data + 5);
-+ _libssh2_get_u32(&buf, &reason);
-+ _libssh2_get_string(&buf, &message, &message_len);
-+ _libssh2_get_string(&buf, &language, &language_len);
-
-- if(message_len < datalen-13) {
-- /* 9 = packet_type(1) + reason(4) + message_len(4) */
-- message = (char *) data + 9;
--
-- language_len =
-- _libssh2_ntohu32(data + 9 + message_len);
-- language = (char *) data + 9 + message_len + 4;
--
-- if(language_len > (datalen-13-message_len)) {
-- /* bad input, clear info */
-- language = message = NULL;
-- language_len = message_len = 0;
-- }
-- }
-- else
-- /* bad size, clear it */
-- message_len = 0;
-- }
- if(session->ssh_msg_disconnect) {
-- LIBSSH2_DISCONNECT(session, reason, message,
-- message_len, language, language_len);
-+ LIBSSH2_DISCONNECT(session, reason, (const char *)message,
-+ message_len, (const char *)language,
-+ language_len);
- }
-+
- _libssh2_debug(session, LIBSSH2_TRACE_TRANS,
- "Disconnect(%d): %s(%s)", reason,
- message, language);
-@@ -539,24 +529,24 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
- int always_display = data[1];
-
- if(datalen >= 6) {
-- message_len = _libssh2_ntohu32(data + 2);
--
-- if(message_len <= (datalen - 10)) {
-- /* 6 = packet_type(1) + display(1) + message_len(4) */
-- message = (char *) data + 6;
-- language_len = _libssh2_ntohu32(data + 6 +
-- message_len);
--
-- if(language_len <= (datalen - 10 - message_len))
-- language = (char *) data + 10 + message_len;
-- }
-+ struct string_buf buf;
-+ buf.data = (unsigned char *)data;
-+ buf.dataptr = buf.data;
-+ buf.len = datalen;
-+ buf.dataptr += 2; /* advance past type & always display */
-+
-+ _libssh2_get_string(&buf, &message, &message_len);
-+ _libssh2_get_string(&buf, &language, &language_len);
- }
-
- if(session->ssh_msg_debug) {
-- LIBSSH2_DEBUG(session, always_display, message,
-- message_len, language, language_len);
-+ LIBSSH2_DEBUG(session, always_display,
-+ (const char *)message,
-+ message_len, (const char *)language,
-+ language_len);
- }
- }
-+
- /*
- * _libssh2_debug will actually truncate this for us so
- * that it's not an inordinate about of data
-@@ -579,7 +569,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
- uint32_t len = 0;
- unsigned char want_reply = 0;
- len = _libssh2_ntohu32(data + 1);
-- if(datalen >= (6 + len)) {
-+ if((len <= (UINT_MAX - 6)) && (datalen >= (6 + len))) {
- want_reply = data[5 + len];
- _libssh2_debug(session,
- LIBSSH2_TRACE_CONN,
---
-2.17.1
-
diff --git a/meta/recipes-support/libssh2/libssh2_1.9.0.bb b/meta/recipes-support/libssh2/libssh2_1.10.0.bb
index 9ae736d25a..072d6819c0 100644
--- a/meta/recipes-support/libssh2/libssh2_1.9.0.bb
+++ b/meta/recipes-support/libssh2/libssh2_1.10.0.bb
@@ -5,19 +5,15 @@ SECTION = "libs"
DEPENDS = "zlib"
LICENSE = "BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://COPYING;md5=c5cf34fc0acb44b082ef50ef5e4354ca"
+LIC_FILES_CHKSUM = "file://COPYING;md5=3e089ad0cf27edf1e7f261dfcd06acc7"
SRC_URI = "http://www.libssh2.org/download/${BP}.tar.gz \
- file://CVE-2019-17498.patch \
- file://0001-configure-Conditionally-undefine-backend-m4-macro.patch \
file://run-ptest \
- file://0001-kex.c-move-EC-macro-outside-of-if-check-549-550.patch \
-"
+ "
-SRC_URI:append_ptest = " file://0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch"
+SRC_URI:append:ptest = " file://0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch"
-SRC_URI[md5sum] = "1beefafe8963982adc84b408b2959927"
-SRC_URI[sha256sum] = "d5fb8bd563305fd1074dda90bd053fb2d29fc4bce048d182f96eaa466dfadafd"
+SRC_URI[sha256sum] = "2d64e90f3ded394b91d3a2e774ca203a4179f69aebee03003e5a6fa621e41d51"
inherit autotools pkgconfig ptest
diff --git a/meta/recipes-support/lz4/files/CVE-2021-3520.patch b/meta/recipes-support/lz4/files/CVE-2021-3520.patch
new file mode 100644
index 0000000000..5ac8f6691f
--- /dev/null
+++ b/meta/recipes-support/lz4/files/CVE-2021-3520.patch
@@ -0,0 +1,27 @@
+From 8301a21773ef61656225e264f4f06ae14462bca7 Mon Sep 17 00:00:00 2001
+From: Jasper Lievisse Adriaanse <j@jasper.la>
+Date: Fri, 26 Feb 2021 15:21:20 +0100
+Subject: [PATCH] Fix potential memory corruption with negative memmove() size
+
+Upstream-Status: Backport
+https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7#diff-7055e9cf14c488aea9837aaf9f528b58ee3c22988d7d0d81d172ec62d94a88a7
+CVE: CVE-2021-3520
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ lib/lz4.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: git/lib/lz4.c
+===================================================================
+--- git.orig/lib/lz4.c
++++ git/lib/lz4.c
+@@ -1665,7 +1665,7 @@ LZ4_decompress_generic(
+ const size_t dictSize /* note : = 0 if noDict */
+ )
+ {
+- if (src == NULL) { return -1; }
++ if ((src == NULL) || (outputSize < 0)) { return -1; }
+
+ { const BYTE* ip = (const BYTE*) src;
+ const BYTE* const iend = ip + srcSize;
diff --git a/meta/recipes-support/lz4/files/run-ptest b/meta/recipes-support/lz4/files/run-ptest
deleted file mode 100644
index d3bfc49f1c..0000000000
--- a/meta/recipes-support/lz4/files/run-ptest
+++ /dev/null
@@ -1,43 +0,0 @@
-#!/bin/sh
-cd testsuite
-
-echo -n "---- test-lz4 ----"
-make -C tests test-lz4 > /dev/null 2>&1
-
-if [ $? -eq 0 ]; then
- echo "PASS"
-else
- echo "FAIL"
-fi
-
-echo -n "---- test-fasttest ----"
-make -C tests test-fasttest > /dev/null 2>&1
-if [ $? -eq 0 ]; then
- echo "PASS"
-else
- echo "FAIL"
-fi
-
-echo -n "---- test-frametest ----"
-make -C tests test-frametest > /dev/null 2>&1
-if [ $? -eq 0 ]; then
- echo "PASS"
-else
- echo "FAIL"
-fi
-
-echo -n "---- test-fullbench ----"
-make -C tests test-fullbench > /dev/null 2>&1
-if [ $? -eq 0 ]; then
- echo "PASS"
-else
- echo "FAIL"
-fi
-
-echo -n "---- test-fuzzer ----"
-make -C tests test-fuzzer > /dev/null 2>&1
-if [ $? -eq 0 ]; then
- echo "PASS"
-else
- echo "FAIL"
-fi
diff --git a/meta/recipes-support/lz4/lz4_1.9.3.bb b/meta/recipes-support/lz4/lz4_1.9.3.bb
index 3905ef7dbc..b22eea3156 100644
--- a/meta/recipes-support/lz4/lz4_1.9.3.bb
+++ b/meta/recipes-support/lz4/lz4_1.9.3.bb
@@ -2,7 +2,7 @@ SUMMARY = "Extremely Fast Compression algorithm"
DESCRIPTION = "LZ4 is a very fast lossless compression algorithm, providing compression speed at 400 MB/s per core, scalable with multi-cores CPU. It also features an extremely fast decoder, with speed in multiple GB/s per core, typically reaching RAM speed limits on multi-core systems."
