openclaw/tqma6-yocto-mirror
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Complete Yocto mirror with license table for TQMa6UL (2038-compliance)

Browse Source 
- 264 license table entries with exact download URLs (224/264 resolved)
- Complete sources/ directory with all BitBake recipes
- Build configuration: tqma6ul-multi-mba6ulx, spaetzle (musl)
- Full traceability for Softwarefreigabeantrag
- GCC 13.4.0, Linux 6.6.102, U-Boot 2023.04, musl 1.2.4
- License distribution: GPL-2.0 (24), MIT (23), GPL-2.0+ (18), BSD-3 (16)
This commit is contained in:
Siggi (OpenClaw Agent)
2026-03-01 20:58:18 +00:00
commit 16accb6b24
15086 changed files with 1292356 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
sources/poky/meta/recipes-support/appstream/appstream/0001-remove-hardcoded-path.patch Normal file
View File

@@ -0,0 +1,32 @@
From fe9ebb8c0fa7b84a9c5c667386b8fbb3baea2fad Mon Sep 17 00:00:00 2001
From: Markus Volk <f_l_k@t-online.de>
Date: Mon, 12 Dec 2022 15:42:42 +0100
Subject: [PATCH] remove hardcoded path
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Dont include hardcoded path. This fixes:
| cc1: error: include location "/usr/include" is unsafe for cross-compilation [-Werror=poison-system-directories]
Upstream-Status: Inappropriate [oe-specific]
---
meson.build | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meson.build b/meson.build
index fa171d5..79d5168 100644
--- a/meson.build
+++ b/meson.build
@@ -185,10 +185,10 @@ endif
stemmer_inc_dirs = include_directories()
if get_option('stemming')
stemmer_lib = cc.find_library('stemmer', required: true)
- stemmer_inc_dirs = include_directories(['/usr/include'])
+ stemmer_inc_dirs = include_directories([''])
if not cc.has_header('libstemmer.h')
if cc.has_header('libstemmer/libstemmer.h')
- stemmer_inc_dirs = include_directories('/usr/include/libstemmer')
+ stemmer_inc_dirs = include_directories('')
else
error('Unable to find Snowball header "libstemmer.h". Please ensure libstemmer/Snowball is installed properly in order to continue.')
endif

44
sources/poky/meta/recipes-support/appstream/appstream_1.0.3.bb Normal file
View File

@@ -0,0 +1,44 @@
SUMMARY = "AppStream is a collaborative effort for making machine-readable software metadata easily available."
HOMEPAGE = "https://github.com/ximion/appstream"
LICENSE = "LGPL-2.1-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=435ed639f84d4585d93824e7da3d85da"
DEPENDS = " \
appstream-native \
curl-native \
curl \
docbook-xml-dtd4-native \
gperf-native \
glib-2.0 \
libyaml \
libxml2 \
libxmlb \
libxslt-native \
itstool-native \
docbook-xsl-stylesheets-native \
python3-pygments-native \
"
inherit meson gobject-introspection gettext gi-docgen pkgconfig vala
GIR_MESON_OPTION = "gir"
GIDOCGEN_MESON_OPTION = "apidocs"
SRC_URI = " \
https://www.freedesktop.org/software/appstream/releases/AppStream-${PV}.tar.xz \
file://0001-remove-hardcoded-path.patch \
"
SRC_URI[sha256sum] = "5ab6f6cf644e7875a9508593962e56bb430f4e59ae0bf03be6be7029deb6baa4"
S = "${WORKDIR}/AppStream-${PV}"
PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
PACKAGECONFIG[systemd] = "-Dsystemd=true,-Dsystemd=false,systemd"
PACKAGECONFIG[stemming] = "-Dstemming=true,-Dstemming=false,libstemmer"
FILES:${PN} += "${datadir}"
EXTRA_OEMESON += "${@bb.utils.contains('GI_DATA_ENABLED', 'True', '-Dvapi=true', '-Dvapi=false', d)}"
BBCLASSEXTEND = "native"

37
sources/poky/meta/recipes-support/apr/apr-util/0001-test_transformation-Check-if-transform-is-supported-.patch Normal file
View File

@@ -0,0 +1,37 @@
From 3a97f58cfb40fc1911bbfd067e8457a472613d75 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Tue, 18 Apr 2023 22:58:00 -0700
Subject: [PATCH] test_transformation: Check if transform is supported before
using it
This helps in excluding these tests on systems where these are not
available e.g. musl
Upstream-Status: Submitted [https://bz.apache.org/bugzilla/show_bug.cgi?id=66570]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
test/testxlate.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/test/testxlate.c b/test/testxlate.c
index 6981eff..de00fa4 100644
--- a/test/testxlate.c
+++ b/test/testxlate.c
@@ -116,8 +116,12 @@ static void test_transformation(abts_case *tc, void *data)
}
/* 4. Transformation using charset aliases */
- one_test(tc, "UTF-8", "UTF-7", test_utf8, test_utf7, p);
- one_test(tc, "UTF-7", "UTF-8", test_utf7, test_utf8, p);
+ if (is_transform_supported(tc, "UTF-8", "UTF-7", p)) {
+ one_test(tc, "UTF-8", "UTF-7", test_utf8, test_utf7, p);
+ }
+ if (is_transform_supported(tc, "UTF-7", "UTF-8", p)) {
+ one_test(tc, "UTF-7", "UTF-8", test_utf7, test_utf8, p);
+ }
}
#endif /* APR_HAS_XLATE */
--
2.40.0

51
sources/poky/meta/recipes-support/apr/apr-util/configfix.patch Normal file
View File

@@ -0,0 +1,51 @@
Upstream-Status: Inappropriate [configuration]
Index: apr-util-1.3.4/apu-config.in
===================================================================
--- apr-util-1.3.4.orig/apu-config.in 2009-01-12 17:08:06.000000000 +0000
+++ apr-util-1.3.4/apu-config.in 2009-01-12 17:09:00.000000000 +0000
@@ -134,14 +134,7 @@
exit 0
;;
--includes)
- if test "$location" = "installed"; then
flags="$flags -I$includedir $INCLUDES"
- elif test "$location" = "source"; then
- flags="$flags -I$APU_SOURCE_DIR/include $INCLUDES"
- else
- # this is for VPATH builds
- flags="$flags -I$APU_BUILD_DIR/include -I$APU_SOURCE_DIR/include $INCLUDES"
- fi
;;
--ldflags)
flags="$flags $LDFLAGS"
@@ -155,28 +148,10 @@
exit 0
;;
--link-ld)
- if test "$location" = "installed"; then
- ### avoid using -L if libdir is a "standard" location like /usr/lib
flags="$flags -L$libdir -l$APRUTIL_LIBNAME"
- else
- flags="$flags -L$APU_BUILD_DIR -l$APRUTIL_LIBNAME"
- fi
;;
--link-libtool)
- # If the LA_FILE exists where we think it should be, use it. If we're
- # installed and the LA_FILE does not exist, assume to use -L/-l
- # (the LA_FILE may not have been installed). If we're building ourselves,
- # we'll assume that at some point the .la file be created.
- if test -f "$LA_FILE"; then
- flags="$flags $LA_FILE"
- elif test "$location" = "installed"; then
- ### avoid using -L if libdir is a "standard" location like /usr/lib
- # Since the user is specifying they are linking with libtool, we
- # *know* that -R will be recognized by libtool.
- flags="$flags -L$libdir -R$libdir -l$APRUTIL_LIBNAME"
- else
- flags="$flags $LA_FILE"
- fi
+ flags="$flags -l$APRUTIL_LIBNAME"
;;
--apu-la-file)
if test -f "$LA_FILE"; then

31
sources/poky/meta/recipes-support/apr/apr-util/configure_fixes.patch Normal file
View File

@@ -0,0 +1,31 @@
Upstream-Status: Inappropriate [configuration]
Index: apr-util-1.4.1/configure.in
===================================================================
--- apr-util-1.4.1.orig/configure.in 2009-12-18 03:15:19.000000000 +0800
+++ apr-util-1.4.1/configure.in 2011-12-30 13:32:07.000000000 +0800
@@ -8,15 +8,15 @@
AC_CONFIG_HEADER(include/private/apu_config.h)
AC_CONFIG_AUX_DIR(build)
-sinclude(build/apu-conf.m4)
-sinclude(build/apu-iconv.m4)
-sinclude(build/apu-hints.m4)
-sinclude(build/apr_common.m4)
-sinclude(build/find_apr.m4)
-sinclude(build/crypto.m4)
-sinclude(build/dbm.m4)
-sinclude(build/dbd.m4)
-sinclude(build/dso.m4)
+#sinclude(build/apu-conf.m4)
+#sinclude(build/apu-iconv.m4)
+#sinclude(build/apu-hints.m4)
+#sinclude(build/apr_common.m4)
+#sinclude(build/find_apr.m4)
+#sinclude(build/crypto.m4)
+#sinclude(build/dbm.m4)
+#sinclude(build/dbd.m4)
+#sinclude(build/dso.m4)
dnl Generate ./config.nice for reproducing runs of configure
dnl

6
sources/poky/meta/recipes-support/apr/apr-util/run-ptest Normal file
View File

@@ -0,0 +1,6 @@
#!/bin/sh
cd test
./testall |sed \
-e 's|\(.*\): SUCCESS|PASS: \1|' \
-e 's|\(.*\): FAILED|FAIL: \1|'

97
sources/poky/meta/recipes-support/apr/apr-util_1.6.3.bb Normal file
View File

@@ -0,0 +1,97 @@
SUMMARY = "Apache Portable Runtime (APR) companion library"
HOMEPAGE = "http://apr.apache.org/"
SECTION = "libs"
DEPENDS = "apr expat"
BBCLASSEXTEND = "native nativesdk"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=158aa0b1efe0c12f23d4b007ddb9a5db \
file://include/apu_version.h;endline=15;md5=823b3d1a7225df8f7b68a69c3c2b4c71"
SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.gz \
file://configfix.patch \
file://configure_fixes.patch \
file://0001-test_transformation-Check-if-transform-is-supported-.patch \
file://run-ptest \
"
SRC_URI[sha256sum] = "2b74d8932703826862ca305b094eef2983c27b39d5c9414442e9976a9acf1983"
EXTRA_OECONF = "--with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \
--without-odbc \
--without-pgsql \
--without-sqlite2 \
--with-expat=${STAGING_DIR_HOST}${prefix}"
inherit autotools lib_package binconfig multilib_script
MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/apu-1-config"
OE_BINCONFIG_EXTRA_MANGLE = " -e 's:location=source:location=installed:'"
do_configure:append() {
if [ "${CLASSOVERRIDE}" = "class-target" ]; then
cp ${STAGING_DATADIR}/apr/apr_rules.mk ${B}/build/rules.mk
sed -i -e 's#^CFLAGS=.*#CFLAGS=${TARGET_CFLAGS}#g' ${B}/build/rules.mk
fi
}
do_configure:prepend:class-native() {
mkdir ${B}/build
cp ${STAGING_DATADIR_NATIVE}/apr/apr_rules.mk ${B}/build/rules.mk
}
do_configure:append:class-native() {
sed -i "s#LIBTOOL=\$(SHELL) \$(apr_builddir)#LIBTOOL=\$(SHELL) ${STAGING_BINDIR_NATIVE}#" ${B}/build/rules.mk
# sometimes there isn't SHELL
sed -i "s#LIBTOOL=\$(apr_builddir)#LIBTOOL=${STAGING_BINDIR_NATIVE}#" ${B}/build/rules.mk
}
do_configure:prepend:class-nativesdk() {
cp ${STAGING_DATADIR}/apr/apr_rules.mk ${S}/build/rules.mk
sed -i -e 's#^CFLAGS=.*#CFLAGS=${TARGET_CFLAGS}#g' ${S}/build/rules.mk
}
do_configure:append:class-nativesdk() {
sed -i "s#\(apr_builddir\)=.*#\1=${STAGING_DATADIR}/build-1#" ${B}/build/rules.mk
sed -i "s#\(apr_builders\)=.*#\1=${STAGING_DATADIR}/build-1#" ${B}/build/rules.mk
sed -i "s#\(top_builddir\)=.*#\1=${STAGING_DATADIR}/build-1#" ${B}/build/rules.mk
sed -i "s#\(LIBTOOL=\$(apr_builddir)\).*#\1/libtool#" ${B}/build/rules.mk
}
do_install:append:class-target() {
sed -i -e 's,${STAGING_DIR_HOST},,g' \
-e 's,APU_SOURCE_DIR=.*,APR_SOURCE_DIR=,g' \
-e 's,APU_BUILD_DIR=.*,APR_BUILD_DIR=,g' ${D}${bindir}/apu-1-config
}
PACKAGECONFIG ??= "crypto gdbm"
PACKAGECONFIG[ldap] = "--with-ldap,--without-ldap,openldap"
PACKAGECONFIG[crypto] = "--with-openssl=${STAGING_DIR_HOST}${prefix} --with-crypto,--without-crypto,openssl"
PACKAGECONFIG[sqlite3] = "--with-sqlite3=${STAGING_DIR_HOST}${prefix},--without-sqlite3,sqlite3"
PACKAGECONFIG[gdbm] = "--with-dbm=gdbm --with-gdbm=${STAGING_DIR_HOST}${prefix},--without-gdbm,gdbm"
#files ${libdir}/apr-util-1/*.so are not symlinks but loadable modules thus they are packaged in ${PN}
FILES:${PN} += "${libdir}/apr-util-1/apr*${SOLIBS} ${libdir}/apr-util-1/apr*${SOLIBSDEV}"
FILES:${PN}-dev += "${libdir}/aprutil.exp ${libdir}/apr-util-1/*.la"
FILES:${PN}-staticdev += "${libdir}/apr-util-1/*.a"
INSANE_SKIP:${PN} += "dev-so"
inherit ptest
RDEPENDS:${PN}-ptest:append:libc-glibc = " glibc-gconv-iso8859-1 glibc-gconv-iso8859-2 glibc-gconv-utf-7"
RDEPENDS:${PN}-ptest += "libgcc"
do_compile_ptest() {
cd ${B}/test
oe_runmake
}
do_install_ptest() {
t=${D}${PTEST_PATH}/test
mkdir $t
for i in testall data; do \
cp -r ${B}/test/$i $t; \
done
}

69
sources/poky/meta/recipes-support/apr/apr/0001-Add-option-to-disable-timed-dependant-tests.patch Normal file
View File

@@ -0,0 +1,69 @@
From 225abf37cd0b49960664b59f08e515a4c4ea5ad0 Mon Sep 17 00:00:00 2001
From: Jeremy Puhlman <jpuhlman@mvista.com>
Date: Thu, 26 Mar 2020 18:30:36 +0000
Subject: [PATCH] Add option to disable timed dependant tests
The disabled tests rely on timing to pass correctly. On a virtualized
system under heavy load, these tests randomly fail because they miss
a timer or other timing related issues.
Upstream-Status: Submitted [https://github.com/apache/apr/pull/54]
Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
---
configure.in | 6 ++++++
include/apr.h.in | 1 +
test/testlock.c | 4 ++--
3 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/configure.in b/configure.in
index bfd488b..3663220 100644
--- a/configure.in
+++ b/configure.in
@@ -3023,6 +3023,12 @@ AC_ARG_ENABLE(timedlocks,
)
AC_SUBST(apr_has_timedlocks)
+AC_ARG_ENABLE(timed-tests,
+ [ --disable-timed-tests Disable timed tests ],
+ [apr_has_timedtests="0"], [apr_has_timedtests="1"]
+)
+AC_SUBST(apr_has_timedtests)
+
# hstrerror is only needed if IPv6 is not enabled,
# so getaddrinfo/gai_strerror are not used.
if test $have_ipv6 = 0; then
diff --git a/include/apr.h.in b/include/apr.h.in
index ee99def..c46a5f4 100644
--- a/include/apr.h.in
+++ b/include/apr.h.in
@@ -298,6 +298,7 @@ extern "C" {
#define APR_HAS_XTHREAD_FILES @apr_has_xthread_files@
#define APR_HAS_OS_UUID @osuuid@
#define APR_HAS_TIMEDLOCKS @apr_has_timedlocks@
+#define APR_HAVE_TIME_DEPENDANT_TESTS @apr_has_timedtests@
#define APR_PROCATTR_USER_SET_REQUIRES_PASSWORD @apr_procattr_user_set_requires_password@
diff --git a/test/testlock.c b/test/testlock.c
index e3437c1..04e01b9 100644
--- a/test/testlock.c
+++ b/test/testlock.c
@@ -535,7 +535,7 @@ abts_suite *testlock(abts_suite *suite)
abts_run_test(suite, threads_not_impl, NULL);
#else
abts_run_test(suite, test_thread_mutex, NULL);
-#if APR_HAS_TIMEDLOCKS
+#if APR_HAS_TIMEDLOCKS && APR_HAVE_TIME_DEPENDANT_TESTS
abts_run_test(suite, test_thread_timedmutex, NULL);
#endif
abts_run_test(suite, test_thread_nestedmutex, NULL);
@@ -543,7 +543,7 @@ abts_suite *testlock(abts_suite *suite)
abts_run_test(suite, test_thread_rwlock, NULL);
abts_run_test(suite, test_cond, NULL);
abts_run_test(suite, test_timeoutcond, NULL);
-#if APR_HAS_TIMEDLOCKS
+#if APR_HAS_TIMEDLOCKS && APR_HAVE_TIME_DEPENDANT_TESTS
abts_run_test(suite, test_timeoutmutex, NULL);
#endif
#ifdef WIN32

58
sources/poky/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch Normal file
View File

@@ -0,0 +1,58 @@
From 316b81c462f065927d7fec56aadd5c8cb94d1cf0 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Fri, 26 Aug 2022 00:28:08 -0700
Subject: [PATCH] configure: Remove runtime test for mmap that can map
/dev/zero
This never works for cross-compile moreover it ends up disabling
ac_cv_file__dev_zero which then results in compiler errors in shared
mutexes
Upstream-Status: Inappropriate [Cross-compile specific]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
configure.in | 30 ------------------------------
1 file changed, 30 deletions(-)
diff --git a/configure.in b/configure.in
index 3663220..dce9789 100644
--- a/configure.in
+++ b/configure.in
@@ -1303,36 +1303,6 @@ AC_CHECK_FUNCS([mmap munmap shm_open shm_unlink shmget shmat shmdt shmctl \
APR_CHECK_DEFINE(MAP_ANON, sys/mman.h)
AC_CHECK_FILE(/dev/zero)
-# Not all systems can mmap /dev/zero (such as HP-UX). Check for that.
-if test "$ac_cv_func_mmap" = "yes" &&
- test "$ac_cv_file__dev_zero" = "yes"; then
- AC_CACHE_CHECK([for mmap that can map /dev/zero],
- [ac_cv_mmap__dev_zero],
- [AC_TRY_RUN([#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#ifdef HAVE_SYS_MMAN_H
-#include <sys/mman.h>
-#endif
- int main(int argc, const char *argv[])
- {
- int fd;
- void *m;
- fd = open("/dev/zero", O_RDWR);
- if (fd < 0) {
- return 1;
- }
- m = mmap(0, sizeof(void*), PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
- if (m == (void *)-1) { /* aka MAP_FAILED */
- return 2;
- }
- if (munmap(m, sizeof(void*)) < 0) {
- return 3;
- }
- return 0;
- }], [], [ac_cv_file__dev_zero=no], [ac_cv_file__dev_zero=no])])
-fi
-
# Now we determine which one is our anonymous shmem preference.
haveshmgetanon="0"
havemmapzero="0"

37
sources/poky/meta/recipes-support/apr/apr/0001-dso-Check-for-NULL-handle-in-apr_dso_sym.patch Normal file
View File

@@ -0,0 +1,37 @@
From a25be1aaa92a6d2e7f4cc3fdfbb92e5a10b63035 Mon Sep 17 00:00:00 2001
From: Greg Beard <gmbeard@googlemail.com>
Date: Sat, 25 Mar 2023 08:31:36 +0000
Subject: [PATCH] dso: Check for NULL handle in apr_dso_sym
Upstream-Status: Backport [https://github.com/apache/apr/pull/40/commits/0efce00093b1ba405d91c7f0eab9755c8527eead]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
dso/unix/dso.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/dso/unix/dso.c b/dso/unix/dso.c
index fdd56f1..583d5de 100644
--- a/dso/unix/dso.c
+++ b/dso/unix/dso.c
@@ -173,6 +173,18 @@ APR_DECLARE(apr_status_t) apr_dso_sym(apr_dso_handle_sym_t *ressym,
apr_dso_handle_t *handle,
const char *symname)
{
+ /* This is necessary for `testdso.c`. For some reason, musl
+ * builds fail the `test_unload_library` test if the below
+ * check isn't in place. `test_unload_library` unloads the
+ * library and then immediately calls this function. Maybe
+ * musl's `dlsym()` assumes the handle is never NULL and
+ * some UB is being invoked here...
+ */
+ if (handle->handle == NULL) {
+ handle->errormsg = "library not loaded";
+ return APR_ESYMNOTFOUND;
+ }
+
#if defined(DSO_USE_SHL)
void *symaddr = NULL;
int status;
--
2.42.0

77
sources/poky/meta/recipes-support/apr/apr/0002-apr-Remove-workdir-path-references-from-installed-ap.patch Normal file
View File

@@ -0,0 +1,77 @@
From 689a8db96a6d1e1cae9cbfb35d05ac82140a6555 Mon Sep 17 00:00:00 2001
From: Hongxu Jia <hongxu.jia@windriver.com>
Date: Tue, 30 Jan 2018 09:39:06 +0800
Subject: [PATCH] apr: Remove workdir path references from installed apr files
Upstream-Status: Inappropriate [configuration]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The generated `apr-1-config' is used by other recipes at build time or
packages at target run time, the workdir path caused confusion.
Rebase to 1.6.3
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
apr-config.in | 32 ++------------------------------
1 file changed, 2 insertions(+), 30 deletions(-)
diff --git a/apr-config.in b/apr-config.in
index bed47ca..47874e5 100644
--- a/apr-config.in
+++ b/apr-config.in
@@ -164,16 +164,7 @@ while test $# -gt 0; do
flags="$flags $LDFLAGS"
;;
--includes)
- if test "$location" = "installed"; then
flags="$flags -I$includedir $EXTRA_INCLUDES"
- elif test "$location" = "crosscompile"; then
- flags="$flags -I$APR_TARGET_DIR/$includedir $EXTRA_INCLUDES"
- elif test "$location" = "source"; then
- flags="$flags -I$APR_SOURCE_DIR/include $EXTRA_INCLUDES"
- else
- # this is for VPATH builds
- flags="$flags -I$APR_BUILD_DIR/include -I$APR_SOURCE_DIR/include $EXTRA_INCLUDES"
- fi
;;
--srcdir)
echo $APR_SOURCE_DIR
@@ -197,33 +188,14 @@ while test $# -gt 0; do
exit 0
;;
--link-ld)
- if test "$location" = "installed"; then
- ### avoid using -L if libdir is a "standard" location like /usr/lib
- flags="$flags -L$libdir -l${APR_LIBNAME}"
- elif test "$location" = "crosscompile"; then
- flags="$flags -L$APR_TARGET_DIR/$libdir -l${APR_LIBNAME}"
- else
- ### this surely can't work since the library is in .libs?
- flags="$flags -L$APR_BUILD_DIR -l${APR_LIBNAME}"
- fi
+ flags="$flags -l${APR_LIBNAME}"
;;
--link-libtool)
# If the LA_FILE exists where we think it should be, use it. If we're
# installed and the LA_FILE does not exist, assume to use -L/-l
# (the LA_FILE may not have been installed). If we're building ourselves,
# we'll assume that at some point the .la file be created.
- if test -f "$LA_FILE"; then
- flags="$flags $LA_FILE"
- elif test "$location" = "installed"; then
- ### avoid using -L if libdir is a "standard" location like /usr/lib
- # Since the user is specifying they are linking with libtool, we
- # *know* that -R will be recognized by libtool.
- flags="$flags -L$libdir -R$libdir -l${APR_LIBNAME}"
- elif test "$location" = "crosscompile"; then
- flags="$flags -L${APR_TARGET_DIR}/$libdir -l${APR_LIBNAME}"
- else
- flags="$flags $LA_FILE"
- fi
+ flags="$flags -l${APR_LIBNAME}"
;;
--shlib-path-var)
echo "$SHLIBPATH_VAR"

39
sources/poky/meta/recipes-support/apr/apr/0004-Fix-packet-discards-HTTP-redirect.patch Normal file
View File

@@ -0,0 +1,39 @@
From 7925eb1766a00ccee05c6e80b1d34f163a04b7b1 Mon Sep 17 00:00:00 2001
From: Hongxu Jia <hongxu.jia@windriver.com>
Date: Tue, 30 Jan 2018 09:43:34 +0800
Subject: [PATCH 4/7] Fix packet discards HTTP redirect.
Disconnect the connection by poll() timeout.
If timeout=0 and apr_wait_for_io_or_timeout()=APR_TIMEUP then
apr_socket_recv() returns EAGAIN.
Upstream-Status: Pending
Signed-off-by: Noriaki Yoshitane <yoshitane.nrs@cnt.ncos.nec.co.jp>
Signed-off-by: Li Wang <li.wang@windriver.com>
Rebase to 1.6.3
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
network_io/unix/sendrecv.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/network_io/unix/sendrecv.c b/network_io/unix/sendrecv.c
index 4c0e0a6..1bdafba 100644
--- a/network_io/unix/sendrecv.c
+++ b/network_io/unix/sendrecv.c
@@ -85,6 +85,10 @@ apr_status_t apr_socket_recv(apr_socket_t *sock, char *buf, apr_size_t *len)
&& (sock->timeout > 0)) {
do_select:
arv = apr_wait_for_io_or_timeout(NULL, sock, 1);
+ if ((arv == APR_TIMEUP) && (sock->timeout == 0)) {
+ *len = 0;
+ return EAGAIN;
+ }
if (arv != APR_SUCCESS) {
*len = 0;
return arv;
--
1.8.3.1

36
sources/poky/meta/recipes-support/apr/apr/0005-configure.in-fix-LTFLAGS-to-make-it-work-with-ccache.patch Normal file
View File

@@ -0,0 +1,36 @@
From 2e66cece0c3adff92733332111204ddc1d730a07 Mon Sep 17 00:00:00 2001
From: Robert Yang <liezhi.yang@windriver.com>
Date: Thu, 19 Nov 2015 18:25:38 -0800
Subject: [PATCH 5/7] configure.in: fix LTFLAGS to make it work with ccache
When ccache is enabled, libtool requires --tag=CC when use ccache,
otherwise when building apr-util with ccache enabled:
| libtool: compile: unable to infer tagged configuration
| libtool: error: specify a tag with '--tag'
| libtool: compile: unable to infer tagged configuration
| make[1]: *** [buckets/apr_buckets.lo] Error 1
Upstream-Status: Pending
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
configure.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.in b/configure.in
index 361120f..3b10422 100644
--- a/configure.in
+++ b/configure.in
@@ -249,7 +249,7 @@ case $host in
;;
*)
if test "x$LTFLAGS" = "x"; then
- LTFLAGS='--silent'
+ LTFLAGS='--silent --tag=CC'
fi
if test "$experimental_libtool" = "yes"; then
# Use a custom-made libtool replacement
--
1.8.3.1

26
sources/poky/meta/recipes-support/apr/apr/autoconf-2.73.patch Normal file
View File

@@ -0,0 +1,26 @@
To work with autoconf 2.73, tweak the macro ordering in configure.in.
Upstream-Status: Pending
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Index: apr-1.7.2/configure.in
===================================================================
--- apr-1.7.2.orig/configure.in
+++ apr-1.7.2/configure.in
@@ -430,6 +430,8 @@ if test "$host" = "i586-pc-beos"; then
) dnl
fi
+APR_CHECK_DEFINE(LOCK_EX, sys/file.h)
+
# this is the place to put specific options for platform/compiler
# combinations
case "$host:$CC" in
@@ -2384,7 +2386,6 @@ AC_MSG_RESULT([$msg])
AC_SUBST(have_union_semun)
dnl Checks for libraries.
-APR_CHECK_DEFINE(LOCK_EX, sys/file.h)
APR_CHECK_DEFINE(F_SETLK, fcntl.h)
APR_CHECK_DEFINE(SEM_UNDO, sys/sem.h)

37
sources/poky/meta/recipes-support/apr/apr/libtoolize_check.patch Normal file
View File

@@ -0,0 +1,37 @@
From 17835709bc55657b7af1f7c99b3f572b819cf97e Mon Sep 17 00:00:00 2001
From: Helmut Grohne <helmut@subdivi.de>
Date: Tue, 7 Feb 2023 07:04:00 +0000
Subject: [PATCH] check for libtoolize rather than libtool
libtool is now in package libtool-bin, but apr only needs libtoolize.
Upstream-Status: Pending [ from debian: https://sources.debian.org/data/main/a/apr/1.6.5-1/debian/patches/libtoolize_check.patch ]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
build/buildcheck.sh | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/build/buildcheck.sh b/build/buildcheck.sh
index 44921b5..08bc8a8 100755
--- a/build/buildcheck.sh
+++ b/build/buildcheck.sh
@@ -39,13 +39,11 @@ fi
# ltmain.sh (GNU libtool 1.1361 2004/01/02 23:10:52) 1.5a
# output is multiline from 1.5 onwards
-# Require libtool 1.4 or newer
-if test -z "$libtool"; then
- libtool=`build/PrintPath glibtool1 glibtool libtool libtool15 libtool14`
-fi
-lt_pversion=`$libtool --version 2>/dev/null|sed -e 's/([^)]*)//g;s/^[^0-9]*//;s/[- ].*//g;q'`
+# Require libtoolize 1.4 or newer
+libtoolize=`build/PrintPath glibtoolize1 glibtoolize libtoolize libtoolize15 libtoolize14`
+lt_pversion=`$libtoolize --version 2>/dev/null|sed -e 's/([^)]*)//g;s/^[^0-9]*//;s/[- ].*//g;q'`
if test -z "$lt_pversion"; then
- echo "buildconf: libtool not found."
+ echo "buildconf: libtoolize not found."
echo " You need libtool version 1.4 or newer installed"
echo " to build APR from SVN."
res=1

6
sources/poky/meta/recipes-support/apr/apr/run-ptest Normal file
View File

@@ -0,0 +1,6 @@
#!/bin/sh
cd test
./testall |sed \
-e 's|\(.*\): SUCCESS|PASS: \1|' \
-e 's|\(.*\): FAILED|FAIL: \1|'

