Date   

Re: [meta][dunfell][PATCH] glib-2.0: Add security fixes

Steve Sakoman
 

On Mon, Nov 29, 2021 at 9:12 PM Ranjitsinh Rathod
<ranjitsinhrathod1991@...> wrote:

Adding missing patches and will resent it.
While you are at it you might also want to check
CVE-2021-28153-4.patch, I had to tweak it slightly to get it to apply
cleanly (i.e. without a fuzz warning).

Steve


Thanks,
Ranjitsinh Rathod


Re: Not able to install chrony on zeus

mohammed aqdam <mohammedaqdam@...>
 

Thanks Khem Raj, Found jamvm class with update-alternative option.
jamvm.inc\jamvm\recipes-core - meta-java - Layer containing recipes for OpenJDK and other open source Java- (yoctoproject.org)

I see chrony is trying to fetch ntp_4.2.8p13-r0 but r0 is not present in (Index of /~ntp/ntp_spool/ntp4/ntp-4.2 (udel.edu)).
Also in chrony folder(meta-openembedded/meta-networking/recipes-support/chrony/),I could not find where we are assigning this version of ntp.

Please let me know how we can resolve this dependency or how can we add chrony in some other way.

Thanks,
Aqdam


Re: vulkan-loader

Joel Winarske
 


Before:
$ pkg-config --print-errors --define-variable=prefix=/opt --variable=includedir vulkan
/usr/include

After:
$ pkg-config --print-errors --define-variable=prefix=/opt --variable=includedir vulkan
/opt/usr/include

This is important as meson does not expose
PKG_CONFIG_SYSROOT_DIR to pkg-config.

With change this meson snippet now finds absolute path correctly:
vulkan_dep = dependency('vulkan')
vulkan_hpp = join_paths([
    vulkan_dep.get_pkgconfig_variable('includedir', define_variable: ['prefix', get_option('prefix')]),
    'vulkan',
    'vulkan.hpp'
    ])
Another work around for meson's current limitation would be to implement a pkg-config wrapper that exposes PKG_CONFIG variables, and point to it in meson.bbclass/meson.cross.

Regardless the bad vulkan.pc is now fixed.


Joel


On Mon, Nov 29, 2021, 10:58 PM Alexander Kanavin <alex.kanavin@...> wrote:
Can you show what vulkan.pc contains please, and why is that a problem?

Alex

On Tue, 30 Nov 2021 at 00:51, Joel Winarske <joel.winarske@...> wrote:
I discovered an upstream problem with vulkan-loader today.

Effectively since 1.2.162 vulkan.pc is broken for cross compilation scenarios.

This example illustrates current problem with vulkan.pc installed by vulkan-loader:
$ pkg-config --print-errors --define-variable=prefix=/opt --variable=includedir vulkan
/usr/include

It should return /opt/usr/include

So doing this in a meson project does not produce the expected result:
vulkan_hpp = join_paths([
    vulkan_dep.get_pkgconfig_variable('includedir', define_variable: ['prefix', get_option('prefix')])
    'vulkan',
    'vulkan.hpp'
    ])

What is the suggested approach to address this?  A patch for each branch up to master?

Joel


[dunfell][PATCH] cmake: FindGTest: Add target for gmock library

Eero Aaltonen
 

`googlemock` has been absorbed into the
[googletest](https://github.com/google/googletest) project and is built
and installed from the same source tree.

`googletest` has provided a CMake Config-file Package starting with
GTest 1.8.1. `find_package(GTest ...)` by default dispatches first to
CMake Find Module. Starting with CMake commit
2327b4330cce157d616ff8b611b3e77568d00351 in CMake v3.20.0 the module
dispatches onward to the Config-file Package so that the same targets
are available. In pre v3.20.0 versions of CMake however the Find Module
masks the targets provided by the upstream `GTest` package.

Update `Modules/FindGTest.cmake` to provide the same targets as the
CMake Config-file Package and backwards compatible targets and result
variables.

Signed-off-by: Eero Aaltonen <eero.aaltonen@...>
---
.../cmake/cmake-native_3.16.5.bb | 1 +
...ndGTest-Add-target-for-gmock-library.patch | 255 ++++++++++++++++++
2 files changed, 256 insertions(+)
create mode 100644 meta/recipes-devtools/cmake/cmake/0006-cmake-FindGTest-Add-target-for-gmock-library.patch

diff --git a/meta/recipes-devtools/cmake/cmake-native_3.16.5.bb b/meta/recipes-devtools/cmake/cmake-native_3.16.5.bb
index b2952ee5f5..96a7be6770 100644
--- a/meta/recipes-devtools/cmake/cmake-native_3.16.5.bb
+++ b/meta/recipes-devtools/cmake/cmake-native_3.16.5.bb
@@ -7,6 +7,7 @@ SRC_URI += "file://OEToolchainConfig.cmake \
file://environment.d-cmake.sh \
file://0001-CMakeDetermineSystem-use-oe-environment-vars-to-load.patch \
file://0005-Disable-use-of-ext2fs-ext2_fs.h-by-cmake-s-internal-.patch \
+ file://0006-cmake-FindGTest-Add-target-for-gmock-library.patch \
"


diff --git a/meta/recipes-devtools/cmake/cmake/0006-cmake-FindGTest-Add-target-for-gmock-library.patch b/meta/recipes-devtools/cmake/cmake/0006-cmake-FindGTest-Add-target-for-gmock-library.patch
new file mode 100644
index 0000000000..267f586a71
--- /dev/null
+++ b/meta/recipes-devtools/cmake/cmake/0006-cmake-FindGTest-Add-target-for-gmock-library.patch
@@ -0,0 +1,255 @@
+From 39eae0d6c1b398f18761abac7f55944f0290f8a1 Mon Sep 17 00:00:00 2001
+From: Eero Aaltonen <eero.aaltonen@...>
+Date: Sun, 17 Oct 2021 17:13:07 +0300
+Subject: [PATCH] FindGTest: Add target for gmock library
+
+`googlemock` has been absorbed into the
+[googletest](https://github.com/google/googletest) project and is built
+and installed from the same source tree.
+
+As GTest may be built with or without GMock, skip GMock if it is not
+present.
+
+Do not provide result variables for GMock. They are not provided by
+upstream GTest's CMake Package Configuration File.
+
+Also update the test case to cover linking to `GTest::gmock`.
+
+The patch was imported from the Kitware git server
+(git@...:cmake/cmake.git) as of commit id
+50bf457a0dd857cf976b22c5be7d333493233d1e
+
+Patch was modified to support upper case variable `GTEST_FOUND`.
+
+Upstream-Status: Accepted [https://gitlab.kitware.com/cmake/cmake/-/merge_requests/6632]
+Milestone: 3.23.0
+
+Signed-off-by: Eero Aaltonen <eero.aaltonen@...>
+---
+ .../dev/FindGTest-target-for-gmock.rst | 4 +
+ Modules/FindGTest.cmake | 133 +++++++++++++++---
+ Tests/FindGTest/Test/CMakeLists.txt | 4 +
+ 3 files changed, 121 insertions(+), 20 deletions(-)
+ create mode 100644 Help/release/dev/FindGTest-target-for-gmock.rst
+
+diff --git a/Help/release/dev/FindGTest-target-for-gmock.rst b/Help/release/dev/FindGTest-target-for-gmock.rst
+new file mode 100644
+index 0000000000..f78242c80e
+--- /dev/null
++++ b/Help/release/dev/FindGTest-target-for-gmock.rst
+@@ -0,0 +1,4 @@
++FindGTest-target-for-gmock
++--------------------------
++
++* The :module:`FindGTest` module now provides a target for GMock, if found.
+diff --git a/Modules/FindGTest.cmake b/Modules/FindGTest.cmake
+index e015a9840f..0331049594 100644
+--- a/Modules/FindGTest.cmake
++++ b/Modules/FindGTest.cmake
+@@ -7,10 +7,23 @@ FindGTest
+
+ Locate the Google C++ Testing Framework.
+
++.. versionadded:: 3.20
++ Upstream ``GTestConfig.cmake`` is used if possible.
++
+ Imported targets
+ ^^^^^^^^^^^^^^^^
+
+-This module defines the following :prop_tgt:`IMPORTED` targets:
++ This module defines the following :prop_tgt:`IMPORTED` targets:
++
++``GTest::gtest``
++ The Google Test ``gtest`` library, if found; adds Thread::Thread
++ automatically
++``GTest::gtest_main``
++ The Google Test ``gtest_main`` library, if found
++
++.. deprecated:: 3.20
++ For backwards compatibility, this module defines additionally the
++ following deprecated :prop_tgt:`IMPORTED` targets (available since 3.5):
+
+ ``GTest::GTest``
+ The Google Test ``gtest`` library, if found; adds Thread::Thread
+@@ -18,7 +31,6 @@ This module defines the following :prop_tgt:`IMPORTED` targets:
+ ``GTest::Main``
+ The Google Test ``gtest_main`` library, if found
+
+-
+ Result variables
+ ^^^^^^^^^^^^^^^^
+
+@@ -146,8 +158,42 @@ function(__gtest_import_library _target _var _config)
+ endif()
+ endfunction()
+
++function(__gtest_define_backwards_compatible_library_targets)
++ set(GTEST_BOTH_LIBRARIES ${GTEST_LIBRARIES} ${GTEST_MAIN_LIBRARIES} PARENT_SCOPE)
++
++ # Add targets mapping the same library names as defined in
++ # older versions of CMake's FindGTest
++ if(NOT TARGET GTest::GTest)
++ add_library(GTest::GTest INTERFACE IMPORTED)
++ target_link_libraries(GTest::GTest INTERFACE GTest::gtest)
++ endif()
++ if(NOT TARGET GTest::Main)
++ add_library(GTest::Main INTERFACE IMPORTED)
++ target_link_libraries(GTest::Main INTERFACE GTest::gtest_main)
++ endif()
++endfunction()
++
+ #
+
++include(${CMAKE_CURRENT_LIST_DIR}/FindPackageHandleStandardArgs.cmake)
++
++# first specifically look for the CMake version of GTest
++find_package(GTest QUIET NO_MODULE)
++
++# if we found the GTest cmake package then we are done, and
++# can print what we found and return.
++if(GTest_FOUND)
++ set(GTEST_FOUND ${GTest_FOUND})
++ FIND_PACKAGE_HANDLE_STANDARD_ARGS(GTest HANDLE_COMPONENTS CONFIG_MODE)
++
++ set(GTEST_LIBRARIES GTest::gtest)
++ set(GTEST_MAIN_LIBRARIES GTest::gtest_main)
++
++ __gtest_define_backwards_compatible_library_targets()
++
++ return()
++endif()
++
+ if(NOT DEFINED GTEST_MSVC_SEARCH)
+ set(GTEST_MSVC_SEARCH MD)
+ endif()
+@@ -194,50 +240,97 @@ if(MSVC AND GTEST_MSVC_SEARCH STREQUAL "MD")
+ __gtest_find_library(GTEST_LIBRARY_DEBUG gtest-mdd gtestd)
+ __gtest_find_library(GTEST_MAIN_LIBRARY gtest_main-md gtest_main)
+ __gtest_find_library(GTEST_MAIN_LIBRARY_DEBUG gtest_main-mdd gtest_maind)
++ __gtest_find_library(GMOCK_LIBRARY gmock-md gmock)
++ __gtest_find_library(GMOCK_LIBRARY_DEBUG gmock-mdd gmockd)
++ __gtest_find_library(GMOCK_MAIN_LIBRARY gmock_main-md gmock_main)
++ __gtest_find_library(GMOCK_MAIN_LIBRARY_DEBUG gmock_main-mdd gmock_maind)
+ else()
+ __gtest_find_library(GTEST_LIBRARY gtest)
+ __gtest_find_library(GTEST_LIBRARY_DEBUG gtestd)
+ __gtest_find_library(GTEST_MAIN_LIBRARY gtest_main)
+ __gtest_find_library(GTEST_MAIN_LIBRARY_DEBUG gtest_maind)
++ __gtest_find_library(GMOCK_LIBRARY gmock)
++ __gtest_find_library(GMOCK_LIBRARY_DEBUG gmockd)
++ __gtest_find_library(GMOCK_MAIN_LIBRARY gmock_main)
++ __gtest_find_library(GMOCK_MAIN_LIBRARY_DEBUG gmock_maind)
+ endif()
+
+-include(${CMAKE_CURRENT_LIST_DIR}/FindPackageHandleStandardArgs.cmake)
+ FIND_PACKAGE_HANDLE_STANDARD_ARGS(GTest DEFAULT_MSG GTEST_LIBRARY GTEST_INCLUDE_DIR GTEST_MAIN_LIBRARY)
+
+-if(GTEST_FOUND)
++if(GMOCK_LIBRARY AND GMOCK_MAIN_LIBRARY)
++ set(GMock_FOUND True)
++else()
++ set(GMock_FOUND False)
++endif()
++
++if(GTest_FOUND)
+ set(GTEST_INCLUDE_DIRS ${GTEST_INCLUDE_DIR})
+ __gtest_append_debugs(GTEST_LIBRARIES GTEST_LIBRARY)
+ __gtest_append_debugs(GTEST_MAIN_LIBRARIES GTEST_MAIN_LIBRARY)
+- set(GTEST_BOTH_LIBRARIES ${GTEST_LIBRARIES} ${GTEST_MAIN_LIBRARIES})
+
+ find_package(Threads QUIET)
+
+- if(NOT TARGET GTest::GTest)
++ if(NOT TARGET GTest::gtest)
+ __gtest_determine_library_type(GTEST_LIBRARY)
+- add_library(GTest::GTest ${GTEST_LIBRARY_TYPE} IMPORTED)
++ add_library(GTest::gtest ${GTEST_LIBRARY_TYPE} IMPORTED)
+ if(TARGET Threads::Threads)
+- set_target_properties(GTest::GTest PROPERTIES
++ set_target_properties(GTest::gtest PROPERTIES
+ INTERFACE_LINK_LIBRARIES Threads::Threads)
+ endif()
+ if(GTEST_LIBRARY_TYPE STREQUAL "SHARED")
+- set_target_properties(GTest::GTest PROPERTIES
++ set_target_properties(GTest::gtest PROPERTIES
+ INTERFACE_COMPILE_DEFINITIONS "GTEST_LINKED_AS_SHARED_LIBRARY=1")
+ endif()
+ if(GTEST_INCLUDE_DIRS)
+- set_target_properties(GTest::GTest PROPERTIES
++ set_target_properties(GTest::gtest PROPERTIES
+ INTERFACE_INCLUDE_DIRECTORIES "${GTEST_INCLUDE_DIRS}")
+ endif()
+- __gtest_import_library(GTest::GTest GTEST_LIBRARY "")
+- __gtest_import_library(GTest::GTest GTEST_LIBRARY "RELEASE")
+- __gtest_import_library(GTest::GTest GTEST_LIBRARY "DEBUG")
++ __gtest_import_library(GTest::gtest GTEST_LIBRARY "")
++ __gtest_import_library(GTest::gtest GTEST_LIBRARY "RELEASE")
++ __gtest_import_library(GTest::gtest GTEST_LIBRARY "DEBUG")
+ endif()
+- if(NOT TARGET GTest::Main)
++ if(NOT TARGET GTest::gtest_main)
+ __gtest_determine_library_type(GTEST_MAIN_LIBRARY)
+- add_library(GTest::Main ${GTEST_MAIN_LIBRARY_TYPE} IMPORTED)
+- set_target_properties(GTest::Main PROPERTIES
+- INTERFACE_LINK_LIBRARIES "GTest::GTest")
+- __gtest_import_library(GTest::Main GTEST_MAIN_LIBRARY "")
+- __gtest_import_library(GTest::Main GTEST_MAIN_LIBRARY "RELEASE")
+- __gtest_import_library(GTest::Main GTEST_MAIN_LIBRARY "DEBUG")
++ add_library(GTest::gtest_main ${GTEST_MAIN_LIBRARY_TYPE} IMPORTED)
++ set_target_properties(GTest::gtest_main PROPERTIES
++ INTERFACE_LINK_LIBRARIES "GTest::gtest")
++ __gtest_import_library(GTest::gtest_main GTEST_MAIN_LIBRARY "")
++ __gtest_import_library(GTest::gtest_main GTEST_MAIN_LIBRARY "RELEASE")
++ __gtest_import_library(GTest::gtest_main GTEST_MAIN_LIBRARY "DEBUG")
++ endif()
++
++ __gtest_define_backwards_compatible_library_targets()
++endif()
++
++if(GMock_FOUND)
++ if(NOT TARGET GTest::gmock)
++ __gtest_determine_library_type(GMOCK_LIBRARY)
++ add_library(GTest::gmock ${GMOCK_LIBRARY_TYPE} IMPORTED)
++ set(_gmock_link_libraries "GTest::gtest")
++ if(TARGET Threads::Threads)
++ list(APPEND _gmock_link_libraries Threads::Threads)
++ endif()
++ set_target_properties(GTest::gmock PROPERTIES
++ INTERFACE_LINK_LIBRARIES "${_gmock_link_libraries}")
++ if(GMOCK_LIBRARY_TYPE STREQUAL "SHARED")
++ set_target_properties(GTest::gmock PROPERTIES
++ INTERFACE_COMPILE_DEFINITIONS "GMOCK_LINKED_AS_SHARED_LIBRARY=1")
++ endif()
++ if(GTEST_INCLUDE_DIRS)
++ set_target_properties(GTest::gmock PROPERTIES
++ INTERFACE_INCLUDE_DIRECTORIES "${GTEST_INCLUDE_DIRS}")
++ endif()
++ __gtest_import_library(GTest::gmock GMOCK_LIBRARY "")
++ __gtest_import_library(GTest::gmock GMOCK_LIBRARY "RELEASE")
++ __gtest_import_library(GTest::gmock GMOCK_LIBRARY "DEBUG")
++ endif()
++ if(NOT TARGET GTest::gmock_main)
++ __gtest_determine_library_type(GMOCK_MAIN_LIBRARY)
++ add_library(GTest::gmock_main ${GMOCK_MAIN_LIBRARY_TYPE} IMPORTED)
++ set_target_properties(GTest::gmock_main PROPERTIES
++ INTERFACE_LINK_LIBRARIES "GTest::gmock")
++ __gtest_import_library(GTest::gmock_main GMOCK_MAIN_LIBRARY "")
++ __gtest_import_library(GTest::gmock_main GMOCK_MAIN_LIBRARY "RELEASE")
++ __gtest_import_library(GTest::gmock_main GMOCK_MAIN_LIBRARY "DEBUG")
+ endif()
+ endif()
+diff --git a/Tests/FindGTest/Test/CMakeLists.txt b/Tests/FindGTest/Test/CMakeLists.txt
+index b65b9d28f6..7d3a378a65 100644
+--- a/Tests/FindGTest/Test/CMakeLists.txt
++++ b/Tests/FindGTest/Test/CMakeLists.txt
+@@ -12,3 +12,7 @@ add_executable(test_gtest_var main.cxx)
+ target_include_directories(test_gtest_var PRIVATE ${GTEST_INCLUDE_DIRS})
+ target_link_libraries(test_gtest_var PRIVATE ${GTEST_BOTH_LIBRARIES} ${CMAKE_THREAD_LIBS_INIT})
+ add_test(NAME test_gtest_var COMMAND test_gtest_var)
++
++add_executable(test_gmock_tgt main.cxx)
++target_link_libraries(test_gmock_tgt GTest::gmock_main)
++add_test(NAME test_gmock_tgt COMMAND test_gmock_tgt)
+--
+2.17.1
+
--
2.17.1