HOMEPAGE = "https://github.com/lz4/lz4"
-LICENSE = "BSD | BSD-2-Clause | GPL-2.0"
+LICENSE = "BSD-2-Clause | GPL-2.0"
LIC_FILES_CHKSUM = "file://lib/LICENSE;md5=ebc2ea4814a64de7708f1571904b32cc \
file://programs/COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
file://LICENSE;md5=d57c0d21cb917fb4e0af2454aa48b956 \
@@ -13,7 +13,7 @@ PE = "1"
SRCREV = "d44371841a2f1728a3f36839fd4b7e872d0927d3"
SRC_URI = "git://github.com/lz4/lz4.git;branch=release \
- file://run-ptest \
+ file://CVE-2021-3520.patch \
"
UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>.*)"
diff --git a/meta/recipes-support/lzo/lzo_2.10.bb b/meta/recipes-support/lzo/lzo_2.10.bb
index 85b14b3c5c..f0c8631aea 100644
--- a/meta/recipes-support/lzo/lzo_2.10.bb
+++ b/meta/recipes-support/lzo/lzo_2.10.bb
@@ -18,6 +18,8 @@ SRC_URI[sha256sum] = "c0f892943208266f9b6543b3ae308fab6284c5c90e627931446fb49b42
inherit autotools ptest
+CVE_PRODUCT = "lzo oberhumer:lzo2"
+
EXTRA_OECONF = "--enable-shared"
do_install_ptest() {
diff --git a/meta/recipes-support/nghttp2/nghttp2/0001-fetch-ocsp-response-use-python3.patch b/meta/recipes-support/nghttp2/nghttp2/0001-fetch-ocsp-response-use-python3.patch
new file mode 100644
index 0000000000..e4db09638f
--- /dev/null
+++ b/meta/recipes-support/nghttp2/nghttp2/0001-fetch-ocsp-response-use-python3.patch
@@ -0,0 +1,27 @@
+From 73ec79432fc557a8be4f1500982b1c0f5fdf12a9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <andre.draszik@jci.com>
+Date: Thu, 7 Nov 2019 09:58:52 +0000
+Subject: [PATCH] fetch-ocsp-response: use python3
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Upstream-Status: Inappropriate [oe specific]
+Signed-off-by: André Draszik <git@andred.net>
+---
+ script/fetch-ocsp-response | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/script/fetch-ocsp-response b/script/fetch-ocsp-response
+index 0ff7461..185116b 100755
+--- a/script/fetch-ocsp-response
++++ b/script/fetch-ocsp-response
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env python
++#!/usr/bin/env python3
+ # -*- coding: utf-8 -*-
+
+ # nghttp2 - HTTP/2 C Library
+--
+2.23.0.rc1
+
diff --git a/meta/recipes-support/nghttp2/nghttp2_1.45.1.bb b/meta/recipes-support/nghttp2/nghttp2_1.45.1.bb
new file mode 100644
index 0000000000..3de509a27c
--- /dev/null
+++ b/meta/recipes-support/nghttp2/nghttp2_1.45.1.bb
@@ -0,0 +1,35 @@
+SUMMARY = "HTTP/2 C Library and tools"
+HOMEPAGE = "https://nghttp2.org/"
+SECTION = "libs"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://COPYING;md5=764abdf30b2eadd37ce47dcbce0ea1ec"
+
+UPSTREAM_CHECK_URI = "https://github.com/nghttp2/nghttp2/releases"
+
+SRC_URI = "\
+ https://github.com/nghttp2/nghttp2/releases/download/v${PV}/nghttp2-${PV}.tar.xz \
+ file://0001-fetch-ocsp-response-use-python3.patch \
+"
+SRC_URI[sha256sum] = "abdc4addccadbc7d89abe27c4d6427d78e57d139f69c1f45749227393c68bf79"
+
+inherit cmake manpages python3native
+PACKAGECONFIG[manpages] = ""
+
+# examples are never installed, and don't need to be built in the
+# first place
+EXTRA_OECMAKE = "-DENABLE_EXAMPLES=OFF -DENABLE_APP=OFF -DENABLE_HPACK_TOOLS=OFF"
+
+PACKAGES =+ "lib${PN} ${PN}-client ${PN}-proxy ${PN}-server"
+
+RDEPENDS:${PN} = "${PN}-client (>= ${PV}) ${PN}-proxy (>= ${PV}) ${PN}-server (>= ${PV})"
+RDEPENDS:${PN}:class-native = ""
+RDEPENDS:${PN}-proxy = "openssl python3-core python3-io python3-shell"
+
+ALLOW_EMPTY:${PN} = "1"
+FILES:${PN} = ""
+FILES:lib${PN} = "${libdir}/*${SOLIBS}"
+FILES:${PN}-client = "${bindir}/h2load ${bindir}/nghttp"
+FILES:${PN}-proxy = "${bindir}/nghttpx ${datadir}/${BPN}/fetch-ocsp-response"
+FILES:${PN}-server = "${bindir}/nghttpd"
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-support/pinentry/pinentry-1.1.1/gpg-error_pkconf.patch b/meta/recipes-support/pinentry/pinentry-1.2.0/gpg-error_pkconf.patch
index 537735dba8..507c0c3917 100644
--- a/meta/recipes-support/pinentry/pinentry-1.1.1/gpg-error_pkconf.patch
+++ b/meta/recipes-support/pinentry/pinentry-1.2.0/gpg-error_pkconf.patch