138
sources/poky/meta/recipes-support/apr/apr_1.7.5.bb Normal file
View File

@@ -0,0 +1,138 @@
SUMMARY = "Apache Portable Runtime (APR) library"
DESCRIPTION = "Create and maintain software libraries that provide a predictable \
and consistent interface to underlying platform-specific implementations."
HOMEPAGE = "http://apr.apache.org/"
SECTION = "libs"
DEPENDS = "util-linux"
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=4dfd4cd216828c8cae5de5a12f3844c8 \
file://include/apr_lib.h;endline=15;md5=823b3d1a7225df8f7b68a69c3c2b4c71"
BBCLASSEXTEND = "native nativesdk"
SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.bz2 \
file://run-ptest \
file://0002-apr-Remove-workdir-path-references-from-installed-ap.patch \
file://0004-Fix-packet-discards-HTTP-redirect.patch \
file://0005-configure.in-fix-LTFLAGS-to-make-it-work-with-ccache.patch \
file://libtoolize_check.patch \
file://0001-Add-option-to-disable-timed-dependant-tests.patch \
file://0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch \
file://autoconf-2.73.patch \
file://0001-dso-Check-for-NULL-handle-in-apr_dso_sym.patch \
"
SRC_URI[sha256sum] = "cd0f5d52b9ab1704c72160c5ee3ed5d3d4ca2df4a7f8ab564e3cb352b67232f2"
inherit autotools-brokensep lib_package binconfig multilib_header ptest multilib_script
OE_BINCONFIG_EXTRA_MANGLE = " -e 's:location=source:location=installed:'"
# Added to fix some issues with cmake. Refer to https://github.com/bmwcarit/meta-ros/issues/68#issuecomment-19896928
CACHED_CONFIGUREVARS += "apr_cv_mutex_recursive=yes"
# Enable largefile
CACHED_CONFIGUREVARS += "apr_cv_use_lfs64=yes"
# Additional AC_TRY_RUN tests which will need to be cached for cross compile
CACHED_CONFIGUREVARS += "apr_cv_epoll=yes epoll_create1=yes apr_cv_sock_cloexec=yes \
ac_cv_struct_rlimit=yes \
ac_cv_func_sem_open=yes \
apr_cv_process_shared_works=yes \
apr_cv_mutex_robust_shared=yes \
"
# Also suppress trying to use sctp.
#
CACHED_CONFIGUREVARS += "ac_cv_header_netinet_sctp_h=no ac_cv_header_netinet_sctp_uio_h=no"
# ac_cv_sizeof_struct_iovec is deduced using runtime check which will fail during cross-compile
CACHED_CONFIGUREVARS += "${@['ac_cv_sizeof_struct_iovec=16','ac_cv_sizeof_struct_iovec=8'][d.getVar('SITEINFO_BITS') != '32']}"
CACHED_CONFIGUREVARS += "ac_cv_file__dev_zero=yes"
CACHED_CONFIGUREVARS:append:libc-musl = " ac_cv_strerror_r_rc_int=yes"
PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
PACKAGECONFIG:append:libc-musl = " xsi-strerror"
PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
PACKAGECONFIG[timed-tests] = "--enable-timed-tests,--disable-timed-tests,"
PACKAGECONFIG[xsi-strerror] = "ac_cv_strerror_r_rc_int=yes,ac_cv_strerror_r_rc_int=no,"
do_configure:prepend() {
# Avoid absolute paths for grep since it causes failures
# when using sstate between different hosts with different
# install paths for grep.
export GREP="grep"
cd ${S}
# The "2" means libtool version 2.
./buildconf 2
}
MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/apr-1-config \
${PN}-dev:${datadir}/build-1/apr_rules.mk"
FILES:${PN}-dev += "${libdir}/apr.exp ${datadir}/build-1/*"
RDEPENDS:${PN}-dev += "bash libtool"
RDEPENDS:${PN}-ptest += "libgcc"
#for some reason, build/libtool.m4 handled by buildconf still be overwritten
#when autoconf, so handle it again.
do_configure:append() {
sed -i -e 's/LIBTOOL=\(.*\)top_build/LIBTOOL=\1apr_build/' ${S}/build/libtool.m4
sed -i -e 's/LIBTOOL=\(.*\)top_build/LIBTOOL=\1apr_build/' ${S}/build/apr_rules.mk
}
do_install:append() {
oe_multilib_header apr.h
install -d ${D}${datadir}/apr
}
do_install:append:class-target() {
rm -f ${D}${datadir}/build-1/libtool
sed -i s,LIBTOOL=.*,LIBTOOL=libtool,g ${D}${datadir}/build-1/apr_rules.mk
sed -i -e 's,${DEBUG_PREFIX_MAP},,g' \
-e 's,${STAGING_DIR_HOST},,g' ${D}${datadir}/build-1/apr_rules.mk
sed -i -e 's,${STAGING_DIR_HOST},,g' \
-e 's,APR_SOURCE_DIR=.*,APR_SOURCE_DIR=,g' \
-e 's,APR_BUILD_DIR=.*,APR_BUILD_DIR=,g' ${D}${bindir}/apr-1-config
}
SSTATE_SCAN_FILES += "apr_rules.mk libtool"
SYSROOT_PREPROCESS_FUNCS += "apr_sysroot_preprocess"
apr_sysroot_preprocess () {
d=${SYSROOT_DESTDIR}${datadir}/apr
install -d $d/
cp ${S}/build/apr_rules.mk $d/
sed -i s,apr_builddir=.*,apr_builddir=,g $d/apr_rules.mk
sed -i s,apr_builders=.*,apr_builders=,g $d/apr_rules.mk
sed -i s,LIBTOOL=.*,LIBTOOL=libtool,g $d/apr_rules.mk
sed -i s,\$\(apr_builders\),${STAGING_DATADIR}/apr/,g $d/apr_rules.mk
cp ${S}/build/mkdir.sh $d/
cp ${S}/build/make_exports.awk $d/
cp ${S}/build/make_var_export.awk $d/
cp ${S}/libtool ${SYSROOT_DESTDIR}${datadir}/build-1/libtool
}
do_compile_ptest() {
cd ${S}/test
oe_runmake
}
do_install_ptest() {
t=${D}${PTEST_PATH}/test
mkdir -p $t/.libs
cp -r ${S}/test/data $t/
cp -r ${S}/test/.libs/*.so $t/.libs/
cp ${S}/test/proc_child $t/
cp ${S}/test/readchild $t/
cp ${S}/test/sockchild $t/
cp ${S}/test/sockperf $t/
cp ${S}/test/testall $t/
cp ${S}/test/tryread $t/
}
export CONFIG_SHELL="/bin/bash"

31
sources/poky/meta/recipes-support/argp-standalone/argp-standalone_1.4.1.bb Normal file
View File

@@ -0,0 +1,31 @@
# Copyright (C) 2015 Khem Raj <raj.khem@gmail.com>
# Released under the MIT license (see COPYING.MIT for the terms)
SUMMARY = "Glibc hierarchical argument parsing standalone library"
DESCRIPTION = "Standalone version of arguments parsing functions from GLIBC"
HOMEPAGE = "https://github.com/ericonr/argp-standalone"
LICENSE = "LGPL-2.1-only"
LIC_FILES_CHKSUM = "file://argp.h;beginline=1;endline=20;md5=464f2cfb1c35a5123f9e309d7afd79f8"
SECTION = "libs"
SRC_URI = "git://github.com/ericonr/argp-standalone;branch=master;protocol=https \
file://out_of_tree_build.patch \
"
SRCREV = "e5fe9ad9e83e6765cf8fa787f903d4c6792338b5"
S = "${WORKDIR}/git"
inherit autotools
CFLAGS += "-fPIC -U__OPTIMIZE__"
DEV_PKG_DEPENDENCY = ""
RDEPENDS:${PN}-staticdev = ""
do_install() {
install -D -m 0644 ${B}/libargp.a ${D}${libdir}/libargp.a
install -D -m 0644 ${S}/argp.h ${D}${includedir}/argp.h
}
#
# We will skip parsing for non-musl systems
#
COMPATIBLE_HOST = ".*-musl.*"

19
sources/poky/meta/recipes-support/argp-standalone/files/out_of_tree_build.patch Normal file
View File

@@ -0,0 +1,19 @@
Fix the testsuite to built out of tree
in OE S != B
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upstream-Status: Submitted [https://github.com/ericonr/argp-standalone/pull/9]
Index: argp-standalone-1.3/testsuite/Makefile.am
===================================================================
--- argp-standalone-1.3.orig/testsuite/Makefile.am
+++ argp-standalone-1.3/testsuite/Makefile.am
@@ -5,7 +5,8 @@ TS_ALL = $(TS_PROGS) $(TS_SH)
noinst_PROGRAMS = $(TS_PROGS) ex1 ex3 ex4
-LDADD = ../libargp.a
+AM_CPPFLAGS = -I$(top_srcdir)
+LDADD = $(top_builddir)/libargp.a
EXTRA_DIST = $(TS_SH) run-tests
CLEANFILES = test.out

38
sources/poky/meta/recipes-support/aspell/aspell_0.60.8.1.bb Normal file
View File

@@ -0,0 +1,38 @@
SUMMARY = "GNU Aspell spell-checker"
DESCRIPTION = "Spell checker designed to eventually replace Ispell. \
It can either be used as a library or as an independent spell checker. \
Its main feature is that it does a superior job of suggesting possible \
replacements for a misspelled word than just about any other spell \
checker out there for the English language."
SECTION = "console/utils"
HOMEPAGE = "http://aspell.net/"
LICENSE = "LGPL-2.0-only | LGPL-2.1-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=7fbc338309ac38fefcd64b04bb903e34"
SRC_URI = "${GNU_MIRROR}/aspell/aspell-${PV}.tar.gz"
SRC_URI[sha256sum] = "d6da12b34d42d457fa604e435ad484a74b2effcd120ff40acd6bb3fb2887d21b"
PACKAGECONFIG ??= ""
PACKAGECONFIG[curses] = "--enable-curses,--disable-curses,ncurses"
PACKAGES += "libaspell libpspell aspell-utils"
RDEPENDS:${PN}-utils += "perl"
FILES:libaspell = "${libdir}/libaspell.so.* ${libdir}/aspell*"
FILES:aspell-utils = "${bindir}/word-list-compress ${bindir}/aspell-import ${bindir}/run-with-aspell ${bindir}/pre*"
FILES:${PN} = "${bindir}/aspell"
FILES:libpspell = "${libdir}/libpspell.so.*"
FILES:${PN}-dev += "${bindir}/pspell-config"
ARM_INSTRUCTION_SET:armv4 = "arm"
ARM_INSTRUCTION_SET:armv5 = "arm"
ARM_INSTRUCTION_SET:armv6 = "arm"
inherit autotools-brokensep gettext texinfo binconfig-disabled
BINCONFIG = "${bindir}/pspell-config"

48
sources/poky/meta/recipes-support/atk/at-spi2-core_2.50.1.bb Normal file
View File

@@ -0,0 +1,48 @@
SUMMARY = "Assistive Technology Service Provider Interface (dbus core)"
DESCRIPTION = "It provides a Service Provider Interface for the Assistive Technologies available on the GNOME platform and a library against which applications can be linked."
HOMEPAGE = "https://wiki.linuxfoundation.org/accessibility/d-bus"
BUGTRACKER = "http://bugzilla.gnome.org/"
LICENSE = "LGPL-2.1-or-later"
LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
MAJ_VER = "${@oe.utils.trim_version("${PV}", 2)}"
SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz"
SRC_URI[sha256sum] = "5727b5c0687ac57ba8040e79bd6731b714a36b8fcf32190f236b8fb3698789e7"
DEPENDS = " \
dbus \
glib-2.0 \
glib-2.0-native \
libxml2 \
${@'python3-sphinx-native' if d.getVar('GIDOCGEN_ENABLED') == 'True' else ''} \
"
# For backwards compatibility
PROVIDES += "atk at-spi2-atk"
RPROVIDES:${PN} += "atk at-spi2-atk"
inherit meson gi-docgen gettext systemd pkgconfig upstream-version-is-even gobject-introspection
EXTRA_OEMESON = " -Dsystemd_user_dir=${systemd_user_unitdir} \
-Ddbus_daemon=${bindir}/dbus-daemon"
PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)}"
PACKAGECONFIG[x11] = "-Dx11=enabled,-Dx11=disabled,virtual/libx11 libxi libxtst"
GIDOCGEN_MESON_OPTION = "docs"
GIR_MESON_OPTION = 'introspection'
GIR_MESON_ENABLE_FLAG = 'enabled'
GIR_MESON_DISABLE_FLAG = 'disabled'
FILES:${PN} += "${libdir}/gnome-settings-daemon-3.0/gtk-modules/at-spi2-atk.desktop \
${libdir}/gtk-2.0/modules/libatk-bridge.so \
${datadir}/dbus-1/services/*.service \
${datadir}/dbus-1/accessibility-services/*.service \
${datadir}/defaults/at-spi2 \
${systemd_user_unitdir}/at-spi-dbus-bus.service \
"
BBCLASSEXTEND = "native nativesdk"

60
sources/poky/meta/recipes-support/attr/acl/0001-test-patch-out-failing-bits.patch Normal file
View File

@@ -0,0 +1,60 @@
From 7dec6fa3b3494a55120402ff1ea3eb96b67138e8 Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Thu, 12 Dec 2019 15:47:49 +0100
Subject: [PATCH] test: patch out failing bits
I have confirmed on the host distro (Ubuntu 18.04) that they
fail as well; upstream probably haven't noticed because the
test is only executed under sudo.
Upstream-Status: Inappropriate [disabling tests instead of fixing them properly]
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
---
test/root/permissions.test | 13 -------------
1 file changed, 13 deletions(-)
diff --git a/test/root/permissions.test b/test/root/permissions.test
index 8f8f825..21e8a95 100644
--- a/test/root/permissions.test
+++ b/test/root/permissions.test
@@ -50,10 +50,6 @@ User daemon is a member in the owning group, which has only read access.
Verify this.
$ su daemon
- $ cat f
- > root
- > bin
-
$ echo daemon >> f
>~ .*f: Permission denied$
@@ -146,8 +142,6 @@ the owning group, he should still have no write access.
$ setfacl -x g:daemon f
$ su daemon
- $ echo daemon4 >> f
- >~ .*f: Permission denied$
Change the owning group. The other permissions should now grant user
@@ -158,12 +152,6 @@ daemon write access.
$ su daemon
$ echo daemon5 >> f
- $ cat f
- > root
- > bin
- > daemon
- > daemon2
- > daemon5
Verify that permissions in separate matching ACL entries do not
@@ -173,7 +161,6 @@ accumulate.
$ setfacl -m g:bin:r,g:daemon:w f
$ su daemon
- $ : < f
$ : > f
$ : <> f
>~ .*f: Permission denied$

24
sources/poky/meta/recipes-support/attr/acl/0001-tests-do-not-hardcode-the-build-path-into-a-helper-l.patch Normal file
View File

@@ -0,0 +1,24 @@
From 42ae3f8a5e32ba0681ccd1552a203ddad8748a6e Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Thu, 12 Dec 2019 13:45:52 +0100
Subject: [PATCH] tests: do not hardcode the build path into a helper library
Upstream-Status: Inappropriate [oe-core specific]
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
---
test/Makemodule.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/test/Makemodule.am b/test/Makemodule.am
index e1d715d..cffe732 100644
--- a/test/Makemodule.am
+++ b/test/Makemodule.am
@@ -30,7 +30,7 @@ EXTRA_DIST += \
check_LTLIBRARIES = libtestlookup.la
libtestlookup_la_SOURCES = test/test_passwd.c test/test_group.c
-libtestlookup_la_CFLAGS = -DBASEDIR=\"$(abs_srcdir)\"
+libtestlookup_la_CFLAGS = -DBASEDIR=\"/tmp/acl-ptest\"
libtestlookup_la_LDFLAGS = -rpath $(abs_builddir)
# Make sure translations don't break tests when matching output.

16
sources/poky/meta/recipes-support/attr/acl/run-ptest Normal file
View File

@@ -0,0 +1,16 @@
#!/bin/sh
#
#This script is used to run acl test suites
#umask 077
mkdir -p /tmp/acl-ptest/test
cp test/test.* /tmp/acl-ptest/test
set +e
make test-suite.log
exitcode=$?
if [ $exitcode -ne 0 -a -e test-suite.log ]; then
cat test-suite.log
fi
exit $exitcode

85
sources/poky/meta/recipes-support/attr/acl_2.3.2.bb Normal file
View File

@@ -0,0 +1,85 @@
SUMMARY = "Utilities for managing POSIX Access Control Lists"
DESCRIPTION = "ACL allows you to provide different levels of access to files \
and folders for different users."
HOMEPAGE = "http://savannah.nongnu.org/projects/acl/"
BUGTRACKER = "http://savannah.nongnu.org/bugs/?group=acl"
SECTION = "libs"
LICENSE = "LGPL-2.1-or-later & GPL-2.0-or-later"
LICENSE:${PN} = "GPL-2.0-or-later"
LICENSE:lib${BPN} = "LGPL-2.1-or-later"
LIC_FILES_CHKSUM = "file://doc/COPYING;md5=c781d70ed2b4d48995b790403217a249 \
file://doc/COPYING.LGPL;md5=9e9a206917f8af112da634ce3ab41764"
DEPENDS = "attr"
SRC_URI = "${SAVANNAH_GNU_MIRROR}/acl/${BP}.tar.gz \
file://run-ptest \
file://0001-tests-do-not-hardcode-the-build-path-into-a-helper-l.patch \
file://0001-test-patch-out-failing-bits.patch \
"
SRC_URI[sha256sum] = "5f2bdbad629707aa7d85c623f994aa8a1d2dec55a73de5205bac0bf6058a2f7c"
inherit autotools gettext ptest
EXTRA_OECONF += "--enable-largefile"
PACKAGES =+ "lib${BPN}"
FILES:lib${BPN} = "${libdir}/lib*${SOLIBS}"
PTEST_BUILD_HOST_FILES = "builddefs"
PTEST_BUILD_HOST_PATTERN = "^RPM"
do_compile_ptest() {
oe_runmake libtestlookup.la
}
do_install_ptest() {
cp -rf ${S}/test/ ${D}${PTEST_PATH}
cp -rf ${S}/build-aux/ ${D}${PTEST_PATH}
mkdir -p ${D}${PTEST_PATH}/.libs
cp -rf ${B}/.libs/libtestlookup* ${D}${PTEST_PATH}/.libs
cp ${B}/Makefile ${D}${PTEST_PATH}
sed -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \
-e 's|${DEBUG_PREFIX_MAP}||g' \
-e 's:${HOSTTOOLS_DIR}/::g' \
-e 's:${RECIPE_SYSROOT_NATIVE}::g' \
-e 's:${BASE_WORKDIR}/${MULTIMACH_TARGET_SYS}::g' \
-i ${D}${PTEST_PATH}/Makefile
sed -i "s|^srcdir =.*|srcdir = \.|g" ${D}${PTEST_PATH}/Makefile
sed -i "s|^abs_srcdir =.*|abs_srcdir = \.|g" ${D}${PTEST_PATH}/Makefile
sed -i "s|^abs_top_srcdir =.*|abs_top_srcdir = \.\.|g" ${D}${PTEST_PATH}/Makefile
sed -i "s|^Makefile:.*|Makefile:|g" ${D}${PTEST_PATH}/Makefile
rm ${D}${PTEST_PATH}/.libs/libtestlookup.lai
}
do_install_ptest:append:libc-musl() {
sed -i -e '/test\/misc.test/d' ${D}${PTEST_PATH}/Makefile
}
RDEPENDS:${PN}-ptest = "acl \
bash \
coreutils \
perl \
perl-module-constant \
perl-module-filehandle \
perl-module-getopt-std \
perl-module-posix \
shadow \
make \
gawk \
e2fsprogs-mke2fs \
perl-module-cwd \
perl-module-file-basename \
perl-module-file-path \
perl-module-file-spec \
"
BBCLASSEXTEND = "native nativesdk"

72
sources/poky/meta/recipes-support/attr/attr.inc Normal file
View File

@@ -0,0 +1,72 @@
SUMMARY = "Utilities for manipulating filesystem extended attributes"
DESCRIPTION = "Implement the ability for a user to attach name:value pairs to objects within the XFS filesystem."
HOMEPAGE = "http://savannah.nongnu.org/projects/attr/"
SECTION = "libs"
DEPENDS = "virtual/libintl"
LICENSE = "LGPL-2.1-or-later & GPL-2.0-or-later"
LICENSE:${PN} = "GPL-2.0-or-later"
LICENSE:lib${BPN} = "LGPL-2.1-or-later"
LIC_FILES_CHKSUM = "file://doc/COPYING;md5=2d0aa14b3fce4694e4f615e30186335f \
file://doc/COPYING.LGPL;md5=b8d31f339300bc239d73461d68e77b9c \
file://tools/attr.c;endline=17;md5=be0403261f0847e5f43ed5b08d19593c \
file://libattr/libattr.c;endline=17;md5=7970f77049f8fa1199fff62a7ab724fb"
SRC_URI = "${SAVANNAH_GNU_MIRROR}/attr/${BP}.tar.gz \
file://run-ptest \
file://0001-attr.c-Include-libgen.h-for-posix-version-of-basenam.patch \
"
inherit ptest update-alternatives autotools gettext
PACKAGES =+ "lib${BPN}"
FILES:lib${BPN} = "${libdir}/lib*${SOLIBS} ${sysconfdir}"
ALTERNATIVE_PRIORITY = "100"
ALTERNATIVE:${PN} = "setfattr"
ALTERNATIVE_TARGET[setfattr] = "${bindir}/setfattr"
PTEST_BUILD_HOST_FILES = "builddefs"
PTEST_BUILD_HOST_PATTERN = "^RPM"
do_install_ptest() {
cp ${B}/Makefile ${D}${PTEST_PATH}
sed -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \
-e 's|${DEBUG_PREFIX_MAP}||g' \
-e 's:${HOSTTOOLS_DIR}/::g' \
-e 's:${RECIPE_SYSROOT_NATIVE}::g' \
-e 's:${BASE_WORKDIR}/${MULTIMACH_TARGET_SYS}::g' \
-i ${D}${PTEST_PATH}/Makefile
sed -i "s|^srcdir =.*|srcdir = \.|g" ${D}${PTEST_PATH}/Makefile
sed -i "s|^abs_srcdir =.*|abs_srcdir = \.|g" ${D}${PTEST_PATH}/Makefile
sed -i "s|^abs_top_srcdir =.*|abs_top_srcdir = \.\.|g" ${D}${PTEST_PATH}/Makefile
sed -i "s|^Makefile:.*|Makefile:|g" ${D}${PTEST_PATH}/Makefile
cp -rf ${S}/build-aux/ ${D}${PTEST_PATH}
cp -rf ${S}/test/ ${D}${PTEST_PATH}
}
do_install_ptest:append:libc-musl() {
sed -i -e 's|f: Operation n|f: N|g' ${D}${PTEST_PATH}/test/attr.test
}
RDEPENDS:${PN}-ptest = "attr \
bash \
coreutils \
perl-module-constant \
perl-module-filehandle \
perl-module-getopt-std \
perl-module-posix \
make \
perl \
gawk \
perl-module-cwd \
perl-module-file-basename \
perl-module-file-path \
perl-module-file-spec \
"
BBCLASSEXTEND = "native nativesdk"

35
sources/poky/meta/recipes-support/attr/attr/0001-attr.c-Include-libgen.h-for-posix-version-of-basenam.patch Normal file
View File

@@ -0,0 +1,35 @@
From 6d9e827bcacf387bb3cfae64bd4fe520168ccad4 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Sun, 3 Dec 2023 19:29:27 -0800
Subject: [PATCH] attr.c: Include libgen.h for posix version of basename API
Musl has removed the definition from string.h [1] which results in
compile failures with clang
| ../attr-2.5.1/tools/attr.c:69:13: error: call to undeclared function 'basename'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
| 69 | progname = basename(argv[0]);
| | ^
[1] https://git.musl-libc.org/cgit/musl/commit/?id=725e17ed6dff4d0cd22487bb64470881e86a92e7
Upstream-Status: Submitted [https://savannah.nongnu.org/bugs/index.php?64972]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
tools/attr.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/attr.c b/tools/attr.c
index 312aef1..90dab83 100644
--- a/tools/attr.c
+++ b/tools/attr.c
@@ -26,6 +26,7 @@
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
+#include <libgen.h>
#include <string.h>
#include <locale.h>
--
2.43.0

10
sources/poky/meta/recipes-support/attr/attr/run-ptest Normal file
View File

@@ -0,0 +1,10 @@
#!/bin/sh
set +e
make test-suite.log
exitcode=$?
if [ $exitcode -ne 0 -a -e test-suite.log ]; then
cat test-suite.log
fi
exit $exitcode

5
sources/poky/meta/recipes-support/attr/attr_2.5.1.bb Normal file
View File

@@ -0,0 +1,5 @@
require attr.inc
SRC_URI[sha256sum] = "bae1c6949b258a0d68001367ce0c741cebdacdd3b62965d17e5eb23cd78adaf8"
BBCLASSEXTEND = "native nativesdk"

38
sources/poky/meta/recipes-support/bash-completion/bash-completion_2.12.0.bb Normal file
View File

@@ -0,0 +1,38 @@
SUMMARY = "Programmable Completion for Bash 4"
DESCRIPTION = "Collection of command line command completions for the Bash shell, \
collection of helper functions to assist in creating new completions, \
and set of facilities for loading completions automatically on demand, as well \
as installing them."
HOMEPAGE = "https://github.com/scop/bash-completion"
BUGTRACKER = "https://github.com/scop/bash-completion/issues"
LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
SECTION = "console/utils"
SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BPN}-${PV}.tar.xz"
SRC_URI[sha256sum] = "3eb05b1783c339ef59ed576afb0f678fa4ef49a6de8a696397df3148f8345af9"
GITHUB_BASE_URI = "https://github.com/scop/bash-completion/releases"
PARALLEL_MAKE = ""
inherit autotools github-releases
do_install:append() {
# compatdir
install -d ${D}${sysconfdir}/bash_completion.d/
echo '. ${datadir}/${BPN}/bash_completion' >${D}${sysconfdir}/bash_completion
}
RDEPENDS:${PN} = "bash"
# Some recipes are providing ${PN}-bash-completion packages
PACKAGES =+ "${PN}-extra"
FILES:${PN}-extra = "${datadir}/${BPN}/completions/ \
${datadir}/${BPN}/helpers/"
BBCLASSEXTEND = "nativesdk"

29
sources/poky/meta/recipes-support/bmaptool/bmaptool_git.bb Normal file
View File

@@ -0,0 +1,29 @@
SUMMARY = "Tools to generate block map (AKA bmap) and flash images using bmap"
DESCRIPTION = "bmaptool - tools to generate block map (AKA bmap) and flash images using \
bmap. bmaptool is a generic tool for creating the block map (bmap) for a file, \
and copying files using the block map. The idea is that large file containing \
unused blocks, like raw system image files, can be copied or flashed a lot \
faster with bmaptool than with traditional tools like "dd" or "cp"."
HOMEPAGE = "https://github.com/yoctoproject/bmaptool"
SECTION = "console/utils"
LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263"
SRC_URI = "git://github.com/yoctoproject/${BPN};branch=main;protocol=https"
SRCREV = "2ff5750b8a3e0b36a9993c20e2ea10a07bc62085"
S = "${WORKDIR}/git"
BASEVER = "3.8.0"
PV = "${BASEVER}+git"
UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)"
# Need df from coreutils
RDEPENDS:${PN} = "python3-core python3-compression python3-misc python3-mmap python3-setuptools python3-fcntl python3-six coreutils"
inherit setuptools3
# For compatibility with layers before scarthgap
RREPLACES:${PN} = "bmap-tools"
RCONFLICTS:${PN} = "bmap-tools"
BBCLASSEXTEND = "native nativesdk"

20
sources/poky/meta/recipes-support/boost/boost-1.84.0.inc Normal file
View File

@@ -0,0 +1,20 @@
# The Boost web site provides free peer-reviewed portable
# C++ source libraries. The emphasis is on libraries which
# work well with the C++ Standard Library. The libraries are
# intended to be widely useful, and are in regular use by
# thousands of programmers across a broad spectrum of applications.
HOMEPAGE = "http://www.boost.org/"
LICENSE = "BSL-1.0 & MIT & Python-2.0"
LIC_FILES_CHKSUM = "file://LICENSE_1_0.txt;md5=e4224ccaecb14d942c71d31bef20d78c"
BOOST_VER = "${@"_".join(d.getVar("PV").split("."))}"
BOOST_MAJ = "${@"_".join(d.getVar("PV").split(".")[0:2])}"
BOOST_P = "boost_${BOOST_VER}"
SRC_URI = "https://archives.boost.io/release/${PV}/source/${BOOST_P}.tar.bz2"
SRC_URI[sha256sum] = "cc4b893acf645c9d4b698e9a0f08ca8846aa5d6c68275c14c3e7949c24109454"
UPSTREAM_CHECK_URI = "http://www.boost.org/users/download/"
UPSTREAM_CHECK_REGEX = "release/(?P<pver>.*)/source/"
S = "${WORKDIR}/${BOOST_P}"

28
sources/poky/meta/recipes-support/boost/boost-build-native_1.84.0.bb Normal file
View File

@@ -0,0 +1,28 @@
SUMMARY = "Boost.Build"
DESCRIPTION = "B2 makes it easy to build C++ projects, everywhere."
HOMEPAGE = "https://github.com/boostorg/build"
SECTION = "devel"
LICENSE = "BSL-1.0"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=e4224ccaecb14d942c71d31bef20d78c"
SRC_URI = "git://github.com/boostorg/build;protocol=https;branch=master"
SRCREV = "8d86b9a85407d73d6e8c631771f18c2a237d2d71"
PE = "1"
UPSTREAM_CHECK_GITTAGREGEX = "boost-(?P<pver>(\d+(\.\d+)+))"
inherit native
S = "${WORKDIR}/git"
do_compile() {
./bootstrap.sh
}
do_install() {
HOME=/var/run ./b2 install --prefix=${prefix} staging-prefix=${D}${prefix}
}
# The build is either release mode (pre-stripped) or debug (-O0).
INSANE_SKIP:${PN} = "already-stripped"