Re: [PATCH 0/6] Pull request (cover letter only)

Vyacheslav Yurkov
 

Just pinging to check if anyone had a chance to take a look at it

Thanks,
Vyacheslav

On 19.11.2021 07:15, Vyacheslav Yurkov via lists.openembedded.org wrote:
This is a V1 of overlayfs-etc image feature implementation, that allows
to setup the whole /etc under overlayfs. Please review and merge if you
find it OK

The following changes since commit 0d15632f3db787d3f08eb260732567e62f52ffb3:

libtasn1: upgrade 4.17.0 -> 4.18.0 (2021-11-16 22:19:47 +0000)

are available in the Git repository at:

git://github.com/UVV-gh/openembedded-core feature/overlayfs-etc
https://github.com/UVV-gh/openembedded-core/tree/feature/overlayfs-etc

Vyacheslav Yurkov (6):
overlayfs-etc: mount etc as overlayfs
wic: image for overlayfs-etc tests
image: add overlayfs-etc image feature
oeqa/selftest: overlayfs helper function
oeqa/selftest: unit tests for overlayfs-etc
overlayfs: update notes on /etc

meta-selftest/wic/overlayfs_etc.wks.in | 4 +
meta/classes/image.bbclass | 3 +-
meta/classes/overlayfs-etc.bbclass | 93 ++++++++++++
meta/classes/overlayfs.bbclass | 1 +
meta/lib/oeqa/selftest/cases/overlayfs.py | 173 ++++++++++++++++++++--
5 files changed, 257 insertions(+), 17 deletions(-)
create mode 100644 meta-selftest/wic/overlayfs_etc.wks.in
create mode 100644 meta/classes/overlayfs-etc.bbclass



Re: [meta][dunfell][PATCH] glib-2.0: Add security fixes

Ranjitsinh Rathod
 

Adding missing patches and will resent it.

Thanks,
Ranjitsinh Rathod


Re: vulkan-loader

Alexander Kanavin
 

Can you show what vulkan.pc contains please, and why is that a problem?

Alex


On Tue, 30 Nov 2021 at 00:51, Joel Winarske <joel.winarske@...> wrote:
I discovered an upstream problem with vulkan-loader today.

Effectively since 1.2.162 vulkan.pc is broken for cross compilation scenarios.

This example illustrates current problem with vulkan.pc installed by vulkan-loader:
$ pkg-config --print-errors --define-variable=prefix=/opt --variable=includedir vulkan
/usr/include

It should return /opt/usr/include

So doing this in a meson project does not produce the expected result:
vulkan_hpp = join_paths([
    vulkan_dep.get_pkgconfig_variable('includedir', define_variable: ['prefix', get_option('prefix')])
    'vulkan',
    'vulkan.hpp'
    ])

What is the suggested approach to address this?  A patch for each branch up to master?

Joel


[hardknott][PATCH V2] libtool: change the default AR_FLAGS from "cru" to "cr"

Changqing Li
 

From: Li Wang <li.wang@...>

Backport patch to fix warning:
`u' modifier ignored since `D' is the default (see `U')

Signed-off-by: Li Wang <li.wang@...>
Signed-off-by: Changqing Li <changqing.li@...>
---
.../libtool/libtool-2.4.6.inc | 2 +
...AGS-use-cr-instead-of-cru-by-default.patch | 133 ++++++++++++++++++
.../libool.m4-add-ARFLAGS-variable.patch | 77 ++++++++++
3 files changed, 212 insertions(+)
create mode 100644 meta/recipes-devtools/libtool/libtool/ARFLAGS-use-cr-instead-of-cru-by-default.patch
create mode 100644 meta/recipes-devtools/libtool/libtool/libool.m4-add-ARFLAGS-variable.patch

diff --git a/meta/recipes-devtools/libtool/libtool-2.4.6.inc b/meta/recipes-devtools/libtool/libtool-2.4.6.inc
index e9225e140c..8cda81b71d 100644
--- a/meta/recipes-devtools/libtool/libtool-2.4.6.inc
+++ b/meta/recipes-devtools/libtool/libtool-2.4.6.inc
@@ -23,6 +23,8 @@ SRC_URI = "${GNU_MIRROR}/libtool/libtool-${PV}.tar.gz \
file://0001-libtool-Check-for-static-libs-for-internal-compiler-.patch \
file://0001-Makefile.am-make-sure-autoheader-run-before-autoconf.patch \
file://0001-Makefile.am-make-sure-autoheader-run-before-automake.patch \
+ file://libool.m4-add-ARFLAGS-variable.patch \
+ file://ARFLAGS-use-cr-instead-of-cru-by-default.patch \
"