@@ -1,4 +1,4 @@
-From 7b60f1563ecdb7020c145de8a96cae1c0a66c595 Mon Sep 17 00:00:00 2001
+From 54a4c9d3e5f1897ed4b978d5cdee646ca7a4f637 Mon Sep 17 00:00:00 2001
From: Armin Kuster <akuster@mvista.com>
Date: Fri, 2 Sep 2005 11:50:01 +0000
Subject: [PATCH] Add gtk+, avahi, dbus-0.34 (.36 coming soon) and
@@ -11,14 +11,14 @@ Upstream-Status: Inappropriate [OE specific]
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
- m4/gpg-error.m4 | 141 ++----------------------------------------------
- 1 file changed, 4 insertions(+), 137 deletions(-)
+ m4/gpg-error.m4 | 159 ++----------------------------------------------
+ 1 file changed, 4 insertions(+), 155 deletions(-)
diff --git a/m4/gpg-error.m4 b/m4/gpg-error.m4
-index c9b235f..a4fd41c 100644
+index 56a5d07..c0bec1f 100644
--- a/m4/gpg-error.m4
+++ b/m4/gpg-error.m4
-@@ -25,141 +25,12 @@ dnl config script does not match the host specification the script
+@@ -26,159 +26,12 @@ dnl config script does not match the host specification the script
dnl is added to the gpg_config_script_warn variable.
dnl
AC_DEFUN([AM_PATH_GPG_ERROR],
@@ -61,45 +61,79 @@ index c9b235f..a4fd41c 100644
- min_gpg_error_version=ifelse([$1], ,1.33,$1)
- ok=no
-
-- if test "$prefix" = NONE ; then
-- prefix_option_expanded=/usr/local
-- else
-- prefix_option_expanded="$prefix"
-- fi
-- if test "$exec_prefix" = NONE ; then
-- exec_prefix_option_expanded=$prefix_option_expanded
-- else
-- exec_prefix_option_expanded=$(prefix=$prefix_option_expanded eval echo $exec_prefix)
-- fi
-- libdir_option_expanded=$(prefix=$prefix_option_expanded exec_prefix=$exec_prefix_option_expanded eval echo $libdir)
+- AC_PATH_PROG(GPGRT_CONFIG, gpgrt-config, no, [$prefix/bin:$PATH])
+- if test "$GPGRT_CONFIG" != "no"; then
+- # Determine gpgrt_libdir
+- #
+- # Get the prefix of gpgrt-config assuming it's something like:
+- # <PREFIX>/bin/gpgrt-config
+- gpgrt_prefix=${GPGRT_CONFIG%/*/*}
+- possible_libdir1=${gpgrt_prefix}/lib
+- # Determine by using system libdir-format with CC, it's like:
+- # Normal style: /usr/lib
+- # GNU cross style: /usr/<triplet>/lib
+- # Debian style: /usr/lib/<multiarch-name>
+- # Fedora/openSUSE style: /usr/lib, /usr/lib32 or /usr/lib64
+- # It is assumed that CC is specified to the one of host on cross build.
+- if libdir_candidates=$(${CC:-cc} -print-search-dirs | \
+- sed -n -e "/^libraries/{s/libraries: =//;s/:/\\
+-/g;p;}"); then
+- # From the output of -print-search-dirs, select valid pkgconfig dirs.
+- libdir_candidates=$(for dir in $libdir_candidates; do
+- if p=$(cd $dir 2>/dev/null && pwd); then
+- test -d "$p/pkgconfig" && echo $p;
+- fi
+- done)
-
-- if test -f $libdir_option_expanded/pkgconfig/gpg-error.pc; then
-- gpgrt_libdir=$libdir_option_expanded
-- else
-- if crt1_path=$(${CC:-cc} -print-file-name=crt1.o 2>/dev/null); then
-- if possible_libdir=$(cd ${crt1_path%/*} && pwd 2>/dev/null); then
-- if test -f $possible_libdir/pkgconfig/gpg-error.pc; then
-- gpgrt_libdir=$possible_libdir
+- for possible_libdir0 in $libdir_candidates; do
+- # possible_libdir0:
+- # Fallback candidate, the one of system-installed (by $CC)
+- # (/usr/<triplet>/lib, /usr/lib/<multiarch-name> or /usr/lib32)
+- # possible_libdir1:
+- # Another candidate, user-locally-installed
+- # (<gpgrt_prefix>/lib)
+- # possible_libdir2
+- # Most preferred
+- # (<gpgrt_prefix>/<triplet>/lib,
+- # <gpgrt_prefix>/lib/<multiarch-name> or <gpgrt_prefix>/lib32)
+- if test "${possible_libdir0##*/}" = "lib"; then
+- possible_prefix0=${possible_libdir0%/lib}
+- possible_prefix0_triplet=${possible_prefix0##*/}
+- if test -z "$possible_prefix0_triplet"; then
+- continue
+- fi
+- possible_libdir2=${gpgrt_prefix}/$possible_prefix0_triplet/lib
+- else
+- possible_prefix0=${possible_libdir0%%/lib*}
+- possible_libdir2=${gpgrt_prefix}${possible_libdir0#$possible_prefix0}
+- fi
+- if test -f ${possible_libdir2}/pkgconfig/gpg-error.pc; then
+- gpgrt_libdir=${possible_libdir2}
+- elif test -f ${possible_libdir1}/pkgconfig/gpg-error.pc; then