226
sources/poky/meta/recipes-support/boost/boost.inc Normal file
View File

@@ -0,0 +1,226 @@
SUMMARY = "Free peer-reviewed portable C++ source libraries"
DESCRIPTION = "Provides free peer-reviewed portable C++ source libraries. The emphasis is on libraries which work well with the C++ \
Standard Library. One goal is to establish 'existing practice' and \
provide reference implementations so that the Boost libraries are suitable for eventual standardization. Some of the libraries have already been proposed for inclusion in the C++ Standards Committee's \
upcoming C++ Standard Library Technical Report."
SECTION = "libs"
DEPENDS = "boost-build-native zlib bzip2"
CVE_PRODUCT = "boost:boost"
ARM_INSTRUCTION_SET:armv4 = "arm"
ARM_INSTRUCTION_SET:armv5 = "arm"
B = "${WORKDIR}/build"
do_configure[cleandirs] = "${B}"
BOOST_LIBS = "\
atomic \
chrono \
container \
context \
contract \
coroutine \
date_time \
exception \
fiber \
filesystem \
graph \
headers \
iostreams \
json \
log \
math \
program_options \
random \
regex \
serialization \
system \
test \
thread \
timer \
type_erasure \
url \
wave \
"
# optional libraries
PACKAGECONFIG ??= "locale python"
PACKAGECONFIG[locale] = ",,icu"
PACKAGECONFIG[graph_parallel] = ",,,boost-mpi mpich"
PACKAGECONFIG[mpi] = ",,mpich"
PACKAGECONFIG[python] = ",,python3"
BOOST_LIBS += "\
${@bb.utils.filter('PACKAGECONFIG', 'locale python', d)} \
${@bb.utils.contains('PACKAGECONFIG', 'graph_parallel', 'graph_parallel mpi', \
bb.utils.filter('PACKAGECONFIG', 'mpi', d), d)} \
"
inherit python3-dir
PYTHON_ROOT = "${STAGING_DIR_HOST}/${prefix}"
# Make a package for each library, plus -dev
PACKAGES = "${PN}-dbg ${BOOST_PACKAGES}"
python __anonymous () {
packages = []
extras = []
pn = d.getVar("PN")
mlprefix = d.getVar("MLPREFIX")
for lib in d.getVar('BOOST_LIBS').split():
extras.append("--with-%s" % lib)
pkg = "boost-%s" % (lib.replace("_", "-"))
if "-native" in pn:
pkg = pkg + "-native"
packages.append(mlprefix + pkg)
if not d.getVar("FILES:%s" % pkg):
d.setVar("FILES:%s%s" % (mlprefix, pkg), "${libdir}/libboost_%s*.so.*" % lib)
else:
d.setVar("FILES:%s%s" % (mlprefix, pkg), d.getVar("FILES:%s" % pkg))
d.setVar("BOOST_PACKAGES", " ".join(packages))
d.setVar("BJAM_EXTRA", " ".join(extras))
}
# Override the contents of specific packages
FILES:${PN}-graph_parallel = "${libdir}/libboost_graph_parallel.so.*"
FILES:${PN}-locale = "${libdir}/libboost_locale.so.*"
FILES:${PN}-mpi = "${libdir}/mpi.so ${libdir}/libboost_mpi*.so.*"
FILES:boost-serialization = "${libdir}/libboost_serialization*.so.* \
${libdir}/libboost_wserialization*.so.*"
FILES:boost-test = "${libdir}/libboost_prg_exec_monitor*.so.* \
${libdir}/libboost_unit_test_framework*.so.*"
# -dev last to pick up the remaining stuff
PACKAGES += "${PN}-dev ${PN}-staticdev"
FILES:${PN}-dev = "${includedir} ${libdir}/libboost_*.so ${libdir}/cmake"
FILES:${PN}-staticdev = "${libdir}/libboost_*.a"
# "boost" is a metapackage which pulls in all boost librabries
PACKAGES += "${PN}"
FILES:${PN} = ""
ALLOW_EMPTY:${PN} = "1"
RRECOMMENDS:${PN} += "${BOOST_PACKAGES}"
RRECOMMENDS:${PN}:class-native = ""
# to avoid GNU_HASH QA errors added LDFLAGS to ARCH; a little bit dirty but at least it works
TARGET_CC_ARCH += "${LDFLAGS}"
# Oh yippee, a new build system, it's sooo cooool I could eat my own
# foot. inlining=on lets the compiler choose, I think. At least this
# stuff is documented...
# NOTE: if you leave <debug-symbols>on then in a debug build the build sys
# objcopy will be invoked, and that won't work. Building debug apparently
# requires hacking gcc-tools.jam
#
# Sometimes I wake up screaming. Famous figures are gathered in the nightmare,
# Steve Bourne, Larry Wall, the whole of the ANSI C committee. They're just
# standing there, waiting, but the truely terrifying thing is what they carry
# in their hands. At first sight each seems to bear the same thing, but it is
# not so for the forms in their grasp are ever so slightly different one from
# the other. Each is twisted in some grotesque way from the other to make each
# an unspeakable perversion impossible to perceive without the onset of madness.
# True insanity awaits anyone who perceives all of these horrors together.
#
# Quotation marks, there might be an easier way to do this, but I can't find
# it. The problem is that the user.hpp configuration file must receive a
# pre-processor macro defined as the appropriate string - complete with "'s
# around it. (<> is a possibility here but the danger to that is that the
# failure case interprets the < and > as shell redirections, creating
# random files in the source tree.)
#
#bjam: '-DBOOST_PLATFORM_CONFIG=\"config\"'
#do_compile: '-sGCC=... '"'-DBOOST_PLATFORM_CONFIG=\"config\"'"
SQD = '"'
EQD = '\"'
#boost.bb: "... '-sGCC=... '${SQD}'-DBOOST_PLATFORM_CONFIG=${EQD}config${EQD}'${SQD} ..."
BJAM_CONF = "${SQD}'-DBOOST_PLATFORM_CONFIG=${EQD}boost/config/platform/${TARGET_OS}.hpp${EQD}'${SQD}"
BJAM_TOOLS = "--ignore-site-config \
'-sTOOLS=gcc' \
'-sGCC=${CC} '${BJAM_CONF} \
'-sGXX=${CXX} '${BJAM_CONF} \
'-sGCC_INCLUDE_DIRECTORY=${STAGING_INCDIR}' \
'-sGCC_STDLIB_DIRECTORY=${STAGING_LIBDIR}' \
'-sBUILD=release <optimization>space <threading>multi <inlining>on <debug-symbols>off' \
'-sPYTHON_ROOT=${PYTHON_ROOT}' \
'--layout=system' \
"
# use PARALLEL_MAKE to speed up the build
BOOST_PARALLEL_MAKE = "${@oe.utils.parallel_make_argument(d, '-j%d')}"
BJAM_OPTS = '${BOOST_PARALLEL_MAKE} -d+2 -q \
${BJAM_TOOLS} \
-sBOOST_BUILD_USER_CONFIG=${WORKDIR}/user-config.jam \
-sICU_PATH=${STAGING_EXECPREFIXDIR} \
--build-dir=${B} \
--disable-icu \
${BJAM_EXTRA}'
# Native compilation of bzip2 isn't working
BJAM_OPTS:append:class-native = ' -sNO_BZIP2=1'
# Adjust the build for x32
BJAM_OPTS:append:x86-x32 = " abi=x32 address-model=64"
# cross compiling for arm fails to detect abi, so provide some help
BJAM_OPTS:append:arm = " abi=aapcs architecture=arm"
BJAM_OPTS:append:aarch64 = " abi=aapcs address-model=64 architecture=arm"
do_configure() {
cd ${S}
cp -f ${S}/boost/config/platform/linux.hpp ${S}/boost/config/platform/linux-gnueabi.hpp
# D2194:Fixing the failure of "error: duplicate initialization of gcc with the following parameters" during compilation.
rm -f ${WORKDIR}/user-config.jam
echo 'using gcc : : ${CXX} : <cflags>"${CFLAGS}" <cxxflags>"${CXXFLAGS}" <linkflags>"${LDFLAGS}" ;' >> ${WORKDIR}/user-config.jam
# If we want Python then we need to tell Boost *exactly* where to find it
if ${@bb.utils.contains('BOOST_LIBS', 'python', 'true', 'false', d)}; then
echo "using python : ${PYTHON_BASEVERSION} : ${STAGING_DIR_HOST}${bindir}/python3 : ${STAGING_DIR_HOST}${includedir}/${PYTHON_DIR}${PYTHON_ABI} : ${STAGING_DIR_HOST}${libdir}/${PYTHON_DIR} ;" >> ${WORKDIR}/user-config.jam
fi
if ${@bb.utils.contains('BOOST_LIBS', 'mpi', 'true', 'false', d)}; then
echo "using mpi : : <find-shared-library>mpi ;" >> ${WORKDIR}/user-config.jam
fi
CC="${BUILD_CC}" CFLAGS="${BUILD_CFLAGS}" ./bootstrap.sh --with-bjam=b2 --with-toolset=gcc
# Boost can't be trusted to find Python on it's own, so remove any mention
# of it from the boost configuration
sed -i '/using python/d' ${S}/project-config.jam
}
do_compile() {
cd ${S}
b2 ${BJAM_OPTS} \
--prefix=${prefix} \
--exec-prefix=${exec_prefix} \
--libdir=${libdir} \
--includedir=${includedir} \
--debug-configuration
}
do_install() {
cd ${S}
b2 ${BJAM_OPTS} \
--libdir=${D}${libdir} \
--includedir=${D}${includedir} \
install
for lib in ${BOOST_LIBS}; do
if [ -e ${D}${libdir}/libboost_${lib}.a ]; then
ln -s libboost_${lib}.a ${D}${libdir}/libboost_${lib}-mt.a
fi
if [ -e ${D}${libdir}/libboost_${lib}.so ]; then
ln -s libboost_${lib}.so ${D}${libdir}/libboost_${lib}-mt.so
fi
done
# Cmake files reference full paths to image
find ${D}${libdir}/cmake -type f | \
grep 'cmake$' | \
xargs -n 1 sed -e 's,${D}${libdir}/cmake,${libdir}/cmake,' -i
}
BBCLASSEXTEND = "native nativesdk"

175
sources/poky/meta/recipes-support/boost/boost/0001-Don-t-set-up-arch-instruction-set-flags-we-do-that-o.patch Normal file
View File

@@ -0,0 +1,175 @@
From 18185e939ca121335a6172c8e50872af8122a759 Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Tue, 18 Dec 2018 15:42:57 +0100
Subject: [PATCH] Don't set up arch/instruction-set flags, we do that
ourselves
Upstream-Status: Inappropriate
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
---
tools/build/src/tools/gcc.jam | 153 ----------------------------------
1 file changed, 153 deletions(-)
diff --git a/tools/build/src/tools/gcc.jam b/tools/build/src/tools/gcc.jam
index 834f5e1bf..493a43e6d 100644
--- a/tools/build/src/tools/gcc.jam
+++ b/tools/build/src/tools/gcc.jam
@@ -1113,156 +1113,3 @@ local rule cpu-flags ( toolset variable : architecture : instruction-set + :
<architecture>$(architecture)/<instruction-set>$(instruction-set)
: $(values) ;
}
-
-
-# Set architecture/instruction-set options.
-#
-# x86 and compatible
-# The 'native' option appeared in gcc 4.2 so we cannot safely use it as default.
-# Use i686 instead for 32-bit.
-toolset.flags gcc OPTIONS <architecture>x86/<address-model>32/<instruction-set> : -march=i686 ;
-cpu-flags gcc OPTIONS : x86 : native : -march=native ;
-cpu-flags gcc OPTIONS : x86 : i486 : -march=i486 ;
-cpu-flags gcc OPTIONS : x86 : i586 : -march=i586 ;
-cpu-flags gcc OPTIONS : x86 : i686 : -march=i686 ;
-cpu-flags gcc OPTIONS : x86 : pentium : -march=pentium ;
-cpu-flags gcc OPTIONS : x86 : pentium-mmx : -march=pentium-mmx ;
-cpu-flags gcc OPTIONS : x86 : pentiumpro : -march=pentiumpro ;
-cpu-flags gcc OPTIONS : x86 : pentium2 : -march=pentium2 ;
-cpu-flags gcc OPTIONS : x86 : pentium3 : -march=pentium3 ;
-cpu-flags gcc OPTIONS : x86 : pentium3m : -march=pentium3m ;
-cpu-flags gcc OPTIONS : x86 : pentium-m : -march=pentium-m ;
-cpu-flags gcc OPTIONS : x86 : pentium4 : -march=pentium4 ;
-cpu-flags gcc OPTIONS : x86 : pentium4m : -march=pentium4m ;
-cpu-flags gcc OPTIONS : x86 : prescott : -march=prescott ;
-cpu-flags gcc OPTIONS : x86 : nocona : -march=nocona ;
-cpu-flags gcc OPTIONS : x86 : core2 : -march=core2 ;
-cpu-flags gcc OPTIONS : x86 : conroe : -march=core2 ;
-cpu-flags gcc OPTIONS : x86 : conroe-xe : -march=core2 ;
-cpu-flags gcc OPTIONS : x86 : conroe-l : -march=core2 ;
-cpu-flags gcc OPTIONS : x86 : allendale : -march=core2 ;
-cpu-flags gcc OPTIONS : x86 : wolfdale : -march=core2 -msse4.1 ;
-cpu-flags gcc OPTIONS : x86 : merom : -march=core2 ;
-cpu-flags gcc OPTIONS : x86 : merom-xe : -march=core2 ;
-cpu-flags gcc OPTIONS : x86 : kentsfield : -march=core2 ;
-cpu-flags gcc OPTIONS : x86 : kentsfield-xe : -march=core2 ;
-cpu-flags gcc OPTIONS : x86 : yorksfield : -march=core2 ;
-cpu-flags gcc OPTIONS : x86 : penryn : -march=core2 ;
-cpu-flags gcc OPTIONS : x86 : corei7 : -march=corei7 ;
-cpu-flags gcc OPTIONS : x86 : nehalem : -march=corei7 ;
-cpu-flags gcc OPTIONS : x86 : corei7-avx : -march=corei7-avx ;
-cpu-flags gcc OPTIONS : x86 : sandy-bridge : -march=corei7-avx ;
-cpu-flags gcc OPTIONS : x86 : core-avx-i : -march=core-avx-i ;
-cpu-flags gcc OPTIONS : x86 : ivy-bridge : -march=core-avx-i ;
-cpu-flags gcc OPTIONS : x86 : haswell : -march=core-avx-i -mavx2 -mfma -mbmi -mbmi2 -mlzcnt ;
-cpu-flags gcc OPTIONS : x86 : broadwell : -march=broadwell ;
-cpu-flags gcc OPTIONS : x86 : skylake : -march=skylake ;
-cpu-flags gcc OPTIONS : x86 : skylake-avx512 : -march=skylake-avx512 ;
-cpu-flags gcc OPTIONS : x86 : cannonlake : -march=skylake-avx512 -mavx512vbmi -mavx512ifma -msha ;
-cpu-flags gcc OPTIONS : x86 : icelake-client : -march=icelake-client ;
-cpu-flags gcc OPTIONS : x86 : icelake-server : -march=icelake-server ;
-cpu-flags gcc OPTIONS : x86 : cascadelake : -march=skylake-avx512 -mavx512vnni ;
-cpu-flags gcc OPTIONS : x86 : cooperlake : -march=cooperlake ;
-cpu-flags gcc OPTIONS : x86 : tigerlake : -march=tigerlake ;
-cpu-flags gcc OPTIONS : x86 : rocketlake : -march=rocketlake ;
-cpu-flags gcc OPTIONS : x86 : alderlake : -march=alderlake ;
-cpu-flags gcc OPTIONS : x86 : sapphirerapids : -march=sapphirerapids ;
-cpu-flags gcc OPTIONS : x86 : k6 : -march=k6 ;
-cpu-flags gcc OPTIONS : x86 : k6-2 : -march=k6-2 ;
-cpu-flags gcc OPTIONS : x86 : k6-3 : -march=k6-3 ;
-cpu-flags gcc OPTIONS : x86 : athlon : -march=athlon ;
-cpu-flags gcc OPTIONS : x86 : athlon-tbird : -march=athlon-tbird ;
-cpu-flags gcc OPTIONS : x86 : athlon-4 : -march=athlon-4 ;
-cpu-flags gcc OPTIONS : x86 : athlon-xp : -march=athlon-xp ;
-cpu-flags gcc OPTIONS : x86 : athlon-mp : -march=athlon-mp ;
-##
-cpu-flags gcc OPTIONS : x86 : k8 : -march=k8 ;
-cpu-flags gcc OPTIONS : x86 : opteron : -march=opteron ;
-cpu-flags gcc OPTIONS : x86 : athlon64 : -march=athlon64 ;
-cpu-flags gcc OPTIONS : x86 : athlon-fx : -march=athlon-fx ;
-cpu-flags gcc OPTIONS : x86 : k8-sse3 : -march=k8-sse3 ;
-cpu-flags gcc OPTIONS : x86 : opteron-sse3 : -march=opteron-sse3 ;
-cpu-flags gcc OPTIONS : x86 : athlon64-sse3 : -march=athlon64-sse3 ;
-cpu-flags gcc OPTIONS : x86 : amdfam10 : -march=amdfam10 ;
-cpu-flags gcc OPTIONS : x86 : barcelona : -march=barcelona ;
-cpu-flags gcc OPTIONS : x86 : bdver1 : -march=bdver1 ;
-cpu-flags gcc OPTIONS : x86 : bdver2 : -march=bdver2 ;
-cpu-flags gcc OPTIONS : x86 : bdver3 : -march=bdver3 ;
-cpu-flags gcc OPTIONS : x86 : bdver4 : -march=bdver4 ;
-cpu-flags gcc OPTIONS : x86 : btver1 : -march=btver1 ;
-cpu-flags gcc OPTIONS : x86 : btver2 : -march=btver2 ;
-cpu-flags gcc OPTIONS : x86 : znver1 : -march=znver1 ;
-cpu-flags gcc OPTIONS : x86 : znver2 : -march=znver2 ;
-cpu-flags gcc OPTIONS : x86 : znver3 : -march=znver3 ;
-cpu-flags gcc OPTIONS : x86 : winchip-c6 : -march=winchip-c6 ;
-cpu-flags gcc OPTIONS : x86 : winchip2 : -march=winchip2 ;
-cpu-flags gcc OPTIONS : x86 : c3 : -march=c3 ;
-cpu-flags gcc OPTIONS : x86 : c3-2 : -march=c3-2 ;
-cpu-flags gcc OPTIONS : x86 : c7 : -march=c7 ;
-##
-cpu-flags gcc OPTIONS : x86 : atom : -march=atom ;
-# Sparc
-cpu-flags gcc OPTIONS : sparc : v7 : -mcpu=v7 : default ;
-cpu-flags gcc OPTIONS : sparc : cypress : -mcpu=cypress ;
-cpu-flags gcc OPTIONS : sparc : v8 : -mcpu=v8 ;
-cpu-flags gcc OPTIONS : sparc : supersparc : -mcpu=supersparc ;
-cpu-flags gcc OPTIONS : sparc : sparclite : -mcpu=sparclite ;
-cpu-flags gcc OPTIONS : sparc : hypersparc : -mcpu=hypersparc ;
-cpu-flags gcc OPTIONS : sparc : sparclite86x : -mcpu=sparclite86x ;
-cpu-flags gcc OPTIONS : sparc : f930 : -mcpu=f930 ;
-cpu-flags gcc OPTIONS : sparc : f934 : -mcpu=f934 ;
-cpu-flags gcc OPTIONS : sparc : sparclet : -mcpu=sparclet ;
-cpu-flags gcc OPTIONS : sparc : tsc701 : -mcpu=tsc701 ;
-cpu-flags gcc OPTIONS : sparc : v9 : -mcpu=v9 ;
-cpu-flags gcc OPTIONS : sparc : ultrasparc : -mcpu=ultrasparc ;
-cpu-flags gcc OPTIONS : sparc : ultrasparc3 : -mcpu=ultrasparc3 ;
-# RS/6000 & PowerPC
-cpu-flags gcc OPTIONS : power : 403 : -mcpu=403 ;
-cpu-flags gcc OPTIONS : power : 505 : -mcpu=505 ;
-cpu-flags gcc OPTIONS : power : 601 : -mcpu=601 ;
-cpu-flags gcc OPTIONS : power : 602 : -mcpu=602 ;
-cpu-flags gcc OPTIONS : power : 603 : -mcpu=603 ;
-cpu-flags gcc OPTIONS : power : 603e : -mcpu=603e ;
-cpu-flags gcc OPTIONS : power : 604 : -mcpu=604 ;
-cpu-flags gcc OPTIONS : power : 604e : -mcpu=604e ;
-cpu-flags gcc OPTIONS : power : 620 : -mcpu=620 ;
-cpu-flags gcc OPTIONS : power : 630 : -mcpu=630 ;
-cpu-flags gcc OPTIONS : power : 740 : -mcpu=740 ;
-cpu-flags gcc OPTIONS : power : 7400 : -mcpu=7400 ;
-cpu-flags gcc OPTIONS : power : 7450 : -mcpu=7450 ;
-cpu-flags gcc OPTIONS : power : 750 : -mcpu=750 ;
-cpu-flags gcc OPTIONS : power : 801 : -mcpu=801 ;
-cpu-flags gcc OPTIONS : power : 821 : -mcpu=821 ;
-cpu-flags gcc OPTIONS : power : 823 : -mcpu=823 ;
-cpu-flags gcc OPTIONS : power : 860 : -mcpu=860 ;
-cpu-flags gcc OPTIONS : power : 970 : -mcpu=970 ;
-cpu-flags gcc OPTIONS : power : 8540 : -mcpu=8540 ;
-cpu-flags gcc OPTIONS : power : power : -mcpu=power ;
-cpu-flags gcc OPTIONS : power : power2 : -mcpu=power2 ;
-cpu-flags gcc OPTIONS : power : power3 : -mcpu=power3 ;
-cpu-flags gcc OPTIONS : power : power4 : -mcpu=power4 ;
-cpu-flags gcc OPTIONS : power : power5 : -mcpu=power5 ;
-cpu-flags gcc OPTIONS : power : powerpc : -mcpu=powerpc ;
-cpu-flags gcc OPTIONS : power : powerpc64 : -mcpu=powerpc64 ;
-cpu-flags gcc OPTIONS : power : rios : -mcpu=rios ;
-cpu-flags gcc OPTIONS : power : rios1 : -mcpu=rios1 ;
-cpu-flags gcc OPTIONS : power : rios2 : -mcpu=rios2 ;
-cpu-flags gcc OPTIONS : power : rsc : -mcpu=rsc ;
-cpu-flags gcc OPTIONS : power : rs64a : -mcpu=rs64 ;
-cpu-flags gcc OPTIONS : s390x : z196 : -march=z196 ;
-cpu-flags gcc OPTIONS : s390x : zEC12 : -march=zEC12 ;
-cpu-flags gcc OPTIONS : s390x : z13 : -march=z13 ;
-cpu-flags gcc OPTIONS : s390x : z14 : -march=z14 ;
-cpu-flags gcc OPTIONS : s390x : z15 : -march=z15 ;
-# ARM
-cpu-flags gcc OPTIONS : arm : cortex-a9+vfpv3 : -mcpu=cortex-a9 -mfpu=vfpv3 -mfloat-abi=hard ;
-cpu-flags gcc OPTIONS : arm : cortex-a53 : -mcpu=cortex-a53 ;
-cpu-flags gcc OPTIONS : arm : cortex-r5 : -mcpu=cortex-r5 ;
-cpu-flags gcc OPTIONS : arm : cortex-r5+vfpv3-d16 : -mcpu=cortex-r5 -mfpu=vfpv3-d16 -mfloat-abi=hard ;
-# AIX variant of RS/6000 & PowerPC
-toolset.flags gcc AROPTIONS <address-model>64/<target-os>aix : "-X64" ;
-
-# Enable response file control
-toolset.flags gcc RESPONSE_FILE_SUB <response-file>auto : a ;
-toolset.flags gcc RESPONSE_FILE_SUB <response-file>file : f ;
-toolset.flags gcc RESPONSE_FILE_SUB <response-file>contents : c ;

39
sources/poky/meta/recipes-support/boost/boost/0001-dont-setup-compiler-flags-m32-m64.patch Normal file
View File

@@ -0,0 +1,39 @@
From bbb0845c0a79238fb2e84cca41826a0944b6ce7e Mon Sep 17 00:00:00 2001
From: Anuj Mittal <anuj.mittal@intel.com>
Date: Thu, 14 Nov 2019 10:13:53 +0800
Subject: [PATCH] dont setup compiler flags -m32/-m64
We don't want these to be setup by boost as we pass our own flags.
Upstream-Status: Inappropriate [OE-specific]
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
tools/build/src/tools/gcc.jam | 14 --------------
1 file changed, 14 deletions(-)
diff --git a/tools/build/src/tools/gcc.jam b/tools/build/src/tools/gcc.jam
index 493a43e6d..42dccbdfe 100644
--- a/tools/build/src/tools/gcc.jam
+++ b/tools/build/src/tools/gcc.jam
@@ -360,20 +360,6 @@ local rule compile-link-flags ( * )
compile-link-flags <link>shared/<target-os>$(non-windows) : -fPIC ;
}
-{
- # Handle address-model
- compile-link-flags <target-os>aix/<address-model>32 : -maix32 ;
- compile-link-flags <target-os>aix/<address-model>64 : -maix64 ;
-
- compile-link-flags <target-os>hpux/<address-model>32 : -milp32 ;
- compile-link-flags <target-os>hpux/<address-model>64 : -mlp64 ;
-
- local generic-os = [ set.difference $(all-os) : aix hpux ] ;
- local arch = power sparc x86 ;
- compile-link-flags <target-os>$(generic-os)/<architecture>$(arch)/<address-model>32 : -m32 ;
- compile-link-flags <target-os>$(generic-os)/<architecture>$(arch)/<address-model>64 : -m64 ;
-}
-
{
# Handle threading
local rule threading-flags ( * )

28
sources/poky/meta/recipes-support/boost/boost/boost-math-disable-pch-for-gcc.patch Normal file
View File

@@ -0,0 +1,28 @@
From d6864bd78c01c5e8578805a7b67555c70a0e99a2 Mon Sep 17 00:00:00 2001
From: Jackie Huang <jackie.huang@windriver.com>
Date: Fri, 23 Sep 2016 01:04:50 -0700
Subject: [PATCH] boost-math: disable pch for gcc
Upstream-Status: Inappropriate [*]
* It's a work around for a defect when build in parallel:
https://svn.boost.org/trac/boost/ticket/12477
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
---
libs/math/build/Jamfile.v2 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libs/math/build/Jamfile.v2 b/libs/math/build/Jamfile.v2
index fd840287e..5aff7d724 100644
--- a/libs/math/build/Jamfile.v2
+++ b/libs/math/build/Jamfile.v2
@@ -14,7 +14,7 @@ project
#<toolset>intel-linux:<pch>off
<toolset>intel-darwin:<pch>off
<toolset>msvc-7.1:<pch>off
- <toolset>gcc,<target-os>windows:<pch>off
+ <toolset>gcc:<pch>off
#<toolset>gcc:<cxxflags>-fvisibility=hidden
<toolset>intel-linux:<cxxflags>-fvisibility=hidden
#<toolset>sun:<cxxflags>-xldscope=hidden

7
sources/poky/meta/recipes-support/boost/boost_1.84.0.bb Normal file
View File

@@ -0,0 +1,7 @@
require boost-${PV}.inc
require boost.inc
SRC_URI += "file://boost-math-disable-pch-for-gcc.patch \
file://0001-Don-t-set-up-arch-instruction-set-flags-we-do-that-o.patch \
file://0001-dont-setup-compiler-flags-m32-m64.patch \
"

80
sources/poky/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch Normal file
View File

@@ -0,0 +1,80 @@
From cb43ec15b700b25f3c4fe44043a1a021aaf5b768 Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex@linutronix.de>
Date: Mon, 18 Oct 2021 12:05:49 +0200
Subject: [PATCH] Revert "mozilla/certdata2pem.py: print a warning for expired
certificates."
This avoids a dependency on python3-cryptography, and only checks
for expired certs (which is upstream concern, but not ours).
Upstream-Status: Inappropriate [oe-core specific]
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
---
debian/changelog | 1 -
debian/control | 2 +-
mozilla/certdata2pem.py | 11 -----------
3 files changed, 1 insertion(+), 13 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 531e4d0..4006509 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -37,7 +37,6 @@ ca-certificates (20211004) unstable; urgency=low
- "Trustis FPS Root CA"
- "Staat der Nederlanden Root CA - G3"
* Blacklist expired root certificate "DST Root CA X3" (closes: #995432)
- * mozilla/certdata2pem.py: print a warning for expired certificates.
-- Julien Cristau <jcristau@debian.org> Thu, 07 Oct 2021 17:12:47 +0200
diff --git a/debian/control b/debian/control
index 4434b7a..5c6ba24 100644
--- a/debian/control
+++ b/debian/control
@@ -3,7 +3,7 @@ Section: misc
Priority: optional
Maintainer: Julien Cristau <jcristau@debian.org>
Build-Depends: debhelper-compat (= 13), po-debconf
-Build-Depends-Indep: python3, openssl, python3-cryptography
+Build-Depends-Indep: python3, openssl
Standards-Version: 4.5.0.2
Vcs-Git: https://salsa.debian.org/debian/ca-certificates.git
Vcs-Browser: https://salsa.debian.org/debian/ca-certificates
diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py
index ede23d4..7d796f1 100644
--- a/mozilla/certdata2pem.py
+++ b/mozilla/certdata2pem.py
@@ -21,16 +21,12 @@
# USA.
import base64
-import datetime
import os.path
import re
import sys
import textwrap
import io
-from cryptography import x509
-
-
objects = []
# Dirty file parser.
@@ -121,13 +117,6 @@ for obj in objects:
if obj['CKA_CLASS'] == 'CKO_CERTIFICATE':
if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
continue
-
- cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
- if cert.not_valid_after < datetime.datetime.now():
- print('!'*74)
- print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
- print('!'*74)
-
bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\
.replace(' ', '_')\
.replace('(', '=')\
--
2.20.1

34
sources/poky/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch Normal file
View File

@@ -0,0 +1,34 @@
ca-certificates is a package from Debian, but some host distros such as Fedora
have a leaner run-parts provided by cron which doesn't support --verbose or the
-- separator between arguments and paths.
This solves errors such as
| Running hooks in [...]/rootfs/etc/ca-certificates/update.d...
| [...]/usr/sbin/update-ca-certificates: line 194: Not: command not found
| [...]/usr/sbin/update-ca-certificates: line 230: Not a directory: --: command not found
| E: Not a directory: -- exited with code 127.
Upstream-Status: Inappropriate
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Maciej Borzecki <maciej.borzecki@rndity.com>
---
sbin/update-ca-certificates | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
Index: git/sbin/update-ca-certificates
===================================================================
--- git.orig/sbin/update-ca-certificates
+++ git/sbin/update-ca-certificates
@@ -191,9 +191,7 @@ if [ -d "$HOOKSDIR" ]
then
echo "Running hooks in $HOOKSDIR..."
- VERBOSE_ARG=
- [ "$verbose" = 0 ] || VERBOSE_ARG="--verbose"
- eval run-parts "$VERBOSE_ARG" --test -- "$HOOKSDIR" | while read hook
+ eval run-parts --test "$HOOKSDIR" | while read hook
do
( cat "$ADDED"
cat "$REMOVED" ) | "$hook" || echo "E: $hook exited with code $?."

46
sources/poky/meta/recipes-support/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch Normal file
View File

@@ -0,0 +1,46 @@
Upstream-Status: Pending
From 724cb153ca0f607fb38b3a8db3ebb2742601cd81 Mon Sep 17 00:00:00 2001
From: Andreas Oberritter <obi@opendreambox.org>
Date: Tue, 19 Mar 2013 17:14:33 +0100
Subject: [PATCH 2/2] update-ca-certificates: use $SYSROOT
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
---
sbin/update-ca-certificates | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
Index: git/sbin/update-ca-certificates
===================================================================
--- git.orig/sbin/update-ca-certificates
+++ git/sbin/update-ca-certificates
@@ -24,12 +24,12 @@
verbose=0
fresh=0
default=0
-CERTSCONF=/etc/ca-certificates.conf
-CERTSDIR=/usr/share/ca-certificates
-LOCALCERTSDIR=/usr/local/share/ca-certificates
+CERTSCONF=$SYSROOT/etc/ca-certificates.conf
+CERTSDIR=$SYSROOT/usr/share/ca-certificates
+LOCALCERTSDIR=$SYSROOT/usr/local/share/ca-certificates
CERTBUNDLE=ca-certificates.crt
-ETCCERTSDIR=/etc/ssl/certs
-HOOKSDIR=/etc/ca-certificates/update.d
+ETCCERTSDIR=$SYSROOT/etc/ssl/certs
+HOOKSDIR=$SYSROOT/etc/ca-certificates/update.d
while [ $# -gt 0 ];
do
@@ -92,9 +92,9 @@ add() {
PEM="$ETCCERTSDIR/$(basename "$CERT" .crt | sed -e 's/ /_/g' \
-e 's/[()]/=/g' \
-e 's/,/_/g').pem"
- if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ]
+ if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "${CERT##$SYSROOT}" ]
then
- ln -sf "$CERT" "$PEM"
+ ln -sf "${CERT##$SYSROOT}" "$PEM"
echo "+$PEM" >> "$ADDED"
fi
# Add trailing newline to certificate, if it is missing (#635570)

71
sources/poky/meta/recipes-support/ca-certificates/ca-certificates/0003-update-ca-certificates-use-relative-symlinks-from-ET.patch Normal file
View File

@@ -0,0 +1,71 @@
From a9fc13b2aee55655d58fcb77a3180fa99f96438a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <andre.draszik@jci.com>
Date: Wed, 28 Mar 2018 16:45:05 +0100
Subject: [PATCH] update-ca-certificates: use relative symlinks from
$ETCCERTSDIR
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
update-ca-certificates symlinks (trusted) certificates
from $CERTSDIR or $LOCALCERTSDIR into $ETCCERTSDIR.
update-ca-certificates can call hook scripts installed
into /etc/ca-certificates/update.d. Those scripts are
passed the pem file in /etc/ssl/certs/ that was added or
removed in this run and those pem files are absolute
symlinks into $CERTSDIR or $LOCALCERTSDIR at the moment.
When running update-ca-certificates during image build
time, they thusly all point into the host's file system,
not into the $SYSROOT. This means:
* the host's file system layout must match the one
produced by OE, and
* it also means that the host must have installed the same
(or more) certificates as the target in $CERTSDIR and
$LOCALCERTSDIR
This is a problem when wanting to execute hook scripts,
because they all need to be taught about $SYSROOT, and
behave differently depending on whether they're called
at image build time, or on the target, as otherwise they
will be trying to actually read the host's certificates
from $CERTSDIR or $LOCALCERTSDIR.
This also is a problem when running anything else during
image build time that depends on the trusted CA
certificates.
Changing the symlink to be relative solves all of these
problems. Do so.
Upstream-Status: Inappropriate [OE-specific]
Signed-off-by: André Draszik <andre.draszik@jci.com>
---
sbin/update-ca-certificates | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
index 00f80c7..7e911a9 100755
--- a/sbin/update-ca-certificates
+++ b/sbin/update-ca-certificates
@@ -29,6 +29,7 @@ CERTSDIR=$SYSROOT/usr/share/ca-certificates
LOCALCERTSDIR=$SYSROOT/usr/local/share/ca-certificates
CERTBUNDLE=ca-certificates.crt
ETCCERTSDIR=$SYSROOT/etc/ssl/certs
+FSROOT=../../../ # to get from $ETCCERTSDIR to the root of the file system
HOOKSDIR=$SYSROOT/etc/ca-certificates/update.d
while [ $# -gt 0 ];
@@ -125,9 +126,10 @@ add() {
PEM="$ETCCERTSDIR/$(basename "$CERT" .crt | sed -e 's/ /_/g' \
-e 's/[()]/=/g' \
-e 's/,/_/g').pem"
- if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "${CERT##$SYSROOT}" ]
+ DST="$(echo ${CERT} | sed -e "s|^$SYSROOT||" -e "s|^/|$FSROOT|" )"
+ if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "${DST}" ]
then
- ln -sf "${CERT##$SYSROOT}" "$PEM"
+ ln -sf "${DST}" "$PEM"
echo "+$PEM" >> "$ADDED"
fi
# Add trailing newline to certificate, if it is missing (#635570)

50
sources/poky/meta/recipes-support/ca-certificates/ca-certificates/default-sysroot.patch Normal file
View File

@@ -0,0 +1,50 @@
Upstream-Status: Pending
update-ca-certificates: find SYSROOT relative to its own location
This makes the script relocatable.
Index: git/sbin/update-ca-certificates
===================================================================
--- git.orig/sbin/update-ca-certificates
+++ git/sbin/update-ca-certificates
@@ -66,6 +66,39 @@ do
shift
done
+if [ -z "$SYSROOT" ]; then
+ local_which () {
+ if [ $# -lt 1 ]; then
+ return 1
+ fi
+
+ (
+ IFS=:
+ for entry in $PATH; do
+ if [ -x "$entry/$1" ]; then
+ echo "$entry/$1"
+ exit 0
+ fi
+ done
+ exit 1
+ )
+ }
+
+ case "$0" in
+ */*)
+ sbindir=$(cd ${0%/*} && pwd)
+ ;;
+ *)
+ sbindir=$(cd $(dirname $(local_which $0)) && pwd)
+ ;;
+ esac
+ prefix=${sbindir%/*}
+ SYSROOT=${prefix%/*}
+ if [ ! -d "$SYSROOT/usr/share/ca-certificates" ]; then
+ SYSROOT=
+ fi
+fi
+
if [ ! -s "$CERTSCONF" ]
then
fresh=1