SRC_URI[md5sum] = "addf44b646ddb4e3919805aa88fa7c5e"
diff --git a/meta/recipes-devtools/libtool/libtool/ARFLAGS-use-cr-instead-of-cru-by-default.patch b/meta/recipes-devtools/libtool/libtool/ARFLAGS-use-cr-instead-of-cru-by-default.patch
new file mode 100644
index 0000000000..5c4a8fdb2d
--- /dev/null
+++ b/meta/recipes-devtools/libtool/libtool/ARFLAGS-use-cr-instead-of-cru-by-default.patch
@@ -0,0 +1,133 @@
+From 418129bc63afc312701e84cb8afa5ca413df1ab5 Mon Sep 17 00:00:00 2001
+From: Pavel Raiskup <praiskup@...>
+Date: Fri, 17 Apr 2015 16:54:58 +0200
+Subject: ARFLAGS: use 'cr' instead of 'cru' by default
+
+In some GNU/Linux distributions people started to compile 'ar'
+binary with --enable-deterministic-archives (binutils project).
+That, however, in combination with our previous long time working
+default AR_FLAGS=cru causes warnings on such installations:
+ar: `u' modifier ignored since `D' is the default (see `U')
+
+The 'u' option (at least with GNU binutils) did small optimization
+during repeated builds because it instructed 'ar' to not
+open/close unchanged *.o files and to rather read their contents
+from old archive file. However, its removal should not cause a
+big performance hit for usual workflows.
+
+Distributions started using --enable-deterministic-archives
+knowing that it would disable the 'u', just to rather have a bit
+more deterministic builds.
+
+Also, to justify this change a bit more, keeping 'u' in ARFLAGS
+could only result in many per-project changes to override
+Libtool's ARFLAGS default, just to silent such warnings.
+
+Fixes bug#19967. Reported by Eric Blake.
+
+* m4/libtool.m4 (_LT_PROG_AR): Default AR_FLAGS to 'cr'.
+(_LT_REQUIRED_DARWIN_CHECKS): Use $AR_FLAGS instead 'cru' string.
+* doc/libtool.texi: Do 's/ar cru/ar cr/' in whole documentation.
+* NEWS: Document.
+
+Upstream-Status: Backport[https://git.savannah.gnu.org/cgit/libtool.git/commit/?id=418129bc63afc312701e84cb8afa5ca413df1ab5]
+
+Signed-off-by: Li Wang <li.wang@...>
+Signed-off-by: Changqing Li <changqing.li@...>
+---
+ NEWS | 4 ++++
+ doc/libtool.texi | 10 +++++-----
+ m4/libtool.m4 | 6 +++---
+ 3 files changed, 12 insertions(+), 8 deletions(-)
+
+diff --git a/NEWS b/NEWS
+index 71a932d..1518f09 100644
+--- a/NEWS
++++ b/NEWS
+@@ -13,6 +13,10 @@ NEWS - list of user-visible changes between releases of GNU Libtool
+ variable, which obsoletes AR_FLAGS. This is due to naming conventions
+ among other *FLAGS and to be consistent with Automake's ARFLAGS.
+
++** Important incompatible changes:
++
++ - Libtool changed ARFLAGS/AR_FLAGS default from 'cru' to 'cr'.
++
+ ** Bug fixes:
+
+ - Fix a race condition in ltdl dryrun test that would cause spurious
+diff --git a/doc/libtool.texi b/doc/libtool.texi
+index 0298627..4c664bb 100644
+--- a/doc/libtool.texi
++++ b/doc/libtool.texi
+@@ -602,7 +602,7 @@ Without libtool, the programmer would invoke the @command{ar} command to
+ create a static library:
+
+ @example
+-burger$ @kbd{ar cru libhello.a hello.o foo.o}
++burger$ @kbd{ar cr libhello.a hello.o foo.o}
+ burger$
+ @end example
+
+@@ -632,7 +632,7 @@ libtool are the same ones you would use to produce an executable named
+ a23$ @kbd{libtool --mode=link gcc -g -O -o libhello.la foo.o hello.o}
+ *** Warning: Linking the shared library libhello.la against the
+ *** non-libtool objects foo.o hello.o is not portable!
+-ar cru .libs/libhello.a
++ar cr .libs/libhello.a
+ ranlib .libs/libhello.a
+ creating libhello.la
+ (cd .libs && rm -f libhello.la && ln -s ../libhello.la libhello.la)
+@@ -662,7 +662,7 @@ archive, not a shared library (@pxref{Static libraries}).}:
+ @example
+ a23$ @kbd{libtool --mode=link gcc -g -O -o libhello.la foo.lo hello.lo \
+ -rpath /usr/local/lib -lm}
+-ar cru @value{objdir}/libhello.a foo.o hello.o
++ar cr @value{objdir}/libhello.a foo.o hello.o
+ ranlib @value{objdir}/libhello.a
+ creating libhello.la
+ (cd @value{objdir} && rm -f libhello.la && ln -s ../libhello.la libhello.la)
+@@ -676,7 +676,7 @@ burger$ @kbd{libtool --mode=link gcc -g -O -o libhello.la foo.lo hello.lo \
+ -rpath /usr/local/lib -lm}
+ rm -fr @value{objdir}/libhello.a @value{objdir}/libhello.la
+ ld -Bshareable -o @value{objdir}/libhello.so.0.0 @value{objdir}/foo.o @value{objdir}/hello.o -lm
+-ar cru @value{objdir}/libhello.a foo.o hello.o
++ar cr @value{objdir}/libhello.a foo.o hello.o
+ ranlib @value{objdir}/libhello.a
+ creating libhello.la
+ (cd @value{objdir} && rm -f libhello.la && ln -s ../libhello.la libhello.la)
+@@ -6001,7 +6001,7 @@ in cases where it is necessary.
+ @subsection Archivers
+
+ On all known systems, building a static library can be accomplished by
+-running @kbd{ar cru lib@var{name}.a @var{obj1}.o @var{obj2}.o @dots{}},
++running @kbd{ar cr lib@var{name}.a @var{obj1}.o @var{obj2}.o @dots{}},
+ where the @file{.a} file is the output library, and each @file{.o} file is an
+ object file.
+
+diff --git a/m4/libtool.m4 b/m4/libtool.m4
+index 6514196..add06ee 100644
+--- a/m4/libtool.m4
++++ b/m4/libtool.m4
+@@ -1041,8 +1041,8 @@ int forced_loaded() { return 2;}
+ _LT_EOF
+ echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD
+ $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD
+- echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
+- $AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
++ echo "$AR $AR_FLAGS libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
++ $AR $AR_FLAGS libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
+ echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD
+ $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD
+ cat > conftest.c << _LT_EOF
+@@ -1505,7 +1505,7 @@ _LT_DECL([], [AR], [1], [The archiver])
+ # ARFLAGS for automake and AR_FLAGS for libtool). FIXME: Make the AR_FLAGS
+ # variable obsoleted/removed.
+
+-test ${AR_FLAGS+y} || AR_FLAGS=${ARFLAGS-cru}
++test ${AR_FLAGS+y} || AR_FLAGS=${ARFLAGS-cr}
+ lt_ar_flags=$AR_FLAGS
+ _LT_DECL([], [lt_ar_flags], [0], [Flags to create an archive (by configure)])
+
+--
+2.23.0
+
diff --git a/meta/recipes-devtools/libtool/libtool/libool.m4-add-ARFLAGS-variable.patch b/meta/recipes-devtools/libtool/libtool/libool.m4-add-ARFLAGS-variable.patch
new file mode 100644
index 0000000000..614961a256
--- /dev/null
+++ b/meta/recipes-devtools/libtool/libtool/libool.m4-add-ARFLAGS-variable.patch
@@ -0,0 +1,77 @@
+From 4335de1dfb7d2ec728427e07a54136b94a2d40f6 Mon Sep 17 00:00:00 2001
+From: Pavel Raiskup <praiskup@...>
+Date: Fri, 17 Apr 2015 15:05:42 +0200
+Subject: libool.m4: add ARFLAGS variable
+
+Libtool has used $AR_FLAGS since 2000-05-29 commit
+8300de4c54e6f04f0d, Automake ARFLAGS since 2003-04-06 commit
+a71b3490639831ca. Even though ARFLAGS is younger, it sounds like
+better name according GNU Coding Standards.
+
+Related to bug#20082.
+
+* m4/libtool.m4 (_LT_PROG_AR): Copy ARFLAGS value into AR_FLAGS
+variable if AR_FLAGS is not set. Add new _LT_DECL'ed variable
+'lt_ar_flags' to keep the configure-time value of AR_FLAGS. The
+new 'lt_ar_flags' is to be used as the default value for AR_FLAGS
+at libtool-runtime.
+* NEWS: Document.
+
+Upstream-Status: Backport[https://git.savannah.gnu.org/cgit/libtool.git/commit/?id=4335de1dfb7d2ec728427e07a54136b94a2d40f6]
+
+Signed-off-by: Li Wang <li.wang@...>
+Signed-off-by: Changqing Li <changqing.li@...>
+---
+ NEWS | 6 ++++++
+ m4/libtool.m4 | 17 +++++++++++++++--
+ 2 files changed, 21 insertions(+), 2 deletions(-)
+
+diff --git a/NEWS b/NEWS
+index d7ca434..71a932d 100644
+--- a/NEWS
++++ b/NEWS
+@@ -7,6 +7,12 @@ NEWS - list of user-visible changes between releases of GNU Libtool
+ - LT_SYS_LIBRARY_PATH can be set in config.site, or at configure time
+ and persists correctly in the generated libtool script.
+
++** New features:
++
++ - Libtool script now supports (configure-time and runtime) ARFLAGS
++ variable, which obsoletes AR_FLAGS. This is due to naming conventions
++ among other *FLAGS and to be consistent with Automake's ARFLAGS.
++
+ ** Bug fixes:
+
+ - Fix a race condition in ltdl dryrun test that would cause spurious
+diff --git a/m4/libtool.m4 b/m4/libtool.m4
+index 63acd09..6514196 100644
+--- a/m4/libtool.m4
++++ b/m4/libtool.m4
+@@ -1497,9 +1497,22 @@ need_locks=$enable_libtool_lock
+ m4_defun([_LT_PROG_AR],
+ [AC_CHECK_TOOLS(AR, [ar], false)
+ : ${AR=ar}
+-: ${AR_FLAGS=cru}
+ _LT_DECL([], [AR], [1], [The archiver])
+-_LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive])
++
++# Use ARFLAGS variable as AR's operation code to sync the variable naming with
++# Automake. If both AR_FLAGS and ARFLAGS are specified, AR_FLAGS should have
++# higher priority because thats what people were doing historically (setting
++# ARFLAGS for automake and AR_FLAGS for libtool). FIXME: Make the AR_FLAGS
++# variable obsoleted/removed.
++
++test ${AR_FLAGS+y} || AR_FLAGS=${ARFLAGS-cru}
++lt_ar_flags=$AR_FLAGS
++_LT_DECL([], [lt_ar_flags], [0], [Flags to create an archive (by configure)])
++
++# Make AR_FLAGS overridable by 'make ARFLAGS='. Don't try to run-time override
++# by AR_FLAGS because that was never working and AR_FLAGS is about to die.
++_LT_DECL([], [AR_FLAGS], [\@S|@{ARFLAGS-"\@S|@lt_ar_flags"}],
++ [Flags to create an archive])
+
+ AC_CACHE_CHECK([for archiver @FILE support], [lt_cv_ar_at_file],
+ [lt_cv_ar_at_file=no
+--
+2.23.0
+
--
2.17.1


[PATCH] libtool: change the default AR_FLAGS from "cru" to "cr"

Changqing Li
 

From: Li Wang <li.wang@...>

Backport patch to fix warning:
`u' modifier ignored since `D' is the default (see `U')

Signed-off-by: Li Wang <li.wang@...>
Signed-off-by: Changqing Li <changqing.li@...>
---
.../libtool/libtool-2.4.6.inc | 2 +
...AGS-use-cr-instead-of-cru-by-default.patch | 133 ++++++++++++++++++
.../libool.m4-add-ARFLAGS-variable.patch | 77 ++++++++++
3 files changed, 212 insertions(+)
create mode 100644 meta/recipes-devtools/libtool/libtool/ARFLAGS-use-cr-instead-of-cru-by-default.patch
create mode 100644 meta/recipes-devtools/libtool/libtool/libool.m4-add-ARFLAGS-variable.patch

diff --git a/meta/recipes-devtools/libtool/libtool-2.4.6.inc b/meta/recipes-devtools/libtool/libtool-2.4.6.inc
index 2df46aa773..a636926ef9 100644
--- a/meta/recipes-devtools/libtool/libtool-2.4.6.inc
+++ b/meta/recipes-devtools/libtool/libtool-2.4.6.inc
@@ -24,6 +24,8 @@ SRC_URI = "${GNU_MIRROR}/libtool/libtool-${PV}.tar.gz \
file://0010-Makefile.am-make-sure-autoheader-run-before-automake.patch \
file://0011-ltmain.in-Handle-prefix-map-compiler-options-correct.patch \
file://0012-libtool.m4-For-reproducibility-stop-encoding-hostnam.patch \
+ file://libool.m4-add-ARFLAGS-variable.patch \
+ file://ARFLAGS-use-cr-instead-of-cru-by-default.patch \
"