+- gpgrt_libdir=${possible_libdir1}
+- elif test -f ${possible_libdir0}/pkgconfig/gpg-error.pc; then
+- gpgrt_libdir=${possible_libdir0}
- fi
-- fi
+- if test -n "$gpgrt_libdir"; then break; fi
+- done
+- else
+- # When we cannot determine system libdir-format, use this:
+- gpgrt_libdir=${possible_libdir1}
- fi
+- else
+- unset GPGRT_CONFIG
- fi
-
-- if test "$GPG_ERROR_CONFIG" = "no" -a -n "$gpgrt_libdir"; then
-- AC_PATH_PROG(GPGRT_CONFIG, gpgrt-config, no)
-- if test "$GPGRT_CONFIG" = "no"; then
-- unset GPGRT_CONFIG
+- if test -n "$gpgrt_libdir"; then
+- GPGRT_CONFIG="$GPGRT_CONFIG --libdir=$gpgrt_libdir"
+- if $GPGRT_CONFIG gpg-error >/dev/null 2>&1; then
+- GPG_ERROR_CONFIG="$GPGRT_CONFIG gpg-error"
+- AC_MSG_NOTICE([Use gpgrt-config with $gpgrt_libdir as gpg-error-config])
+- gpg_error_config_version=`$GPG_ERROR_CONFIG --modversion`
- else
-- GPGRT_CONFIG="$GPGRT_CONFIG --libdir=$gpgrt_libdir"
-- if $GPGRT_CONFIG gpg-error >/dev/null 2>&1; then
-- GPG_ERROR_CONFIG="$GPGRT_CONFIG gpg-error"
-- AC_MSG_NOTICE([Use gpgrt-config with $gpgrt_libdir as gpg-error-config])
-- gpg_error_config_version=`$GPG_ERROR_CONFIG --modversion`
-- else
-- unset GPGRT_CONFIG
-- fi
+- unset GPGRT_CONFIG
- fi
-- else
+- elif test "$GPG_ERROR_CONFIG" != "no"; then
- gpg_error_config_version=`$GPG_ERROR_CONFIG --version`
- fi
- if test "$GPG_ERROR_CONFIG" != "no"; then
@@ -120,22 +154,6 @@ index c9b235f..a4fd41c 100644
- fi
- fi
- fi
-- if test -z "$GPGRT_CONFIG" -a -n "$gpgrt_libdir"; then
-- if test "$major" -gt 1 -o "$major" -eq 1 -a "$minor" -ge 33; then
-- AC_PATH_PROG(GPGRT_CONFIG, gpgrt-config, no)
-- if test "$GPGRT_CONFIG" = "no"; then
-- unset GPGRT_CONFIG
-- else
-- GPGRT_CONFIG="$GPGRT_CONFIG --libdir=$gpgrt_libdir"
-- if $GPGRT_CONFIG gpg-error >/dev/null 2>&1; then
-- GPG_ERROR_CONFIG="$GPGRT_CONFIG gpg-error"
-- AC_MSG_NOTICE([Use gpgrt-config with $gpgrt_libdir as gpg-error-config])
-- else
-- unset GPGRT_CONFIG
-- fi
-- fi
-- fi
-- fi
- fi
- AC_MSG_CHECKING(for GPG Error - version >= $min_gpg_error_version)
+[
@@ -164,7 +182,7 @@ index c9b235f..a4fd41c 100644
if test x"$gpg_error_config_host" != xnone ; then
if test x"$gpg_error_config_host" != x"$host" ; then
AC_MSG_WARN([[
-@@ -174,10 +45,6 @@ AC_DEFUN([AM_PATH_GPG_ERROR],
+@@ -193,10 +46,6 @@ AC_DEFUN([AM_PATH_GPG_ERROR],
fi
fi
else
diff --git a/meta/recipes-support/pinentry/pinentry-1.1.1/libassuan_pkgconf.patch b/meta/recipes-support/pinentry/pinentry-1.2.0/libassuan_pkgconf.patch
index f4aec2d1c3..f4aec2d1c3 100644
--- a/meta/recipes-support/pinentry/pinentry-1.1.1/libassuan_pkgconf.patch
+++ b/meta/recipes-support/pinentry/pinentry-1.2.0/libassuan_pkgconf.patch
diff --git a/meta/recipes-support/pinentry/pinentry_1.1.1.bb b/meta/recipes-support/pinentry/pinentry_1.2.0.bb
index 98577fe3ef..504ba3b5cc 100644
--- a/meta/recipes-support/pinentry/pinentry_1.1.1.bb
+++ b/meta/recipes-support/pinentry/pinentry_1.2.0.bb
@@ -16,7 +16,7 @@ SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
file://gpg-error_pkconf.patch \
"
-SRC_URI[sha256sum] = "cd12a064013ed18e2ee8475e669b9f58db1b225a0144debdb85a68cecddba57f"
+SRC_URI[sha256sum] = "10072045a3e043d0581f91cd5676fcac7ffee957a16636adedaa4f583a616470"
inherit autotools pkgconfig
diff --git a/meta/recipes-support/ptest-runner/ptest-runner_2.4.1.bb b/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb
index c6a1ab1781..23ab48ba2b 100644
--- a/meta/recipes-support/ptest-runner/ptest-runner_2.4.1.bb
+++ b/meta/recipes-support/ptest-runner/ptest-runner_2.4.2.bb
@@ -7,7 +7,7 @@ HOMEPAGE = "http://git.yoctoproject.org/cgit/cgit.cgi/ptest-runner2/about/"
LICENSE = "GPLv2+"
LIC_FILES_CHKSUM = "file://LICENSE;md5=751419260aa954499f7abaabaa882bbe"
-SRCREV = "cce0edb4282ee081d043030bfdf29f3e4052f86c"
+SRCREV = "bcb82804daa8f725b6add259dcef2067e61a75aa"
PV .= "+git${SRCPV}"
SRC_URI = "git://git.yoctoproject.org/ptest-runner2 \
@@ -15,7 +15,7 @@ SRC_URI = "git://git.yoctoproject.org/ptest-runner2 \