89
sources/poky/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb Normal file
View File

@@ -0,0 +1,89 @@
SUMMARY = "Common CA certificates"
DESCRIPTION = "This package includes PEM files of CA certificates to allow \
SSL-based applications to check for the authenticity of SSL connections. \
This derived from Debian's CA Certificates."
HOMEPAGE = "http://packages.debian.org/sid/ca-certificates"
SECTION = "misc"
LICENSE = "GPL-2.0-or-later & MPL-2.0"
LIC_FILES_CHKSUM = "file://debian/copyright;md5=ae5b36b514e3f12ce1aa8e2ee67f3d7e"
# This is needed to ensure we can run the postinst at image creation time
DEPENDS = ""
DEPENDS:class-native = "openssl-native"
DEPENDS:class-nativesdk = "openssl-native"
# Need rehash from openssl and run-parts from debianutils
PACKAGE_WRITE_DEPS += "openssl-native debianutils-native"
SRCREV = "07de54fdcc5806bde549e1edf60738c6bccf50e8"
SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https;branch=master \
file://0002-update-ca-certificates-use-SYSROOT.patch \
file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \
file://default-sysroot.patch \
file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch \
file://0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch \
"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+)"
S = "${WORKDIR}/git"
inherit allarch
EXTRA_OEMAKE = "\
'CERTSDIR=${datadir}/ca-certificates' \
'SBINDIR=${sbindir}' \
"
do_compile:prepend() {
oe_runmake clean
}
do_install () {
install -d ${D}${datadir}/ca-certificates \
${D}${sysconfdir}/ssl/certs \
${D}${sysconfdir}/ca-certificates/update.d
oe_runmake 'DESTDIR=${D}' install
install -d ${D}${mandir}/man8
install -m 0644 sbin/update-ca-certificates.8 ${D}${mandir}/man8/
install -d ${D}${sysconfdir}
{
echo "# Lines starting with # will be ignored"
echo "# Lines starting with ! will remove certificate on next update"
echo "#"
find ${D}${datadir}/ca-certificates -type f -name '*.crt' | \
sed 's,^${D}${datadir}/ca-certificates/,,' | sort
} >${D}${sysconfdir}/ca-certificates.conf
}
do_install:append:class-target () {
sed -i -e 's,/etc/,${sysconfdir}/,' \
-e 's,/usr/share/,${datadir}/,' \
-e 's,/usr/local,${prefix}/local,' \
${D}${sbindir}/update-ca-certificates \
${D}${mandir}/man8/update-ca-certificates.8
}
pkg_postinst:${PN}:class-target () {
SYSROOT="$D" $D${sbindir}/update-ca-certificates
}
CONFFILES:${PN} += "${sysconfdir}/ca-certificates.conf"
# Rather than make a postinst script that works for both target and nativesdk,
# we just run update-ca-certificate from do_install() for nativesdk.
CONFFILES:${PN}:append:class-nativesdk = " ${sysconfdir}/ssl/certs/ca-certificates.crt"
do_install:append:class-nativesdk () {
SYSROOT="${D}${SDKPATHNATIVE}" ${D}${sbindir}/update-ca-certificates
}
do_install:append:class-native () {
SYSROOT="${D}${base_prefix}" ${D}${sbindir}/update-ca-certificates
}
RDEPENDS:${PN}:append:class-target = " openssl-bin openssl"
RDEPENDS:${PN}:append:class-native = " openssl-native"
RDEPENDS:${PN}:append:class-nativesdk = " nativesdk-openssl-bin nativesdk-openssl"
BBCLASSEXTEND = "native nativesdk"

33
sources/poky/meta/recipes-support/consolekit/consolekit/add-polkit-configure-argument.patch Normal file
View File

@@ -0,0 +1,33 @@
Upstream-Status: Pending
--- ConsoleKit-0.4.6.orig/configure.ac
+++ ConsoleKit-0.4.6/configure.ac
@@ -56,10 +56,24 @@ PKG_CHECK_MODULES(CONSOLE_KIT,
gthread-2.0 >= $GLIB_REQUIRED_VERSION
)
-PKG_CHECK_MODULES(POLKIT,
- polkit-gobject-1 >= $POLKIT_REQUIRED_VERSION,
- have_polkit=yes,
- have_polkit=no)
+AC_ARG_WITH([polkit],
+ [AS_HELP_STRING([--with-polkit],
+ [support PolicyKit @<:@default=check@:>@])],
+ [],
+ [with_polkit=check])
+
+AS_IF([test "x$with_polkit" != xno],
+ [PKG_CHECK_MODULES(POLKIT,
+ polkit-gobject-1 >= $POLKIT_REQUIRED_VERSION,
+ have_polkit=yes,
+ [if test "x$with_polkit" != xcheck; then
+ AC_MSG_FAILURE(
+ [--with-polkit was given, but test for polkit failed])
+ else
+ have_polkit=no
+ fi
+ ])])
+
if test "x$have_polkit" = "xyes" ; then
AC_DEFINE(HAVE_POLKIT, [], [Define if we have polkit])
fi

19
sources/poky/meta/recipes-support/consolekit/consolekit/sepbuildfix.patch Normal file
View File

@@ -0,0 +1,19 @@
Fix builds in the case of seprate source from the build directory.
RP 2013/4/17
Upstream-Status: Pending
Index: pam-ck-connector/Makefile.am
===================================================================
--- consolekit/pam-ck-connector.orig/Makefile.am 2010-09-03 13:54:31.000000000 +0000
+++ consolekit/pam-ck-connector/Makefile.am 2013-04-17 09:06:49.093524918 +0000
@@ -4,7 +4,7 @@
INCLUDES = \
$(LIBDBUS_CFLAGS) \
- -I$(top_builddir)/libck-connector \
+ -I$(top_srcdir)/libck-connector \
$(NULL)
pamlibdir = $(PAM_MODULE_DIR)

54
sources/poky/meta/recipes-support/consolekit/consolekit_0.4.6.bb Normal file
View File

@@ -0,0 +1,54 @@
SUMMARY = "Framework for defining and tracking users, login sessions, and seats"
DESCRIPTION = "It provides a mechanism for software to react to changes \
of any of these items or of any of the metadata associated with them."
HOMEPAGE = "http://www.freedesktop.org/wiki/Software/ConsoleKit"
BUGTRACKER = "https://bugs.freedesktop.org/buglist.cgi?query_format=specific&product=ConsoleKit"
LICENSE = "GPL-2.0-or-later"
LIC_FILES_CHKSUM = "file://COPYING;md5=59530bdf33659b29e73d4adb9f9f6552 \
file://src/main.c;endline=21;md5=0a994e09769780220163255d8f9071c3"
DEPENDS = "glib-2.0 glib-2.0-native dbus dbus-glib virtual/libx11"
RDEPENDS:${PN} += "base-files"
inherit autotools pkgconfig features_check
# depends on virtual/libx11
REQUIRED_DISTRO_FEATURES = "x11"
SRC_URI = "http://www.freedesktop.org/software/ConsoleKit/dist/ConsoleKit-${PV}.tar.xz \
file://sepbuildfix.patch \
file://add-polkit-configure-argument.patch \
"
SRC_URI[md5sum] = "611792b4d616253a5bdec9175f8b7678"
SRC_URI[sha256sum] = "b41d17e06f80059589fbeefe96ad07bcc564c49e65516da1caf975146475565c"
S = "${WORKDIR}/ConsoleKit-${PV}"
PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam systemd polkit', d)}"
PACKAGECONFIG[pam] = "--enable-pam-module --with-pam-module-dir=${base_libdir}/security,--disable-pam-module,libpam"
PACKAGECONFIG[polkit] = "--with-polkit,--without-polkit,polkit"
PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir}/,--with-systemdsystemunitdir="
# Fails to build with GCC14 with incompatible pointer error warning being treated as error
CFLAGS += "-Wno-error=incompatible-pointer-types"
FILES:${PN} += "${exec_prefix}/lib/ConsoleKit \
${libdir}/ConsoleKit ${systemd_unitdir} ${base_libdir} \
${datadir}/dbus-1 ${datadir}/PolicyKit ${datadir}/polkit*"
PACKAGES =+ "pam-plugin-ck-connector"
FILES:pam-plugin-ck-connector += "${base_libdir}/security/*.so"
RDEPENDS:pam-plugin-ck-connector += "${PN}"
do_install:append() {
if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
install -d ${D}${sysconfdir}/tmpfiles.d
echo "d ${localstatedir}/log/ConsoleKit - - - -" \
> ${D}${sysconfdir}/tmpfiles.d/consolekit.conf
fi
# Remove /var/ directories as the daemon creates them as required
rm -rf ${D}${localstatedir}
}

64
sources/poky/meta/recipes-support/curl/curl/721941aadf4adf4f6aeb3f4c0ab489bb89610c36.patch Normal file
View File

@@ -0,0 +1,64 @@
From 721941aadf4adf4f6aeb3f4c0ab489bb89610c36 Mon Sep 17 00:00:00 2001
From: Stefan Eissing <stefan@eissing.org>
Date: Mon, 1 Apr 2024 15:41:18 +0200
Subject: [PATCH] http: with chunked POST forced, disable length check on read
callback
- when an application forces HTTP/1.1 chunked transfer encoding
by setting the corresponding header and instructs curl to use
the CURLOPT_READFUNCTION, disregard any POST length information.
- this establishes backward compatibility with previous curl versions
Applications are encouraged to not force "chunked", but rather
set length information for a POST. By setting -1, curl will
auto-select chunked on HTTP/1.1 and work properly on other HTTP
versions.
Reported-by: Jeff King
Fixes #13229
Closes #13257
Upstream-Status: Backport
---
lib/http.c | 22 ++++++++++++++++++++--
1 file changed, 20 insertions(+), 2 deletions(-)
diff --git a/lib/http.c b/lib/http.c
index 92c04e69cd8373..a764d3c4403c39 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -2046,8 +2046,19 @@ static CURLcode set_reader(struct Curl_easy *data, Curl_HttpReq httpreq)
else
result = Curl_creader_set_null(data);
}
- else { /* we read the bytes from the callback */
- result = Curl_creader_set_fread(data, postsize);
+ else {
+ /* we read the bytes from the callback. In case "chunked" encoding
+ * is forced by the application, we disregard `postsize`. This is
+ * a backward compatibility decision to earlier versions where
+ * chunking disregarded this. See issue #13229. */
+ bool chunked = FALSE;
+ char *ptr = Curl_checkheaders(data, STRCONST("Transfer-Encoding"));
+ if(ptr) {
+ /* Some kind of TE is requested, check if 'chunked' is chosen */
+ chunked = Curl_compareheader(ptr, STRCONST("Transfer-Encoding:"),
+ STRCONST("chunked"));
+ }
+ result = Curl_creader_set_fread(data, chunked? -1 : postsize);
}
return result;
@@ -2115,6 +2126,13 @@ CURLcode Curl_http_req_set_reader(struct Curl_easy *data,
data->req.upload_chunky =
Curl_compareheader(ptr,
STRCONST("Transfer-Encoding:"), STRCONST("chunked"));
+ if(data->req.upload_chunky &&
+ Curl_use_http_1_1plus(data, data->conn) &&
+ (data->conn->httpversion >= 20)) {
+ infof(data, "suppressing chunked transfer encoding on connection "
+ "using HTTP version 2 or higher");
+ data->req.upload_chunky = FALSE;
+ }
}
else {
curl_off_t req_clen = Curl_creader_total_length(data);

353
sources/poky/meta/recipes-support/curl/curl/CVE-2024-11053-0001.patch Normal file
View File

@@ -0,0 +1,353 @@
From 9bee39bfed2c413b4cc4eb306a57ac92a1854907 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sat, 12 Oct 2024 23:54:39 +0200
Subject: [PATCH] url: use same credentials on redirect
Previously it could lose the username and only use the password.
Added test 998 and 999 to verify.
Reported-by: Tobias Bora
Fixes #15262
Closes #15282
Changes:
- Test files are added in Makefile.inc.
CVE: CVE-2024-11053
Upstream-Status: Backport [https://github.com/curl/curl/commit/9bee39bfed2c413b4cc4eb306a57ac92a1854907]
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
---
lib/transfer.c | 3 ++
lib/url.c | 19 +++++----
lib/urldata.h | 9 +++-
tests/data/Makefile.inc | 2 +-
tests/data/test998 | 92 +++++++++++++++++++++++++++++++++++++++++
tests/data/test999 | 81 ++++++++++++++++++++++++++++++++++++
6 files changed, 195 insertions(+), 11 deletions(-)
create mode 100644 tests/data/test998
create mode 100644 tests/data/test999
diff --git a/lib/transfer.c b/lib/transfer.c
index e31d1d6..ccd042b 100644
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -700,6 +700,9 @@ CURLcode Curl_pretransfer(struct Curl_easy *data)
return CURLE_OUT_OF_MEMORY;
}
+ if(data->set.str[STRING_USERNAME] ||
+ data->set.str[STRING_PASSWORD])
+ data->state.creds_from = CREDS_OPTION;
if(!result)
result = Curl_setstropt(&data->state.aptr.user,
data->set.str[STRING_USERNAME]);
diff --git a/lib/url.c b/lib/url.c
index 224b9f3..05431b9 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -1899,10 +1899,10 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data,
return result;
/*
- * User name and password set with their own options override the
- * credentials possibly set in the URL.
+ * username and password set with their own options override the credentials
+ * possibly set in the URL, but netrc does not.
*/
- if(!data->set.str[STRING_PASSWORD]) {
+ if(!data->state.aptr.passwd || (data->state.creds_from != CREDS_OPTION)) {
uc = curl_url_get(uh, CURLUPART_PASSWORD, &data->state.up.password, 0);
if(!uc) {
char *decoded;
@@ -1915,12 +1915,13 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data,
result = Curl_setstropt(&data->state.aptr.passwd, decoded);
if(result)
return result;
+ data->state.creds_from = CREDS_URL;
}
else if(uc != CURLUE_NO_PASSWORD)
return Curl_uc_to_curlcode(uc);
}
- if(!data->set.str[STRING_USERNAME]) {
+ if(!data->state.aptr.user || (data->state.creds_from != CREDS_OPTION)) {
/* we don't use the URL API's URL decoder option here since it rejects
control codes and we want to allow them for some schemes in the user
and password fields */
@@ -1934,13 +1935,10 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data,
return result;
conn->user = decoded;
result = Curl_setstropt(&data->state.aptr.user, decoded);
+ data->state.creds_from = CREDS_URL;
}
else if(uc != CURLUE_NO_USER)
return Curl_uc_to_curlcode(uc);
- else if(data->state.aptr.passwd) {
- /* no user was set but a password, set a blank user */
- result = Curl_setstropt(&data->state.aptr.user, "");
- }
if(result)
return result;
}
@@ -2730,7 +2728,8 @@ static CURLcode override_login(struct Curl_easy *data,
int ret;
bool url_provided = FALSE;
- if(data->state.aptr.user) {
+ if(data->state.aptr.user &&
+ (data->state.creds_from != CREDS_NETRC)) {
/* there was a user name in the URL. Use the URL decoded version */
userp = &data->state.aptr.user;
url_provided = TRUE;
@@ -2778,6 +2777,7 @@ static CURLcode override_login(struct Curl_easy *data,
result = Curl_setstropt(&data->state.aptr.user, *userp);
if(result)
return result;
+ data->state.creds_from = CREDS_NETRC;
}
}
if(data->state.aptr.user) {
@@ -2795,6 +2795,7 @@ static CURLcode override_login(struct Curl_easy *data,
CURLcode result = Curl_setstropt(&data->state.aptr.passwd, *passwdp);
if(result)
return result;
+ data->state.creds_from = CREDS_NETRC;
}
if(data->state.aptr.passwd) {
uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD,
diff --git a/lib/urldata.h b/lib/urldata.h
index ce28f25..b68d023 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -1207,6 +1207,11 @@ struct urlpieces {
char *query;
};
+#define CREDS_NONE 0
+#define CREDS_URL 1 /* from URL */
+#define CREDS_OPTION 2 /* set with a CURLOPT_ */
+#define CREDS_NETRC 3 /* found in netrc */
+
struct UrlState {
/* Points to the connection cache */
struct conncache *conn_cache;
@@ -1344,7 +1349,6 @@ struct UrlState {
char *proxyuser;
char *proxypasswd;
} aptr;
-
unsigned char httpwant; /* when non-zero, a specific HTTP version requested
to be used in the library's request(s) */
unsigned char httpversion; /* the lowest HTTP version*10 reported by any
@@ -1354,6 +1358,9 @@ struct UrlState {
unsigned char select_bits; /* != 0 -> bitmask of socket events for this
transfer overriding anything the socket may
report */
+ unsigned int creds_from:2; /* where is the server credentials originating
+ from, see the CREDS_* defines above */
+
#ifdef CURLDEBUG
BIT(conncache_lock);
#endif
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index d89e565..03cb6a0 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -126,7 +126,7 @@ test952 test953 test954 test955 test956 test957 test958 test959 test960 \
test961 test962 test963 test964 test965 test966 test967 test968 test969 \
test970 test971 test972 test973 test974 test975 test976 test977 test978 \
test979 test980 test981 test982 test983 test984 test985 test986 test987 \
-test988 test989 test990 test991 test992 \
+test988 test989 test990 test991 test992 test998 test999 \
\
test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \
test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \
diff --git a/tests/data/test998 b/tests/data/test998
new file mode 100644
index 0000000..596b18e
--- /dev/null
+++ b/tests/data/test998
@@ -0,0 +1,92 @@
+<testcase>
+ <info>
+ <keywords>
+ HTTP
+ --location-trusted
+ </keywords>
+ </info>
+
+ #
+ # Server-side
+ <reply>
+ <data>
+ HTTP/1.1 301 redirect
+ Date: Tue, 09 Nov 2010 14:49:00 GMT
+ Server: test-server/fake
+ Content-Length: 0
+ Connection: close
+ Content-Type: text/html
+ Location: http://somewhere.else.example/a/path/%TESTNUMBER0002
+
+ </data>
+ <data2>
+ HTTP/1.1 200 OK
+ Date: Tue, 09 Nov 2010 14:49:00 GMT
+ Content-Length: 6
+ Content-Type: text/html
+ Funny-head: yesyes
+
+ -foo-
+ </data2>
+
+ <datacheck>
+ HTTP/1.1 301 redirect
+ Date: Tue, 09 Nov 2010 14:49:00 GMT
+ Server: test-server/fake
+ Content-Length: 0
+ Connection: close
+ Content-Type: text/html
+ Location: http://somewhere.else.example/a/path/%TESTNUMBER0002
+
+ HTTP/1.1 200 OK
+ Date: Tue, 09 Nov 2010 14:49:00 GMT
+ Content-Length: 6
+ Content-Type: text/html
+ Funny-head: yesyes
+
+ -foo-
+ </datacheck>
+
+ </reply>
+
+ #
+ # Client-side
+ <client>
+ <features>
+ proxy
+ </features>
+ <server>
+ http
+ </server>
+ <name>
+ HTTP with auth in URL redirected to another host
+ </name>
+ <command>
+ -x %HOSTIP:%HTTPPORT http://alberto:einstein@somwhere.example/%TESTNUMBER --location-trusted
+ </command>
+ </client>
+
+ #
+ # Verify data after the test has been "shot"
+ <verify>
+ <strip>
+ QUIT
+ </strip>
+ <protocol>
+ GET http://somwhere.example/998 HTTP/1.1
+ Host: somwhere.example
+ Authorization: Basic YWxiZXJ0bzplaW5zdGVpbg==
+ User-Agent: curl/%VERSION
+ Accept: */*
+ Proxy-Connection: Keep-Alive
+
+ GET http://somewhere.else.example/a/path/9980002 HTTP/1.1
+ Host: somewhere.else.example
+ Authorization: Basic YWxiZXJ0bzplaW5zdGVpbg==
+ User-Agent: curl/%VERSION
+ Accept: */*
+ Proxy-Connection: Keep-Alive
+
+ </protocol>
+ </verify>
+ </testcase>
diff --git a/tests/data/test999 b/tests/data/test999
new file mode 100644
index 0000000..184821d
--- /dev/null
+++ b/tests/data/test999
@@ -0,0 +1,81 @@
+<testcase>
+ <info>
+ <keywords>
+ HTTP
+ --location-trusted
+ </keywords>
+ </info>
+
+ #
+ # Server-side
+ <reply>
+ <data nocheck="yes">
+ HTTP/1.1 200 OK
+ Date: Tue, 09 Nov 2010 14:49:00 GMT
+ Content-Length: 6
+ Content-Type: text/html
+ Funny-head: yesyes
+
+ -foo-
+ </data>
+
+ <datacheck>
+ HTTP/1.1 301 redirect
+ Date: Tue, 09 Nov 2010 14:49:00 GMT
+ Server: test-server/fake
+ Content-Length: 0
+ Connection: close
+ Content-Type: text/html
+ Location: http://somewhere.else.example/a/path/%TESTNUMBER0002
+
+ HTTP/1.1 200 OK
+ Date: Tue, 09 Nov 2010 14:49:00 GMT
+ Content-Length: 6
+ Content-Type: text/html
+ Funny-head: yesyes
+
+ -foo-
+ </datacheck>
+
+ </reply>
+
+ #
+ # Client-side
+ <client>
+ <features>
+ proxy
+ </features>
+ <server>
+ http
+ </server>
+ <name>
+ HTTP with auth in first URL but not second
+ </name>
+ <command>
+ -x %HOSTIP:%HTTPPORT http://alberto:einstein@somwhere.example/%TESTNUMBER http://somewhere.else.example/%TESTNUMBER
+ </command>
+ </client>
+
+ #
+ # Verify data after the test has been "shot"
+ <verify>
+ <strip>
+ QUIT
+ </strip>
+ <protocol>
+ GET http://somwhere.example/%TESTNUMBER HTTP/1.1
+ Host: somwhere.example
+ Authorization: Basic YWxiZXJ0bzplaW5zdGVpbg==
+ User-Agent: curl/%VERSION
+ Accept: */*
+ Proxy-Connection: Keep-Alive
+
+ GET http://somewhere.else.example/%TESTNUMBER HTTP/1.1
+ Host: somewhere.else.example
+ User-Agent: curl/%VERSION
+ Accept: */*
+ Proxy-Connection: Keep-Alive
+
+ </protocol>
+ </verify>
+ </testcase>
--
2.40.0

728
sources/poky/meta/recipes-support/curl/curl/CVE-2024-11053-0002.patch Normal file
View File