SRC_URI[md5sum] = "addf44b646ddb4e3919805aa88fa7c5e"
diff --git a/meta/recipes-devtools/libtool/libtool/ARFLAGS-use-cr-instead-of-cru-by-default.patch b/meta/recipes-devtools/libtool/libtool/ARFLAGS-use-cr-instead-of-cru-by-default.patch
new file mode 100644
index 0000000000..5c4a8fdb2d
--- /dev/null
+++ b/meta/recipes-devtools/libtool/libtool/ARFLAGS-use-cr-instead-of-cru-by-default.patch
@@ -0,0 +1,133 @@
+From 418129bc63afc312701e84cb8afa5ca413df1ab5 Mon Sep 17 00:00:00 2001
+From: Pavel Raiskup <praiskup@...>
+Date: Fri, 17 Apr 2015 16:54:58 +0200
+Subject: ARFLAGS: use 'cr' instead of 'cru' by default
+
+In some GNU/Linux distributions people started to compile 'ar'
+binary with --enable-deterministic-archives (binutils project).
+That, however, in combination with our previous long time working
+default AR_FLAGS=cru causes warnings on such installations:
+ar: `u' modifier ignored since `D' is the default (see `U')
+
+The 'u' option (at least with GNU binutils) did small optimization
+during repeated builds because it instructed 'ar' to not
+open/close unchanged *.o files and to rather read their contents
+from old archive file. However, its removal should not cause a
+big performance hit for usual workflows.
+
+Distributions started using --enable-deterministic-archives
+knowing that it would disable the 'u', just to rather have a bit
+more deterministic builds.
+
+Also, to justify this change a bit more, keeping 'u' in ARFLAGS
+could only result in many per-project changes to override
+Libtool's ARFLAGS default, just to silent such warnings.
+
+Fixes bug#19967. Reported by Eric Blake.
+
+* m4/libtool.m4 (_LT_PROG_AR): Default AR_FLAGS to 'cr'.
+(_LT_REQUIRED_DARWIN_CHECKS): Use $AR_FLAGS instead 'cru' string.
+* doc/libtool.texi: Do 's/ar cru/ar cr/' in whole documentation.
+* NEWS: Document.
+
+Upstream-Status: Backport[https://git.savannah.gnu.org/cgit/libtool.git/commit/?id=418129bc63afc312701e84cb8afa5ca413df1ab5]
+
+Signed-off-by: Li Wang <li.wang@...>
+Signed-off-by: Changqing Li <changqing.li@...>
+---
+ NEWS | 4 ++++
+ doc/libtool.texi | 10 +++++-----
+ m4/libtool.m4 | 6 +++---
+ 3 files changed, 12 insertions(+), 8 deletions(-)
+
+diff --git a/NEWS b/NEWS
+index 71a932d..1518f09 100644
+--- a/NEWS
++++ b/NEWS
+@@ -13,6 +13,10 @@ NEWS - list of user-visible changes between releases of GNU Libtool
+ variable, which obsoletes AR_FLAGS. This is due to naming conventions
+ among other *FLAGS and to be consistent with Automake's ARFLAGS.
+
++** Important incompatible changes:
++
++ - Libtool changed ARFLAGS/AR_FLAGS default from 'cru' to 'cr'.
++
+ ** Bug fixes:
+
+ - Fix a race condition in ltdl dryrun test that would cause spurious
+diff --git a/doc/libtool.texi b/doc/libtool.texi
+index 0298627..4c664bb 100644
+--- a/doc/libtool.texi
++++ b/doc/libtool.texi
+@@ -602,7 +602,7 @@ Without libtool, the programmer would invoke the @command{ar} command to
+ create a static library:
+
+ @example
+-burger$ @kbd{ar cru libhello.a hello.o foo.o}
++burger$ @kbd{ar cr libhello.a hello.o foo.o}
+ burger$
+ @end example
+
+@@ -632,7 +632,7 @@ libtool are the same ones you would use to produce an executable named
+ a23$ @kbd{libtool --mode=link gcc -g -O -o libhello.la foo.o hello.o}
+ *** Warning: Linking the shared library libhello.la against the
+ *** non-libtool objects foo.o hello.o is not portable!
+-ar cru .libs/libhello.a
++ar cr .libs/libhello.a
+ ranlib .libs/libhello.a
+ creating libhello.la
+ (cd .libs && rm -f libhello.la && ln -s ../libhello.la libhello.la)
+@@ -662,7 +662,7 @@ archive, not a shared library (@pxref{Static libraries}).}:
+ @example
+ a23$ @kbd{libtool --mode=link gcc -g -O -o libhello.la foo.lo hello.lo \
+ -rpath /usr/local/lib -lm}
+-ar cru @value{objdir}/libhello.a foo.o hello.o
++ar cr @value{objdir}/libhello.a foo.o hello.o
+ ranlib @value{objdir}/libhello.a
+ creating libhello.la
+ (cd @value{objdir} && rm -f libhello.la && ln -s ../libhello.la libhello.la)
+@@ -676,7 +676,7 @@ burger$ @kbd{libtool --mode=link gcc -g -O -o libhello.la foo.lo hello.lo \
+ -rpath /usr/local/lib -lm}
+ rm -fr @value{objdir}/libhello.a @value{objdir}/libhello.la
+ ld -Bshareable -o @value{objdir}/libhello.so.0.0 @value{objdir}/foo.o @value{objdir}/hello.o -lm
+-ar cru @value{objdir}/libhello.a foo.o hello.o
++ar cr @value{objdir}/libhello.a foo.o hello.o
+ ranlib @value{objdir}/libhello.a
+ creating libhello.la
+ (cd @value{objdir} && rm -f libhello.la && ln -s ../libhello.la libhello.la)
+@@ -6001,7 +6001,7 @@ in cases where it is necessary.
+ @subsection Archivers
+
+ On all known systems, building a static library can be accomplished by
+-running @kbd{ar cru lib@var{name}.a @var{obj1}.o @var{obj2}.o @dots{}},
++running @kbd{ar cr lib@var{name}.a @var{obj1}.o @var{obj2}.o @dots{}},
+ where the @file{.a} file is the output library, and each @file{.o} file is an
+ object file.
+
+diff --git a/m4/libtool.m4 b/m4/libtool.m4
+index 6514196..add06ee 100644
+--- a/m4/libtool.m4
++++ b/m4/libtool.m4
+@@ -1041,8 +1041,8 @@ int forced_loaded() { return 2;}
+ _LT_EOF
+ echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD
+ $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD
+- echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
+- $AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
++ echo "$AR $AR_FLAGS libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
++ $AR $AR_FLAGS libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
+ echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD
+ $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD
+ cat > conftest.c << _LT_EOF
+@@ -1505,7 +1505,7 @@ _LT_DECL([], [AR], [1], [The archiver])
+ # ARFLAGS for automake and AR_FLAGS for libtool). FIXME: Make the AR_FLAGS
+ # variable obsoleted/removed.
+
+-test ${AR_FLAGS+y} || AR_FLAGS=${ARFLAGS-cru}
++test ${AR_FLAGS+y} || AR_FLAGS=${ARFLAGS-cr}
+ lt_ar_flags=$AR_FLAGS
+ _LT_DECL([], [lt_ar_flags], [0], [Flags to create an archive (by configure)])
+
+--
+2.23.0
+
diff --git a/meta/recipes-devtools/libtool/libtool/libool.m4-add-ARFLAGS-variable.patch b/meta/recipes-devtools/libtool/libtool/libool.m4-add-ARFLAGS-variable.patch
new file mode 100644
index 0000000000..614961a256
--- /dev/null
+++ b/meta/recipes-devtools/libtool/libtool/libool.m4-add-ARFLAGS-variable.patch
@@ -0,0 +1,77 @@
+From 4335de1dfb7d2ec728427e07a54136b94a2d40f6 Mon Sep 17 00:00:00 2001
+From: Pavel Raiskup <praiskup@...>
+Date: Fri, 17 Apr 2015 15:05:42 +0200
+Subject: libool.m4: add ARFLAGS variable
+
+Libtool has used $AR_FLAGS since 2000-05-29 commit
+8300de4c54e6f04f0d, Automake ARFLAGS since 2003-04-06 commit
+a71b3490639831ca. Even though ARFLAGS is younger, it sounds like
+better name according GNU Coding Standards.
+
+Related to bug#20082.
+
+* m4/libtool.m4 (_LT_PROG_AR): Copy ARFLAGS value into AR_FLAGS
+variable if AR_FLAGS is not set. Add new _LT_DECL'ed variable
+'lt_ar_flags' to keep the configure-time value of AR_FLAGS. The
+new 'lt_ar_flags' is to be used as the default value for AR_FLAGS
+at libtool-runtime.
+* NEWS: Document.
+
+Upstream-Status: Backport[https://git.savannah.gnu.org/cgit/libtool.git/commit/?id=4335de1dfb7d2ec728427e07a54136b94a2d40f6]
+
+Signed-off-by: Li Wang <li.wang@...>
+Signed-off-by: Changqing Li <changqing.li@...>
+---
+ NEWS | 6 ++++++
+ m4/libtool.m4 | 17 +++++++++++++++--
+ 2 files changed, 21 insertions(+), 2 deletions(-)
+
+diff --git a/NEWS b/NEWS
+index d7ca434..71a932d 100644
+--- a/NEWS
++++ b/NEWS
+@@ -7,6 +7,12 @@ NEWS - list of user-visible changes between releases of GNU Libtool
+ - LT_SYS_LIBRARY_PATH can be set in config.site, or at configure time
+ and persists correctly in the generated libtool script.
+
++** New features:
++
++ - Libtool script now supports (configure-time and runtime) ARFLAGS
++ variable, which obsoletes AR_FLAGS. This is due to naming conventions
++ among other *FLAGS and to be consistent with Automake's ARFLAGS.
++
+ ** Bug fixes:
+
+ - Fix a race condition in ltdl dryrun test that would cause spurious
+diff --git a/m4/libtool.m4 b/m4/libtool.m4
+index 63acd09..6514196 100644
+--- a/m4/libtool.m4
++++ b/m4/libtool.m4
+@@ -1497,9 +1497,22 @@ need_locks=$enable_libtool_lock
+ m4_defun([_LT_PROG_AR],
+ [AC_CHECK_TOOLS(AR, [ar], false)
+ : ${AR=ar}
+-: ${AR_FLAGS=cru}
+ _LT_DECL([], [AR], [1], [The archiver])
+-_LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive])
++
++# Use ARFLAGS variable as AR's operation code to sync the variable naming with
++# Automake. If both AR_FLAGS and ARFLAGS are specified, AR_FLAGS should have
++# higher priority because thats what people were doing historically (setting
++# ARFLAGS for automake and AR_FLAGS for libtool). FIXME: Make the AR_FLAGS
++# variable obsoleted/removed.
++
++test ${AR_FLAGS+y} || AR_FLAGS=${ARFLAGS-cru}
++lt_ar_flags=$AR_FLAGS
++_LT_DECL([], [lt_ar_flags], [0], [Flags to create an archive (by configure)])
++
++# Make AR_FLAGS overridable by 'make ARFLAGS='. Don't try to run-time override
++# by AR_FLAGS because that was never working and AR_FLAGS is about to die.
++_LT_DECL([], [AR_FLAGS], [\@S|@{ARFLAGS-"\@S|@lt_ar_flags"}],
++ [Flags to create an archive])
+
+ AC_CACHE_CHECK([for archiver @FILE support], [lt_cv_ar_at_file],
+ [lt_cv_ar_at_file=no
+--
+2.23.0
+
--
2.17.1


[hardknott][PATCH] libtool: change the default AR_FLAGS from "cru" to "cr"

Changqing Li
 

From: Li Wang <li.wang@...>

Backport patch to fix warning:
`u' modifier ignored since `D' is the default (see `U')

libool.m4: add ARFLAGS variable

Upstream-Status: Backport

Reference to upstream patch:
https://git.savannah.gnu.org/cgit/libtool.git/commit/?id=4335de1dfb7d2ec728427e07a54136b94a2d40f6

ARFLAGS: use 'cr' instead of 'cru' by default

Upstream-Status: Backport

Reference to upstream patch:
https://git.savannah.gnu.org/cgit/libtool.git/commit/?id=418129bc63afc312701e84cb8afa5ca413df1ab5

Signed-off-by: Li Wang <li.wang@...>
Signed-off-by: Changqing Li <changqing.li@...>
---
.../libtool/libtool-2.4.6.inc | 2 +
...AGS-use-cr-instead-of-cru-by-default.patch | 136 ++++++++++++++++++
.../libool.m4-add-ARFLAGS-variable.patch | 80 +++++++++++
3 files changed, 218 insertions(+)
create mode 100644 meta/recipes-devtools/libtool/libtool/ARFLAGS-use-cr-instead-of-cru-by-default.patch
create mode 100644 meta/recipes-devtools/libtool/libtool/libool.m4-add-ARFLAGS-variable.patch

diff --git a/meta/recipes-devtools/libtool/libtool-2.4.6.inc b/meta/recipes-devtools/libtool/libtool-2.4.6.inc
index e9225e140c..8cda81b71d 100644
--- a/meta/recipes-devtools/libtool/libtool-2.4.6.inc
+++ b/meta/recipes-devtools/libtool/libtool-2.4.6.inc
@@ -23,6 +23,8 @@ SRC_URI = "${GNU_MIRROR}/libtool/libtool-${PV}.tar.gz \
file://0001-libtool-Check-for-static-libs-for-internal-compiler-.patch \
file://0001-Makefile.am-make-sure-autoheader-run-before-autoconf.patch \
file://0001-Makefile.am-make-sure-autoheader-run-before-automake.patch \
+ file://libool.m4-add-ARFLAGS-variable.patch \
+ file://ARFLAGS-use-cr-instead-of-cru-by-default.patch \
"