S = "${WORKDIR}/git"
-FILES:${PN} = "${bindir}/ptest-runner"
+FILES:${PN} = "${bindir}/ptest-runner ${bindir}/ptest-runner-collect-system-data"
EXTRA_OEMAKE = "-e MAKEFLAGS= CFLAGS="${CFLAGS} -DDEFAULT_DIRECTORY=\\\"${libdir}\\\"""
@@ -25,6 +25,10 @@ do_compile () {
do_install () {
install -D -m 0755 ${S}/ptest-runner ${D}${bindir}/ptest-runner
+ install -D -m 0755 ${S}/ptest-runner-collect-system-data ${D}${bindir}/ptest-runner-collect-system-data
}
RDEPENDS:${PN}:append:libc-glibc = " libgcc"
+
+# pstree is called by ptest-runner-collect-system-data
+RDEPENDS:${PN}:append = " pstree"
diff --git a/meta/recipes-support/re2c/re2c_2.1.1.bb b/meta/recipes-support/re2c/re2c_2.2.bb
index 1da944e901..9a0968a984 100644
--- a/meta/recipes-support/re2c/re2c_2.1.1.bb
+++ b/meta/recipes-support/re2c/re2c_2.2.bb
@@ -8,7 +8,7 @@ LICENSE = "PD"
LIC_FILES_CHKSUM = "file://LICENSE;md5=64eca4d8a3b67f9dc7656094731a2c8d"
SRC_URI = "https://github.com/skvadrik/re2c/releases/download/${PV}/${BPN}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "036ee264fafd5423141ebd628890775aa9447a4c4068a6307385d7366fe711f8"
+SRC_URI[sha256sum] = "0fc45e4130a8a555d68e230d1795de0216dfe99096b61b28e67c86dfd7d86bda"
UPSTREAM_CHECK_URI = "https://github.com/skvadrik/re2c/releases"
BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-support/rng-tools/rng-tools/0001-Adding-ability-to-detect-non-posix-extensions-for-pt.patch b/meta/recipes-support/rng-tools/rng-tools/0001-Adding-ability-to-detect-non-posix-extensions-for-pt.patch
new file mode 100644
index 0000000000..89edc4c403
--- /dev/null
+++ b/meta/recipes-support/rng-tools/rng-tools/0001-Adding-ability-to-detect-non-posix-extensions-for-pt.patch
@@ -0,0 +1,41 @@
+From 66e6adc138eef1367d7492fb79ae4da84ed62934 Mon Sep 17 00:00:00 2001
+From: Neil Horman <nhorman@gmail.com>
+Date: Thu, 15 Jul 2021 08:43:01 -0400
+Subject: [PATCH] Adding ability to detect non-posix extensions for pthreads
+
+Theres a desire to build rngd with musl, which doesn't have all the gnu
+extensions (but it has some). So test for those. Note, this requires
+the addition of the USE_EXTENSIONS macro to enable -d_GNU_SOURCE
+
+Upstream-Status: Backport
+Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+---
+ configure.ac | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/configure.ac b/configure.ac
+index 9df633d..d0c2179 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -25,6 +25,7 @@ AC_CANONICAL_TARGET dnl required for broken AX_PTHREAD
+ AM_INIT_AUTOMAKE([foreign])
+ AC_CONFIG_HEADERS([rng-tools-config.h])
+ AC_CONFIG_MACRO_DIRS([m4])
++AC_USE_SYSTEM_EXTENSIONS
+
+ dnl Parse options
+
+@@ -100,6 +101,12 @@ AS_IF(
+ ], [AC_MSG_NOTICE([Disabling JITTER entropy source])]
+ )
+
++AC_CHECK_DECL(pthread_attr_setaffinity_np,
++ [AC_DEFINE([HAVE_PTHREAD_ATTR_SETAFFINITY], 1,[Set ATTR_SETAFFINITY])],
++ [ AC_CHECK_DECL(pthread_setaffinity_np,
++ [AC_DEFINE([HAVE_PTHREAD_SETAFFINITY],1, [Set PTHREAD_SETAFFINITY])], [ AC_MSG_ERROR([Neither pthread_setaffinity_np nor pthread_attr_setaffinity_np found])],[[#include <pthread.h>]])
++ ], [[#include <pthread.h>]])
++
+ AS_IF(
+ [ test "x$with_nistbeacon" != "xno"],
+ [
diff --git a/meta/recipes-support/rng-tools/rng-tools/0002-Allow-for-use-of-either-pthread-affinity-set-methods.patch b/meta/recipes-support/rng-tools/rng-tools/0002-Allow-for-use-of-either-pthread-affinity-set-methods.patch
new file mode 100644
index 0000000000..f7470d04bf
--- /dev/null
+++ b/meta/recipes-support/rng-tools/rng-tools/0002-Allow-for-use-of-either-pthread-affinity-set-methods.patch
@@ -0,0 +1,47 @@
+From e4909f329245db52415102e96fc7c99ca1445d05 Mon Sep 17 00:00:00 2001
+From: Neil Horman <nhorman@gmail.com>
+Date: Thu, 15 Jul 2021 08:48:10 -0400
+Subject: [PATCH] Allow for use of either pthread affinity set methods
+
+musl has support for pthread_setaffinity_np, but not
+pthread_attr_setaffinity_np. so check for hte existence of either
+function in configure, and use the appropriate one.