@@ -0,0 +1,728 @@
From e9b9bbac22c26cf67316fa8e6c6b9e831af31949 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 15 Nov 2024 11:06:36 +0100
Subject: [PATCH] netrc: address several netrc parser flaws
- make sure that a match that returns a username also returns a
password, that should be blank if no password is found
- fix handling of multiple logins for same host where the password/login
order might be reversed.
- reject credentials provided in the .netrc if they contain ASCII control
codes - if the used protocol does not support such (like HTTP and WS do)
Reported-by: Harry Sintonen
Add test 478, 479 and 480 to verify. Updated unit 1304.
Closes #15586
Changes:
- Refresh patch context.
- Adjust `%LOGDIR/` to 'log/' due to its absence in code.
- Backported only required enum found_state defination from:
https://github.com/curl/curl/commit/3b43a05e000aa8f65bda513f733a73fefe35d5ca
- Replaces the previous usage of the state_login, state_password, and
state_our_login variables with the found_state enum, which includes the
values NONE, LOGIN, and PASSWORD. As a result, all conditionals and memory
management logic associated with these variables were updated.
CVE: CVE-2024-11053
Upstream-Status: Backport [https://github.com/curl/curl/commit/e9b9bbac22c26cf67316fa8e6c6b9e831af3194]
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
---
lib/netrc.c | 122 ++++++++++++++++++++++------------------
lib/url.c | 59 ++++++++++++-------
tests/data/Makefile.inc | 2 +-
tests/data/test478 | 73 ++++++++++++++++++++++++
tests/data/test479 | 107 +++++++++++++++++++++++++++++++++++
tests/data/test480 | 38 +++++++++++++
tests/unit/unit1304.c | 75 +++++++-----------------
7 files changed, 347 insertions(+), 129 deletions(-)
create mode 100644 tests/data/test478
create mode 100644 tests/data/test479
create mode 100644 tests/data/test480
diff --git a/lib/netrc.c b/lib/netrc.c
index cd2a284..64efdc0 100644
--- a/lib/netrc.c
+++ b/lib/netrc.c
@@ -49,6 +49,15 @@ enum host_lookup_state {
MACDEF
};
+enum found_state {
+ NONE,
+ LOGIN,
+ PASSWORD
+};
+
+#define FOUND_LOGIN 1
+#define FOUND_PASSWORD 2
+
#define NETRC_FILE_MISSING 1
#define NETRC_FAILED -1
#define NETRC_SUCCESS 0
@@ -59,23 +68,20 @@ enum host_lookup_state {
* Returns zero on success.
*/
static int parsenetrc(const char *host,
- char **loginp,
+ char **loginp, /* might point to a username */
char **passwordp,
char *netrcfile)
{
FILE *file;
int retcode = NETRC_FILE_MISSING;
char *login = *loginp;
- char *password = *passwordp;
- bool specific_login = (login && *login != 0);
- bool login_alloc = FALSE;
- bool password_alloc = FALSE;
+ char *password = NULL;
+ bool specific_login = login; /* points to something */
enum host_lookup_state state = NOTHING;
-
- char state_login = 0; /* Found a login keyword */
- char state_password = 0; /* Found a password keyword */
- int state_our_login = TRUE; /* With specific_login, found *our* login
- name (or login-less line) */
+ enum found_state keyword = NONE;
+ unsigned char found = 0; /* login + password found bits, as they can come in
+ any order */
+ bool our_login = FALSE; /* found our login name */
DEBUGASSERT(netrcfile);
@@ -97,7 +103,7 @@ static int parsenetrc(const char *host,
continue;
}
tok = netrcbuffer;
- while(tok) {
+ while(tok && !done) {
while(ISBLANK(*tok))
tok++;
/* tok is first non-space letter */
@@ -156,11 +162,6 @@ static int parsenetrc(const char *host,
}
}
- if((login && *login) && (password && *password)) {
- done = TRUE;
- break;
- }
-
switch(state) {
case NOTHING:
if(strcasecompare("macdef", tok)) {
@@ -175,6 +176,12 @@ static int parsenetrc(const char *host,
after this we need to search for 'login' and
'password'. */
state = HOSTFOUND;
+ keyword = NONE;
+ found = 0;
+ our_login = FALSE;
+ Curl_safefree(password);
+ if(!specific_login)
+ Curl_safefree(login);
}
else if(strcasecompare("default", tok)) {
state = HOSTVALID;
@@ -198,48 +205,55 @@ static int parsenetrc(const char *host,
break;
case HOSTVALID:
/* we are now parsing sub-keywords concerning "our" host */
- if(state_login) {
+ if(keyword == LOGIN) {
if(specific_login) {
- state_our_login = !Curl_timestrcmp(login, tok);
+ our_login = !Curl_timestrcmp(login, tok);
}
- else if(!login || Curl_timestrcmp(login, tok)) {
- if(login_alloc) {
- free(login);
- login_alloc = FALSE;
- }
+ else {
+ our_login = TRUE;
+ free(login);
login = strdup(tok);
if(!login) {
retcode = NETRC_FAILED; /* allocation failed */
goto out;
}
- login_alloc = TRUE;
}
- state_login = 0;
+ found |= FOUND_LOGIN;
+ keyword = NONE;
}
- else if(state_password) {
- if((state_our_login || !specific_login)
- && (!password || Curl_timestrcmp(password, tok))) {
- if(password_alloc) {
- free(password);
- password_alloc = FALSE;
- }
- password = strdup(tok);
- if(!password) {
- retcode = NETRC_FAILED; /* allocation failed */
- goto out;
- }
- password_alloc = TRUE;
+ else if(keyword == PASSWORD) {
+ free(password);
+ password = strdup(tok);
+ if(!password) {
+ retcode = NETRC_FAILED; /* allocation failed */
+ goto out;
}
- state_password = 0;
+ found |= FOUND_PASSWORD;
+ keyword = NONE;
}
else if(strcasecompare("login", tok))
- state_login = 1;
+ keyword = LOGIN;
else if(strcasecompare("password", tok))
- state_password = 1;
+ keyword = PASSWORD;
else if(strcasecompare("machine", tok)) {
- /* ok, there's machine here go => */
+ /* a new machine here */
state = HOSTFOUND;
- state_our_login = FALSE;
+ keyword = NONE;
+ found = 0;
+ Curl_safefree(password);
+ if(!specific_login)
+ Curl_safefree(login);
+ }
+ else if(strcasecompare("default", tok)) {
+ state = HOSTVALID;
+ retcode = NETRC_SUCCESS; /* we did find our host */
+ Curl_safefree(password);
+ if(!specific_login)
+ Curl_safefree(login);
+ }
+ if((found == (FOUND_PASSWORD|FOUND_LOGIN)) && our_login) {
+ done = TRUE;
+ break;
}
break;
} /* switch (state) */
@@ -249,24 +263,22 @@ static int parsenetrc(const char *host,
out:
Curl_dyn_free(&buf);
+ if(!retcode && !password && our_login) {
+ /* success without a password, set a blank one */
+ password = strdup("");
+ if(!password)
+ retcode = 1; /* out of memory */
+ }
if(!retcode) {
/* success */
- if(login_alloc) {
- if(*loginp)
- free(*loginp);
+ if(!specific_login)
*loginp = login;
- }
- if(password_alloc) {
- if(*passwordp)
- free(*passwordp);
- *passwordp = password;
- }
+ *passwordp = password;
}
else {
- if(login_alloc)
+ if(!specific_login)
free(login);
- if(password_alloc)
- free(password);
+ free(password);
}
fclose(file);
}
diff --git a/lib/url.c b/lib/url.c
index 05431b9..1439c9e 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -2699,6 +2699,17 @@ static CURLcode parse_remote_port(struct Curl_easy *data,
return CURLE_OK;
}
+static bool str_has_ctrl(const char *input)
+{
+ const unsigned char *str = (const unsigned char *)input;
+ while(*str) {
+ if(*str < 0x20)
+ return TRUE;
+ str++;
+ }
+ return FALSE;
+}
+
/*
* Override the login details from the URL with that in the CURLOPT_USERPWD
* option or a .netrc file, if applicable.
@@ -2730,29 +2741,39 @@ static CURLcode override_login(struct Curl_easy *data,
if(data->state.aptr.user &&
(data->state.creds_from != CREDS_NETRC)) {
- /* there was a user name in the URL. Use the URL decoded version */
+ /* there was a username with a length in the URL. Use the URL decoded
+ version */
userp = &data->state.aptr.user;
url_provided = TRUE;
}
- ret = Curl_parsenetrc(conn->host.name,
- userp, passwdp,
- data->set.str[STRING_NETRC_FILE]);
- if(ret > 0) {
- infof(data, "Couldn't find host %s in the %s file; using defaults",
- conn->host.name,
- (data->set.str[STRING_NETRC_FILE] ?
- data->set.str[STRING_NETRC_FILE] : ".netrc"));
- }
- else if(ret < 0) {
- failf(data, ".netrc parser error");
- return CURLE_READ_ERROR;
- }
- else {
- /* set bits.netrc TRUE to remember that we got the name from a .netrc
- file, so that it is safe to use even if we followed a Location: to a
- different host or similar. */
- conn->bits.netrc = TRUE;
+ if(!*passwdp) {
+ ret = Curl_parsenetrc(conn->host.name, userp, passwdp,
+ data->set.str[STRING_NETRC_FILE]);
+ if(ret > 0) {
+ infof(data, "Couldn't find host %s in the %s file; using defaults",
+ conn->host.name,
+ (data->set.str[STRING_NETRC_FILE] ?
+ data->set.str[STRING_NETRC_FILE] : ".netrc"));
+ }
+ else if(ret < 0) {
+ failf(data, ".netrc parser error");
+ return CURLE_READ_ERROR;
+ }
+ else {
+ if(!(conn->handler->flags&PROTOPT_USERPWDCTRL)) {
+ /* if the protocol can't handle control codes in credentials, make
+ sure there are none */
+ if(str_has_ctrl(*userp) || str_has_ctrl(*passwdp)) {
+ failf(data, "control code detected in .netrc credentials");
+ return CURLE_READ_ERROR;
+ }
+ }
+ /* set bits.netrc TRUE to remember that we got the name from a .netrc
+ file, so that it is safe to use even if we followed a Location: to a
+ different host or similar. */
+ conn->bits.netrc = TRUE;
+ }
}
if(url_provided) {
Curl_safefree(conn->user);
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 03cb6a0..e3508cb 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -73,7 +73,7 @@ test426 test427 test428 test429 test430 test431 test432 test433 test434 \
test435 test436 test437 test438 test439 test440 test441 test442 test443 \
test444 test445 test446 test447 test448 test449 test450 test451 test452 \
test453 test454 test455 test456 test457 test458 test459 test460 test461 \
-test462 test463 test467 test468 \
+test462 test463 test467 test468 test478 test479 test480 \
\
test490 test491 test492 test493 test494 test495 test496 test497 test498 \
test499 test500 test501 test502 test503 test504 test505 test506 test507 \
diff --git a/tests/data/test478 b/tests/data/test478
new file mode 100644
index 0000000..4acc72e
--- /dev/null
+++ b/tests/data/test478
@@ -0,0 +1,73 @@
+<testcase>
+ <info>
+ <keywords>
+ netrc
+ HTTP
+ </keywords>
+ </info>
+ #
+ # Server-side
+ <reply>
+ <data crlf="yes">
+ HTTP/1.1 200 OK
+ Date: Tue, 09 Nov 2010 14:49:00 GMT
+ Server: test-server/fake
+ Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
+ ETag: "21025-dc7-39462498"
+ Accept-Ranges: bytes
+ Content-Length: 6
+ Connection: close
+ Content-Type: text/html
+ Funny-head: yesyes
+
+ -foo-
+ </data>
+ </reply>
+
+ #
+ # Client-side
+ <client>
+ <server>
+ http
+ </server>
+ <features>
+ proxy
+ </features>
+ <name>
+ .netrc with multiple accounts for same host
+ </name>
+ <command>
+ --netrc --netrc-file log/netrc%TESTNUMBER -x http://%HOSTIP:%HTTPPORT/ http://debbie@github.com/
+ </command>
+ <file name="log/netrc%TESTNUMBER" >
+
+ machine github.com
+ password weird
+ password firstone
+ login daniel
+
+ machine github.com
+
+ machine github.com
+ login debbie
+
+ machine github.com
+ password weird
+ password "second\r"
+ login debbie
+
+ </file>
+ </client>
+
+ <verify>
+ <protocol>
+ GET http://github.com/ HTTP/1.1
+ Host: github.com
+ Authorization: Basic %b64[debbie:second%0D]b64%
+ User-Agent: curl/%VERSION
+ Accept: */*
+ Proxy-Connection: Keep-Alive
+
+ </protocol>
+ </verify>
+ </testcase>
diff --git a/tests/data/test479 b/tests/data/test479
new file mode 100644
index 0000000..62a2057
--- /dev/null
+++ b/tests/data/test479
@@ -0,0 +1,107 @@
+<testcase>
+ <info>
+ <keywords>
+ netrc
+ HTTP
+ </keywords>
+ </info>
+ #
+ # Server-side
+ <reply>
+ <data crlf="yes">
+ HTTP/1.1 301 Follow this you fool
+ Date: Tue, 09 Nov 2010 14:49:00 GMT
+ Server: test-server/fake
+ Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
+ ETag: "21025-dc7-39462498"
+ Accept-Ranges: bytes
+ Content-Length: 6
+ Connection: close
+ Location: http://b.com/%TESTNUMBER0002
+
+ -foo-
+ </data>
+
+ <data2 crlf="yes">
+ HTTP/1.1 200 OK
+ Date: Tue, 09 Nov 2010 14:49:00 GMT
+ Server: test-server/fake
+ Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
+ ETag: "21025-dc7-39462498"
+ Accept-Ranges: bytes
+ Content-Length: 7
+ Connection: close
+
+ target
+ </data2>
+
+ <datacheck crlf="yes">
+ HTTP/1.1 301 Follow this you fool
+ Date: Tue, 09 Nov 2010 14:49:00 GMT
+ Server: test-server/fake
+ Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
+ ETag: "21025-dc7-39462498"
+ Accept-Ranges: bytes
+ Content-Length: 6
+ Connection: close
+ Location: http://b.com/%TESTNUMBER0002
+
+ HTTP/1.1 200 OK
+ Date: Tue, 09 Nov 2010 14:49:00 GMT
+ Server: test-server/fake
+ Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
+ ETag: "21025-dc7-39462498"
+ Accept-Ranges: bytes
+ Content-Length: 7
+ Connection: close
+
+ target
+ </datacheck>
+ </reply>
+
+ #
+ # Client-side
+ <client>
+ <server>
+ http
+ </server>
+ <features>
+ proxy
+ </features>
+ <name>
+ .netrc with redirect and default without password
+ </name>
+ <command>
+ --netrc --netrc-file log/netrc%TESTNUMBER -L -x http://%HOSTIP:%HTTPPORT/ http://a.com/
+ </command>
+ <file name="log/netrc%TESTNUMBER" >
+
+ machine a.com
+ login alice
+ password alicespassword
+
+ default
+ login bob
+
+ </file>
+ </client>
+
+ <verify>
+ <protocol>
+ GET http://a.com/ HTTP/1.1
+ Host: a.com
+ Authorization: Basic %b64[alice:alicespassword]b64%
+ User-Agent: curl/%VERSION
+ Accept: */*
+ Proxy-Connection: Keep-Alive
+
+ GET http://b.com/%TESTNUMBER0002 HTTP/1.1
+ Host: b.com
+ Authorization: Basic %b64[bob:]b64%
+ User-Agent: curl/%VERSION
+ Accept: */*
+ Proxy-Connection: Keep-Alive
+
+ </protocol>
+ </verify>
+ </testcase>
diff --git a/tests/data/test480 b/tests/data/test480
new file mode 100644
index 0000000..47db7ab
--- /dev/null
+++ b/tests/data/test480
@@ -0,0 +1,38 @@
+<testcase>
+ <info>
+ <keywords>
+ netrc
+ pop3
+ </keywords>
+ </info>
+ #
+ # Server-side
+ <reply>
+
+ </reply>
+
+ #
+ # Client-side
+ <client>
+ <server>
+ pop3
+ </server>
+ <name>
+ Reject .netrc with credentials using CRLF for POP3
+ </name>
+ <command>
+ --netrc --netrc-file log/netrc%TESTNUMBER pop3://%HOSTIP:%POP3PORT/%TESTNUMBER
+ </command>
+ <file name="log/netrc%TESTNUMBER" >
+ machine %HOSTIP
+ login alice
+ password "password\r\ncommand"
+ </file>
+ </client>
+
+ <verify>
+ <errorcode>
+ 26
+ </errorcode>
+ </verify>
+ </testcase>
diff --git a/tests/unit/unit1304.c b/tests/unit/unit1304.c
index 0288562..b2b4366 100644
--- a/tests/unit/unit1304.c
+++ b/tests/unit/unit1304.c
@@ -32,13 +32,8 @@ static char *password;
static CURLcode unit_setup(void)
{
- password = strdup("");
- login = strdup("");
- if(!password || !login) {
- Curl_safefree(password);
- Curl_safefree(login);
- return CURLE_OUT_OF_MEMORY;
- }
+ password = NULL;
+ login = NULL;
return CURLE_OK;
}
@@ -56,76 +51,48 @@ UNITTEST_START
*/
result = Curl_parsenetrc("test.example.com", &login, &password, arg);
fail_unless(result == 1, "Host not found should return 1");
- abort_unless(password != NULL, "returned NULL!");
- fail_unless(password[0] == 0, "password should not have been changed");
- abort_unless(login != NULL, "returned NULL!");
- fail_unless(login[0] == 0, "login should not have been changed");
+ abort_unless(password == NULL, "password did not return NULL!");
+ abort_unless(login == NULL, "user did not return NULL!");
/*
* Test a non existent login in our netrc file.
*/
- free(login);
- login = strdup("me");
- abort_unless(login != NULL, "returned NULL!");
+ login = (char *)"me";
result = Curl_parsenetrc("example.com", &login, &password, arg);
fail_unless(result == 0, "Host should have been found");
- abort_unless(password != NULL, "returned NULL!");
- fail_unless(password[0] == 0, "password should not have been changed");
- abort_unless(login != NULL, "returned NULL!");
- fail_unless(strncmp(login, "me", 2) == 0,
- "login should not have been changed");
+ abort_unless(password == NULL, "password is not NULL!");
/*
* Test a non existent login and host in our netrc file.
*/
- free(login);
- login = strdup("me");
- abort_unless(login != NULL, "returned NULL!");
+ login = (char *)"me";
result = Curl_parsenetrc("test.example.com", &login, &password, arg);
fail_unless(result == 1, "Host not found should return 1");
- abort_unless(password != NULL, "returned NULL!");
- fail_unless(password[0] == 0, "password should not have been changed");
- abort_unless(login != NULL, "returned NULL!");
- fail_unless(strncmp(login, "me", 2) == 0,
- "login should not have been changed");
+ abort_unless(password == NULL, "password is not NULL!");
/*
* Test a non existent login (substring of an existing one) in our
* netrc file.
*/
- free(login);
- login = strdup("admi");
- abort_unless(login != NULL, "returned NULL!");
+ login = (char *)"admi";
result = Curl_parsenetrc("example.com", &login, &password, arg);
fail_unless(result == 0, "Host should have been found");
- abort_unless(password != NULL, "returned NULL!");
- fail_unless(password[0] == 0, "password should not have been changed");
- abort_unless(login != NULL, "returned NULL!");
- fail_unless(strncmp(login, "admi", 4) == 0,
- "login should not have been changed");
+ abort_unless(password == NULL, "password is not NULL!");
/*
* Test a non existent login (superstring of an existing one)
* in our netrc file.
*/
- free(login);
- login = strdup("adminn");
- abort_unless(login != NULL, "returned NULL!");
+ login = (char *)"adminn";
result = Curl_parsenetrc("example.com", &login, &password, arg);
fail_unless(result == 0, "Host should have been found");
- abort_unless(password != NULL, "returned NULL!");
- fail_unless(password[0] == 0, "password should not have been changed");
- abort_unless(login != NULL, "returned NULL!");
- fail_unless(strncmp(login, "adminn", 6) == 0,
- "login should not have been changed");
+ abort_unless(password == NULL, "password is not NULL!");
/*
* Test for the first existing host in our netrc file
* with login[0] = 0.
*/
- free(login);
- login = strdup("");
- abort_unless(login != NULL, "returned NULL!");
+ login = NULL;
result = Curl_parsenetrc("example.com", &login, &password, arg);
fail_unless(result == 0, "Host should have been found");
abort_unless(password != NULL, "returned NULL!");
@@ -139,8 +106,9 @@ UNITTEST_START
* with login[0] != 0.
*/
free(password);
- password = strdup("");
- abort_unless(password != NULL, "returned NULL!");
+ free(login);
+ password = NULL;
+ login = NULL;
result = Curl_parsenetrc("example.com", &login, &password, arg);
fail_unless(result == 0, "Host should have been found");
abort_unless(password != NULL, "returned NULL!");
@@ -154,11 +122,9 @@ UNITTEST_START
* with login[0] = 0.
*/
free(password);
- password = strdup("");
- abort_unless(password != NULL, "returned NULL!");
+ password = NULL;
free(login);
- login = strdup("");
- abort_unless(login != NULL, "returned NULL!");
+ login = NULL;
result = Curl_parsenetrc("curl.example.com", &login, &password, arg);
fail_unless(result == 0, "Host should have been found");
abort_unless(password != NULL, "returned NULL!");
@@ -172,8 +138,9 @@ UNITTEST_START
* with login[0] != 0.
*/
free(password);
- password = strdup("");
- abort_unless(password != NULL, "returned NULL!");
+ free(login);
+ password = NULL;
+ login = NULL;
result = Curl_parsenetrc("curl.example.com", &login, &password, arg);
fail_unless(result == 0, "Host should have been found");
abort_unless(password != NULL, "returned NULL!");
--
2.40.0

130
sources/poky/meta/recipes-support/curl/curl/CVE-2024-11053-0003.patch Normal file
View File

@@ -0,0 +1,130 @@
From 9fce2c55d4b0273ac99b59bd8cb982a6d96b88cf Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 17 Dec 2024 23:56:42 +0100
Subject: [PATCH] netrc: fix password-only entries
When a specific hostname matched, and only a password is set before
another machine is specified in the netrc file, the parser would not be
happy and stop there and return the password-only state. It instead
continued and did not return a match.
Add test 2005 to verify this case
Regression from e9b9bba, shipped in 8.11.1.
Reported-by: Ben Zanin
Fixes #15767
Closes #15768
CVE: CVE-2024-11053
Upstream-Status: Backport [https://github.com/curl/curl/commit/9fce2c55d4b0273ac99b59bd8cb982a6d96b88cf]
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
---
lib/netrc.c | 7 +++++-
tests/data/Makefile.inc | 2 +-
tests/data/test2005 | 55 +++++++++++++++++++++++++++++++++++++++++
3 files changed, 62 insertions(+), 2 deletions(-)
create mode 100644 tests/data/test2005
diff --git a/lib/netrc.c b/lib/netrc.c
index 64efdc0..695e89a 100644
--- a/lib/netrc.c
+++ b/lib/netrc.c
@@ -228,7 +228,8 @@ static int parsenetrc(const char *host,
retcode = NETRC_FAILED; /* allocation failed */
goto out;
}
- found |= FOUND_PASSWORD;
+ if(!specific_login || our_login)
+ found |= FOUND_PASSWORD;
keyword = NONE;
}
else if(strcasecompare("login", tok))
@@ -237,6 +238,10 @@ static int parsenetrc(const char *host,
keyword = PASSWORD;
else if(strcasecompare("machine", tok)) {
/* a new machine here */
+ if(found & FOUND_PASSWORD) {
+ done = TRUE;
+ break;
+ }
state = HOSTFOUND;
keyword = NONE;
found = 0;
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index e3508cb..dc2af79 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -230,7 +230,7 @@ test1941 test1942 test1943 test1944 test1945 test1946 test1947 test1948 \
test1955 test1956 test1957 test1958 test1959 test1960 test1964 \
test1970 test1971 test1972 test1973 test1974 test1975 \
\
-test2000 test2001 test2002 test2003 test2004 \
+test2000 test2001 test2002 test2003 test2004 test2005 \
\
test2023 \
test2024 test2025 test2026 test2027 test2028 test2029 test2030 test2031 \
diff --git a/tests/data/test2005 b/tests/data/test2005
new file mode 100644
index 0000000..66afe84
--- /dev/null
+++ b/tests/data/test2005
@@ -0,0 +1,55 @@
+<testcase>
+ <info>
+ <keywords>
+ HTTP
+ netrc
+ </keywords>
+ </info>
+ #
+ # Server-side
+ <reply>
+ <data>
+ HTTP/1.1 200 OK
+ Date: Fri, 05 Aug 2022 10:09:00 GMT
+ Server: test-server/fake
+ Content-Type: text/plain
+ Content-Length: 6
+ Connection: close
+
+ -foo-
+ </data>
+ </reply>
+
+ #
+ # Client-side
+ <client>
+ <server>
+ http
+ </server>
+ <name>
+ netrc match with password only in file, no username. machine follows
+ </name>
+ <command>
+ --netrc-optional --netrc-file log/netrc%TESTNUMBER http://%HOSTIP:%HTTPPORT/
+ </command>
+ <file name="log/netrc%TESTNUMBER" >
+ machine %HOSTIP
+ password 5up3r53cr37
+
+ machine example.com
+ </file>
+ </client>
+
+ #
+ # Verify data after the test has been "shot"
+ <verify>
+ <protocol>
+ GET / HTTP/1.1
+ Host: %HOSTIP:%HTTPPORT
+ Authorization: Basic %b64[:5up3r53cr37]b64%
+ User-Agent: curl/%VERSION
+ Accept: */*
+
+ </protocol>
+ </verify>
+ </testcase>
--
2.40.0

24
sources/poky/meta/recipes-support/curl/curl/CVE-2024-6197.patch Normal file
View File

@@ -0,0 +1,24 @@
From 3a537a4db9e65e545ec45b1b5d5575ee09a2569d Mon Sep 17 00:00:00 2001
From: z2_ <88509734+z2-2z@users.noreply.github.com>
Date: Fri, 28 Jun 2024 14:45:47 +0200
Subject: [PATCH] x509asn1: remove superfluous free()
CVE: CVE-2024-6197
Upstream-Status: Backport [https://github.com/curl/curl/commit/3a537a4db9e65e545ec45b1b5d5575ee09a2569d.patch]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
lib/vtls/x509asn1.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/lib/vtls/x509asn1.c b/lib/vtls/x509asn1.c
index f71ab0b90a5931..1bc4243ddae343 100644
--- a/lib/vtls/x509asn1.c
+++ b/lib/vtls/x509asn1.c
@@ -393,7 +393,6 @@ utf8asn1str(struct dynbuf *to, int type, const char *from, const char *end)
if(wc >= 0x00000800) {
if(wc >= 0x00010000) {
if(wc >= 0x00200000) {
- free(buf);
/* Invalid char. size for target encoding. */
return CURLE_WEIRD_SERVER_REPLY;
}

61
sources/poky/meta/recipes-support/curl/curl/CVE-2024-7264-1.patch Normal file
View File

@@ -0,0 +1,61 @@
From 3c914bc680155b32178f1f15ca8d47c7f4640afe Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 30 Jul 2024 10:05:17 +0200
Subject: [PATCH] x509asn1: clean up GTime2str
Co-authored-by: Stefan Eissing
Reported-by: Dov Murik
Closes #14307
CVE: CVE-2024-7264
Upstream-Status: Backport [https://github.com/curl/curl/commit/3c914bc680155b32178f1f15ca8d47c7f4640afe.patch]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
lib/vtls/x509asn1.c | 23 ++++++++++++++---------
1 file changed, 14 insertions(+), 9 deletions(-)
diff --git a/lib/vtls/x509asn1.c b/lib/vtls/x509asn1.c
index 1bc4243ddae343..e3a9fe4232a4ea 100644
--- a/lib/vtls/x509asn1.c
+++ b/lib/vtls/x509asn1.c
@@ -488,7 +488,7 @@ static CURLcode GTime2str(struct dynbuf *store,
/* Convert an ASN.1 Generalized time to a printable string.
Return the dynamically allocated string, or NULL if an error occurs. */
- for(fracp = beg; fracp < end && *fracp >= '0' && *fracp <= '9'; fracp++)
+ for(fracp = beg; fracp < end && ISDIGIT(*fracp); fracp++)
;
/* Get seconds digits. */
@@ -507,17 +507,22 @@ static CURLcode GTime2str(struct dynbuf *store,
return CURLE_BAD_FUNCTION_ARGUMENT;
}
- /* Scan for timezone, measure fractional seconds. */
+ /* timezone follows optional fractional seconds. */
tzp = fracp;
- fracl = 0;
+ fracl = 0; /* no fractional seconds detected so far */
if(fracp < end && (*fracp == '.' || *fracp == ',')) {
- fracp++;
- do
+ /* Have fractional seconds, e.g. "[.,]\d+". How many? */
+ tzp = fracp++; /* should be a digit char or BAD ARGUMENT */
+ while(tzp < end && ISDIGIT(*tzp))
tzp++;
- while(tzp < end && *tzp >= '0' && *tzp <= '9');
- /* Strip leading zeroes in fractional seconds. */
- for(fracl = tzp - fracp - 1; fracl && fracp[fracl - 1] == '0'; fracl--)
- ;
+ if(tzp == fracp) /* never looped, no digit after [.,] */
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ fracl = tzp - fracp - 1; /* number of fractional sec digits */
+ DEBUGASSERT(fracl > 0);
+ /* Strip trailing zeroes in fractional seconds.
+ * May reduce fracl to 0 if only '0's are present. */
+ while(fracl && fracp[fracl - 1] == '0')
+ fracl--;
}
/* Process timezone. */

316
sources/poky/meta/recipes-support/curl/curl/CVE-2024-7264-2.patch Normal file
View File

@@ -0,0 +1,316 @@
From 27959ecce75cdb2809c0bdb3286e60e08fadb519 Mon Sep 17 00:00:00 2001
From: Stefan Eissing <stefan@eissing.org>
Date: Tue, 30 Jul 2024 16:40:48 +0200
Subject: [PATCH] x509asn1: unittests and fixes for gtime2str
Fix issues in GTime2str() and add unit test cases to verify correct
behaviour.
Follow-up to 3c914bc6801
Closes #14316
CVE: CVE-2024-7264
Upstream-Status: Backport [https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519.patch]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
lib/vtls/x509asn1.c | 32 +++++++---
lib/vtls/x509asn1.h | 11 ++++
tests/data/Makefile.inc | 2 +-
tests/data/test1656 | 22 +++++++
tests/unit/Makefile.inc | 4 +-
tests/unit/unit1656.c | 133 ++++++++++++++++++++++++++++++++++++++++
6 files changed, 194 insertions(+), 10 deletions(-)
create mode 100644 tests/data/test1656
create mode 100644 tests/unit/unit1656.c
diff --git a/lib/vtls/x509asn1.c b/lib/vtls/x509asn1.c
index e3a9fe4232a4ea..7f04af3b9778c5 100644
--- a/lib/vtls/x509asn1.c
+++ b/lib/vtls/x509asn1.c
@@ -512,12 +512,13 @@ static CURLcode GTime2str(struct dynbuf *store,
fracl = 0; /* no fractional seconds detected so far */
if(fracp < end && (*fracp == '.' || *fracp == ',')) {
/* Have fractional seconds, e.g. "[.,]\d+". How many? */
- tzp = fracp++; /* should be a digit char or BAD ARGUMENT */
+ fracp++; /* should be a digit char or BAD ARGUMENT */
+ tzp = fracp;
while(tzp < end && ISDIGIT(*tzp))
tzp++;
if(tzp == fracp) /* never looped, no digit after [.,] */
return CURLE_BAD_FUNCTION_ARGUMENT;
- fracl = tzp - fracp - 1; /* number of fractional sec digits */
+ fracl = tzp - fracp; /* number of fractional sec digits */
DEBUGASSERT(fracl > 0);
/* Strip trailing zeroes in fractional seconds.
* May reduce fracl to 0 if only '0's are present. */
@@ -526,18 +527,24 @@ static CURLcode GTime2str(struct dynbuf *store,
}
/* Process timezone. */
- if(tzp >= end)
- ; /* Nothing to do. */
+ if(tzp >= end) {
+ tzp = "";
+ tzl = 0;
+ }
else if(*tzp == 'Z') {
- tzp = " GMT";
- end = tzp + 4;
+ sep = " ";
+ tzp = "GMT";
+ tzl = 3;
+ }
+ else if((*tzp == '+') || (*tzp == '-')) {
+ sep = " UTC";
+ tzl = end - tzp;
}
else {
sep = " ";
- tzp++;
+ tzl = end - tzp;
}
- tzl = end - tzp;
return Curl_dyn_addf(store,
"%.4s-%.2s-%.2s %.2s:%.2s:%c%c%s%.*s%s%.*s",
beg, beg + 4, beg + 6,
@@ -546,6 +553,15 @@ static CURLcode GTime2str(struct dynbuf *store,
sep, (int)tzl, tzp);
}
+#ifdef UNITTESTS
+/* used by unit1656.c */
+CURLcode Curl_x509_GTime2str(struct dynbuf *store,
+ const char *beg, const char *end)
+{
+ return GTime2str(store, beg, end);
+}
+#endif
+
/*
* Convert an ASN.1 UTC time to a printable string.
*
diff --git a/lib/vtls/x509asn1.h b/lib/vtls/x509asn1.h
index 5844460467ccef..5b48596c75910a 100644
--- a/lib/vtls/x509asn1.h
+++ b/lib/vtls/x509asn1.h
@@ -76,5 +76,16 @@ CURLcode Curl_extract_certinfo(struct Curl_easy *data, int certnum,
const char *beg, const char *end);
CURLcode Curl_verifyhost(struct Curl_cfilter *cf, struct Curl_easy *data,
const char *beg, const char *end);
+
+#ifdef UNITTESTS
+#if defined(USE_GNUTLS) || defined(USE_SCHANNEL) || defined(USE_SECTRANSP) || \
+ defined(USE_MBEDTLS)
+
+/* used by unit1656.c */
+CURLcode Curl_x509_GTime2str(struct dynbuf *store,
+ const char *beg, const char *end);
+#endif
+#endif
+
#endif /* USE_GNUTLS or USE_WOLFSSL or USE_SCHANNEL or USE_SECTRANSP */
#endif /* HEADER_CURL_X509ASN1_H */
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index d0e20df4b900c8..792cb16eef20ad 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -210,7 +210,7 @@ test1620 test1621 \
\
test1630 test1631 test1632 test1633 test1634 test1635 \
\
-test1650 test1651 test1652 test1653 test1654 test1655 \
+test1650 test1651 test1652 test1653 test1654 test1655 test1656 \
test1660 test1661 test1662 \
\
test1670 test1671 \
diff --git a/tests/data/test1656 b/tests/data/test1656
new file mode 100644
index 00000000000000..2fab21be63d7e3
--- /dev/null
+++ b/tests/data/test1656
@@ -0,0 +1,22 @@
+<testcase>
+<info>
+<keywords>
+unittest
+Curl_x509_GTime2str
+</keywords>
+</info>
+
+#
+# Client-side
+<client>
+<server>
+none
+</server>
+<features>
+unittest
+</features>
+<name>
+Curl_x509_GTime2str unit tests
+</name>
+</client>
+</testcase>
diff --git a/tests/unit/Makefile.inc b/tests/unit/Makefile.inc
index c402f803509c8a..5b23c2559280f0 100644
--- a/tests/unit/Makefile.inc
+++ b/tests/unit/Makefile.inc
@@ -36,7 +36,7 @@ UNITPROGS = unit1300 unit1302 unit1303 unit1304 unit1305 unit1307 \
unit1600 unit1601 unit1602 unit1603 unit1604 unit1605 unit1606 unit1607 \
unit1608 unit1609 unit1610 unit1611 unit1612 unit1614 unit1615 \
unit1620 unit1621 \
- unit1650 unit1651 unit1652 unit1653 unit1654 unit1655 \
+ unit1650 unit1651 unit1652 unit1653 unit1654 unit1655 unit1656 \
unit1660 unit1661 \
unit2600 unit2601 unit2602 unit2603 \
unit3200
@@ -119,6 +119,8 @@ unit1654_SOURCES = unit1654.c $(UNITFILES)
unit1655_SOURCES = unit1655.c $(UNITFILES)
+unit1656_SOURCES = unit1656.c $(UNITFILES)
+
unit1660_SOURCES = unit1660.c $(UNITFILES)
unit1661_SOURCES = unit1661.c $(UNITFILES)
diff --git a/tests/unit/unit1656.c b/tests/unit/unit1656.c
new file mode 100644
index 00000000000000..644e72fc7d6577
--- /dev/null
+++ b/tests/unit/unit1656.c
@@ -0,0 +1,133 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+#include "curlcheck.h"
+
+#include "vtls/x509asn1.h"
+
+static CURLcode unit_setup(void)
+{
+ return CURLE_OK;
+}
+
+static void unit_stop(void)
+{
+
+}
+
+#if defined(USE_GNUTLS) || defined(USE_SCHANNEL) || defined(USE_SECTRANSP) || \
+ defined(USE_MBEDTLS)
+
+#ifndef ARRAYSIZE
+#define ARRAYSIZE(A) (sizeof(A)/sizeof((A)[0]))
+#endif
+
+struct test_spec {
+ const char *input;
+ const char *exp_output;
+ CURLcode exp_result;
+};
+
+static struct test_spec test_specs[] = {
+ { "190321134340", "1903-21-13 43:40:00", CURLE_OK },
+ { "", NULL, CURLE_BAD_FUNCTION_ARGUMENT },
+ { "WTF", NULL, CURLE_BAD_FUNCTION_ARGUMENT },
+ { "0WTF", NULL, CURLE_BAD_FUNCTION_ARGUMENT },
+ { "19032113434", NULL, CURLE_BAD_FUNCTION_ARGUMENT },
+ { "19032113434WTF", NULL, CURLE_BAD_FUNCTION_ARGUMENT },
+ { "190321134340.", NULL, CURLE_BAD_FUNCTION_ARGUMENT },
+ { "190321134340.1", "1903-21-13 43:40:00.1", CURLE_OK },
+ { "19032113434017.0", "1903-21-13 43:40:17", CURLE_OK },
+ { "19032113434017.01", "1903-21-13 43:40:17.01", CURLE_OK },
+ { "19032113434003.001", "1903-21-13 43:40:03.001", CURLE_OK },
+ { "19032113434003.090", "1903-21-13 43:40:03.09", CURLE_OK },
+ { "190321134340Z", "1903-21-13 43:40:00 GMT", CURLE_OK },
+ { "19032113434017.0Z", "1903-21-13 43:40:17 GMT", CURLE_OK },
+ { "19032113434017.01Z", "1903-21-13 43:40:17.01 GMT", CURLE_OK },
+ { "19032113434003.001Z", "1903-21-13 43:40:03.001 GMT", CURLE_OK },
+ { "19032113434003.090Z", "1903-21-13 43:40:03.09 GMT", CURLE_OK },
+ { "190321134340CET", "1903-21-13 43:40:00 CET", CURLE_OK },
+ { "19032113434017.0CET", "1903-21-13 43:40:17 CET", CURLE_OK },
+ { "19032113434017.01CET", "1903-21-13 43:40:17.01 CET", CURLE_OK },
+ { "190321134340+02:30", "1903-21-13 43:40:00 UTC+02:30", CURLE_OK },
+ { "19032113434017.0+02:30", "1903-21-13 43:40:17 UTC+02:30", CURLE_OK },
+ { "19032113434017.01+02:30", "1903-21-13 43:40:17.01 UTC+02:30", CURLE_OK },
+ { "190321134340-3", "1903-21-13 43:40:00 UTC-3", CURLE_OK },
+ { "19032113434017.0-04", "1903-21-13 43:40:17 UTC-04", CURLE_OK },
+ { "19032113434017.01-01:10", "1903-21-13 43:40:17.01 UTC-01:10", CURLE_OK },
+};
+
+static bool do_test(struct test_spec *spec, size_t i, struct dynbuf *dbuf)
+{
+ CURLcode result;
+ const char *in = spec->input;
+
+ Curl_dyn_reset(dbuf);
+ result = Curl_x509_GTime2str(dbuf, in, in + strlen(in));
+ if(result != spec->exp_result) {
+ fprintf(stderr, "test %zu: expect result %d, got %d\n",
+ i, spec->exp_result, result);
+ return FALSE;
+ }
+ else if(!result && strcmp(spec->exp_output, Curl_dyn_ptr(dbuf))) {
+ fprintf(stderr, "test %zu: input '%s', expected output '%s', got '%s'\n",
+ i, in, spec->exp_output, Curl_dyn_ptr(dbuf));
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+UNITTEST_START
+{
+ size_t i;
+ struct dynbuf dbuf;
+ bool all_ok = TRUE;
+
+ Curl_dyn_init(&dbuf, 32*1024);
+
+ if(curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK) {
+ fprintf(stderr, "curl_global_init() failed\n");
+ return TEST_ERR_MAJOR_BAD;
+ }
+
+ for(i = 0; i < ARRAYSIZE(test_specs); ++i) {
+ if(!do_test(&test_specs[i], i, &dbuf))
+ all_ok = FALSE;
+ }
+ fail_unless(all_ok, "some tests of Curl_x509_GTime2str() fails");
+
+ Curl_dyn_free(&dbuf);
+ curl_global_cleanup();
+}
+UNITTEST_STOP
+
+#else
+
+UNITTEST_START
+{
+ puts("not tested since Curl_x509_GTime2str() is not built-in");
+}
+UNITTEST_STOP
+
+#endif

207
sources/poky/meta/recipes-support/curl/curl/CVE-2024-8096.patch Normal file
View File