SRC_URI[md5sum] = "addf44b646ddb4e3919805aa88fa7c5e"
diff --git a/meta/recipes-devtools/libtool/libtool/ARFLAGS-use-cr-instead-of-cru-by-default.patch b/meta/recipes-devtools/libtool/libtool/ARFLAGS-use-cr-instead-of-cru-by-default.patch
new file mode 100644
index 0000000000..809b07ee8c
--- /dev/null
+++ b/meta/recipes-devtools/libtool/libtool/ARFLAGS-use-cr-instead-of-cru-by-default.patch
@@ -0,0 +1,136 @@
+From 418129bc63afc312701e84cb8afa5ca413df1ab5 Mon Sep 17 00:00:00 2001
+From: Pavel Raiskup <praiskup@...>
+Date: Fri, 17 Apr 2015 16:54:58 +0200
+Subject: ARFLAGS: use 'cr' instead of 'cru' by default
+
+In some GNU/Linux distributions people started to compile 'ar'
+binary with --enable-deterministic-archives (binutils project).
+That, however, in combination with our previous long time working
+default AR_FLAGS=cru causes warnings on such installations:
+ar: `u' modifier ignored since `D' is the default (see `U')
+
+The 'u' option (at least with GNU binutils) did small optimization
+during repeated builds because it instructed 'ar' to not
+open/close unchanged *.o files and to rather read their contents
+from old archive file. However, its removal should not cause a
+big performance hit for usual workflows.
+
+Distributions started using --enable-deterministic-archives
+knowing that it would disable the 'u', just to rather have a bit
+more deterministic builds.
+
+Also, to justify this change a bit more, keeping 'u' in ARFLAGS
+could only result in many per-project changes to override
+Libtool's ARFLAGS default, just to silent such warnings.
+
+Fixes bug#19967. Reported by Eric Blake.
+
+* m4/libtool.m4 (_LT_PROG_AR): Default AR_FLAGS to 'cr'.
+(_LT_REQUIRED_DARWIN_CHECKS): Use $AR_FLAGS instead 'cru' string.
+* doc/libtool.texi: Do 's/ar cru/ar cr/' in whole documentation.
+* NEWS: Document.
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.savannah.gnu.org/cgit/libtool.git/commit/?id=418129bc63afc312701e84cb8afa5ca413df1ab5
+
+Signed-off-by: Li Wang <li.wang@...>
+Signed-off-by: Changqing Li <changqing.li@...>
+---
+ NEWS | 4 ++++
+ doc/libtool.texi | 10 +++++-----
+ m4/libtool.m4 | 6 +++---
+ 3 files changed, 12 insertions(+), 8 deletions(-)
+
+diff --git a/NEWS b/NEWS
+index 71a932d..1518f09 100644
+--- a/NEWS
++++ b/NEWS
+@@ -13,6 +13,10 @@ NEWS - list of user-visible changes between releases of GNU Libtool
+ variable, which obsoletes AR_FLAGS. This is due to naming conventions
+ among other *FLAGS and to be consistent with Automake's ARFLAGS.
+
++** Important incompatible changes:
++
++ - Libtool changed ARFLAGS/AR_FLAGS default from 'cru' to 'cr'.
++
+ ** Bug fixes:
+
+ - Fix a race condition in ltdl dryrun test that would cause spurious
+diff --git a/doc/libtool.texi b/doc/libtool.texi
+index 0298627..4c664bb 100644
+--- a/doc/libtool.texi
++++ b/doc/libtool.texi
+@@ -602,7 +602,7 @@ Without libtool, the programmer would invoke the @command{ar} command to
+ create a static library:
+
+ @example
+-burger$ @kbd{ar cru libhello.a hello.o foo.o}
++burger$ @kbd{ar cr libhello.a hello.o foo.o}
+ burger$
+ @end example
+
+@@ -632,7 +632,7 @@ libtool are the same ones you would use to produce an executable named
+ a23$ @kbd{libtool --mode=link gcc -g -O -o libhello.la foo.o hello.o}
+ *** Warning: Linking the shared library libhello.la against the
+ *** non-libtool objects foo.o hello.o is not portable!
+-ar cru .libs/libhello.a
++ar cr .libs/libhello.a
+ ranlib .libs/libhello.a
+ creating libhello.la
+ (cd .libs && rm -f libhello.la && ln -s ../libhello.la libhello.la)
+@@ -662,7 +662,7 @@ archive, not a shared library (@pxref{Static libraries}).}:
+ @example
+ a23$ @kbd{libtool --mode=link gcc -g -O -o libhello.la foo.lo hello.lo \
+ -rpath /usr/local/lib -lm}
+-ar cru @value{objdir}/libhello.a foo.o hello.o
++ar cr @value{objdir}/libhello.a foo.o hello.o
+ ranlib @value{objdir}/libhello.a
+ creating libhello.la
+ (cd @value{objdir} && rm -f libhello.la && ln -s ../libhello.la libhello.la)
+@@ -676,7 +676,7 @@ burger$ @kbd{libtool --mode=link gcc -g -O -o libhello.la foo.lo hello.lo \
+ -rpath /usr/local/lib -lm}
+ rm -fr @value{objdir}/libhello.a @value{objdir}/libhello.la
+ ld -Bshareable -o @value{objdir}/libhello.so.0.0 @value{objdir}/foo.o @value{objdir}/hello.o -lm
+-ar cru @value{objdir}/libhello.a foo.o hello.o
++ar cr @value{objdir}/libhello.a foo.o hello.o
+ ranlib @value{objdir}/libhello.a
+ creating libhello.la
+ (cd @value{objdir} && rm -f libhello.la && ln -s ../libhello.la libhello.la)
+@@ -6001,7 +6001,7 @@ in cases where it is necessary.
+ @subsection Archivers
+
+ On all known systems, building a static library can be accomplished by
+-running @kbd{ar cru lib@var{name}.a @var{obj1}.o @var{obj2}.o @dots{}},
++running @kbd{ar cr lib@var{name}.a @var{obj1}.o @var{obj2}.o @dots{}},
+ where the @file{.a} file is the output library, and each @file{.o} file is an
+ object file.
+
+diff --git a/m4/libtool.m4 b/m4/libtool.m4
+index 6514196..add06ee 100644
+--- a/m4/libtool.m4
++++ b/m4/libtool.m4
+@@ -1041,8 +1041,8 @@ int forced_loaded() { return 2;}
+ _LT_EOF
+ echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD
+ $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD
+- echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
+- $AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
++ echo "$AR $AR_FLAGS libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
++ $AR $AR_FLAGS libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
+ echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD
+ $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD
+ cat > conftest.c << _LT_EOF
+@@ -1505,7 +1505,7 @@ _LT_DECL([], [AR], [1], [The archiver])
+ # ARFLAGS for automake and AR_FLAGS for libtool). FIXME: Make the AR_FLAGS
+ # variable obsoleted/removed.
+
+-test ${AR_FLAGS+y} || AR_FLAGS=${ARFLAGS-cru}
++test ${AR_FLAGS+y} || AR_FLAGS=${ARFLAGS-cr}
+ lt_ar_flags=$AR_FLAGS
+ _LT_DECL([], [lt_ar_flags], [0], [Flags to create an archive (by configure)])
+
+--
+2.23.0
+
diff --git a/meta/recipes-devtools/libtool/libtool/libool.m4-add-ARFLAGS-variable.patch b/meta/recipes-devtools/libtool/libtool/libool.m4-add-ARFLAGS-variable.patch
new file mode 100644
index 0000000000..d2d6ec533c
--- /dev/null
+++ b/meta/recipes-devtools/libtool/libtool/libool.m4-add-ARFLAGS-variable.patch
@@ -0,0 +1,80 @@
+From 4335de1dfb7d2ec728427e07a54136b94a2d40f6 Mon Sep 17 00:00:00 2001
+From: Pavel Raiskup <praiskup@...>
+Date: Fri, 17 Apr 2015 15:05:42 +0200
+Subject: libool.m4: add ARFLAGS variable
+
+Libtool has used $AR_FLAGS since 2000-05-29 commit
+8300de4c54e6f04f0d, Automake ARFLAGS since 2003-04-06 commit
+a71b3490639831ca. Even though ARFLAGS is younger, it sounds like
+better name according GNU Coding Standards.
+
+Related to bug#20082.
+
+* m4/libtool.m4 (_LT_PROG_AR): Copy ARFLAGS value into AR_FLAGS
+variable if AR_FLAGS is not set. Add new _LT_DECL'ed variable
+'lt_ar_flags' to keep the configure-time value of AR_FLAGS. The
+new 'lt_ar_flags' is to be used as the default value for AR_FLAGS
+at libtool-runtime.
+* NEWS: Document.
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://git.savannah.gnu.org/cgit/libtool.git/commit/?id=4335de1dfb7d2ec728427e07a54136b94a2d40f6
+
+Signed-off-by: Li Wang <li.wang@...>
+Signed-off-by: Changqing Li <changqing.li@...>
+---
+ NEWS | 6 ++++++
+ m4/libtool.m4 | 17 +++++++++++++++--
+ 2 files changed, 21 insertions(+), 2 deletions(-)
+
+diff --git a/NEWS b/NEWS
+index d7ca434..71a932d 100644
+--- a/NEWS
++++ b/NEWS
+@@ -7,6 +7,12 @@ NEWS - list of user-visible changes between releases of GNU Libtool
+ - LT_SYS_LIBRARY_PATH can be set in config.site, or at configure time
+ and persists correctly in the generated libtool script.
+
++** New features:
++
++ - Libtool script now supports (configure-time and runtime) ARFLAGS
++ variable, which obsoletes AR_FLAGS. This is due to naming conventions
++ among other *FLAGS and to be consistent with Automake's ARFLAGS.
++
+ ** Bug fixes:
+
+ - Fix a race condition in ltdl dryrun test that would cause spurious
+diff --git a/m4/libtool.m4 b/m4/libtool.m4
+index 63acd09..6514196 100644
+--- a/m4/libtool.m4
++++ b/m4/libtool.m4
+@@ -1497,9 +1497,22 @@ need_locks=$enable_libtool_lock
+ m4_defun([_LT_PROG_AR],
+ [AC_CHECK_TOOLS(AR, [ar], false)
+ : ${AR=ar}
+-: ${AR_FLAGS=cru}
+ _LT_DECL([], [AR], [1], [The archiver])
+-_LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive])
++
++# Use ARFLAGS variable as AR's operation code to sync the variable naming with
++# Automake. If both AR_FLAGS and ARFLAGS are specified, AR_FLAGS should have
++# higher priority because thats what people were doing historically (setting
++# ARFLAGS for automake and AR_FLAGS for libtool). FIXME: Make the AR_FLAGS
++# variable obsoleted/removed.
++
++test ${AR_FLAGS+y} || AR_FLAGS=${ARFLAGS-cru}
++lt_ar_flags=$AR_FLAGS
++_LT_DECL([], [lt_ar_flags], [0], [Flags to create an archive (by configure)])
++
++# Make AR_FLAGS overridable by 'make ARFLAGS='. Don't try to run-time override
++# by AR_FLAGS because that was never working and AR_FLAGS is about to die.
++_LT_DECL([], [AR_FLAGS], [\@S|@{ARFLAGS-"\@S|@lt_ar_flags"}],
++ [Flags to create an archive])
+
+ AC_CACHE_CHECK([for archiver @FILE support], [lt_cv_ar_at_file],
+ [lt_cv_ar_at_file=no
+--
+2.23.0
+
--
2.17.1


[PATCH] yocto-check-layer: Address Bug#11131

Dhruva Gole
 

This adds:
- Test case to review if the README file specifies the maintainer.
- Test case to review if the README file specifies the word patch.
- Test case to review if the README file contains an email address.

Signed-off-by: Dhruva Gole <goledhruva@...>
---
scripts/lib/checklayer/cases/common.py | 6 ++++++
1 file changed, 6 insertions(+)

diff --git a/scripts/lib/checklayer/cases/common.py b/scripts/lib/checklayer/cases/common.py
index b82304e361..8d4aab7973 100644
--- a/scripts/lib/checklayer/cases/common.py
+++ b/scripts/lib/checklayer/cases/common.py
@@ -6,6 +6,7 @@
import glob
import os
import unittest
+import re
from checklayer import get_signatures, LayerType, check_command, get_depgraph, compare_signatures
from checklayer.case import OECheckLayerTestCase

@@ -25,6 +26,11 @@ class CommonCheckLayer(OECheckLayerTestCase):
data = f.read()
self.assertTrue(data,
msg="Layer contains a README file but it is empty.")
+ self.assertIn('maintainer',data)
+ self.assertIn('patch',data)
+ # Check that there is an email address in the README
+ email_regex = re.compile(r"[^@]+@[^@]+")
+ self.assertTrue(email_regex.match(data))

def test_parse(self):
check_command('Layer %s failed to parse.' % self.tc.layer['name'],
--
2.25.1


opkg_lock: Could not lock /run/opkg.lock:

Khem Raj
 

On CI system when a new job is launched which is running another CI
job in a different sandbox, following error is encountered often.

* opkg_lock: Could not lock /run/opkg.lock: Resource temporarily unavailable.
* opkg_cmd_exec: Command failed to capture privilege lock: Resource
temporarily unavailable.

This is seen when two or more CI jobs are running. Any ideas ?
Its using opkg for O_P_M and builds are running on baremetal ( i.e. no
container stuff )
exact same CI job works when run alone.

For reference see
https://github.com/YoeDistro/meta-openembedded/runs/4362290225?check_suite_focus=true

Thanks
-Khem


[PATCH] Revert "weston-init: Pass --continue-without-input when launching weston"

Khem Raj
 

This reverts commit 762a20b493cc219a46d9ac188fe4895a111ee7b4.

This breaks machines using fbdev backend, since this option is drm
backend specific, we need to know the backend before using it, until we
have a smart way to detect that, this will not be a fool proof solution,
therefore revert it for now.

Signed-off-by: Khem Raj <raj.khem@...>
---
meta/recipes-graphics/wayland/weston-init/init | 2 +-
meta/recipes-graphics/wayland/weston-init/weston.service | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-graphics/wayland/weston-init/init b/meta/recipes-graphics/wayland/weston-init/init
index f74ac8b1846..a849f29bcbd 100644
--- a/meta/recipes-graphics/wayland/weston-init/init
+++ b/meta/recipes-graphics/wayland/weston-init/init
@@ -32,7 +32,7 @@ case "$1" in
. /etc/profile
export HOME=ROOTHOME

- weston-start -- --continue-without-input $OPTARGS
+ weston-start -- $OPTARGS
;;

stop)
diff --git a/meta/recipes-graphics/wayland/weston-init/weston.service b/meta/recipes-graphics/wayland/weston-init/weston.service
index c7583e92e6e..e09625b31c6 100644
--- a/meta/recipes-graphics/wayland/weston-init/weston.service
+++ b/meta/recipes-graphics/wayland/weston-init/weston.service
@@ -34,7 +34,7 @@ ConditionPathExists=/dev/tty0
# Requires systemd-notify.so Weston plugin.
Type=notify
EnvironmentFile=/etc/default/weston
-ExecStart=/usr/bin/weston --continue-without-input --modules=systemd-notify.so
+ExecStart=/usr/bin/weston --modules=systemd-notify.so

# Optional watchdog setup
TimeoutStartSec=60
--
2.34.1


Re: [meta][dunfell][PATCH] glib-2.0: Add security fixes

Anuj Mittal
 

I think this is missing fixes for regressions caused by these commits.
Specifically the ones here:

https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1933/commits

https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1943

The Ubuntu code branch that is being referred here also includes these
fixes.

Thanks,

Anuj

On Mon, 2021-11-29 at 13:13 +0530, Ranjitsinh Rathod wrote:
From: Neetika Singh <Neetika.Singh@...>

Add patches for below CVE issues:
CVE-2021-27218
CVE-2021-27219
CVE-2021-28153
Link:
https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz

Signed-off-by: Neetika.Singh <Neetika.Singh@...>
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@...>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@...>
---
 .../glib-2.0/glib-2.0/CVE-2021-27218.patch    | 128 ++++++++
 .../glib-2.0/glib-2.0/CVE-2021-27219-01.patch | 169 ++++++++++
 .../glib-2.0/glib-2.0/CVE-2021-27219-02.patch | 248 +++++++++++++++
 .../glib-2.0/glib-2.0/CVE-2021-27219-03.patch | 130 ++++++++
 .../glib-2.0/glib-2.0/CVE-2021-27219-04.patch | 297 ++++++++++++++++++
 .../glib-2.0/glib-2.0/CVE-2021-27219-05.patch |  53 ++++
 .../glib-2.0/glib-2.0/CVE-2021-27219-06.patch | 100 ++++++
 .../glib-2.0/glib-2.0/CVE-2021-27219-07.patch |  75 +++++
 .../glib-2.0/glib-2.0/CVE-2021-27219-08.patch | 100 ++++++
 .../glib-2.0/glib-2.0/CVE-2021-27219-09.patch |  99 ++++++
 .../glib-2.0/glib-2.0/CVE-2021-27219-10.patch |  58 ++++
 .../glib-2.0/glib-2.0/CVE-2021-27219-11.patch |  62 ++++
 .../glib-2.0/glib-2.0/CVE-2021-28153-1.patch  |  26 ++
 .../glib-2.0/glib-2.0/CVE-2021-28153-2.patch  |  41 +++
 .../glib-2.0/glib-2.0/CVE-2021-28153-3.patch  |  56 ++++
 .../glib-2.0/glib-2.0/CVE-2021-28153-4.patch  | 264 ++++++++++++++++
 .../glib-2.0/glib-2.0/CVE-2021-28153-5.patch  |  54 ++++
 meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb |  17 +
 18 files changed, 1977 insertions(+)
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-
27218.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-
01.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-
02.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-
03.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-
04.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-
05.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-
06.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-
07.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-
08.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-
09.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-
10.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-
11.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-
1.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-
2.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-
3.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-
4.patch
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-
5.patch

diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27218.patch
b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27218.patch
new file mode 100644
index 0000000000..23e1426cee
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27218.patch
@@ -0,0 +1,128 @@
+Backport of:
+
+From 0f384c88a241bbbd884487b1c40b7b75f1e638d3 Mon Sep 17 00:00:00 2001
+From: Krzesimir Nowak <qdlacz@...>
+Date: Wed, 10 Feb 2021 23:51:07 +0100
+Subject: [PATCH] gbytearray: Do not accept too large byte arrays
+
+GByteArray uses guint for storing the length of the byte array, but it
+also has a constructor (g_byte_array_new_take) that takes length as a
+gsize. gsize may be larger than guint (64 bits for gsize vs 32 bits
+for guint). It is possible to call the function with a value greater
+than G_MAXUINT, which will result in silent length truncation. This
+may happen as a result of unreffing GBytes into GByteArray, so rather
+be loud about it.
+
+(Test case tweaked by Philip Withnall.)
+
+(Backport 2.66: Add #include gstrfuncsprivate.h in the test case for
+`g_memdup2()`.)
+
+Upstream-Status: Backport
[https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz
]
+CVE: CVE-2021-27218
+Signed-off-by: Neetika Singh <Neetika.Singh@...>
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@...>
+---
+ glib/garray.c      |  6 ++++++
+ glib/gbytes.c      |  4 ++++
+ glib/tests/bytes.c | 35 ++++++++++++++++++++++++++++++++++-
+ 3 files changed, 44 insertions(+), 1 deletion(-)
+
+--- a/glib/garray.c
++++ b/glib/garray.c
+@@ -2234,6 +2234,10 @@ g_byte_array_steal (GByteArray *array,
+  * Create byte array containing the data. The data will be owned by
the array
+  * and will be freed with g_free(), i.e. it could be allocated using
g_strdup().
+  *
++ * Do not use it if @len is greater than %G_MAXUINT. #GByteArray
++ * stores the length of its data in #guint, which may be shorter than
++ * #gsize.
++ *
+  * Since: 2.32
+  *
+  * Returns: (transfer full): a new #GByteArray
+@@ -2245,6 +2249,8 @@ g_byte_array_new_take (guint8 *data,
+   GByteArray *array;
+   GRealArray *real;
+
++  g_return_val_if_fail (len <= G_MAXUINT, NULL);
++
+   array = g_byte_array_new ();
+   real = (GRealArray *)array;
+   g_assert (real->data == NULL);
+--- a/glib/gbytes.c
++++ b/glib/gbytes.c
+@@ -519,6 +519,10 @@ g_bytes_unref_to_data (GBytes *bytes,
+  * g_bytes_new(), g_bytes_new_take() or g_byte_array_free_to_bytes().
In all
+  * other cases the data is copied.
+  *
++ * Do not use it if @bytes contains more than %G_MAXUINT
++ * bytes. #GByteArray stores the length of its data in #guint, which
++ * may be shorter than #gsize, that @bytes is using.
++ *
+  * Returns: (transfer full): a new mutable #GByteArray containing the
same byte data
+  *
+  * Since: 2.32
+--- a/glib/tests/bytes.c
++++ b/glib/tests/bytes.c
+@@ -10,12 +10,12 @@
+  */
+
+ #undef G_DISABLE_ASSERT
+-#undef G_LOG_DOMAIN
+
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
+ #include "glib.h"
++#include "glib/gstrfuncsprivate.h"
+
+ /* Keep in sync with glib/gbytes.c */
+ struct _GBytes
+@@ -334,6 +334,38 @@ test_to_array_transferred (void)
+ }
+
+ static void
++test_to_array_transferred_oversize (void)
++{
++  g_test_message ("g_bytes_unref_to_array() can only take GBytes up
to "
++                  "G_MAXUINT in length; test that longer ones are
rejected");
++
++  if (sizeof (guint) >= sizeof (gsize))
++    {
++      g_test_skip ("Skipping test as guint is not smaller than
gsize");
++    }
++  else if (g_test_undefined ())
++    {
++      GByteArray *array = NULL;
++      GBytes *bytes = NULL;
++      gpointer data = g_memdup2 (NYAN, N_NYAN);
++      gsize len = ((gsize) G_MAXUINT) + 1;
++
++      bytes = g_bytes_new_take (data, len);
++      g_test_expect_message (G_LOG_DOMAIN, G_LOG_LEVEL_CRITICAL,
++                             "g_byte_array_new_take: assertion 'len
<= G_MAXUINT' failed");
++      array = g_bytes_unref_to_array (g_steal_pointer (&bytes));
++      g_test_assert_expected_messages ();
++      g_assert_null (array);
++
++      g_free (data);
++    }
++  else
++    {
++      g_test_skip ("Skipping test as testing undefined behaviour is
disabled");
++    }
++}
++
++static void
+ test_to_array_two_refs (void)
+ {
+   gconstpointer memory;
+@@ -410,6 +442,7 @@ main (int argc, char *argv[])
+   g_test_add_func ("/bytes/to-array/transfered",
test_to_array_transferred);
+   g_test_add_func ("/bytes/to-array/two-refs",
test_to_array_two_refs);
+   g_test_add_func ("/bytes/to-array/non-malloc",
test_to_array_non_malloc);
++  g_test_add_func ("/bytes/to-array/transferred/oversize",
test_to_array_transferred_oversize);
+   g_test_add_func ("/bytes/null", test_null);
+
+   return g_test_run ();
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-
01.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-01.patch
new file mode 100644
index 0000000000..3ded039633
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-01.patch
@@ -0,0 +1,169 @@
+Backport of:
+
+From 5e5f75a77e399c638be66d74e5daa8caeb433e00 Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@...>
+Date: Thu, 4 Feb 2021 13:30:52 +0000
+Subject: [PATCH 01/11] gstrfuncs: Add internal g_memdup2() function
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This will replace the existing `g_memdup()` function for use within
+GLib. It has an unavoidable security flaw of taking its `byte_size`
+argument as a `guint` rather than as a `gsize`. Most callers will
+expect it to be a `gsize`, and may pass in large values which could
+silently be truncated, resulting in an undersize allocation compared
+to what the caller expects.
+
+This could lead to a classic buffer overflow vulnerability for many
+callers of `g_memdup()`.
+
+`g_memdup2()`, in comparison, takes its `byte_size` as a `gsize`.
+
+Spotted by Kevin Backhouse of GHSL.
+
+In GLib 2.68, `g_memdup2()` will be a new public API. In this version
+for backport to older stable releases, it’s a new `static inline` API
+in a private header, so that use of `g_memdup()` within GLib can be
+fixed without adding a new API in a stable release series.
+
+Signed-off-by: Philip Withnall <pwithnall@...>
+Helps: GHSL-2021-045
+Helps: #2319
+
+Upstream-Status: Backport
[https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz
]
+CVE: CVE-2021-27219
+Signed-off-by: Neetika Singh <Neetika.Singh@...>
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@...>
+---
+ docs/reference/glib/meson.build |  1 +
+ glib/gstrfuncsprivate.h         | 55
+++++++++++++++++++++++++++++++++
+ glib/meson.build                |  1 +
+ glib/tests/strfuncs.c           | 23 ++++++++++++++
+ 4 files changed, 80 insertions(+)
+ create mode 100644 glib/gstrfuncsprivate.h
+
+--- a/docs/reference/glib/meson.build
++++ b/docs/reference/glib/meson.build
+@@ -22,6 +22,7 @@ if get_option('gtk_doc')
+     'gprintfint.h',
+     'gmirroringtable.h',
+     'gscripttable.h',
++    'gstrfuncsprivate.h',
+     'glib-mirroring-tab',
+     'gnulib',
+     'pcre',
+--- /dev/null
++++ b/glib/gstrfuncsprivate.h
+@@ -0,0 +1,55 @@
++/* GLIB - Library of useful routines for C programming
++ * Copyright (C) 1995-1997  Peter Mattis, Spencer Kimball and Josh
MacDonald
++ *
++ * This library is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU Lesser General Public
++ * License as published by the Free Software Foundation; either
++ * version 2.1 of the License, or (at your option) any later version.
++ *
++ * This library is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public
++ * License along with this library; if not, see
<http://www.gnu.org/licenses/>.
++ */
++
++#include <glib.h>
++#include <string.h>
++
++/*
++ * g_memdup2:
++ * @mem: (nullable): the memory to copy.
++ * @byte_size: the number of bytes to copy.
++ *
++ * Allocates @byte_size bytes of memory, and copies @byte_size bytes
into it
++ * from @mem. If @mem is %NULL it returns %NULL.
++ *
++ * This replaces g_memdup(), which was prone to integer overflows
when
++ * converting the argument from a #gsize to a #guint.
++ *
++ * This static inline version is a backport of the new public API
from
++ * GLib 2.68, kept internal to GLib for backport to older stable
releases.
++ * See https://gitlab.gnome.org/GNOME/glib/-/issues/2319.
++ *
++ * Returns: (nullable): a pointer to the newly-allocated copy of the
memory,
++ *    or %NULL if @mem is %NULL.
++ * Since: 2.68
++ */
++static inline gpointer
++g_memdup2 (gconstpointer mem,
++           gsize         byte_size)
++{
++  gpointer new_mem;
++
++  if (mem && byte_size != 0)
++    {
++      new_mem = g_malloc (byte_size);
++      memcpy (new_mem, mem, byte_size);
++    }
++  else
++    new_mem = NULL;
++
++  return new_mem;
++}
+--- a/glib/meson.build
++++ b/glib/meson.build
+@@ -268,6 +268,7 @@ glib_sources = files(
+   'gslist.c',
+   'gstdio.c',
+   'gstrfuncs.c',
++  'gstrfuncsprivate.h',
+   'gstring.c',
+   'gstringchunk.c',
+   'gtestutils.c',
+--- a/glib/tests/strfuncs.c
++++ b/glib/tests/strfuncs.c
+@@ -32,6 +32,8 @@
+ #include <string.h>
+ #include "glib.h"
+
++#include "gstrfuncsprivate.h"
++
+ #if defined (_MSC_VER) && (_MSC_VER <= 1800)
+ #define isnan(x) _isnan(x)
+
+@@ -219,6 +221,26 @@ test_memdup (void)
+   g_free (str_dup);
+ }
+
++/* Testing g_memdup2() function with various positive and negative
cases */
++static void
++test_memdup2 (void)
++{
++  gchar *str_dup = NULL;
++  const gchar *str = "The quick brown fox jumps over the lazy dog";
++
++  /* Testing negative cases */
++  g_assert_null (g_memdup2 (NULL, 1024));
++  g_assert_null (g_memdup2 (str, 0));
++  g_assert_null (g_memdup2 (NULL, 0));
++
++  /* Testing normal usage cases */
++  str_dup = g_memdup2 (str, strlen (str) + 1);
++  g_assert_nonnull (str_dup);
++  g_assert_cmpstr (str, ==, str_dup);
++
++  g_free (str_dup);
++}
++
+ /* Testing g_strpcpy() function with various positive and negative
cases */
+ static void
+ test_stpcpy (void)
+@@ -2523,6 +2545,7 @@ main (int   argc,
+   g_test_add_func ("/strfuncs/has-prefix", test_has_prefix);
+   g_test_add_func ("/strfuncs/has-suffix", test_has_suffix);
+   g_test_add_func ("/strfuncs/memdup", test_memdup);
++  g_test_add_func ("/strfuncs/memdup2", test_memdup2);
+   g_test_add_func ("/strfuncs/stpcpy", test_stpcpy);
+   g_test_add_func ("/strfuncs/str_match_string",
test_str_match_string);
+   g_test_add_func ("/strfuncs/str_tokenize_and_fold",
test_str_tokenize_and_fold);
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-
02.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-02.patch
new file mode 100644
index 0000000000..b305b30234
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-02.patch
@@ -0,0 +1,248 @@
+From be8834340a2d928ece82025463ae23dee2c333d0 Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@...>
+Date: Thu, 4 Feb 2021 13:37:56 +0000
+Subject: [PATCH 02/11] gio: Use g_memdup2() instead of g_memdup() in
obvious
+ places
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Convert all the call sites which use `g_memdup()`’s length argument
+trivially (for example, by passing a `sizeof()`), so that they use
+`g_memdup2()` instead.
+
+In almost all of these cases the use of `g_memdup()` would not have
+caused problems, but it will soon be deprecated, so best port away
from
+it.
+
+Signed-off-by: Philip Withnall <pwithnall@...>
+Helps: #2319
+
+Upstream-Status: Backport
[https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz
]
+CVE: CVE-2021-27219
+Signed-off-by: Neetika Singh <Neetika.Singh@...>
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@...>
+---
+ gio/gdbusconnection.c                 | 5 +++--
+ gio/gdbusinterfaceskeleton.c          | 3 ++-
+ gio/gfile.c                           | 7 ++++---
+ gio/gsettingsschema.c                 | 5 +++--
+ gio/gwin32registrykey.c               | 8 +++++---
+ gio/tests/async-close-output-stream.c | 6 ++++--
+ gio/tests/gdbus-export.c              | 5 +++--
+ gio/win32/gwinhttpfile.c              | 9 +++++----
+ 8 files changed, 29 insertions(+), 19 deletions(-)
+
+--- a/gio/gdbusconnection.c
++++ b/gio/gdbusconnection.c
+@@ -110,6 +110,7 @@
+ #include "gasyncinitable.h"
+ #include "giostream.h"
+ #include "gasyncresult.h"
++#include "gstrfuncsprivate.h"
+ #include "gtask.h"
+ #include "gmarshal-internal.h"
+
+@@ -4007,7 +4008,7 @@ _g_dbus_interface_vtable_copy (const GDB
+   /* Don't waste memory by copying padding - remember to update this
+    * when changing struct _GDBusInterfaceVTable in gdbusconnection.h
+    */
+-  return g_memdup ((gconstpointer) vtable, 3 * sizeof (gpointer));
++  return g_memdup2 ((gconstpointer) vtable, 3 * sizeof (gpointer));
+ }
+
+ static void
+@@ -4024,7 +4025,7 @@ _g_dbus_subtree_vtable_copy (const GDBus
+   /* Don't waste memory by copying padding - remember to update this
+    * when changing struct _GDBusSubtreeVTable in gdbusconnection.h
+    */
+-  return g_memdup ((gconstpointer) vtable, 3 * sizeof (gpointer));
++  return g_memdup2 ((gconstpointer) vtable, 3 * sizeof (gpointer));
+ }
+
+ static void
+--- a/gio/gdbusinterfaceskeleton.c
++++ b/gio/gdbusinterfaceskeleton.c
+@@ -28,6 +28,7 @@
+ #include "gdbusmethodinvocation.h"
+ #include "gdbusconnection.h"
+ #include "gmarshal-internal.h"
++#include "gstrfuncsprivate.h"
+ #include "gtask.h"
+ #include "gioerror.h"
+
+@@ -701,7 +702,7 @@ add_connection_locked (GDBusInterfaceSke
+        * properly before building the hooked_vtable, so we create it
+        * once at the last minute.
+        */
+-      interface_->priv->hooked_vtable = g_memdup
(g_dbus_interface_skeleton_get_vtable (interface_), sizeof
(GDBusInterfaceVTable));
++      interface_->priv->hooked_vtable = g_memdup2
(g_dbus_interface_skeleton_get_vtable (interface_), sizeof
(GDBusInterfaceVTable));
+       interface_->priv->hooked_vtable->method_call =
skeleton_intercept_handle_method_call;
+     }
+
+--- a/gio/gfile.c
++++ b/gio/gfile.c
+@@ -60,6 +60,7 @@
+ #include "gasyncresult.h"
+ #include "gioerror.h"
+ #include "glibintl.h"
++#include "gstrfuncsprivate.h"
+
+
+ /**
+@@ -7854,7 +7855,7 @@ measure_disk_usage_progress (gboolean re
+   g_main_context_invoke_full (g_task_get_context (task),
+                               g_task_get_priority (task),
+                               measure_disk_usage_invoke_progress,
+-                              g_memdup (&progress, sizeof progress),
++                              g_memdup2 (&progress, sizeof progress),
+                               g_free);
+ }
+
+@@ -7872,7 +7873,7 @@ measure_disk_usage_thread (GTask
+                                  data->progress_callback ?
measure_disk_usage_progress : NULL, task,
+                                  &result.disk_usage,
&result.num_dirs, &result.num_files,
+                                  &error))
+-    g_task_return_pointer (task, g_memdup (&result, sizeof result),
g_free);
++    g_task_return_pointer (task, g_memdup2 (&result, sizeof result),
g_free);
+   else
+     g_task_return_error (task, error);
+ }
+@@ -7896,7 +7897,7 @@ g_file_real_measure_disk_usage_async (GF
+
+   task = g_task_new (file, cancellable, callback, user_data);
+   g_task_set_source_tag (task, g_file_real_measure_disk_usage_async);
+-  g_task_set_task_data (task, g_memdup (&data, sizeof data), g_free);
++  g_task_set_task_data (task, g_memdup2 (&data, sizeof data),
g_free);
+   g_task_set_priority (task, io_priority);
+
+   g_task_run_in_thread (task, measure_disk_usage_thread);
+--- a/gio/gsettingsschema.c
++++ b/gio/gsettingsschema.c
+@@ -20,6 +20,7 @@
+
+ #include "gsettingsschema-internal.h"
+ #include "gsettings.h"
++#include "gstrfuncsprivate.h"
+
+ #include "gvdb/gvdb-reader.h"
+ #include "strinfo.c"
+@@ -1067,9 +1068,9 @@ g_settings_schema_list_children (GSettin
+
+       if (g_str_has_suffix (key, "/"))
+         {
+-          gint length = strlen (key);
++          gsize length = strlen (key);
+
+-          strv[j] = g_memdup (key, length);
++          strv[j] = g_memdup2 (key, length);
+           strv[j][length - 1] = '\0';
+           j++;
+         }
+--- a/gio/gwin32registrykey.c
++++ b/gio/gwin32registrykey.c
+@@ -28,6 +28,8 @@
+ #include <ntstatus.h>
+ #include <winternl.h>
+
++#include "gstrfuncsprivate.h"
++
+ #ifndef _WDMDDK_
+ typedef enum _KEY_INFORMATION_CLASS {
+   KeyBasicInformation,
+@@ -247,7 +249,7 @@ g_win32_registry_value_iter_copy (const
+   new_iter->value_name_size = iter->value_name_size;
+
+   if (iter->value_data != NULL)
+-    new_iter->value_data = g_memdup (iter->value_data, iter-
value_data_size);
++    new_iter->value_data = g_memdup2 (iter->value_data, iter-
value_data_size);
+
+   new_iter->value_data_size = iter->value_data_size;
+
+@@ -268,8 +270,8 @@ g_win32_registry_value_iter_copy (const
+   new_iter->value_data_expanded_charsize = iter-
value_data_expanded_charsize;
+
+   if (iter->value_data_expanded_u8 != NULL)
+-    new_iter->value_data_expanded_u8 = g_memdup (iter-
value_data_expanded_u8,
+-                                                 iter-
value_data_expanded_charsize);
++    new_iter->value_data_expanded_u8 = g_memdup2 (iter-
value_data_expanded_u8,
++                                                  iter-
value_data_expanded_charsize);
+
+   new_iter->value_data_expanded_u8_size = iter-
value_data_expanded_charsize;
+
+--- a/gio/tests/async-close-output-stream.c
++++ b/gio/tests/async-close-output-stream.c
+@@ -24,6 +24,8 @@
+ #include <stdlib.h>
+ #include <string.h>
+
++#include "gstrfuncsprivate.h"
++
+ #define DATA_TO_WRITE "Hello world\n"
+
+ typedef struct
+@@ -147,9 +149,9 @@ prepare_data (SetupData *data,
+
+   data->expected_size = g_memory_output_stream_get_data_size
(G_MEMORY_OUTPUT_STREAM (data->data_stream));
+
+-  g_assert_cmpint (data->expected_size, >, 0);
++  g_assert_cmpuint (data->expected_size, >, 0);
+
+-  data->expected_output = g_memdup (written, (guint)data-
expected_size);