+
+Upstream-Status: Backport
+Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+---
+ rngd_jitter.c | 15 ++++++++++++++-
+ 1 file changed, 14 insertions(+), 1 deletion(-)
+
+diff --git a/rngd_jitter.c b/rngd_jitter.c
+index ea29436..5c7e09e 100644
+--- a/rngd_jitter.c
++++ b/rngd_jitter.c
+@@ -67,12 +67,25 @@ static int rngd_notime_start(void *ctx,
+ for(i=i-1;i>=0;i--) {
+ CPU_SET(i,cpus);
+ }
+- pthread_attr_setaffinity_np(&thread_ctx->notime_pthread_attr, cpusize, cpus);
+
++ /*
++ * Note that only one of:
++ * HAVE_PTHREAD_ATTR_SETAFFINITY
++ * and
++ * HAVE_PTHREAD_SETAFFINITY
++ * Will ever be set, as per the configure.ac logic
++ */
++#ifdef HAVE_PTHREAD_ATTR_SETAFFINITY
++ pthread_attr_setaffinity_np(&thread_ctx->notime_pthread_attr, cpusize, cpus);
++#endif
+ ret = -pthread_create(&thread_ctx->notime_thread_id,
+ &thread_ctx->notime_pthread_attr,
+ start_routine, arg);
+
++#ifdef HAVE_PTHREAD_SETAFFINITY
++ pthread_setaffinity_np(&thread_ctx->notime_thread_id, cpusize, cpus);
++#endif
++
+ CPU_FREE(cpus);
+ return ret;
+ }
diff --git a/meta/recipes-support/rng-tools/rng-tools/rngd.service b/meta/recipes-support/rng-tools/rng-tools/rngd.service
index 0559b97991..568686e80e 100644
--- a/meta/recipes-support/rng-tools/rng-tools/rngd.service
+++ b/meta/recipes-support/rng-tools/rng-tools/rngd.service
@@ -3,6 +3,7 @@ Description=Hardware RNG Entropy Gatherer Daemon
DefaultDependencies=no
After=systemd-udev-settle.service
Before=sysinit.target shutdown.target
+Wants=systemd-udev-settle.service
Conflicts=shutdown.target
[Service]
diff --git a/meta/recipes-support/rng-tools/rng-tools_6.13.bb b/meta/recipes-support/rng-tools/rng-tools_6.14.bb
index 84dbc76855..6b79a3b040 100644
--- a/meta/recipes-support/rng-tools/rng-tools_6.13.bb
+++ b/meta/recipes-support/rng-tools/rng-tools_6.14.bb
@@ -8,13 +8,14 @@ LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
DEPENDS = "sysfsutils openssl"
-SRC_URI = "\
- git://github.com/nhorman/rng-tools.git \
- file://init \
- file://default \
- file://rngd.service \
-"
-SRCREV = "d8dac0e8bede73e42b3d59f3b48c662ad0032e8c"
+SRC_URI = "git://github.com/nhorman/rng-tools.git \
+ file://init \
+ file://default \
+ file://rngd.service \
+ file://0001-Adding-ability-to-detect-non-posix-extensions-for-pt.patch \
+ file://0002-Allow-for-use-of-either-pthread-affinity-set-methods.patch \
+ "
+SRCREV = "c16176d3800b91f4d016b66733b384493b06f294"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-support/serf/serf/0001-buckets-ssl_buckets.c-do-not-use-ERR_GET_FUNC.patch b/meta/recipes-support/serf/serf/0001-buckets-ssl_buckets.c-do-not-use-ERR_GET_FUNC.patch
new file mode 100644
index 0000000000..e6172ef5aa
--- /dev/null
+++ b/meta/recipes-support/serf/serf/0001-buckets-ssl_buckets.c-do-not-use-ERR_GET_FUNC.patch
@@ -0,0 +1,28 @@
+From 2f45711a66ff99886b6e4a5708e2db01a63e5af4 Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex@linutronix.de>
+Date: Fri, 10 Sep 2021 11:05:10 +0200
+Subject: [PATCH] buckets/ssl_buckets.c: do not use ERR_GET_FUNC
+
+Upstream removed it in
+https://github.com/openssl/openssl/pull/16004
+
+Upstream-Status: Pending
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ buckets/ssl_buckets.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/buckets/ssl_buckets.c b/buckets/ssl_buckets.c
+index b01e535..9801f87 100644
+--- a/buckets/ssl_buckets.c
++++ b/buckets/ssl_buckets.c
+@@ -1325,8 +1325,7 @@ static int ssl_need_client_cert(SSL *ssl, X509 **cert, EVP_PKEY **pkey)
+ return 0;
+ }
+ else {
+- printf("OpenSSL cert error: %d %d %d\n", ERR_GET_LIB(err),
+- ERR_GET_FUNC(err),
++ printf("OpenSSL cert error: %d %d\n", ERR_GET_LIB(err),
+ ERR_GET_REASON(err));
+ PKCS12_free(p12);
+ bio_meth_free(biom);
diff --git a/meta/recipes-support/serf/serf_1.3.9.bb b/meta/recipes-support/serf/serf_1.3.9.bb
index 21515866a9..669f42b8e7 100644
--- a/meta/recipes-support/serf/serf_1.3.9.bb
+++ b/meta/recipes-support/serf/serf_1.3.9.bb
@@ -12,6 +12,7 @@ SRC_URI = "${APACHE_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
file://0003-gen_def.patch \
file://0004-Follow-up-to-r1811083-fix-building-with-scons-3.0.0-.patch \
file://SConstruct.stop.creating.directories.without.sandbox-install.prefix.patch \
+ file://0001-buckets-ssl_buckets.c-do-not-use-ERR_GET_FUNC.patch \
"
SRC_URI[md5sum] = "370a6340ff20366ab088012cd13f2b57"
diff --git a/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb b/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb
index 714aca62f0..b2b830cc1f 100644
--- a/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb
+++ b/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb
@@ -1,5 +1,5 @@
SUMMARY = "Shared MIME type database and specification"
-DESCRIPTION = "The shared-mime-info package contains the core database of common types and the update-mime-database command used to extend it. It requires glib2 to be installed for building the update command. Additionally, it uses intltool for translations, though this is only a dependency for the maintainers."
+DESCRIPTION = "The shared-mime-info package contains the core database of common types."