@@ -0,0 +1,207 @@
From aeb1a281cab13c7ba791cb104e556b20e713941f Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 20 Aug 2024 16:14:39 +0200
Subject: [PATCH] gtls: fix OCSP stapling management
Reported-by: Hiroki Kurosawa
Closes #14642
Upstream-Status: Backport [https://github.com/curl/curl/commit/aeb1a281cab13c7ba791cb104e556b20e713941f]
CVE: CVE-2024-8096
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
lib/vtls/gtls.c | 146 ++++++++++++++++++++++++------------------------
1 file changed, 73 insertions(+), 73 deletions(-)
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index 6eaa6a8..7dd7df8 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -538,6 +538,13 @@ CURLcode gtls_client_init(struct Curl_easy *data,
init_flags |= GNUTLS_NO_TICKETS;
#endif
+#if defined(GNUTLS_NO_STATUS_REQUEST)
+ if(!config->verifystatus)
+ /* Disable the "status_request" TLS extension, enabled by default since
+ GnuTLS 3.8.0. */
+ init_flags |= GNUTLS_NO_STATUS_REQUEST;
+#endif
+
rc = gnutls_init(&gtls->session, init_flags);
if(rc != GNUTLS_E_SUCCESS) {
failf(data, "gnutls_init() failed: %d", rc);
@@ -923,104 +930,97 @@ Curl_gtls_verifyserver(struct Curl_easy *data,
infof(data, " server certificate verification SKIPPED");
if(config->verifystatus) {
- if(gnutls_ocsp_status_request_is_checked(session, 0) == 0) {
- gnutls_datum_t status_request;
- gnutls_ocsp_resp_t ocsp_resp;
+ gnutls_datum_t status_request;
+ gnutls_ocsp_resp_t ocsp_resp;
+ gnutls_ocsp_cert_status_t status;
+ gnutls_x509_crl_reason_t reason;
- gnutls_ocsp_cert_status_t status;
- gnutls_x509_crl_reason_t reason;
+ rc = gnutls_ocsp_status_request_get(session, &status_request);
- rc = gnutls_ocsp_status_request_get(session, &status_request);
+ if(rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ failf(data, "No OCSP response received");
+ return CURLE_SSL_INVALIDCERTSTATUS;
+ }
- infof(data, " server certificate status verification FAILED");
+ if(rc < 0) {
+ failf(data, "Invalid OCSP response received");
+ return CURLE_SSL_INVALIDCERTSTATUS;
+ }
- if(rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
- failf(data, "No OCSP response received");
- return CURLE_SSL_INVALIDCERTSTATUS;
- }
+ gnutls_ocsp_resp_init(&ocsp_resp);
- if(rc < 0) {
- failf(data, "Invalid OCSP response received");
- return CURLE_SSL_INVALIDCERTSTATUS;
- }
+ rc = gnutls_ocsp_resp_import(ocsp_resp, &status_request);
+ if(rc < 0) {
+ failf(data, "Invalid OCSP response received");
+ return CURLE_SSL_INVALIDCERTSTATUS;
+ }
- gnutls_ocsp_resp_init(&ocsp_resp);
+ (void)gnutls_ocsp_resp_get_single(ocsp_resp, 0, NULL, NULL, NULL, NULL,
+ &status, NULL, NULL, NULL, &reason);
- rc = gnutls_ocsp_resp_import(ocsp_resp, &status_request);
- if(rc < 0) {
- failf(data, "Invalid OCSP response received");
- return CURLE_SSL_INVALIDCERTSTATUS;
- }
+ switch(status) {
+ case GNUTLS_OCSP_CERT_GOOD:
+ break;
- (void)gnutls_ocsp_resp_get_single(ocsp_resp, 0, NULL, NULL, NULL, NULL,
- &status, NULL, NULL, NULL, &reason);
+ case GNUTLS_OCSP_CERT_REVOKED: {
+ const char *crl_reason;
- switch(status) {
- case GNUTLS_OCSP_CERT_GOOD:
+ switch(reason) {
+ default:
+ case GNUTLS_X509_CRLREASON_UNSPECIFIED:
+ crl_reason = "unspecified reason";
break;
- case GNUTLS_OCSP_CERT_REVOKED: {
- const char *crl_reason;
-
- switch(reason) {
- default:
- case GNUTLS_X509_CRLREASON_UNSPECIFIED:
- crl_reason = "unspecified reason";
- break;
-
- case GNUTLS_X509_CRLREASON_KEYCOMPROMISE:
- crl_reason = "private key compromised";
- break;
-
- case GNUTLS_X509_CRLREASON_CACOMPROMISE:
- crl_reason = "CA compromised";
- break;
-
- case GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED:
- crl_reason = "affiliation has changed";
- break;
+ case GNUTLS_X509_CRLREASON_KEYCOMPROMISE:
+ crl_reason = "private key compromised";
+ break;
- case GNUTLS_X509_CRLREASON_SUPERSEDED:
- crl_reason = "certificate superseded";
- break;
+ case GNUTLS_X509_CRLREASON_CACOMPROMISE:
+ crl_reason = "CA compromised";
+ break;
- case GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION:
- crl_reason = "operation has ceased";
- break;
+ case GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED:
+ crl_reason = "affiliation has changed";
+ break;
- case GNUTLS_X509_CRLREASON_CERTIFICATEHOLD:
- crl_reason = "certificate is on hold";
- break;
+ case GNUTLS_X509_CRLREASON_SUPERSEDED:
+ crl_reason = "certificate superseded";
+ break;
- case GNUTLS_X509_CRLREASON_REMOVEFROMCRL:
- crl_reason = "will be removed from delta CRL";
- break;
+ case GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION:
+ crl_reason = "operation has ceased";
+ break;
- case GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN:
- crl_reason = "privilege withdrawn";
- break;
+ case GNUTLS_X509_CRLREASON_CERTIFICATEHOLD:
+ crl_reason = "certificate is on hold";
+ break;
- case GNUTLS_X509_CRLREASON_AACOMPROMISE:
- crl_reason = "AA compromised";
- break;
- }
+ case GNUTLS_X509_CRLREASON_REMOVEFROMCRL:
+ crl_reason = "will be removed from delta CRL";
+ break;
- failf(data, "Server certificate was revoked: %s", crl_reason);
+ case GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN:
+ crl_reason = "privilege withdrawn";
break;
- }
- default:
- case GNUTLS_OCSP_CERT_UNKNOWN:
- failf(data, "Server certificate status is unknown");
+ case GNUTLS_X509_CRLREASON_AACOMPROMISE:
+ crl_reason = "AA compromised";
break;
}
- gnutls_ocsp_resp_deinit(ocsp_resp);
+ failf(data, "Server certificate was revoked: %s", crl_reason);
+ break;
+ }
+
+ default:
+ case GNUTLS_OCSP_CERT_UNKNOWN:
+ failf(data, "Server certificate status is unknown");
+ break;
+ }
+ gnutls_ocsp_resp_deinit(ocsp_resp);
+ if(status != GNUTLS_OCSP_CERT_GOOD)
return CURLE_SSL_INVALIDCERTSTATUS;
- }
- else
- infof(data, " server certificate status verification OK");
}
else
infof(data, " server certificate status verification SKIPPED");
--
2.25.1

85
sources/poky/meta/recipes-support/curl/curl/CVE-2024-9681.patch Normal file
View File

@@ -0,0 +1,85 @@
From a94973805df96269bf3f3bf0a20ccb9887313316 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 9 Oct 2024 10:04:35 +0200
Subject: [PATCH] hsts: improve subdomain handling
- on load, only replace existing HSTS entries if there is a full host
match
- on matching, prefer a full host match and secondary the longest tail
subdomain match
Closes #15210
CVE: CVE-2024-9681
Upstream-Status: Backport [https://github.com/curl/curl/commit/a94973805df96269bf3f3bf0a20ccb9887313316]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
lib/hsts.c | 14 ++++++++++----
tests/data/test1660 | 2 +-
2 files changed, 11 insertions(+), 5 deletions(-)
diff --git a/lib/hsts.c b/lib/hsts.c
index d5e883f51ef0f7..12052ce53c1c5a 100644
--- a/lib/hsts.c
+++ b/lib/hsts.c
@@ -254,12 +254,14 @@ CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname,
struct stsentry *Curl_hsts(struct hsts *h, const char *hostname,
bool subdomain)
{
+ struct stsentry *bestsub = NULL;
if(h) {
char buffer[MAX_HSTS_HOSTLEN + 1];
time_t now = time(NULL);
size_t hlen = strlen(hostname);
struct Curl_llist_element *e;
struct Curl_llist_element *n;
+ size_t blen = 0;
if((hlen > MAX_HSTS_HOSTLEN) || !hlen)
return NULL;
@@ -284,15 +286,19 @@ struct stsentry *Curl_hsts(struct hsts *h, const char *hostname,
if(ntail < hlen) {
size_t offs = hlen - ntail;
if((hostname[offs-1] == '.') &&
- strncasecompare(&hostname[offs], sts->host, ntail))
- return sts;
+ strncasecompare(&hostname[offs], sts->host, ntail) &&
+ (ntail > blen)) {
+ /* save the tail match with the longest tail */
+ bestsub = sts;
+ blen = ntail;
+ }
}
}
if(strcasecompare(hostname, sts->host))
return sts;
}
}
- return NULL; /* no match */
+ return bestsub;
}
/*
@@ -444,7 +450,7 @@ static CURLcode hsts_add(struct hsts *h, char *line)
e = Curl_hsts(h, p, subdomain);
if(!e)
result = hsts_create(h, p, subdomain, expires);
- else {
+ else if(strcasecompare(p, e->host)) {
/* the same host name, use the largest expire time */
if(expires > e->expires)
e->expires = expires;
diff --git a/tests/data/test1660 b/tests/data/test1660
index f86126d19cf269..4b6f9615c9d517 100644
--- a/tests/data/test1660
+++ b/tests/data/test1660
@@ -52,7 +52,7 @@ this.example [this.example]: 1548400797
Input 12: error 43
Input 13: error 43
Input 14: error 43
-3.example.com [example.com]: 1569905261 includeSubDomains
+3.example.com [3.example.com]: 1569905261 includeSubDomains
3.example.com [example.com]: 1569905261 includeSubDomains
foo.example.com [example.com]: 1569905261 includeSubDomains
'foo.xample.com' is not HSTS

178
sources/poky/meta/recipes-support/curl/curl/CVE-2025-0167.patch Normal file
View File

@@ -0,0 +1,178 @@
From 0e120c5b925e8ca75d5319e319e5ce4b8080d8eb Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 3 Jan 2025 16:22:27 +0100
Subject: [PATCH] netrc: 'default' with no credentials is not a match
Test 486 verifies.
Reported-by: Yihang Zhou
Closes #15908
Changes:
- Test files are added in Makefile.inc.
- Adjust `%LOGDIR/` to 'log/' due to its absence in code.
CVE: CVE-2025-0167
Upstream-Status: Backport [https://github.com/curl/curl/commit/0e120c5b925e8ca75d5319e]
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
---
lib/netrc.c | 15 ++++--
tests/data/Makefile.inc | 2 +-
tests/data/test486 | 105 ++++++++++++++++++++++++++++++++++++++++
3 files changed, 116 insertions(+), 6 deletions(-)
create mode 100644 tests/data/test486
diff --git a/lib/netrc.c b/lib/netrc.c
index 64efdc0..5533ecc 100644
--- a/lib/netrc.c
+++ b/lib/netrc.c
@@ -263,11 +263,16 @@ static int parsenetrc(const char *host,
out:
Curl_dyn_free(&buf);
- if(!retcode && !password && our_login) {
- /* success without a password, set a blank one */
- password = strdup("");
- if(!password)
- retcode = 1; /* out of memory */
+ if(!retcode) {
+ if(!password && our_login) {
+ /* success without a password, set a blank one */
+ password = strdup("");
+ if(!password)
+ retcode = 1; /* out of memory */
+ }
+ else if(!login && !password)
+ /* a default with no credentials */
+ retcode = NETRC_FILE_MISSING;
}
if(!retcode) {
/* success */
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index e3508cb..7a8074f 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -73,7 +73,7 @@ test426 test427 test428 test429 test430 test431 test432 test433 test434 \
test435 test436 test437 test438 test439 test440 test441 test442 test443 \
test444 test445 test446 test447 test448 test449 test450 test451 test452 \
test453 test454 test455 test456 test457 test458 test459 test460 test461 \
-test462 test463 test467 test468 test478 test479 test480 \
+test462 test463 test467 test468 test478 test479 test480 test486 \
\
test490 test491 test492 test493 test494 test495 test496 test497 test498 \
test499 test500 test501 test502 test503 test504 test505 test506 test507 \
diff --git a/tests/data/test486 b/tests/data/test486
new file mode 100644
index 0000000..093899e
--- /dev/null
+++ b/tests/data/test486
@@ -0,0 +1,105 @@
+<testcase>
+ <info>
+ <keywords>
+ netrc
+ HTTP
+ </keywords>
+ </info>
+ #
+ # Server-side
+ <reply>
+ <data crlf="yes">
+ HTTP/1.1 301 Follow this you fool
+ Date: Tue, 09 Nov 2010 14:49:00 GMT
+ Server: test-server/fake
+ Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
+ ETag: "21025-dc7-39462498"
+ Accept-Ranges: bytes
+ Content-Length: 6
+ Connection: close
+ Location: http://b.com/%TESTNUMBER0002
+
+ -foo-
+ </data>
+
+ <data2 crlf="yes">
+ HTTP/1.1 200 OK
+ Date: Tue, 09 Nov 2010 14:49:00 GMT
+ Server: test-server/fake
+ Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
+ ETag: "21025-dc7-39462498"
+ Accept-Ranges: bytes
+ Content-Length: 7
+ Connection: close
+
+ target
+ </data2>
+
+ <datacheck crlf="yes">
+ HTTP/1.1 301 Follow this you fool
+ Date: Tue, 09 Nov 2010 14:49:00 GMT
+ Server: test-server/fake
+ Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
+ ETag: "21025-dc7-39462498"
+ Accept-Ranges: bytes
+ Content-Length: 6
+ Connection: close
+ Location: http://b.com/%TESTNUMBER0002
+
+ HTTP/1.1 200 OK
+ Date: Tue, 09 Nov 2010 14:49:00 GMT
+ Server: test-server/fake
+ Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
+ ETag: "21025-dc7-39462498"
+ Accept-Ranges: bytes
+ Content-Length: 7
+ Connection: close
+
+ target
+ </datacheck>
+ </reply>
+
+ #
+ # Client-side
+ <client>
+ <server>
+ http
+ </server>
+ <features>
+ proxy
+ </features>
+ <name>
+ .netrc with redirect and "default" with no password or login
+ </name>
+ <command>
+ --netrc --netrc-file log/netrc%TESTNUMBER -L -x http://%HOSTIP:%HTTPPORT/ http://a.com/
+ </command>
+ <file name="log/netrc%TESTNUMBER" >
+
+ machine a.com
+ login alice
+ password alicespassword
+
+ default
+
+ </file>
+ </client>
+
+ <verify>
+ <protocol>
+ GET http://a.com/ HTTP/1.1
+ Host: a.com
+ Authorization: Basic %b64[alice:alicespassword]b64%
+ User-Agent: curl/%VERSION
+ Accept: */*
+ Proxy-Connection: Keep-Alive
+
+ GET http://b.com/%TESTNUMBER0002 HTTP/1.1
+ Host: b.com
+ User-Agent: curl/%VERSION
+ Accept: */*
+ Proxy-Connection: Keep-Alive
+
+ </protocol>
+ </verify>
+ </testcase>
--
2.40.0

41
sources/poky/meta/recipes-support/curl/curl/disable-tests Normal file
View File

@@ -0,0 +1,41 @@
# Intermittently fails e.g. https://autobuilder.yocto.io/pub/non-release/20231220-28/testresults/qemux86-64-ptest/curl.log
# https://autobuilder.yocto.io/pub/non-release/20231220-27/testresults/qemux86-64-ptest/curl.log
337
# These CRL test (alt-avc) are failing
356
412
413
# These CRL tests are scanning docs
971
# Intermittently hangs e.g http://autobuilder.yocto.io/pub/non-release/20231228-18/testresults/qemux86-64-ptest/curl.log
1091
# Intermittently hangs e.g https://autobuilder.yocto.io/pub/non-release/20231220-27/testresults/qemux86-64-ptest/curl.log
1096
# These CRL tests are scanning docs
1119
1132
1135
1478
# These CRL tests are scanning headers
1167
1477
# These CRL tests are scanning man pages
1139
1140
1173
1177
# This CRL test is looking for m4 files
1165
# This CRL test is looking for src files
1185
# This test is scanning the source tree
1222
# These CRL tests need --libcurl option to be enabled
1279
1400
1401
1402
1403
1404
1405
1465

19
sources/poky/meta/recipes-support/curl/curl/environment.d-curl.sh Normal file
View File

@@ -0,0 +1,19 @@
# Respect host env CURL_CA_BUNDLE/CURL_CA_PATH first, then auto-detected host cert, then cert in buildtools
# CAFILE/CAPATH is auto-deteced when source buildtools
if [ -z "$CURL_CA_PATH" ]; then
if [ -n "$CAFILE" ];then
export CURL_CA_BUNDLE="$CAFILE"
elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then
export CURL_CA_BUNDLE="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt"
fi
fi
if [ -z "$CURL_CA_PATH" ]; then
if [ -n "$CAPATH" ];then
export CURL_CA_PATH="$CAPATH"
elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then
export CURL_CA_PATH="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs"
fi
fi
export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} CURL_CA_BUNDLE CURL_CA_PATH"

25
sources/poky/meta/recipes-support/curl/curl/no-test-timeout.patch Normal file
View File

@@ -0,0 +1,25 @@
From 42cddb52e821cfc2f09f1974742714e5f2f1856e Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@arm.com>
Date: Fri, 15 Mar 2024 14:37:37 +0000
Subject: [PATCH] Set the max-time timeout to 600 so the timeout is 10 minutes
instead of 13 seconds.
Upstream-Status: Inappropriate
Signed-off-by: Ross Burton <ross.burton@arm.com>
---
tests/servers.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/servers.pm b/tests/servers.pm
index d4472d5..9999938 100644
--- a/tests/servers.pm
+++ b/tests/servers.pm
@@ -120,7 +120,7 @@ my $sshdverstr; # for socks server, ssh daemon version string
my $sshderror; # for socks server, ssh daemon version error
my %doesntrun; # servers that don't work, identified by pidfile
my %PORT = (nolisten => 47); # port we use for a local non-listening service
-my $server_response_maxtime=13;
+my $server_response_maxtime=600;
my $httptlssrv = find_httptlssrv();
my %run; # running server
my %runcert; # cert file currently in use by an ssl running server

13
sources/poky/meta/recipes-support/curl/curl/run-ptest Normal file
View File

@@ -0,0 +1,13 @@
#!/bin/sh
cd tests
# Run all tests, don't stop on first failure
# Don't use valgrind if it is found
# Use automake-style output
# Run four tests in parallel
# Print log output on failure
# Don't run the flaky or timing dependent tests
# Until https://github.com/curl/curl/issues/13350 is resolved, don't run FTP tests
./runtests.pl -a -n -am -j4 -p !flaky !timing-dependent !FTP

173
sources/poky/meta/recipes-support/curl/curl_8.7.1.bb Normal file
View File

@@ -0,0 +1,173 @@
SUMMARY = "Command line tool and library for client-side URL transfers"
DESCRIPTION = "It uses URL syntax to transfer data to and from servers. \
curl is a widely used because of its ability to be flexible and complete \
complex tasks. For example, you can use curl for things like user authentication, \
HTTP post, SSL connections, proxy support, FTP uploads, and more!"
HOMEPAGE = "https://curl.se/"
BUGTRACKER = "https://github.com/curl/curl/issues"
SECTION = "console/network"
LICENSE = "curl"
LIC_FILES_CHKSUM = "file://COPYING;md5=eed2e5088e1ac619c9a1c747da291d75"
SRC_URI = " \
https://curl.se/download/${BP}.tar.xz \
file://721941aadf4adf4f6aeb3f4c0ab489bb89610c36.patch \
file://run-ptest \
file://disable-tests \
file://no-test-timeout.patch \
file://CVE-2024-6197.patch \
file://CVE-2024-7264-1.patch \
file://CVE-2024-7264-2.patch \
file://CVE-2024-8096.patch \
file://CVE-2024-9681.patch \
file://CVE-2024-11053-0001.patch \
file://CVE-2024-11053-0002.patch \
file://CVE-2024-11053-0003.patch \
file://CVE-2025-0167.patch \
"
SRC_URI:append:class-nativesdk = " \
file://environment.d-curl.sh \
"
SRC_URI[sha256sum] = "6fea2aac6a4610fbd0400afb0bcddbe7258a64c63f1f68e5855ebc0c659710cd"
# Curl has used many names over the years...
CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"
CVE_STATUS[CVE-2024-32928] = "ignored: CURLOPT_SSL_VERIFYPEER was disabled on google cloud services causing a potential man in the middle attack"
CVE_STATUS[CVE-2025-0725] = "not-applicable-config: gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, using zlib 1.2.0.3 or older"
CVE_STATUS[CVE-2025-5025] = "${@bb.utils.contains('PACKAGECONFIG', 'openssl', 'not-applicable-config: build with openssl','unpatched',d)}"
inherit autotools pkgconfig binconfig multilib_header ptest
# Entropy source for random PACKAGECONFIG option
RANDOM ?= "/dev/urandom"
PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} aws basic-auth bearer-auth digest-auth negotiate-auth libidn openssl proxy random threaded-resolver verbose zlib"
PACKAGECONFIG:class-native = "ipv6 openssl proxy random threaded-resolver verbose zlib aws basic-auth bearer-auth digest-auth negotiate-auth"
PACKAGECONFIG:class-nativesdk = "ipv6 openssl proxy random threaded-resolver verbose zlib aws basic-auth bearer-auth digest-auth negotiate-auth"
# 'ares' and 'threaded-resolver' are mutually exclusive
PACKAGECONFIG[ares] = "--enable-ares,--disable-ares,c-ares,,,threaded-resolver"
PACKAGECONFIG[aws] = "--enable-aws,--disable-aws"
PACKAGECONFIG[basic-auth] = "--enable-basic-auth,--disable-basic-auth"
PACKAGECONFIG[bearer-auth] = "--enable-bearer-auth,--disable-bearer-auth"
PACKAGECONFIG[brotli] = "--with-brotli,--without-brotli,brotli"
PACKAGECONFIG[builtinmanual] = "--enable-manual,--disable-manual"
# Don't use this in production
PACKAGECONFIG[debug] = "--enable-debug,--disable-debug"
PACKAGECONFIG[dict] = "--enable-dict,--disable-dict,"
PACKAGECONFIG[digest-auth] = "--enable-digest-auth,--disable-digest-auth"
PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls"
PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher,"
PACKAGECONFIG[imap] = "--enable-imap,--disable-imap,"
PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
PACKAGECONFIG[kerberos-auth] = "--enable-kerberos-auth,--disable-kerberos-auth"
PACKAGECONFIG[krb5] = "--with-gssapi,--without-gssapi,krb5"
PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap,openldap"
PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps,openldap"
PACKAGECONFIG[libgsasl] = "--with-libgsasl,--without-libgsasl,libgsasl"
PACKAGECONFIG[libidn] = "--with-libidn2,--without-libidn2,libidn2"
PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2"
PACKAGECONFIG[mbedtls] = "--with-mbedtls=${STAGING_DIR_TARGET},--without-mbedtls,mbedtls"
PACKAGECONFIG[mqtt] = "--enable-mqtt,--disable-mqtt,"
PACKAGECONFIG[negotiate-auth] = "--enable-negotiate-auth,--disable-negotiate-auth"
PACKAGECONFIG[nghttp2] = "--with-nghttp2,--without-nghttp2,nghttp2"
PACKAGECONFIG[openssl] = "--with-openssl,--without-openssl,openssl"
PACKAGECONFIG[pop3] = "--enable-pop3,--disable-pop3,"
PACKAGECONFIG[proxy] = "--enable-proxy,--disable-proxy,"
PACKAGECONFIG[random] = "--with-random=${RANDOM},--without-random"
PACKAGECONFIG[rtmpdump] = "--with-librtmp,--without-librtmp,rtmpdump"
PACKAGECONFIG[rtsp] = "--enable-rtsp,--disable-rtsp,"
PACKAGECONFIG[smb] = "--enable-smb,--disable-smb,"
PACKAGECONFIG[smtp] = "--enable-smtp,--disable-smtp,"
PACKAGECONFIG[telnet] = "--enable-telnet,--disable-telnet,"
PACKAGECONFIG[tftp] = "--enable-tftp,--disable-tftp,"
PACKAGECONFIG[threaded-resolver] = "--enable-threaded-resolver,--disable-threaded-resolver,,,,ares"
PACKAGECONFIG[verbose] = "--enable-verbose,--disable-verbose"
PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib"
PACKAGECONFIG[zstd] = "--with-zstd,--without-zstd,zstd"
EXTRA_OECONF = " \
--disable-libcurl-option \
--disable-ntlm-wb \
--with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \
--without-libpsl \
--enable-optimize \
${@'--without-ssl' if (bb.utils.filter('PACKAGECONFIG', 'gnutls mbedtls openssl', d) == '') else ''} \
"
fix_absolute_paths () {
# cleanup buildpaths from curl-config
sed -i \
-e 's,--sysroot=${STAGING_DIR_TARGET},,g' \
-e 's,--with-libtool-sysroot=${STAGING_DIR_TARGET},,g' \
-e 's|${DEBUG_PREFIX_MAP}||g' \
-e 's|${@" ".join(d.getVar("DEBUG_PREFIX_MAP").split())}||g' \
${D}${bindir}/curl-config
}
do_install:append:class-target() {
fix_absolute_paths
}
do_install:append:class-nativesdk() {
fix_absolute_paths
mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
install -m 644 ${WORKDIR}/environment.d-curl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/curl.sh
}
do_compile_ptest() {
oe_runmake -C ${B}/tests
}
do_install_ptest() {
cat ${WORKDIR}/disable-tests >> ${S}/tests/data/DISABLED
rm -f ${B}/tests/configurehelp.pm
cp -rf ${B}/tests ${D}${PTEST_PATH}
rm -f ${D}${PTEST_PATH}/tests/libtest/.libs/libhostname.la
rm -f ${D}${PTEST_PATH}/tests/libtest/libhostname.la
mv ${D}${PTEST_PATH}/tests/libtest/.libs/* ${D}${PTEST_PATH}/tests/libtest/
mv ${D}${PTEST_PATH}/tests/libtest/libhostname.so ${D}${PTEST_PATH}/tests/libtest/.libs/
mv ${D}${PTEST_PATH}/tests/http/clients/.libs/* ${D}${PTEST_PATH}/tests/http/clients/
cp -rf ${S}/tests ${D}${PTEST_PATH}
find ${D}${PTEST_PATH}/ -type f -name Makefile.am -o -name Makefile.in -o -name Makefile -delete
install -d ${D}${PTEST_PATH}/src
ln -sf ${bindir}/curl ${D}${PTEST_PATH}/src/curl
cp -rf ${D}${bindir}/curl-config ${D}${PTEST_PATH}
}
RDEPENDS:${PN}-ptest += " \
bash \
locale-base-en-us \
perl-module-b \
perl-module-base \
perl-module-cwd \
perl-module-digest \
perl-module-digest-md5 \
perl-module-file-basename \
perl-module-file-spec \
perl-module-file-temp \
perl-module-io-socket \
perl-module-ipc-open2 \
perl-module-list-util \
perl-module-memoize \
perl-module-storable \
perl-module-time-hires \
"
PACKAGES =+ "lib${BPN}"
FILES:lib${BPN} = "${libdir}/lib*.so.*"
RRECOMMENDS:lib${BPN} += "ca-certificates"
FILES:${PN} += "${datadir}/zsh"
FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/curl.sh"
inherit multilib_script
MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/curl-config"
BBCLASSEXTEND = "native nativesdk"

147
sources/poky/meta/recipes-support/db/db/0001-Fix-libc-compatibility-by-renaming-atomic_init-API.patch Normal file
View File

@@ -0,0 +1,147 @@
From a3569f118fd95b7ad41e1a1128e17c0b8928556d Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Sun, 20 Jan 2019 18:30:23 -0800
Subject: [PATCH] Fix libc++ compatibility by renaming atomic_init API
db5 does not build because it is redefining a C++11 standard
library identifier, atomic_init(). Therefore prefix all
its internal defines with '__db_', to avoid collisions.
Upstream-Status: Inappropriate [as far as open source community is concerned, upstream is dead]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
src/dbinc/atomic.h | 4 ++--
src/mp/mp_fget.c | 4 ++--
src/mp/mp_mvcc.c | 4 ++--
src/mp/mp_region.c | 4 ++--
src/mutex/mut_method.c | 2 +-
src/mutex/mut_tas.c | 4 ++--
6 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/src/dbinc/atomic.h b/src/dbinc/atomic.h
index 1b49de5..7bf353c 100644
--- a/src/dbinc/atomic.h
+++ b/src/dbinc/atomic.h
@@ -70,7 +70,7 @@ typedef struct {
* These have no memory barriers; the caller must include them when necessary.
*/
#define atomic_read(p) ((p)->value)
-#define atomic_init(p, val) ((p)->value = (val))
+#define __db_atomic_init(p, val) ((p)->value = (val))
#ifdef HAVE_ATOMIC_SUPPORT
@@ -206,7 +206,7 @@ static inline int __db_atomic_compare_exchange(
#define atomic_dec(env, p) (--(p)->value)
#define atomic_compare_exchange(env, p, oldval, newval) \
(DB_ASSERT(env, atomic_read(p) == (oldval)), \
- atomic_init(p, (newval)), 1)
+ __db_atomic_init(p, (newval)), 1)
#else
#define atomic_inc(env, p) __atomic_inc(env, p)
#define atomic_dec(env, p) __atomic_dec(env, p)
diff --git a/src/mp/mp_fget.c b/src/mp/mp_fget.c
index 16de695..5159520 100644
--- a/src/mp/mp_fget.c
+++ b/src/mp/mp_fget.c
@@ -649,7 +649,7 @@ alloc: /* Allocate a new buffer header and data space. */
/* Initialize enough so we can call __memp_bhfree. */
alloc_bhp->flags = 0;
- atomic_init(&alloc_bhp->ref, 1);
+ __db_atomic_init(&alloc_bhp->ref, 1);
#ifdef DIAGNOSTIC
if ((uintptr_t)alloc_bhp->buf & (sizeof(size_t) - 1)) {
__db_errx(env, DB_STR("3025",
@@ -955,7 +955,7 @@ alloc: /* Allocate a new buffer header and data space. */
MVCC_MPROTECT(bhp->buf, mfp->pagesize,
PROT_READ);
- atomic_init(&alloc_bhp->ref, 1);
+ __db_atomic_init(&alloc_bhp->ref, 1);
MUTEX_LOCK(env, alloc_bhp->mtx_buf);
alloc_bhp->priority = bhp->priority;
alloc_bhp->pgno = bhp->pgno;
diff --git a/src/mp/mp_mvcc.c b/src/mp/mp_mvcc.c
index 770bad8..dbce4f3 100644
--- a/src/mp/mp_mvcc.c
+++ b/src/mp/mp_mvcc.c
@@ -276,7 +276,7 @@ __memp_bh_freeze(dbmp, infop, hp, bhp, need_frozenp)
#else
memcpy(frozen_bhp, bhp, SSZA(BH, buf));
#endif
- atomic_init(&frozen_bhp->ref, 0);
+ __db_atomic_init(&frozen_bhp->ref, 0);
if (mutex != MUTEX_INVALID)
frozen_bhp->mtx_buf = mutex;
else if ((ret = __mutex_alloc(env, MTX_MPOOL_BH,
@@ -428,7 +428,7 @@ __memp_bh_thaw(dbmp, infop, hp, frozen_bhp, alloc_bhp)
#endif
alloc_bhp->mtx_buf = mutex;
MUTEX_LOCK(env, alloc_bhp->mtx_buf);
- atomic_init(&alloc_bhp->ref, 1);
+ __db_atomic_init(&alloc_bhp->ref, 1);
F_CLR(alloc_bhp, BH_FROZEN);
}
diff --git a/src/mp/mp_region.c b/src/mp/mp_region.c
index 4952030..084f499 100644
--- a/src/mp/mp_region.c
+++ b/src/mp/mp_region.c
@@ -245,7 +245,7 @@ __memp_init(env, dbmp, reginfo_off, htab_buckets, max_nreg)
MTX_MPOOL_FILE_BUCKET, 0, &htab[i].mtx_hash)) != 0)
return (ret);
SH_TAILQ_INIT(&htab[i].hash_bucket);
- atomic_init(&htab[i].hash_page_dirty, 0);
+ __db_atomic_init(&htab[i].hash_page_dirty, 0);
}
/*
@@ -302,7 +302,7 @@ no_prealloc:
} else
hp->mtx_hash = mtx_base + (i % dbenv->mp_mtxcount);
SH_TAILQ_INIT(&hp->hash_bucket);
- atomic_init(&hp->hash_page_dirty, 0);
+ __db_atomic_init(&hp->hash_page_dirty, 0);
#ifdef HAVE_STATISTICS
hp->hash_io_wait = 0;
hp->hash_frozen = hp->hash_thawed = hp->hash_frozen_freed = 0;
diff --git a/src/mutex/mut_method.c b/src/mutex/mut_method.c
index 09353b0..3c954b9 100644
--- a/src/mutex/mut_method.c
+++ b/src/mutex/mut_method.c
@@ -474,7 +474,7 @@ atomic_compare_exchange(env, v, oldval, newval)
MUTEX_LOCK(env, mtx);
ret = atomic_read(v) == oldval;
if (ret)
- atomic_init(v, newval);
+ __db_atomic_init(v, newval);
MUTEX_UNLOCK(env, mtx);
return (ret);
diff --git a/src/mutex/mut_tas.c b/src/mutex/mut_tas.c
index 106b161..5a3b033 100644
--- a/src/mutex/mut_tas.c
+++ b/src/mutex/mut_tas.c
@@ -47,7 +47,7 @@ __db_tas_mutex_init(env, mutex, flags)
#ifdef HAVE_SHARED_LATCHES
if (F_ISSET(mutexp, DB_MUTEX_SHARED))
- atomic_init(&mutexp->sharecount, 0);
+ __db_atomic_init(&mutexp->sharecount, 0);
else
#endif
if (MUTEX_INIT(&mutexp->tas)) {
@@ -536,7 +536,7 @@ __db_tas_mutex_unlock(env, mutex)
F_CLR(mutexp, DB_MUTEX_LOCKED);
/* Flush flag update before zeroing count */
MEMBAR_EXIT();
- atomic_init(&mutexp->sharecount, 0);
+ __db_atomic_init(&mutexp->sharecount, 0);
} else {
DB_ASSERT(env, sharecount > 0);
MEMBAR_EXIT();
--
2.20.1

45
sources/poky/meta/recipes-support/db/db/0001-atomic-Rename-local-__atomic_compare_exchange-to-avo.patch Normal file
View File

@@ -0,0 +1,45 @@
From 29621d637e30982489693f2e207ce6a1790e3337 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Wed, 22 Mar 2017 15:32:26 +0000
Subject: [PATCH] atomic: Rename local __atomic_compare_exchange to avoid clash
with builtins
Helps building with clang
Fixes
../db-5.3.28/src/dbinc/atomic.h:179:19: error: definition of builtin function '__atomic_compare_exchange'
static inline int __atomic_compare_exchange(
Upstream-Status: Inappropriate [as far as open source community is concerned, upstream is dead]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
src/dbinc/atomic.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/dbinc/atomic.h b/src/dbinc/atomic.h
index 6a858f7..1b49de5 100644
--- a/src/dbinc/atomic.h
+++ b/src/dbinc/atomic.h
@@ -144,7 +144,7 @@ typedef LONG volatile *interlocked_val;
#define atomic_inc(env, p) __atomic_inc(p)
#define atomic_dec(env, p) __atomic_dec(p)
#define atomic_compare_exchange(env, p, o, n) \
- __atomic_compare_exchange((p), (o), (n))
+ __db_atomic_compare_exchange((p), (o), (n))
static inline int __atomic_inc(db_atomic_t *p)
{
int temp;
@@ -176,7 +176,7 @@ static inline int __atomic_dec(db_atomic_t *p)
* http://gcc.gnu.org/onlinedocs/gcc-4.1.0/gcc/Atomic-Builtins.html
* which configure could be changed to use.
*/
-static inline int __atomic_compare_exchange(
+static inline int __db_atomic_compare_exchange(
db_atomic_t *p, atomic_value_t oldval, atomic_value_t newval)
{
atomic_value_t was;
--
1.8.3.1

45
sources/poky/meta/recipes-support/db/db/0001-clock-Do-not-define-own-timespec.patch Normal file
View File

@@ -0,0 +1,45 @@
From 96b303caf70a7635953c36e5bfb9ad6e75cb7637 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Fri, 14 Feb 2020 14:12:59 -0800
Subject: [PATCH] clock: Do not define own timespec
timespec is provided by libc and its best left to libc
os_gettime takes a db_timespec and passed its address to clock_gettime
which assumes that db_timespec and timespec are same but actually
its 12-bytes here and libc has 16-bytes
This can cause problems especially with 64bit time_t
Upstream-Status: Inappropriate [as far as open source community is concerned, upstream is dead]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
src/dbinc/clock.h | 17 +----------------
1 file changed, 1 insertion(+), 16 deletions(-)
--- a/src/dbinc/clock.h
+++ b/src/dbinc/clock.h
@@ -44,22 +44,8 @@
extern "C" {
#endif
-/*
- * This declaration is POSIX-compatible. Because there are lots of different
- * time.h include file patterns out there, it's easier to declare our own name
- * in all cases than to try and discover if a system has a struct timespec.
- * For the same reason, and because we'd have to #include <sys/time.h> in db.h,
- * we don't export any timespec structures in the DB API, even in places where
- * it would make sense, like the replication statistics information.
- */
-typedef struct {
- time_t tv_sec; /* seconds */
-#ifdef HAVE_MIXED_SIZE_ADDRESSING
- int32_t tv_nsec;
-#else
- long tv_nsec; /* nanoseconds */
-#endif
-} db_timespec;
+#include <time.h>
+#define db_timespec struct timespec
/* Operations on timespecs */
#undef timespecclear

42
sources/poky/meta/recipes-support/db/db/0001-configure-Add-explicit-tag-options-to-libtool-invoca.patch Normal file
View File

@@ -0,0 +1,42 @@
From 32e5943a3c4637d39e4d65b544dcb99e280210e3 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Sun, 23 Jul 2017 10:54:26 -0700
Subject: [PATCH] configure: Add explicit tag options to libtool invocation
This helps cross compile when tag inference via heuristics
fail because CC variable is having -fPIE -pie and libtool
smartly removes it when building libraries
Upstream-Status: Inappropriate [as far as open source community is concerned, upstream is dead]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
dist/configure.ac | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/dist/configure.ac b/dist/configure.ac
index 689f3b8..9c14bdb 100644
--- a/dist/configure.ac
+++ b/dist/configure.ac
@@ -366,12 +366,12 @@ LIBTOOL="./libtool"
INSTALLER="\$(LIBTOOL) --mode=install cp -p"
-MAKEFILE_CC="\$(LIBTOOL) --mode=compile ${MAKEFILE_CC}"
-MAKEFILE_SOLINK="\$(LIBTOOL) --mode=link ${MAKEFILE_CCLINK} -avoid-version"
-MAKEFILE_CCLINK="\$(LIBTOOL) --mode=link ${MAKEFILE_CCLINK}"
-MAKEFILE_CXX="\$(LIBTOOL) --mode=compile ${MAKEFILE_CXX}"
-MAKEFILE_XSOLINK="\$(LIBTOOL) --mode=link ${MAKEFILE_CXXLINK} -avoid-version"
-MAKEFILE_CXXLINK="\$(LIBTOOL) --mode=link ${MAKEFILE_CXXLINK}"
+MAKEFILE_CC="\$(LIBTOOL) --tag=CC --mode=compile ${MAKEFILE_CC}"
+MAKEFILE_SOLINK="\$(LIBTOOL) --tag=CC --mode=link ${MAKEFILE_CCLINK} -avoid-version"
+MAKEFILE_CCLINK="\$(LIBTOOL) --tag=CC --mode=link ${MAKEFILE_CCLINK}"
+MAKEFILE_CXX="\$(LIBTOOL) --tag=CXX --mode=compile ${MAKEFILE_CXX}"
+MAKEFILE_XSOLINK="\$(LIBTOOL) --tag=CXX --mode=link ${MAKEFILE_CXXLINK} -avoid-version"
+MAKEFILE_CXXLINK="\$(LIBTOOL) --tag=CXX --mode=link ${MAKEFILE_CXXLINK}"
case "$host_os" in
--
2.13.3

21
sources/poky/meta/recipes-support/db/db/fix-parallel-build.patch Normal file
View File

@@ -0,0 +1,21 @@
With higher paralelism it sometimes fails with:
libtool: link: `util_log.lo' is not a valid libtool object
make: *** [db_replicate] Error 1
Upstream-Status: Inappropriate [as far as open source community is concerned, upstream is dead]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Index: db-6.0.30/dist/Makefile.in
===================================================================
--- db-6.0.30.orig/dist/Makefile.in
+++ db-6.0.30/dist/Makefile.in
@@ -1041,7 +1041,7 @@ db_recover: db_recover@o@ util_sig@o@ $(
db_recover@o@ util_sig@o@ $(DEF_LIB) $(LIBS)
$(POSTLINK) $@
-db_replicate: db_replicate@o@ util_sig@o@ $(DEF_LIB)
+db_replicate: db_replicate@o@ util_log@o@ util_sig@o@ $(DEF_LIB)
$(CCLINK) -o $@ $(LDFLAGS) \
db_replicate@o@ util_log@o@ util_sig@o@ $(DEF_LIB) $(LIBS)
$(POSTLINK) $@

59
sources/poky/meta/recipes-support/db/db/sequence-type.patch Normal file
View File

@@ -0,0 +1,59 @@
configure wants to use host-specific types to get a 64-bit integer in db.h
instead of using an alias such as int64_t. This means that the header differs
in multilib environments for no good reason, so replace the type with the alias
in stdint.h.
This then breaks the overly complicated type check but as we know that int64_t
exists and works, we can just delete that.
Upstream-Status: Inappropriate [as far as open source community is concerned, upstream is dead]
Signed-off-by: Ross Burton <ross.burton@intel.com>
--- a/dist/aclocal/sequence.m4~ 2013-09-09 16:35:02.000000000 +0100
+++ b/dist/aclocal/sequence.m4 2017-11-01 13:21:45.472295971 +0000
@@ -24 +24 @@
- db_cv_seq_type="long"
+ db_cv_seq_type="int64_t"
@@ -31 +31 @@
- db_cv_seq_type="long long"
+ db_cv_seq_type="int64_t"
@@ -41,38 +41 @@
- # Test to see if we can declare variables of the appropriate size
- # and format them. If we're cross-compiling, all we get is a link
- # test, which won't test for the appropriate printf format strings.
- if test "$db_cv_build_sequence" = "yes"; then
- AC_TRY_RUN([
- main() {
- $db_cv_seq_type l;
- unsigned $db_cv_seq_type u;
- char buf@<:@100@:>@;
-
- buf@<:@0@:>@ = 'a';
- l = 9223372036854775807LL;
- (void)snprintf(buf, sizeof(buf), $db_cv_seq_fmt, l);
- if (strcmp(buf, "9223372036854775807"))
- return (1);
- u = 18446744073709551615ULL;
- (void)snprintf(buf, sizeof(buf), $db_cv_seq_ufmt, u);
- if (strcmp(buf, "18446744073709551615"))
- return (1);
- return (0);
- }],, [db_cv_build_sequence="no"],
- AC_TRY_LINK(,[
- $db_cv_seq_type l;
- unsigned $db_cv_seq_type u;
- char buf@<:@100@:>@;
-
- buf@<:@0@:>@ = 'a';
- l = 9223372036854775807LL;
- (void)snprintf(buf, sizeof(buf), $db_cv_seq_fmt, l);
- if (strcmp(buf, "9223372036854775807"))
- return (1);
- u = 18446744073709551615ULL;
- (void)snprintf(buf, sizeof(buf), $db_cv_seq_ufmt, u);
- if (strcmp(buf, "18446744073709551615"))
- return (1);
- return (0);
- ],, [db_cv_build_sequence="no"]))
- fi
+ db_cv_build_sequence="yes"

122
sources/poky/meta/recipes-support/db/db_5.3.28.bb Normal file
View File

@@ -0,0 +1,122 @@
# Version 5 of the Berkeley DB from Sleepycat
#
# At present this package only installs the DB code
# itself (shared libraries, .a in the dev package),
# documentation and headers.
#
# The headers have the same names as those as v3
# of the DB, only one version can be used *for dev*
# at once - DB3 and DB5 can both be installed on the
# same system at the same time if really necessary.
SECTION = "libs"
SUMMARY = "Berkeley Database v5"
DESCRIPTION = "Provides the foundational storage services for your application, no matter how demanding and unique your requirements may seem to be"
HOMEPAGE = "https://www.oracle.com/database/technologies/related/berkeleydb.html"
LICENSE = "Sleepycat"
RCONFLICTS:${PN} = "db3"
CVE_PRODUCT = "oracle_berkeley_db berkeley_db"
CVE_VERSION = "11.2.${PV}"
PE = "1"
SRC_URI = "https://download.oracle.com/berkeley-db/db-${PV}.tar.gz"
SRC_URI += "file://fix-parallel-build.patch \
file://0001-atomic-Rename-local-__atomic_compare_exchange-to-avo.patch \
file://0001-configure-Add-explicit-tag-options-to-libtool-invoca.patch \
file://sequence-type.patch \
file://0001-Fix-libc-compatibility-by-renaming-atomic_init-API.patch \
file://0001-clock-Do-not-define-own-timespec.patch \
"
# We are not interested in official latest 6.x versions;
# let's track what debian is using.
UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/d/db5.3/"
UPSTREAM_CHECK_REGEX = "db5\.3_(?P<pver>\d+(\.\d+)+).+\.orig"
SRC_URI[md5sum] = "b99454564d5b4479750567031d66fe24"
SRC_URI[sha256sum] = "e0a992d740709892e81f9d93f06daf305cf73fb81b545afe72478043172c3628"
LIC_FILES_CHKSUM = "file://LICENSE;md5=ed1158e31437f4f87cdd4ab2b8613955"
inherit autotools
# The executables go in a separate package - typically there
# is no need to install these unless doing real database
# management on the system.
inherit lib_package
PACKAGES =+ "${PN}-cxx"
FILES:${PN}-cxx = "${libdir}/*cxx*so"
# The dev package has the .so link (as in db3) and the .a's -
# it is therefore incompatible (cannot be installed at the
# same time) as the db3 package
# sort out the .so since they do version prior to the .so
SOLIBS = "-5*.so"
FILES_SOLIBSDEV = "${libdir}/libdb.so ${libdir}/libdb_cxx.so"
#configuration - set in local.conf to override
# All the --disable-* options replace --enable-smallbuild, which breaks a bunch of stuff (eg. postfix)
DB5_CONFIG ?= "--enable-o_direct --disable-cryptography --disable-queue --disable-replication --disable-compat185 --disable-sql"
EXTRA_OECONF = "${DB5_CONFIG} --enable-shared --enable-cxx --with-sysroot STRIP=true"
PACKAGECONFIG ??= ""
PACKAGECONFIG[verify] = "--enable-verify, --disable-verify"
PACKAGECONFIG[dbm] = "--enable-dbm,--disable-dbm,"
EXTRA_AUTORECONF += "--exclude=autoheader -I ${S}/dist/aclocal -I${S}/dist/aclocal_java"
AUTOTOOLS_SCRIPT_PATH = "${S}/dist"
# Cancel the site stuff - it's set for db3 and destroys the
# configure.
CONFIG_SITE = ""
oe_runconf:prepend() {
. ${S}/dist/RELEASE
# Edit version information we couldn't pre-compute.
sed -i -e "s/__EDIT_DB_VERSION_FAMILY__/$DB_VERSION_FAMILY/g" \
-e "s/__EDIT_DB_VERSION_RELEASE__/$DB_VERSION_RELEASE/g" \
-e "s/__EDIT_DB_VERSION_MAJOR__/$DB_VERSION_MAJOR/g" \
-e "s/__EDIT_DB_VERSION_MINOR__/$DB_VERSION_MINOR/g" \
-e "s/__EDIT_DB_VERSION_PATCH__/$DB_VERSION_PATCH/g" \
-e "s/__EDIT_DB_VERSION_STRING__/$DB_VERSION_STRING/g" \
-e "s/__EDIT_DB_VERSION_FULL_STRING__/$DB_VERSION_FULL_STRING/g" \
-e "s/__EDIT_DB_VERSION_UNIQUE_NAME__/$DB_VERSION_UNIQUE_NAME/g" \
-e "s/__EDIT_DB_VERSION__/$DB_VERSION/g" ${S}/dist/configure
}
do_compile:prepend() {
# Stop libtool adding RPATHs
sed -i -e 's|hardcode_into_libs=yes|hardcode_into_libs=no|' ${B}/libtool
}
do_install:append() {
mkdir -p ${D}/${includedir}/db51
mv ${D}/${includedir}/db.h ${D}/${includedir}/db51/.
mv ${D}/${includedir}/db_cxx.h ${D}/${includedir}/db51/.
ln -s db51/db.h ${D}/${includedir}/db.h
ln -s db51/db_cxx.h ${D}/${includedir}/db_cxx.h
# The docs end up in /usr/docs - not right.
if test -d "${D}/${prefix}/docs"
then
mkdir -p "${D}/${datadir}"
test ! -d "${D}/${docdir}" || rm -rf "${D}/${docdir}"
mv "${D}/${prefix}/docs" "${D}/${docdir}"
fi
chown -R root:root ${D}
if ${@bb.utils.contains('PACKAGECONFIG', 'verify', 'false', 'true', d)}; then
rm -f ${D}${bindir}/db_verify
fi
}
INSANE_SKIP:${PN} = "dev-so"
INSANE_SKIP:${PN}-cxx = "dev-so"
BBCLASSEXTEND = "native nativesdk"
# many configure tests are failing with gcc-14
CFLAGS += "-Wno-error=implicit-int -Wno-error=implicit-function-declaration"
BUILD_CFLAGS += "-Wno-error=implicit-int -Wno-error=implicit-function-declaration"

58
sources/poky/meta/recipes-support/debianutils/debianutils_5.16.bb Normal file
View File

@@ -0,0 +1,58 @@
SUMMARY = "Miscellaneous utilities specific to Debian"
DESCRIPTION = "Provides a number of small utilities which are used \
primarily by the installation scripts of Debian packages, although \
you may use them directly. "
HOMEPAGE = "https://packages.debian.org/sid/debianutils"
BUGTRACKER = "https://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=debianutils;dist=unstable"
SECTION = "base"
LICENSE = "GPL-2.0-only & SMAIL_GPL"
LIC_FILES_CHKSUM = "file://debian/copyright;md5=4b667f30411d21bc8fd7db85d502a8e9"
SRC_URI = "git://salsa.debian.org/debian/debianutils.git;protocol=https;branch=master \
"
SRCREV = "9e0facf19b17b6d090a5dcc8cacb0c16e5ad9f72"
inherit autotools update-alternatives
S = "${WORKDIR}/git"
# Disable po4a (translated manpages) sub-directory, as that requires po4a to build
do_configure:prepend() {
sed -i -e 's:po4a::g' ${S}/Makefile.am
}
do_install:append() {
if [ "${base_bindir}" != "${bindir}" ]; then
# Debian places some utils into ${base_bindir} as does busybox
install -d ${D}${base_bindir}
for app in run-parts; do
mv ${D}${bindir}/$app ${D}${base_bindir}/$app
done
fi
mv ${D}${bindir}/which.debianutils ${D}${bindir}/which
}
# Note that we package the update-alternatives name.
#
PACKAGES =+ "${PN}-run-parts"
FILES:${PN}-run-parts = "${base_bindir}/run-parts.debianutils"
RDEPENDS:${PN} += "${PN}-run-parts"
RDEPENDS:${PN}:class-native = ""
ALTERNATIVE_PRIORITY = "30"
ALTERNATIVE:${PN} = "add-shell installkernel remove-shell savelog which"
ALTERNATIVE_PRIORITY_${PN}-run-parts = "60"
ALTERNATIVE:${PN}-run-parts = "run-parts"
ALTERNATIVE_LINK_NAME[add-shell] = "${sbindir}/add-shell"
ALTERNATIVE_LINK_NAME[installkernel] = "${sbindir}/installkernel"
ALTERNATIVE_LINK_NAME[remove-shell] = "${sbindir}/remove-shell"
ALTERNATIVE_LINK_NAME[run-parts] = "${base_bindir}/run-parts"
ALTERNATIVE_LINK_NAME[savelog] = "${bindir}/savelog"
ALTERNATIVE_LINK_NAME[which] = "${bindir}/which"
BBCLASSEXTEND = "native"

43
sources/poky/meta/recipes-support/diffoscope/diffoscope_259.bb Normal file
View File

@@ -0,0 +1,43 @@
SUMMARY = "in-depth comparison of files, archives, and directories"
DESCRIPTION = "Tries to get to the bottom of what makes files or directories \
different. It will recursively unpack archives of many kinds and transform \
various binary formats into more human-readable form to compare them. \
It can compare two tarballs, ISO images, or PDF just as easily."
HOMEPAGE = "https://diffoscope.org/"
BUGTRACKER = "https://salsa.debian.org/reproducible-builds/diffoscope/-/issues"
LICENSE = "GPL-3.0-or-later"
LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
PYPI_PACKAGE = "diffoscope"
inherit pypi setuptools3
SRC_URI[sha256sum] = "c1f14452467f84c4be804a3725cbfdd5eadf977ece7ad463be8b647d1a87fb42"
RDEPENDS:${PN} += "\
binutils \
python3-curses \
python3-difflib \
python3-fcntl \
python3-json \
python3-libarchive-c \
python3-magic \
python3-multiprocessing \
python3-pprint \
python3-rpm \
squashfs-tools \
vim \
"
# Dependencies don't build for musl
COMPATIBLE_HOST:libc-musl = 'null'
do_install:append:class-native() {
create_wrapper ${D}${bindir}/diffoscope \
MAGIC=${STAGING_DIR_NATIVE}${datadir_native}/misc/magic.mgc \
RPM_CONFIGDIR=${STAGING_LIBDIR_NATIVE}/rpm \
LD_LIBRARY_PATH=${STAGING_LIBDIR_NATIVE} \
RPM_ETCCONFIGDIR=${STAGING_DIR_NATIVE}
}
BBCLASSEXTEND = "native"

34
sources/poky/meta/recipes-support/dos2unix/dos2unix_7.5.2.bb Normal file
View File

@@ -0,0 +1,34 @@
SUMMARY = "Convert text file line endings between CRLF and LF"
DESCRIPTION = "The Dos2unix package includes utilities dos2unix and \
unix2dos to convert plain text files in DOS or Mac format to Unix \
format and vice versa."
HOMEPAGE = "http://waterlan.home.xs4all.nl/dos2unix.html"
SECTION = "support"
LICENSE = "BSD-2-Clause"
LIC_FILES_CHKSUM = "file://COPYING.txt;md5=49ec74e0139712398b9ddb06d824929a"
SRC_URI = "git://git.code.sf.net/p/dos2unix/dos2unix;branch=master;protocol=https"
UPSTREAM_CHECK_GITTAGREGEX = "dos2unix-(?P<pver>(\d+(\.\d+)+))"
SRCREV = "c16a0b31a64c7eb6b2d76960e5144732b57f2993"
S = "${WORKDIR}/git/dos2unix"
inherit gettext perlnative
# The dos2unix NLS relies on po4a-native, while po4a recipe is
# provided by meta-perl layer, so make it optional here, you
# need have meta-perl in bblayers.conf before enabling nls in
# PACKAGECONFIG.
PACKAGECONFIG ??= ""
PACKAGECONFIG[nls] = "ENABLE_NLS=1,ENABLE_NLS=,po4a-native"
EXTRA_OEMAKE = "${PACKAGECONFIG_CONFARGS} LDFLAGS_USER='${LDFLAGS}'"
EXTRA_OEMAKE:class-native = "ENABLE_NLS="
do_install () {
oe_runmake DESTDIR="${D}${base_prefix}" install
}
BBCLASSEXTEND = "native nativesdk"

29
sources/poky/meta/recipes-support/enchant/enchant2_2.6.7.bb Normal file
View File

@@ -0,0 +1,29 @@
SUMMARY = "Enchant Spell checker API Library"
DESCRIPTION = "A library (and command-line program) that wraps a number of \
different spelling libraries and programs with a consistent interface."
SECTION = "libs"
HOMEPAGE = "https://abiword.github.io/enchant/"
BUGTRACKER = "https://github.com/AbiWord/enchant/issues/"
LICENSE = "LGPL-2.1-or-later"
LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=4fbd65380cdd255951079008b364516c"
DEPENDS = "glib-2.0 groff-native"
inherit autotools pkgconfig github-releases
SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/enchant-${PV}.tar.gz"
SRC_URI[sha256sum] = "a1c2e5b59acca000bbfb24810af4a1165733d407f2154786588e076c8cd57bfc"
GITHUB_BASE_URI = "https://github.com/rrthomas/enchant/releases"
S = "${WORKDIR}/enchant-${PV}"
PACKAGECONFIG ??= "aspell"
PACKAGECONFIG[aspell] = "--with-aspell,--without-aspell,aspell,aspell"
PACKAGECONFIG[hunspell] = "--with-hunspell,--without-hunspell,hunspell,hunspell"
FILES:${PN} += " \
${datadir}/enchant-2 \
${libdir}/enchant-2 \
"
FILES:${PN}-staticdev += "${libdir}/enchant-2/*.a"

20
sources/poky/meta/recipes-support/fribidi/fribidi_1.0.14.bb Normal file
View File

@@ -0,0 +1,20 @@
SUMMARY = "Free Implementation of the Unicode Bidirectional Algorithm"
DESCRIPTION = "It provides utility functions to aid in the development \
of interactive editors and widgets that implement BiDi functionality. \
The BiDi algorithm is a prerequisite for supporting right-to-left scripts such \
as Hebrew, Arabic, Syriac, and Thaana. "
SECTION = "libs"
HOMEPAGE = "http://fribidi.org/"
BUGTRACKER = "https://github.com/fribidi/fribidi/issues"
LICENSE = "LGPL-2.1-or-later"
LIC_FILES_CHKSUM = "file://COPYING;md5=a916467b91076e631dd8edb7424769c7"
SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/${BP}.tar.xz \
"
SRC_URI[sha256sum] = "76ae204a7027652ac3981b9fa5817c083ba23114340284c58e756b259cd2259a"
inherit meson lib_package pkgconfig github-releases
CVE_PRODUCT = "gnu_fribidi fribidi"
BBCLASSEXTEND = "native nativesdk"

50
sources/poky/meta/recipes-support/gdbm/files/ptest.patch Normal file
View File

@@ -0,0 +1,50 @@
From 8bea84a598b51a7ac7e50aa8f0f20857a9b6b07b Mon Sep 17 00:00:00 2001
From: Josep Puigdemont <josep.puigdemont@enea.com>
Date: Sun, 4 May 2014 16:02:07 +0200
Subject: [PATCH] Add install-ptest rules.
Signed-off-by: Josep Puigdemont <josep.puigdemont@enea.com>
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Upstream-Status: Pending
---
Makefile.am | 5 +++++
tests/Makefile.am | 12 ++++++++++++
2 files changed, 17 insertions(+)
diff --git a/Makefile.am b/Makefile.am
index 59e2643..5f3ceb0 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -64,3 +64,8 @@ ChangeLog:
mv ChangeLog.tmp ChangeLog; \
rm -f ChangeLog.tmp; \
fi
+
+install-ptest:
+ @for subdir in $(SUBDIRS); do \
+ $(MAKE) -C $$subdir DESTDIR=$(DESTDIR)/$$subdir $@; \
+ done
diff --git a/tests/Makefile.am b/tests/Makefile.am
index fac6826..5dc2091 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -143,3 +143,15 @@ d_creat_ce_LDADD = ../src/libgdbm.la ../compat/libgdbm_compat.la
t_wordwrap_LDADD = ../tools/libgdbmapp.a
SUBDIRS = gdbmtool
+
+buildtests: $(check_PROGRAMS) $(TESTSUITE)
+
+install-ptest: $(check_PROGRAMS) $(TESTSUITE)
+ @$(INSTALL) -d $(DESTDIR)
+ @for file in $^; do \
+ if [ -x .libs/$$file ]; then \
+ $(INSTALL_PROGRAM) .libs/$$file $(DESTDIR)/$$file; \
+ else \
+ $(INSTALL_PROGRAM) $$file $(DESTDIR) ; \
+ fi \
+ done
--
2.25.1

7
sources/poky/meta/recipes-support/gdbm/files/run-ptest Executable file
View File

@@ -0,0 +1,7 @@
#!/bin/sh
#
# This script is used to run the gmdb test suite
cd tests
./testsuite --am-fmt AUTOTEST_PATH=$PWD abs_builddir=$PWD COMPAT=1

45
sources/poky/meta/recipes-support/gdbm/gdbm_1.23.bb Normal file
View File

@@ -0,0 +1,45 @@
SUMMARY = "Key/value database library with extensible hashing"
DESCRIPTION = "Library of database functions that use extensible hashing \
and work similar to the standard UNIX dbm. These routines are provided \
to a programmer needing to create and manipulate a hashed database."
HOMEPAGE = "http://www.gnu.org/software/gdbm/"
SECTION = "libs"
LICENSE = "GPL-3.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=241da1b9fe42e642cbb2c24d5e0c4d24"
SRC_URI = "${GNU_MIRROR}/gdbm/gdbm-${PV}.tar.gz \
file://run-ptest \
file://ptest.patch \
"
SRC_URI[sha256sum] = "74b1081d21fff13ae4bd7c16e5d6e504a4c26f7cde1dca0d963a484174bbcacd"
inherit autotools gettext texinfo lib_package ptest
# Needed for dbm python module
EXTRA_OECONF = "--enable-libgdbm-compat --without-readline"
# Stop presence of dbm/nbdm on the host contaminating builds
CACHED_CONFIGUREVARS += "ac_cv_lib_ndbm_main=no ac_cv_lib_dbm_main=no"
BBCLASSEXTEND = "native nativesdk"
do_install:append () {
# Create a symlink to ndbm.h and gdbm.h in include/gdbm to let other packages to find
# these headers
install -d ${D}${includedir}/gdbm
ln -sf ../ndbm.h ${D}/${includedir}/gdbm/ndbm.h
ln -sf ../gdbm.h ${D}/${includedir}/gdbm/gdbm.h
}
RDEPENDS:${PN}-ptest += "diffutils ${PN}-bin"
do_compile_ptest() {
oe_runmake -C tests buildtests
}
PACKAGES =+ "${PN}-compat \
"
FILES:${PN}-compat = "${libdir}/libgdbm_compat${SOLIBS} \
"

12
sources/poky/meta/recipes-support/gmp/gmp.inc Normal file
View File

@@ -0,0 +1,12 @@
SUMMARY = "GNU multiprecision arithmetic library"
DESCRIPTION = "GMP is a free library for arbitrary precision arithmetic, operating on signed integers, rational numbers, and floating point numbers"
HOMEPAGE = "http://gmplib.org/"
SECTION = "devel"
inherit autotools texinfo multilib_header
PACKAGECONFIG ??= ""
PACKAGECONFIG[readline] = "--with-readline=yes,--with-readline=no,readline"
ARM_INSTRUCTION_SET:armv4 = "arm"
ARM_INSTRUCTION_SET:armv5 = "arm"

61
sources/poky/meta/recipes-support/gmp/gmp/0001-Append-the-user-provided-flags-to-the-auto-detected-.patch Normal file
View File

@@ -0,0 +1,61 @@
From d3b9fc523fc11260ced890c35bc5c9e6391c8656 Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Mon, 14 Dec 2015 14:19:49 +0200
Subject: [PATCH] Append the user provided flags to the auto-detected ones.
Upstream-Status: Inappropriate
Signed-off-by: Laurentiu Palcu <laurentiu.palcu@intel.com>
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
---
configure.ac | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/configure.ac b/configure.ac
index 9cedfeb..87caee5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1921,8 +1921,12 @@ cclist=$cclist
EOF
-test_CFLAGS=${CFLAGS+set}
-test_CPPFLAGS=${CPPFLAGS+set}
+test_CFLAGS=
+test_CPPFLAGS=
+
+user_CFLAGS=$CFLAGS
+user_CPPFLAGS=$CPPFLAGS
+user_CXXFLAGS=$CXXFLAGS
for abi in $abilist; do
abi_last="$abi"
@@ -2353,7 +2357,7 @@ AC_SUBST(CCAS)
# The C++ compiler, if desired.
want_cxx=no
if test $enable_cxx != no; then
- test_CXXFLAGS=${CXXFLAGS+set}
+ test_CXXFLAGS=
AC_PROG_CXX
echo "CXXFLAGS chosen by autoconf: $CXXFLAGS" >&AC_FD_CC
@@ -2381,7 +2385,7 @@ if test $enable_cxx != no; then
# Automake includes $CPPFLAGS in a C++ compile, so we do the same here.
#
for cxxflags_choice in $cxxflags_list; do
- eval CXXFLAGS=\"\$cxxflags_$cxxflags_choice\"
+ eval CXXFLAGS=\"\$cxxflags_$cxxflags_choice $user_CXXFLAGS\"
GMP_PROG_CXX_WORKS($CXX $CPPFLAGS $CXXFLAGS,
[want_cxx=yes
break])
@@ -2477,6 +2481,8 @@ if test "$enable_assembly" = "no"; then
# done
fi
+CFLAGS="$CFLAGS $user_CFLAGS"
+CPPFLAGS="$CPPFLAGS $user_CPPFLAGS"
cat >&AC_FD_CC <<EOF
Decided:
--
2.6.2

49
sources/poky/meta/recipes-support/gmp/gmp/0001-confiure.ac-Believe-the-cflags-from-environment.patch Normal file
View File