HOMEPAGE = "http://freedesktop.org/wiki/Software/shared-mime-info"
SECTION = "base"
diff --git a/meta/recipes-support/sqlite/sqlite3_3.36.0.bb b/meta/recipes-support/sqlite/sqlite3_3.36.0.bb
index f5d75e8e4c..30c9445be1 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.36.0.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.36.0.bb
@@ -10,3 +10,5 @@ SRC_URI[sha256sum] = "bd90c3eb96bee996206b83be7065c9ce19aef38c3f4fb53073ada0d0b6
CVE_CHECK_WHITELIST += "CVE-2019-19242"
# This is believed to be iOS specific (https://groups.google.com/g/sqlite-dev/c/U7OjAbZO6LA)
CVE_CHECK_WHITELIST += "CVE-2015-3717"
+# Issue in an experimental extension we don't have/use. Fixed by https://sqlite.org/src/info/b1e0c22ec981cf5f
+CVE_CHECK_WHITELIST += "CVE-2021-36690"
diff --git a/meta/recipes-support/vim/files/CVE-2021-3778.patch b/meta/recipes-support/vim/files/CVE-2021-3778.patch
new file mode 100644
index 0000000000..769a7a07ac
--- /dev/null
+++ b/meta/recipes-support/vim/files/CVE-2021-3778.patch
@@ -0,0 +1,46 @@
+From eb41373c8c88b0789e5cf04669d6116f9a199264 Mon Sep 17 00:00:00 2001
+From: Minjae Kim <flowergom@gmail.com>
+Date: Sun, 26 Sep 2021 23:48:00 +0000
+Subject: [PATCH] patch 8.2.3409: reading beyond end of line with invalid utf-8
+ character
+
+Problem: Reading beyond end of line with invalid utf-8 character.
+Solution: Check for NUL when advancing.
+
+Upstream-Status: Accepted [https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f]
+CVE: CVE-2021-3778
+Signed-off-by: Minjae Kim <flowergom@gmail.com>
+---
+ src/regexp_nfa.c | 3 ++-
+ src/testdir/test_regexp_utf8.vim | 7 +++++++
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+Index: git/src/regexp_nfa.c
+===================================================================
+--- git.orig/src/regexp_nfa.c
++++ git/src/regexp_nfa.c
+@@ -5455,7 +5455,8 @@ find_match_text(colnr_T startcol, int re
+ match = FALSE;
+ break;
+ }
+- len2 += MB_CHAR2LEN(c2);
++ len2 += enc_utf8 ? utf_ptr2len(rex.line + col + len2)
++ : MB_CHAR2LEN(c2);
+ }
+ if (match
+ // check that no composing char follows
+Index: git/src/testdir/test_regexp_utf8.vim
+===================================================================
+--- git.orig/src/testdir/test_regexp_utf8.vim
++++ git/src/testdir/test_regexp_utf8.vim
+@@ -215,3 +215,10 @@ func Test_optmatch_toolong()
+ set re=0
+ endfunc
+
++func Test_match_invalid_byte()
++ call writefile(0z630a.765d30aa0a.2e0a.790a.4030, 'Xinvalid')
++ new
++ source Xinvalid
++ bwipe!
++ call delete('Xinvalid')
++endfunc
diff --git a/meta/recipes-support/vim/files/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch b/meta/recipes-support/vim/files/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch
new file mode 100644
index 0000000000..1cee759502
--- /dev/null
+++ b/meta/recipes-support/vim/files/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch
@@ -0,0 +1,207 @@
+From b7081e135a16091c93f6f5f7525a5c58fb7ca9f9 Mon Sep 17 00:00:00 2001
+From: Bram Moolenaar <Bram@vim.org>
+Date: Sat, 4 Sep 2021 18:47:28 +0200
+Subject: [PATCH] patch 8.2.3402: invalid memory access when using :retab with
+ large value
+
+Problem: Invalid memory access when using :retab with large value.
+Solution: Check the number is positive.
+
+CVE: CVE-2021-3770
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+Upstream-Status: Backport [https://github.com/vim/vim/commit/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9]
+---
+ src/indent.c | 34 +++++++++++++++++++++-------------
+ src/option.c | 12 ++++++------
+ src/optionstr.c | 4 ++--
+ src/testdir/test_retab.vim | 3 +++
+ src/version.c | 2 ++
+ 5 files changed, 34 insertions(+), 21 deletions(-)
+
+Index: git/src/indent.c
+===================================================================
+--- git.orig/src/indent.c
++++ git/src/indent.c
+@@ -18,18 +18,19 @@
+ /*
+ * Set the integer values corresponding to the string setting of 'vartabstop'.
+ * "array" will be set, caller must free it if needed.
++ * Return FAIL for an error.
+ */
+ int
+ tabstop_set(char_u *var, int **array)
+ {
+- int valcount = 1;
+- int t;
+- char_u *cp;
++ int valcount = 1;
++ int t;
++ char_u *cp;
+
+ if (var[0] == NUL || (var[0] == '0' && var[1] == NUL))
+ {
+ *array = NULL;
+- return TRUE;
++ return OK;
+ }
+
+ for (cp = var; *cp != NUL; ++cp)
+@@ -43,8 +44,8 @@ tabstop_set(char_u *var, int **array)
+ if (cp != end)
+ emsg(_(e_positive));
+ else
+- emsg(_(e_invarg));
+- return FALSE;
++ semsg(_(e_invarg2), cp);
++ return FAIL;
+ }
+ }
+
+@@ -55,26 +56,33 @@ tabstop_set(char_u *var, int **array)
+ ++valcount;
+ continue;
+ }
+- emsg(_(e_invarg));
+- return FALSE;
++ semsg(_(e_invarg2), var);
++ return FAIL;
+ }
+
+ *array = ALLOC_MULT(int, valcount + 1);
+ if (*array == NULL)
+- return FALSE;
++ return FAIL;
+ (*array)[0] = valcount;
+
+ t = 1;
+ for (cp = var; *cp != NUL;)
+ {
+- (*array)[t++] = atoi((char *)cp);
+- while (*cp != NUL && *cp != ',')
++ int n = atoi((char *)cp);
++
++ if (n < 0 || n > 9999)
++ {
++ semsg(_(e_invarg2), cp);
++ return FAIL;
++ }
++ (*array)[t++] = n;
++ while (*cp != NUL && *cp != ',')