@@ -0,0 +1,49 @@
From ae1a4c37417a3bbbf8ea1cab198982b0cad47e29 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Fri, 12 Aug 2016 17:08:13 +0000
Subject: [PATCH] confiure.ac: Believe the cflags from environment
In some toolchains e.g. OpenEmbedded -march options
are passed on compiler cmdline, it does not use
the expected target triplets to make these decision
during configure.
Secondly, dont set armv4 for march when no selection
is made, since it is passed from cmdline
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upstream-Status: Inappropriate [OE-Specific]
---
configure.ac | 11 -----------
1 file changed, 11 deletions(-)
--- a/configure.ac
+++ b/configure.ac
@@ -625,17 +625,6 @@ case $host in
any_32_testlist="sizeof-void*-4"
any_64_testlist="sizeof-void*-8"
- # This is needed for clang, which is not content with flags like -mfpu=neon
- # alone.
- case $host in
- *-*-*eabi)
- gcc_cflags_fpmode="-mfloat-abi=softfp" ;;
- *-*-*eabihf)
- gcc_cflags_fpmode="-mfloat-abi=hard" ;;
- *-*-mingw*)
- limb_64=longlong ;;
- esac
-
# FIXME: We make mandatory compiler options optional here. We should
# either enforce them, or organise to strip paths as the corresponding
# options fail.
@@ -780,8 +769,6 @@ case $host in
;;
*)
path="arm"
- gcc_cflags_arch="-march=armv4"
- GMP_DEFINE_RAW(["define(<NOTHUMB>,1)"])
;;
esac
;;

18
sources/poky/meta/recipes-support/gmp/gmp/use-includedir.patch Normal file
View File

@@ -0,0 +1,18 @@
exec includedir should be pointing to general yocto includdir
Upstream-Status: Pending
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Index: gmp-6.1.2/Makefile.am
===================================================================
--- gmp-6.1.2.orig/Makefile.am
+++ gmp-6.1.2/Makefile.am
@@ -130,7 +130,7 @@ EXTRA_DIST += gmpxx.h
# but anyone knowledgeable enough to be playing with exec_prefix will be able
# to address that.
#
-includeexecdir = $(exec_prefix)/include
+includeexecdir = $(includedir)
include_HEADERS = $(GMPXX_HEADERS_OPTION)
nodist_includeexec_HEADERS = gmp.h
lib_LTLIBRARIES = libgmp.la $(GMPXX_LTLIBRARIES_OPTION)

53
sources/poky/meta/recipes-support/gmp/gmp_6.3.0.bb Normal file
View File

@@ -0,0 +1,53 @@
require gmp.inc
LICENSE = "GPL-2.0-or-later | LGPL-3.0-or-later"
LIC_FILES_CHKSUM = "\
file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \
file://COPYING.LESSERv3;md5=6a6a8e020838b23406c81b19c1d46df6 \
file://COPYINGv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
file://COPYINGv3;md5=11cc2d3ee574f9d6b7ee797bdce4d423 \
"
REVISION = ""
SRC_URI = "https://gmplib.org/download/${BPN}/${BP}${REVISION}.tar.bz2 \
file://use-includedir.patch \
file://0001-Append-the-user-provided-flags-to-the-auto-detected-.patch \
file://0001-confiure.ac-Believe-the-cflags-from-environment.patch \
"
SRC_URI[sha256sum] = "ac28211a7cfb609bae2e2c8d6058d66c8fe96434f740cf6fe2e47b000d1c20cb"
acpaths = ""
EXTRA_OECONF += " --enable-cxx=detect"
EXTRA_OECONF:append:mipsarchr6 = " --disable-assembly"
PACKAGES =+ "libgmpxx"
FILES:libgmpxx = "${libdir}/libgmpxx${SOLIBS}"
do_install:append() {
oe_multilib_header gmp.h
}
fix_absolute_paths () {
sed -i \
-e "s|--sysroot=${STAGING_DIR_HOST}||g" \
-e "s|${DEBUG_PREFIX_MAP}||g" \
${B}/gmp.h
}
do_install:prepend:class-target() {
fix_absolute_paths
}
do_install:prepend:class-nativesdk() {
fix_absolute_paths
}
SSTATE_SCAN_FILES += "gmp.h"
# Doesn't compile in MIPS16e mode due to use of hand-written
# assembly
MIPS_INSTRUCTION_SET = "mips"
BBCLASSEXTEND = "native nativesdk"

31
sources/poky/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing/0001-fix-non-literal-format-string-issue-with-clang.patch Normal file
View File

@@ -0,0 +1,31 @@
From df625a36be8e0c7afa68b3dd23907dc7d658c59a Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Thu, 8 Jul 2021 23:13:30 -0700
Subject: [PATCH] fix non-literal format string issue with clang
clang errors out when using -Werror=format-nonliteral
since the definition of g_strdup_vprintf() from glib-2.0
is using va_list and clang seems to still warn where as
gcc doesn't do that for va_list arguments
Upstream-Status: Submitted [https://gitlab.gnome.org/GNOME/gnome-desktop-testing/-/merge_requests/9]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
src/gnome-desktop-testing-runner.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/gnome-desktop-testing-runner.c b/src/gnome-desktop-testing-runner.c
index d75b71c..da49e14 100644
--- a/src/gnome-desktop-testing-runner.c
+++ b/src/gnome-desktop-testing-runner.c
@@ -74,7 +74,7 @@ static const char * const test_log_message_ids[] = {
static gboolean opt_quiet = FALSE;
static gboolean opt_tap = FALSE;
-static void
+static void G_GNUC_PRINTF (3, 0)
test_log (TestLog what,
const char *test_name,
const char *format,
--
2.32.0

24
sources/poky/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing_2021.1.bb Normal file
View File

@@ -0,0 +1,24 @@
SUMMARY = "Test runner for GNOME-style installed tests"
DESCRIPTION = "Runner provides an execution harness for GNOME installed tests. \
These tests are useful for verifying the functionality of software as \
installed and packaged, and complement rather than replace build-time \
('make check') tests."
HOMEPAGE = "https://wiki.gnome.org/GnomeGoals/InstalledTests"
LICENSE = "LGPL-2.0-or-later"
LIC_FILES_CHKSUM = "file://COPYING;md5=3bf50002aefd002f49e7bb854063f7e7 \
file://src/gnome-desktop-testing-runner.c;beginline=1;endline=20;md5=7ef3ad9da2ffcf7707dc11151fe007f4"
SRC_URI = "git://gitlab.gnome.org/GNOME/gnome-desktop-testing.git;protocol=https;branch=master \
file://0001-fix-non-literal-format-string-issue-with-clang.patch \
"
SRCREV = "e346cd4ed2e2102c9b195b614f3c642d23f5f6e7"
DEPENDS = "glib-2.0"
S = "${WORKDIR}/git"
inherit autotools pkgconfig
PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
PACKAGECONFIG[systemd] = ",,systemd"

34
sources/poky/meta/recipes-support/gnupg/gnupg/0001-Woverride-init-is-not-needed-with-gcc-9.patch Normal file
View File

@@ -0,0 +1,34 @@
From e3adc816d2d56dd929016073937ba24e01e03cb8 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Thu, 20 Dec 2018 17:37:48 -0800
Subject: [PATCH] Woverride-init is not needed with gcc 9
Fixes
| ../../gnupg-2.2.12/dirmngr/dns.h:525:16: error: lvalue required as
unary '&' operand |
525 | dns_rr_i_init(&dns_quietinit((struct dns_rr_i){ 0, __VA_ARGS__
}), (P))
Upstream-Status: Pending
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
dirmngr/dns.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dirmngr/dns.h b/dirmngr/dns.h
index 024d6dcc8..c6e141e16 100644
--- a/dirmngr/dns.h
+++ b/dirmngr/dns.h
@@ -139,7 +139,7 @@ DNS_PUBLIC int *dns_debug_p(void);
#define DNS_PRAGMA_QUIET _Pragma("clang diagnostic ignored \"-Winitializer-overrides\"")
#define DNS_PRAGMA_POP _Pragma("clang diagnostic pop")
-#elif (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) || __GNUC__ > 4
+#elif (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) || (__GNUC__ > 4 && __GNUC__ < 9)
#define DNS_PRAGMA_PUSH _Pragma("GCC diagnostic push")
#define DNS_PRAGMA_QUIET _Pragma("GCC diagnostic ignored \"-Woverride-init\"")
#define DNS_PRAGMA_POP _Pragma("GCC diagnostic pop")
--
2.17.1

28
sources/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch Normal file
View File

@@ -0,0 +1,28 @@
From 6b581c43bd01f815db78a410fd3814fc5994171e Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Mon, 22 Jan 2018 18:00:21 +0200
Subject: [PATCH] configure.ac: use a custom value for the location of
gpg-agent socket in the filesystem
This should avoid clashes with the host gpg-agent observed on autobuilders.
Upstream-Status: Inappropriate [oe-core specific, and only for -native]
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
---
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 26d7f7b..e953c2e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1921,7 +1921,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf",
AC_DEFINE_UNQUOTED(GPGTAR_NAME, "gpgtar", [The name of the gpgtar tool])
-AC_DEFINE_UNQUOTED(GPG_AGENT_SOCK_NAME, "S.gpg-agent",
+AC_DEFINE_UNQUOTED(GPG_AGENT_SOCK_NAME, "S.gpg-agent.yocto-native",
[The name of the agent socket])
AC_DEFINE_UNQUOTED(GPG_AGENT_EXTRA_SOCK_NAME, "S.gpg-agent.extra",
[The name of the agent socket for remote access])

102
sources/poky/meta/recipes-support/gnupg/gnupg/0002-use-pkgconfig-instead-of-npth-config.patch Normal file
View File

@@ -0,0 +1,102 @@
From d9048788d906774b1475c3bb1b17e22455c2add4 Mon Sep 17 00:00:00 2001
From: Saul Wold <sgw@linux.intel.com>
Date: Wed, 16 Aug 2017 11:16:30 +0800
Subject: [PATCH] use pkgconfig instead of npth config
Upstream-Status: Inappropriate [openembedded specific]
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Rebase to 2.1.23
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
m4/npth.m4 | 53 ++++++++---------------------------------------------
1 file changed, 8 insertions(+), 45 deletions(-)
diff --git a/m4/npth.m4 b/m4/npth.m4
index 619ed89..0cb354d 100644
--- a/m4/npth.m4
+++ b/m4/npth.m4
@@ -19,25 +19,10 @@ AC_DEFUN([_AM_PATH_NPTH_CONFIG],
if test "x$npth_config_prefix" != x ; then
NPTH_CONFIG="$npth_config_prefix/bin/npth-config"
fi
+ AC_PATH_PROG(PKGCONFIG, pkg-config, no)
- use_gpgrt_config=""
- if test x"$GPGRT_CONFIG" != x -a "$GPGRT_CONFIG" != "no"; then
- if $GPGRT_CONFIG npth --exists; then
- NPTH_CONFIG="$GPGRT_CONFIG npth"
- AC_MSG_NOTICE([Use gpgrt-config as npth-config])
- use_gpgrt_config=yes
- fi
- fi
- if test -z "$use_gpgrt_config"; then
- AC_PATH_PROG(NPTH_CONFIG, npth-config, no)
- fi
-
- if test "$NPTH_CONFIG" != "no" ; then
- if test -z "$use_gpgrt_config"; then
- npth_version=`$NPTH_CONFIG --version`
- else
- npth_version=`$NPTH_CONFIG --modversion`
- fi
+ if test "$PKGCONFIG" != "no" ; then
+ npth_version=`$PKGCONFIG --modversion npth`
fi
npth_version_major=`echo $npth_version | \
sed 's/\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'`
@@ -62,7 +47,7 @@ AC_DEFUN([AM_PATH_NPTH],
AC_MSG_CHECKING(for NPTH - version >= $min_npth_version)
ok=no
- if test "$NPTH_CONFIG" != "no" ; then
+ if test "$PKGCONFIG" != "no" ; then
req_major=`echo $min_npth_version | \
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)/\1/'`
req_minor=`echo $min_npth_version | \
@@ -83,32 +68,9 @@ AC_DEFUN([AM_PATH_NPTH],
fi
if test $ok = yes; then
AC_MSG_RESULT([yes ($npth_version)])
- else
- AC_MSG_RESULT(no)
- fi
- if test $ok = yes; then
- # If we have a recent NPTH, we should also check that the
- # API is compatible.
- if test "$req_npth_api" -gt 0 ; then
- if test -z "$use_gpgrt_config"; then
- tmp=`$NPTH_CONFIG --api-version 2>/dev/null || echo 0`
- else
- tmp=`$NPTH_CONFIG --variable=api_version 2>/dev/null || echo 0`
- fi
- if test "$tmp" -gt 0 ; then
- AC_MSG_CHECKING([NPTH API version])
- if test "$req_npth_api" -eq "$tmp" ; then
- AC_MSG_RESULT([okay])
- else
- ok=no
- AC_MSG_RESULT([does not match. want=$req_npth_api got=$tmp])
- fi
- fi
- fi
- fi
- if test $ok = yes; then
- NPTH_CFLAGS=`$NPTH_CONFIG --cflags`
- NPTH_LIBS=`$NPTH_CONFIG --libs`
+ NPTH_CFLAGS=`$PKGCONFIG --cflags npth`
+ NPTH_LIBS=`$PKGCONFIG --libs npth`
+ AC_MSG_WARN([[GOT HERE - $NPTH_LIBS ]])
ifelse([$2], , :, [$2])
if test -z "$use_gpgrt_config"; then
npth_config_host=`$NPTH_CONFIG --host 2>/dev/null || echo none`
@@ -128,6 +90,7 @@ AC_DEFUN([AM_PATH_NPTH],
fi
fi
else
+ AC_MSG_RESULT(no)
NPTH_CFLAGS=""
NPTH_LIBS=""
ifelse([$3], , :, [$3])

32
sources/poky/meta/recipes-support/gnupg/gnupg/0004-autogen.sh-fix-find-version-for-beta-checking.patch Normal file
View File

@@ -0,0 +1,32 @@
From 6a7f9b71d936847dcaeeac7d1b69d8299be4dd85 Mon Sep 17 00:00:00 2001
From: Wenzong Fan <wenzong.fan@windriver.com>
Date: Wed, 16 Aug 2017 11:23:22 +0800
Subject: [PATCH] autogen.sh: fix find-version for beta checking
find-version always assumes that gnupg is beta if autogen.sh is run
out of git-repo. This doesn't work for users whom just take release
tarball and re-run autoconf in their local build dir.
Upstream-Status: Pending
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Rebase to 2.1.23
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
autogen.sh | 1 -
1 file changed, 1 deletion(-)
diff --git a/autogen.sh b/autogen.sh
index 0abf103..78753b5 100755
--- a/autogen.sh
+++ b/autogen.sh
@@ -237,7 +237,6 @@ if [ "$myhost" = "find-version" ]; then
rvd=$((0x$(echo ${rev} | dd bs=1 count=4 2>/dev/null)))
else
ingit=no
- beta=yes
tmp="-unknown"
rev="0000000"
rvd="0"

82
sources/poky/meta/recipes-support/gnupg/gnupg/relocate.patch Normal file
View File

@@ -0,0 +1,82 @@
From c50d0a95fcf8f96c272fadd4ba85f3eeac39fcaf Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@intel.com>
Date: Wed, 19 Sep 2018 14:44:40 +0100
Subject: [PATCH] Allow the environment to override where gnupg looks for its
own files. Useful in native builds.
Upstream-Status: Inappropriate [OE-specific]
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
---
common/homedir.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/common/homedir.c b/common/homedir.c
index 6f99f3e..f22aa9e 100644
--- a/common/homedir.c
+++ b/common/homedir.c
@@ -1284,7 +1284,7 @@ gnupg_socketdir (void)
if (!name)
{
unsigned int dummy;
- name = _gnupg_socketdir_internal (0, &dummy);
+ name = getenv("GNUPG_SOCKETDIR") ?: _gnupg_socketdir_internal (0, &dummy);
gpgrt_annotate_leaked_object (name);
}
@@ -1316,7 +1316,7 @@ gnupg_sysconfdir (void)
if (dir)
return dir;
else
- return GNUPG_SYSCONFDIR;
+ return getenv("GNUPG_SYSCONFDIR") ?: GNUPG_SYSCONFDIR;
#endif /*!HAVE_W32_SYSTEM*/
}
@@ -1352,7 +1352,7 @@ gnupg_bindir (void)
return name;
}
else
- return GNUPG_BINDIR;
+ return getenv("GNUPG_BINDIR") ?: GNUPG_BINDIR;
#endif /*!HAVE_W32_SYSTEM*/
}
@@ -1379,7 +1379,7 @@ gnupg_libexecdir (void)
return name;
}
else
- return GNUPG_LIBEXECDIR;
+ return getenv("GNUPG_LIBEXECDIR") ?: GNUPG_LIBEXECDIR;
#endif /*!HAVE_W32_SYSTEM*/
}
@@ -1409,7 +1409,7 @@ gnupg_libdir (void)
return name;
}
else
- return GNUPG_LIBDIR;
+ return getenv("GNUPG_LIBDIR") ?: GNUPG_LIBDIR;
#endif /*!HAVE_W32_SYSTEM*/
}
@@ -1440,7 +1440,7 @@ gnupg_datadir (void)
return name;
}
else
- return GNUPG_DATADIR;
+ return getenv("GNUPG_DATADIR") ?: GNUPG_DATADIR;
#endif /*!HAVE_W32_SYSTEM*/
}
@@ -1472,7 +1472,7 @@ gnupg_localedir (void)
return name;
}
else
- return LOCALEDIR;
+ return getenv("LOCALEDIR") ?: LOCALEDIR;
#endif /*!HAVE_W32_SYSTEM*/
}

84
sources/poky/meta/recipes-support/gnupg/gnupg_2.4.8.bb Normal file
View File

@@ -0,0 +1,84 @@
SUMMARY = "GNU Privacy Guard - encryption and signing tools (2.x)"
DESCRIPTION = "A complete and free implementation of the OpenPGP standard \
as defined by RFC4880 (also known as PGP). GnuPG allows you to encrypt \
and sign your data and communications; it features a versatile key \
management system, along with access modules for all kinds of public \
key directories."
HOMEPAGE = "http://www.gnupg.org/"
LICENSE = "GPL-3.0-only & LGPL-3.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=189af8afca6d6075ba6c9e0aa8077626 \
file://COPYING.LGPL3;md5=a2b6bf2cb38ee52619e60f30a1fc7257"
DEPENDS = "npth libassuan libksba zlib bzip2 readline libgcrypt"
inherit autotools gettext texinfo pkgconfig
UPSTREAM_CHECK_URI = "https://gnupg.org/download/index.html"
SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
file://0002-use-pkgconfig-instead-of-npth-config.patch \
file://0004-autogen.sh-fix-find-version-for-beta-checking.patch \
file://0001-Woverride-init-is-not-needed-with-gcc-9.patch \
"
SRC_URI:append:class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch \
file://relocate.patch"
SRC_URI:append:class-nativesdk = " file://relocate.patch"
SRC_URI[sha256sum] = "b58c80d79b04d3243ff49c1c3fc6b5f83138eb3784689563bcdd060595318616"
EXTRA_OECONF = "--disable-ldap \
--disable-ccid-driver \
--with-zlib=${STAGING_LIBDIR}/.. \
--with-bzip2=${STAGING_LIBDIR}/.. \
--with-readline=${STAGING_LIBDIR}/.. \
--with-mailprog=${sbindir}/sendmail \
--disable-tests \
"
# yat2m can be found from recipe-sysroot-native non-deterministically with different versioning otherwise
CACHED_CONFIGUREVARS += "ac_cv_path_YAT2M=./yat2m"
# A minimal package containing just enough to run gpg+gpgagent (E.g. use gpgme in opkg)
PACKAGES =+ "${PN}-gpg"
FILES:${PN}-gpg = " \
${bindir}/gpg \
${bindir}/gpg-agent \
"
# Normal package (gnupg) should depend on minimal package (gnupg-gpg)
# to ensure all tools are included. This is done only in non-native
# builds. Native builds don't have sub-packages, so appending RDEPENDS
# in this case breaks recipe parsing.
RDEPENDS:${PN} += "${@ "" if ("native" in d.getVar("PN")) else (d.getVar("PN") + "-gpg")}"
RRECOMMENDS:${PN} = "pinentry"
do_configure:prepend () {
# Else these could be used in prefernce to those in aclocal-copy
rm -f ${S}/m4/gpg-error.m4
rm -f ${S}/m4/libassuan.m4
rm -f ${S}/m4/ksba.m4
rm -f ${S}/m4/libgcrypt.m4
}
do_install:append:class-native() {
create_wrappers ${STAGING_BINDIR_NATIVE}
}
do_install:append:class-nativesdk() {
create_wrappers ${SDKPATHNATIVE}${bindir_nativesdk}
}
create_wrappers() {
for i in gpg gpgconf gpg-agent gpg-connect-agent; do
create_wrapper ${D}${bindir}/$i GNUPG_BINDIR=$1
done
}
PACKAGECONFIG ??= "gnutls"
PACKAGECONFIG[gnutls] = "--enable-gnutls, --disable-gnutls, gnutls"
PACKAGECONFIG[sqlite3] = "--enable-sqlite, --disable-sqlite, sqlite3"
BBCLASSEXTEND = "native nativesdk"
lcl_maybe_fortify:mipsarch = ""
CVE_STATUS[CVE-2022-3219] = "upstream-wontfix: Upstream doesn't seem to be keen on merging the proposed commit - https://dev.gnupg.org/T5993"

26
sources/poky/meta/recipes-support/gnutls/gnutls/0001-Creating-.hmac-file-should-be-excuted-in-target-envi.patch Normal file
View File

@@ -0,0 +1,26 @@
From 7be8ec59a53e93c2bd453b3ba2d63d1b300ef11f Mon Sep 17 00:00:00 2001
From: Lei Maohui <leimaohui@fujitsu.com>
Date: Mon, 23 May 2022 10:44:43 +0900
Subject: [PATCH] Creating .hmac file should be excuted in target environment,
so deleted it from build process.
Upstream-Status: Inappropriate [https://gitlab.com/gnutls/gnutls/-/issues/1373]
Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
---
lib/Makefile.am | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/lib/Makefile.am b/lib/Makefile.am
index a50d311..193ea19 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -198,8 +198,7 @@ hmac_file = .libs/.$(gnutls_so).hmac
all-local: $(hmac_file)
-$(hmac_file): libgnutls.la fipshmac
- $(AM_V_GEN) $(builddir)/fipshmac > $@-t && mv $@-t $@
+.libs/.$(gnutls_so).hmac:
CLEANFILES = $(hmac_file)
endif

34
sources/poky/meta/recipes-support/gnutls/gnutls/0001-psk-fix-read-buffer-overrun-in-the-pre_shared_key-ex.patch Normal file
View File

@@ -0,0 +1,34 @@
From 208c6478d5c20b9d8a9f0a293e3808aa16ee091f Mon Sep 17 00:00:00 2001
From: Andrew Hamilton <adhamilt@gmail.com>
Date: Mon, 7 Jul 2025 10:31:55 +0900
Subject: [PATCH] psk: fix read buffer overrun in the "pre_shared_key"
extension
While processing the "pre_shared_key" extension in TLS 1.3, if there
are certain malformed data in the extension headers, then the code may
read uninitialized memory (2 bytes) beyond the received TLS extension
buffer. Spotted by oss-fuzz at:
https://issues.oss-fuzz.com/issues/42513990
Signed-off-by: Andrew Hamilton <adhamilt@gmail.com>
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls/-/commit/208c6478d5c20b9d8a9f0a293e3808aa16ee091f]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
lib/ext/pre_shared_key.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/ext/pre_shared_key.c b/lib/ext/pre_shared_key.c
index 51c4891d5..2cb83e670 100644
--- a/lib/ext/pre_shared_key.c
+++ b/lib/ext/pre_shared_key.c
@@ -1170,6 +1170,8 @@ static int _gnutls_psk_recv_params(gnutls_session_t session,
if (session->security_parameters.entity == GNUTLS_CLIENT) {
if (session->internals.hsk_flags & HSK_PSK_KE_MODES_SENT) {
+ DECR_LEN(len, 2);
+
uint16_t selected_identity = _gnutls_read_uint16(data);
for (i = 0; i < sizeof(session->key.binders) /

37
sources/poky/meta/recipes-support/gnutls/gnutls/0001-x509-reject-zero-length-version-in-certificate-reque.patch Normal file
View File

@@ -0,0 +1,37 @@
From 61c0505634a6faacf9fa0723843408aa0d3fb90a Mon Sep 17 00:00:00 2001
From: Andrew Hamilton <adhamilt@gmail.com>
Date: Mon, 7 Jul 2025 10:35:54 +0900
Subject: [PATCH] x509: reject zero-length version in certificate request
Ensure zero size asn1 values are considered invalid in
gnutls_x509_crq_get_version, this ensures crq version is not used
uninitialized. Spotted by oss-fuzz at:
https://issues.oss-fuzz.com/issues/42536706
Signed-off-by: Andrew Hamilton <adhamilt@gmail.com>
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls/-/commit/61c0505634a6faacf9fa0723843408aa0d3fb90a]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
lib/x509/crq.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/lib/x509/crq.c b/lib/x509/crq.c
index 19e13623c..9e9801d2b 100644
--- a/lib/x509/crq.c
+++ b/lib/x509/crq.c
@@ -615,6 +615,13 @@ int gnutls_x509_crq_get_version(gnutls_x509_crq_t crq)
return _gnutls_asn2err(result);
}
+ /* Note that asn1_read_value can return success with */
+ /* len set to zero (without setting the data) in some */
+ /* conditions. */
+ if (unlikely(len <= 0)) {
+ return gnutls_assert_val(GNUTLS_E_ASN1_VALUE_NOT_VALID);
+ }
+
return (int)version[0] + 1;
}

BIN
sources/poky/meta/recipes-support/gnutls/gnutls/04939b75417cc95b7372c6f208c4bda4579bdc34 Normal file
View File

Binary file not shown.

BIN
sources/poky/meta/recipes-support/gnutls/gnutls/3e94dcdff862ef5d6db8b5cc8e59310b5f0cdfe2 Normal file
View File

Binary file not shown.

BIN
sources/poky/meta/recipes-support/gnutls/gnutls/5477db1bb507a35e8833c758ce344f4b5b246d8e Normal file
View File

Binary file not shown.

57
sources/poky/meta/recipes-support/gnutls/gnutls/Add-ptest-support.patch Normal file
View File

@@ -0,0 +1,57 @@
From ff6a345235b2585c261752e47a749228672b07dc Mon Sep 17 00:00:00 2001
From: Ravineet Singh <ravineet.a.singh@est.tech>
Date: Tue, 10 Jan 2023 16:11:10 +0100
Subject: [PATCH] gnutls: add ptest support
Upstream-Status: Inappropriate [embedded specific]
Signed-off-by: Ravineet Singh <ravineet.a.singh@est.tech>
---
Makefile.am | 3 +++
configure.ac | 2 ++
tests/Makefile.am | 6 ++++++
3 files changed, 11 insertions(+)
diff --git a/Makefile.am b/Makefile.am
index 843193f..816b09f 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -191,6 +191,9 @@ dist-hook:
mv ChangeLog $(distdir)
touch -c $(distdir)/doc/*.html $(distdir)/doc/*.pdf $(distdir)/doc/*.info
+install-ptest:
+ $(MAKE) -C tests DESTDIR=$(DESTDIR)/tests $@
+
.PHONY: abi-check abi-dump-versioned abi-dump-latest pic-check symbol-check local-code-coverage-output files-update AUTHORS
include $(top_srcdir)/cligen/cligen.mk
diff --git a/configure.ac b/configure.ac
index d6e03cf..e3f15fb 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1213,6 +1213,8 @@ AC_SUBST(LIBGNUTLS_CFLAGS)
AM_CONDITIONAL(NEEDS_LIBRT, test "$gnutls_needs_librt" = "yes")
+AM_EXTRA_RECURSIVE_TARGETS([buildtest-TESTS])
+
AC_DEFINE([GNUTLS_INTERNAL_BUILD], 1, [We allow temporarily usage of deprecated functions - until they are removed.])
hw_features=
diff --git a/tests/Makefile.am b/tests/Makefile.am
index fb9e55a..c2d226a 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -658,6 +658,12 @@ SH_LOG_COMPILER = $(SHELL)
AM_VALGRINDFLAGS = --suppressions=$(srcdir)/suppressions.valgrind
LOG_COMPILER = $(LOG_VALGRIND)
+install-ptest: $(check_PROGRAMS)
+ @$(INSTALL) -d $(DESTDIR)
+ @for file in $^; do \
+ $(INSTALL_PROGRAM) $$file $(DESTDIR) ; \
+ done
+
distclean-local:
rm -rf softhsm-*.db softhsm-*.config *.tmp tmp-* x509-crt-list-import-url.config.db port.lock.d

1149
sources/poky/meta/recipes-support/gnutls/gnutls/CVE-2024-12243.patch Normal file
View File

File diff suppressed because it is too large Load Diff

58
sources/poky/meta/recipes-support/gnutls/gnutls/CVE-2025-32988.patch Normal file
View File

@@ -0,0 +1,58 @@
From 608829769cbc247679ffe98841109fc73875e573 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Mon, 7 Jul 2025 10:44:12 +0900
Subject: [PATCH] x509: avoid double free when exporting othernames in SAN
Previously, the _gnutls_write_new_othername function, called by
gnutls_x509_ext_export_subject_alt_names to export "otherName" in a
certificate's SAN extension, freed the caller allocated ASN.1
structure upon error, resulting in a potential double-free.
Reported by OpenAI Security Research Team.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
CVE: CVE-2025-32988
Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls/-/commit/608829769cbc247679ffe98841109fc73875e573]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
NEWS | 5 +++++
lib/x509/extensions.c | 2 --
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/NEWS b/NEWS
index 025e05148..ff289fa75 100644
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,11 @@ See the end for copying conditions.
and fix developed by Andrew Hamilton. [GNUTLS-SA-2025-07-07-1,
CVSS: medium] [CVE-2025-32989]
+** libgnutls: Fix double-free upon error when exporting otherName in SAN
+ Reported by OpenAI Security Research Team. [GNUTLS-SA-2025-07-07-2,
+ CVSS: low] [CVE-2025-32988]
+
+
* Version 3.8.4 (released 2024-03-18)
** libgnutls: RSA-OAEP encryption scheme is now supported
diff --git a/lib/x509/extensions.c b/lib/x509/extensions.c
index 6c2da8fd1..e8be12eaf 100644
--- a/lib/x509/extensions.c
+++ b/lib/x509/extensions.c
@@ -754,7 +754,6 @@ int _gnutls_write_new_othername(asn1_node ext, const char *ext_name,
result = asn1_write_value(ext, name2, oid, 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
- asn1_delete_structure(&ext);
return _gnutls_asn2err(result);
}
@@ -763,7 +762,6 @@ int _gnutls_write_new_othername(asn1_node ext, const char *ext_name,
result = asn1_write_value(ext, name2, data, data_size);
if (result != ASN1_SUCCESS) {
gnutls_assert();
- asn1_delete_structure(&ext);
return _gnutls_asn2err(result);
}

50
sources/poky/meta/recipes-support/gnutls/gnutls/CVE-2025-32989.patch Normal file
View File

@@ -0,0 +1,50 @@
From 8e5ca951257202089246fa37e93a99d210ee5ca2 Mon Sep 17 00:00:00 2001
From: Andrew Hamilton <adhamilt@gmail.com>
Date: Mon, 7 Jul 2025 10:23:59 +0900
Subject: [PATCH] x509: fix read buffer overrun in SCT timestamps
Prevent reading beyond heap buffer in call to _gnutls_parse_ct_sct
when processing x509 Signed Certificate Timestamps with certain
malformed data. Spotted by oss-fuzz at:
https://issues.oss-fuzz.com/issues/42530513
Signed-off-by: Andrew Hamilton <adhamilt@gmail.com>
Signed-off-by: Daiki Ueno <ueno@gnu.org>
CVE: CVE-2025-32989
Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls/-/commit/8e5ca951257202089246fa37e93a99d210ee5ca2]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
NEWS | 5 +++++
lib/x509/x509_ext.c | 2 +-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/NEWS b/NEWS
index 85efb5680..025e05148 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,11 @@ Copyright (C) 2000-2016 Free Software Foundation, Inc.
Copyright (C) 2013-2019 Nikos Mavrogiannopoulos
See the end for copying conditions.
+** libgnutls: Fix heap read buffer overrun in parsing X.509 SCTS timestamps
+ Spotted by oss-fuzz and reported by OpenAI Security Research Team,
+ and fix developed by Andrew Hamilton. [GNUTLS-SA-2025-07-07-1,
+ CVSS: medium] [CVE-2025-32989]
+
* Version 3.8.4 (released 2024-03-18)
** libgnutls: RSA-OAEP encryption scheme is now supported
diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c
index 064ca8357..05336a0c2 100644
--- a/lib/x509/x509_ext.c
+++ b/lib/x509/x509_ext.c
@@ -3757,7 +3757,7 @@ int gnutls_x509_ext_ct_import_scts(const gnutls_datum_t *ext,
}
length = _gnutls_read_uint16(scts_content.data);
- if (length < 4) {
+ if (length < 4 || length > scts_content.size) {
gnutls_free(scts_content.data);
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}

Some files were not shown because too many files have changed in this diff Show More