+ ++cp;
+ if (*cp != NUL)
+ ++cp;
+ }
+
+- return TRUE;
++ return OK;
+ }
+
+ /*
+@@ -1556,7 +1564,7 @@ ex_retab(exarg_T *eap)
+
+ #ifdef FEAT_VARTABS
+ new_ts_str = eap->arg;
+- if (!tabstop_set(eap->arg, &new_vts_array))
++ if (tabstop_set(eap->arg, &new_vts_array) == FAIL)
+ return;
+ while (vim_isdigit(*(eap->arg)) || *(eap->arg) == ',')
+ ++(eap->arg);
+Index: git/src/option.c
+===================================================================
+--- git.orig/src/option.c
++++ git/src/option.c
+@@ -2292,9 +2292,9 @@ didset_options2(void)
+ #endif
+ #ifdef FEAT_VARTABS
+ vim_free(curbuf->b_p_vsts_array);
+- tabstop_set(curbuf->b_p_vsts, &curbuf->b_p_vsts_array);
++ (void)tabstop_set(curbuf->b_p_vsts, &curbuf->b_p_vsts_array);
+ vim_free(curbuf->b_p_vts_array);
+- tabstop_set(curbuf->b_p_vts, &curbuf->b_p_vts_array);
++ (void)tabstop_set(curbuf->b_p_vts, &curbuf->b_p_vts_array);
+ #endif
+ }
+
+@@ -5756,7 +5756,7 @@ buf_copy_options(buf_T *buf, int flags)
+ buf->b_p_vsts = vim_strsave(p_vsts);
+ COPY_OPT_SCTX(buf, BV_VSTS);
+ if (p_vsts && p_vsts != empty_option)
+- tabstop_set(p_vsts, &buf->b_p_vsts_array);
++ (void)tabstop_set(p_vsts, &buf->b_p_vsts_array);
+ else
+ buf->b_p_vsts_array = 0;
+ buf->b_p_vsts_nopaste = p_vsts_nopaste
+@@ -5914,7 +5914,7 @@ buf_copy_options(buf_T *buf, int flags)
+ buf->b_p_isk = save_p_isk;
+ #ifdef FEAT_VARTABS
+ if (p_vts && p_vts != empty_option && !buf->b_p_vts_array)
+- tabstop_set(p_vts, &buf->b_p_vts_array);
++ (void)tabstop_set(p_vts, &buf->b_p_vts_array);
+ else
+ buf->b_p_vts_array = NULL;
+ #endif
+@@ -5929,7 +5929,7 @@ buf_copy_options(buf_T *buf, int flags)
+ buf->b_p_vts = vim_strsave(p_vts);
+ COPY_OPT_SCTX(buf, BV_VTS);
+ if (p_vts && p_vts != empty_option && !buf->b_p_vts_array)
+- tabstop_set(p_vts, &buf->b_p_vts_array);
++ (void)tabstop_set(p_vts, &buf->b_p_vts_array);
+ else
+ buf->b_p_vts_array = NULL;
+ #endif
+@@ -6634,7 +6634,7 @@ paste_option_changed(void)
+ if (buf->b_p_vsts_array)
+ vim_free(buf->b_p_vsts_array);
+ if (buf->b_p_vsts && buf->b_p_vsts != empty_option)
+- tabstop_set(buf->b_p_vsts, &buf->b_p_vsts_array);
++ (void)tabstop_set(buf->b_p_vsts, &buf->b_p_vsts_array);
+ else
+ buf->b_p_vsts_array = 0;
+ #endif
+Index: git/src/optionstr.c
+===================================================================
+--- git.orig/src/optionstr.c
++++ git/src/optionstr.c
+@@ -2166,7 +2166,7 @@ did_set_string_option(
+ if (errmsg == NULL)
+ {
+ int *oldarray = curbuf->b_p_vsts_array;
+- if (tabstop_set(*varp, &(curbuf->b_p_vsts_array)))
++ if (tabstop_set(*varp, &(curbuf->b_p_vsts_array)) == OK)
+ {
+ if (oldarray)
+ vim_free(oldarray);
+@@ -2205,7 +2205,7 @@ did_set_string_option(
+ {
+ int *oldarray = curbuf->b_p_vts_array;
+
+- if (tabstop_set(*varp, &(curbuf->b_p_vts_array)))
++ if (tabstop_set(*varp, &(curbuf->b_p_vts_array)) == OK)
+ {
+ vim_free(oldarray);
+ #ifdef FEAT_FOLDING
+Index: git/src/testdir/test_retab.vim
+===================================================================
+--- git.orig/src/testdir/test_retab.vim
++++ git/src/testdir/test_retab.vim
+@@ -74,4 +74,7 @@ endfunc
+ func Test_retab_error()
+ call assert_fails('retab -1', 'E487:')
+ call assert_fails('retab! -1', 'E487:')
++ call assert_fails('ret -1000', 'E487:')
++ call assert_fails('ret 10000', 'E475:')
++ call assert_fails('ret 80000000000000000000', 'E475:')
+ endfunc
+Index: git/src/version.c
+===================================================================
+--- git.orig/src/version.c
++++ git/src/version.c
+@@ -743,6 +743,8 @@ static char *(features[]) =
+ static int included_patches[] =
+ { /* Add new patch number below this line */
+ /**/
++ 3402,
++/**/
+ 0
+ };
+
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 17d1c24a7c..db1e9caf4d 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -17,7 +17,10 @@ SRC_URI = "git://github.com/vim/vim.git \
file://0001-src-Makefile-improve-reproducibility.patch \
file://no-path-adjust.patch \
file://racefix.patch \
+ file://b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch \
+ file://CVE-2021-3778.patch \
"
+
SRCREV = "98056533b96b6b5d8849641de93185dd7bcadc44"
# Do not consider .z in x.y.z, as that is updated with every commit
@@ -54,11 +57,12 @@ do_compile() {
autotools_do_compile
}
-#Available PACKAGECONFIG options are gtkgui, acl, x11, tiny
+#Available PACKAGECONFIG options are gtkgui, acl, x11, tiny selinux, elfutils, nls
PACKAGECONFIG ??= ""
PACKAGECONFIG += " \
${@bb.utils.filter('DISTRO_FEATURES', 'acl selinux', d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11 gtkgui', '', d)} \
+ nls \
"
PACKAGECONFIG[gtkgui] = "--enable-gui=gtk3,--enable-gui=no,gtk+3"
@@ -67,6 +71,8 @@ PACKAGECONFIG[x11] = "--with-x,--without-x,xt,"
PACKAGECONFIG[tiny] = "--with-features=tiny,--with-features=big,,"
PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux,"
PACKAGECONFIG[elfutils] = "--enable-elf-check,,elfutils,"
+PACKAGECONFIG[nls] = "--enable-nls,--disable-nls,,"
+PACKAGECONFIG[sound] = "--enable-canberra,--disable-canberra,canberra,"
EXTRA_OECONF = " \
--disable-gpm \