++  data->expected_output = g_memdup2 (written, data->expected_size);
+
+   /* then recreate the streams and prepare them for the asynchronous
close */
+   destroy_streams (data);
+--- a/gio/tests/gdbus-export.c
++++ b/gio/tests/gdbus-export.c
+@@ -23,6 +23,7 @@
+ #include <string.h>
+
+ #include "gdbus-tests.h"
++#include "gstrfuncsprivate.h"
+
+ /* all tests rely on a shared mainloop */
+ static GMainLoop *loop = NULL;
+@@ -671,7 +672,7 @@ subtree_introspect (GDBusConnection
+       g_assert_not_reached ();
+     }
+
+-  return g_memdup (interfaces, 2 * sizeof (void *));
++  return g_memdup2 (interfaces, 2 * sizeof (void *));
+ }
+
+ static const GDBusInterfaceVTable *
+@@ -727,7 +728,7 @@ dynamic_subtree_introspect (GDBusConnect
+ {
+   const GDBusInterfaceInfo *interfaces[2] = { &dyna_interface_info,
NULL };
+
+-  return g_memdup (interfaces, 2 * sizeof (void *));
++  return g_memdup2 (interfaces, 2 * sizeof (void *));
+ }
+
+ static const GDBusInterfaceVTable *
+--- a/gio/win32/gwinhttpfile.c
++++ b/gio/win32/gwinhttpfile.c
+@@ -29,6 +29,7 @@
+ #include "gio/gfile.h"
+ #include "gio/gfileattribute.h"
+ #include "gio/gfileinfo.h"
++#include "gstrfuncsprivate.h"
+ #include "gwinhttpfile.h"
+ #include "gwinhttpfileinputstream.h"
+ #include "gwinhttpfileoutputstream.h"
+@@ -393,10 +394,10 @@
+   child = g_object_new (G_TYPE_WINHTTP_FILE, NULL);
+   child->vfs = winhttp_file->vfs;
+   child->url = winhttp_file->url;
+-  child->url.lpszScheme = g_memdup (winhttp_file->url.lpszScheme,
(winhttp_file->url.dwSchemeLength+1)*2);
+-  child->url.lpszHostName = g_memdup (winhttp_file->url.lpszHostName,
(winhttp_file->url.dwHostNameLength+1)*2);
+-  child->url.lpszUserName = g_memdup (winhttp_file->url.lpszUserName,
(winhttp_file->url.dwUserNameLength+1)*2);
+-  child->url.lpszPassword = g_memdup (winhttp_file->url.lpszPassword,
(winhttp_file->url.dwPasswordLength+1)*2);
++  child->url.lpszScheme = g_memdup2 (winhttp_file->url.lpszScheme,
(winhttp_file->url.dwSchemeLength+1)*2);
++  child->url.lpszHostName = g_memdup2 (winhttp_file-
url.lpszHostName, (winhttp_file->url.dwHostNameLength+1)*2);
++  child->url.lpszUserName = g_memdup2 (winhttp_file-
url.lpszUserName, (winhttp_file->url.dwUserNameLength+1)*2);
++  child->url.lpszPassword = g_memdup2 (winhttp_file-
url.lpszPassword, (winhttp_file->url.dwPasswordLength+1)*2);
+   child->url.lpszUrlPath = wnew_path;
+   child->url.dwUrlPathLength = wcslen (wnew_path);
+   child->url.lpszExtraInfo = NULL;
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-
03.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-03.patch
new file mode 100644
index 0000000000..17a8ef80b2
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-03.patch
@@ -0,0 +1,130 @@
+From 6110caea45b235420b98cd41d845cc92238f6781 Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@...>
+Date: Thu, 4 Feb 2021 13:39:25 +0000
+Subject: [PATCH 03/11] gobject: Use g_memdup2() instead of g_memdup()
in
+ obvious places
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Convert all the call sites which use `g_memdup()`’s length argument
+trivially (for example, by passing a `sizeof()`), so that they use
+`g_memdup2()` instead.
+
+In almost all of these cases the use of `g_memdup()` would not have
+caused problems, but it will soon be deprecated, so best port away
from
+it.
+
+Signed-off-by: Philip Withnall <pwithnall@...>
+Helps: #2319
+
+Upstream-Status: Backport
[https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz
]
+CVE: CVE-2021-27219
+Signed-off-by: Neetika Singh <Neetika.Singh@...>
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@...>
+---
+ gobject/gsignal.c     | 3 ++-
+ gobject/gtype.c       | 9 +++++----
+ gobject/gtypemodule.c | 3 ++-
+ gobject/tests/param.c | 4 +++-
+ 4 files changed, 12 insertions(+), 7 deletions(-)
+
+--- a/gobject/gsignal.c
++++ b/gobject/gsignal.c
+@@ -28,6 +28,7 @@
+ #include <signal.h>
+
+ #include "gsignal.h"
++#include "gstrfuncsprivate.h"
+ #include "gtype-private.h"
+ #include "gbsearcharray.h"
+ #include "gvaluecollector.h"
+@@ -1809,7 +1810,7 @@ g_signal_newv (const gchar       *signal
+   node->single_va_closure_is_valid = FALSE;
+   node->flags = signal_flags & G_SIGNAL_FLAGS_MASK;
+   node->n_params = n_params;
+-  node->param_types = g_memdup (param_types, sizeof (GType) *
n_params);
++  node->param_types = g_memdup2 (param_types, sizeof (GType) *
n_params);
+   node->return_type = return_type;
+   node->class_closure_bsa = NULL;
+   if (accumulator)
+--- a/gobject/gtype.c
++++ b/gobject/gtype.c
+@@ -33,6 +33,7 @@
+
+ #include "glib-private.h"
+ #include "gconstructor.h"
++#include "gstrfuncsprivate.h"
+
+ #ifdef G_OS_WIN32
+ #include <windows.h>
+@@ -1470,7 +1471,7 @@ type_add_interface_Wm (TypeNode
+   iholder->next = iface_node_get_holders_L (iface);
+   iface_node_set_holders_W (iface, iholder);
+   iholder->instance_type = NODE_TYPE (node);
+-  iholder->info = info ? g_memdup (info, sizeof (*info)) : NULL;
++  iholder->info = info ? g_memdup2 (info, sizeof (*info)) : NULL;
+   iholder->plugin = plugin;
+
+   /* create an iface entry for this type */
+@@ -1731,7 +1732,7 @@ type_iface_retrieve_holder_info_Wm (Type
+         INVALID_RECURSION ("g_type_plugin_*", iholder->plugin,
NODE_NAME (iface));
+      
+       check_interface_info_I (iface, instance_type, &tmp_info);
+-      iholder->info = g_memdup (&tmp_info, sizeof (tmp_info));
++      iholder->info = g_memdup2 (&tmp_info, sizeof (tmp_info));
+     }
+  
+   return iholder;     /* we don't modify write lock upon returning
NULL */
+@@ -2016,10 +2017,10 @@ type_iface_vtable_base_init_Wm (TypeNode
+       IFaceEntry *pentry = type_lookup_iface_entry_L (pnode, iface);
+      
+       if (pentry)
+-      vtable = g_memdup (pentry->vtable, iface->data-
iface.vtable_size);
++      vtable = g_memdup2 (pentry->vtable, iface->data-
iface.vtable_size);
+     }
+   if (!vtable)
+-    vtable = g_memdup (iface->data->iface.dflt_vtable, iface->data-
iface.vtable_size);
++    vtable = g_memdup2 (iface->data->iface.dflt_vtable, iface->data-
iface.vtable_size);
+   entry->vtable = vtable;
+   vtable->g_type = NODE_TYPE (iface);
+   vtable->g_instance_type = NODE_TYPE (node);
+--- a/gobject/gtypemodule.c
++++ b/gobject/gtypemodule.c
+@@ -19,6 +19,7 @@
+
+ #include <stdlib.h>
+
++#include "gstrfuncsprivate.h"
+ #include "gtypeplugin.h"
+ #include "gtypemodule.h"
+
+@@ -436,7 +437,7 @@ g_type_module_register_type (GTypeModule
+   module_type_info->loaded = TRUE;
+   module_type_info->info = *type_info;
+   if (type_info->value_table)
+-    module_type_info->info.value_table = g_memdup (type_info-
value_table,
++    module_type_info->info.value_table = g_memdup2 (type_info-
value_table,
+                                                  sizeof
(GTypeValueTable));
+
+   return module_type_info->type;
+--- a/gobject/tests/param.c
++++ b/gobject/tests/param.c
+@@ -2,6 +2,8 @@
+ #include <glib-object.h>
+ #include <stdlib.h>
+
++#include "gstrfuncsprivate.h"
++
+ static void
+ test_param_value (void)
+ {
+@@ -874,7 +876,7 @@ main (int argc, char *argv[])
+             test_path = g_strdup_printf
("/param/implement/subprocess/%d-%d-%d-%d",
+                                          data.change_this_flag,
data.change_this_type,
+                                          data.use_this_flag,
data.use_this_type);
+-            test_data = g_memdup (&data, sizeof
(TestParamImplementData));
++            test_data = g_memdup2 (&data, sizeof
(TestParamImplementData));
+             g_test_add_data_func_full (test_path, test_data,
test_param_implement_child, g_free);
+             g_free (test_path);
+           }
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-
04.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-04.patch
new file mode 100644
index 0000000000..b6d441dba7
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-04.patch
@@ -0,0 +1,297 @@
+Backport of:
+
+From 0736b7c1e7cf4232c5d7eb2b0fbfe9be81bd3baa Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@...>
+Date: Thu, 4 Feb 2021 13:41:21 +0000
+Subject: [PATCH 04/11] glib: Use g_memdup2() instead of g_memdup() in
obvious
+ places
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Convert all the call sites which use `g_memdup()`’s length argument
+trivially (for example, by passing a `sizeof()` or an existing `gsize`
+variable), so that they use `g_memdup2()` instead.
+
+In almost all of these cases the use of `g_memdup()` would not have
+caused problems, but it will soon be deprecated, so best port away
from
+it
+
+In particular, this fixes an overflow within `g_bytes_new()`,
identified
+as GHSL-2021-045 by GHSL team member Kevin Backhouse.
+
+Signed-off-by: Philip Withnall <pwithnall@...>
+Fixes: GHSL-2021-045
+Helps: #2319
+
+Upstream-Status: Backport
[https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz
]
+CVE: CVE-2021-27219
+Signed-off-by: Neetika Singh <Neetika.Singh@...>
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@...>
+---
+ glib/gbytes.c               | 6 ++++--
+ glib/gdir.c                 | 3 ++-
+ glib/ghash.c                | 7 ++++---
+ glib/giochannel.c           | 5 +++--
+ glib/gslice.c               | 3 ++-
+ glib/gtestutils.c           | 3 ++-
+ glib/gvariant.c             | 7 ++++---
+ glib/gvarianttype.c         | 3 ++-
+ glib/tests/array-test.c     | 4 +++-
+ glib/tests/option-context.c | 6 ++++--
+ glib/tests/uri.c            | 8 +++++---
+ 11 files changed, 35 insertions(+), 20 deletions(-)
+
+--- a/glib/gbytes.c
++++ b/glib/gbytes.c
+@@ -34,6 +34,8 @@
+
+ #include <string.h>
+
++#include "gstrfuncsprivate.h"
++
+ /**
+  * GBytes:
+  *
+@@ -95,7 +97,7 @@ g_bytes_new (gconstpointer data,
+ {
+   g_return_val_if_fail (data != NULL || size == 0, NULL);
+
+-  return g_bytes_new_take (g_memdup (data, size), size);
++  return g_bytes_new_take (g_memdup2 (data, size), size);
+ }
+
+ /**
+@@ -499,7 +501,7 @@ g_bytes_unref_to_data (GBytes *bytes,
+        * Copy: Non g_malloc (or compatible) allocator, or static
memory,
+        * so we have to copy, and then unref.
+        */
+-      result = g_memdup (bytes->data, bytes->size);
++      result = g_memdup2 (bytes->data, bytes->size);
+       *size = bytes->size;
+       g_bytes_unref (bytes);
+     }
+--- a/glib/gdir.c
++++ b/glib/gdir.c
+@@ -37,6 +37,7 @@
+ #include "gconvert.h"
+ #include "gfileutils.h"
+ #include "gstrfuncs.h"
++#include "gstrfuncsprivate.h"
+ #include "gtestutils.h"
+ #include "glibintl.h"
+
+@@ -112,7 +113,7 @@ g_dir_open_with_errno (const gchar *path
+     return NULL;
+ #endif
+
+-  return g_memdup (&dir, sizeof dir);
++  return g_memdup2 (&dir, sizeof dir);
+ }
+
+ /**
+--- a/glib/ghash.c
++++ b/glib/ghash.c
+@@ -34,6 +34,7 @@
+ #include "gmacros.h"
+ #include "glib-private.h"
+ #include "gstrfuncs.h"
++#include "gstrfuncsprivate.h"
+ #include "gatomic.h"
+ #include "gtestutils.h"
+ #include "gslice.h"
+@@ -962,7 +963,7 @@ g_hash_table_ensure_keyval_fits (GHashTa
+       if (hash_table->have_big_keys)
+         {
+           if (key != value)
+-            hash_table->values = g_memdup (hash_table->keys, sizeof
(gpointer) * hash_table->size);
++            hash_table->values = g_memdup2 (hash_table->keys, sizeof
(gpointer) * hash_table->size);
+           /* Keys and values are both big now, so no need for further
checks */
+           return;
+         }
+@@ -970,7 +971,7 @@ g_hash_table_ensure_keyval_fits (GHashTa
+         {
+           if (key != value)
+             {
+-              hash_table->values = g_memdup (hash_table->keys, sizeof
(guint) * hash_table->size);
++              hash_table->values = g_memdup2 (hash_table->keys,
sizeof (guint) * hash_table->size);
+               is_a_set = FALSE;
+             }
+         }
+@@ -998,7 +999,7 @@ g_hash_table_ensure_keyval_fits (GHashTa
+
+   /* Just split if necessary */
+   if (is_a_set && key != value)
+-    hash_table->values = g_memdup (hash_table->keys, sizeof
(gpointer) * hash_table->size);
++    hash_table->values = g_memdup2 (hash_table->keys, sizeof
(gpointer) * hash_table->size);
+
+ #endif
+ }
+--- a/glib/giochannel.c
++++ b/glib/giochannel.c
+@@ -35,7 +35,7 @@
+ #include <errno.h>
+
+ #include "giochannel.h"
+-
++#include "gstrfuncsprivate.h"
+ #include "gstrfuncs.h"
+ #include "gtestutils.h"
+ #include "glibintl.h"
+
+@@ -1673,10 +1674,10 @@ g_io_channel_read_line (GIOChannel  *cha
+
+       /* Copy the read bytes (including any embedded nuls) and nul-
terminate.
+        * `USE_BUF (channel)->str` is guaranteed to be nul-terminated
as it’s a
+-       * #GString, so it’s safe to call g_memdup() with +1 length to
allocate
++       * #GString, so it’s safe to call g_memdup2() with +1 length to
allocate
+        * a nul-terminator. */
+       g_assert (USE_BUF (channel));
+-      line = g_memdup (USE_BUF (channel)->str, got_length + 1);
++      line = g_memdup2 (USE_BUF (channel)->str, got_length + 1);
+       line[got_length] = '\0';
+       *str_return = g_steal_pointer (&line);
+       g_string_erase (USE_BUF (channel), 0, got_length);
+--- a/glib/gslice.c
++++ b/glib/gslice.c
+@@ -41,6 +41,7 @@
+ #include "gmain.h"
+ #include "gmem.h"               /* gslice.h */
+ #include "gstrfuncs.h"
++#include "gstrfuncsprivate.h"
+ #include "gutils.h"
+ #include "gtrashstack.h"
+ #include "gtestutils.h"
+@@ -350,7 +351,7 @@ g_slice_get_config_state (GSliceConfig c
+       array[i++] = allocator->contention_counters[address];
+       array[i++] = allocator_get_magazine_threshold (allocator,
address);
+       *n_values = i;
+-      return g_memdup (array, sizeof (array[0]) * *n_values);
++      return g_memdup2 (array, sizeof (array[0]) * *n_values);
+     default:
+       return NULL;
+     }
+--- a/glib/gtestutils.c
++++ b/glib/gtestutils.c
+@@ -49,6 +49,7 @@
+ #include "gpattern.h"
+ #include "grand.h"
+ #include "gstrfuncs.h"
++#include "gstrfuncsprivate.h"
+ #include "gtimer.h"
+ #include "gslice.h"
+ #include "gspawn.h"
+@@ -3803,7 +3804,7 @@ g_test_log_extract (GTestLogBuffer *tbuf
+       if (p <= tbuffer->data->str + mlength)
+         {
+           g_string_erase (tbuffer->data, 0, mlength);
+-          tbuffer->msgs = g_slist_prepend (tbuffer->msgs, g_memdup
(&msg, sizeof (msg)));
++          tbuffer->msgs = g_slist_prepend (tbuffer->msgs, g_memdup2
(&msg, sizeof (msg)));
+           return TRUE;
+         }
+
+--- a/glib/gvariant.c
++++ b/glib/gvariant.c
+@@ -33,6 +33,7 @@
+
+ #include <string.h>
+
++#include "gstrfuncsprivate.h"
+
+ /**
+  * SECTION:gvariant
+@@ -725,7 +726,7 @@ g_variant_new_variant (GVariant *value)
+   g_variant_ref_sink (value);
+
+   return g_variant_new_from_children (G_VARIANT_TYPE_VARIANT,
+-                                      g_memdup (&value, sizeof
value),
++                                      g_memdup2 (&value, sizeof
value),
+                                       1, g_variant_is_trusted
(value));
+ }
+
+@@ -1229,7 +1230,7 @@ g_variant_new_fixed_array (const GVarian
+       return NULL;
+     }
+
+-  data = g_memdup (elements, n_elements * element_size);
++  data = g_memdup2 (elements, n_elements * element_size);
+   value = g_variant_new_from_data (array_type, data,
+                                    n_elements * element_size,
+                                    FALSE, g_free, data);
+@@ -1908,7 +1909,7 @@ g_variant_dup_bytestring (GVariant *valu
+   if (length)
+     *length = size;
+
+-  return g_memdup (original, size + 1);
++  return g_memdup2 (original, size + 1);
+ }
+
+ /**
+--- a/glib/gvarianttype.c
++++ b/glib/gvarianttype.c
+@@ -28,6 +28,7 @@
+
+ #include <string.h>
+
++#include "gstrfuncsprivate.h"
+
+ /**
+  * SECTION:gvarianttype
+@@ -1181,7 +1182,7 @@ g_variant_type_new_tuple (const GVariant
+   g_assert (offset < sizeof buffer);
+   buffer[offset++] = ')';
+
+-  return (GVariantType *) g_memdup (buffer, offset);
++  return (GVariantType *) g_memdup2 (buffer, offset);
+ }
+
+ /**
+--- a/glib/tests/array-test.c
++++ b/glib/tests/array-test.c
+@@ -29,6 +29,8 @@
+ #include <string.h>
+ #include "glib.h"
+
++#include "gstrfuncsprivate.h"
++
+ /* Test data to be passed to any function which calls g_array_new(),
providing
+  * the parameters for that call. Most #GArray tests should be
repeated for all
+  * possible values of #ArrayTestData. */
+@@ -1917,7 +1919,7 @@ byte_array_new_take (void)
+   GByteArray *gbarray;
+   guint8 *data;
+
+-  data = g_memdup ("woooweeewow", 11);
++  data = g_memdup2 ("woooweeewow", 11);
+   gbarray = g_byte_array_new_take (data, 11);
+   g_assert (gbarray->data == data);
+   g_assert_cmpuint (gbarray->len, ==, 11);
+--- a/glib/tests/option-context.c
++++ b/glib/tests/option-context.c
+@@ -27,6 +27,8 @@
+ #include <string.h>
+ #include <locale.h>
+
++#include "gstrfuncsprivate.h"
++
+ static GOptionEntry main_entries[] = {
+   { "main-switch", 0, 0,
+     G_OPTION_ARG_NONE, NULL,
+@@ -256,7 +258,7 @@ join_stringv (int argc, char **argv)
+ static char **
+ copy_stringv (char **argv, int argc)
+ {
+-  return g_memdup (argv, sizeof (char *) * (argc + 1));
++  return g_memdup2 (argv, sizeof (char *) * (argc + 1));
+ }
+
+ static void
+@@ -2323,7 +2325,7 @@ test_group_parse (void)
+   g_option_context_add_group (context, group);
+
+   argv = split_string ("program --test arg1 -f arg2 --group-test arg3
--frob arg4 -z arg5", &argc);
+-  orig_argv = g_memdup (argv, (argc + 1) * sizeof (char *));
++  orig_argv = g_memdup2 (argv, (argc + 1) * sizeof (char *));
+
+   retval = g_option_context_parse (context, &argc, &argv, &error);
+
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-
05.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-05.patch
new file mode 100644
index 0000000000..4cd678703f
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-05.patch
@@ -0,0 +1,53 @@
+From 0cbad673215ec8a049b7fe2ff44b0beed31b376e Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@...>
+Date: Thu, 4 Feb 2021 16:12:24 +0000
+Subject: [PATCH 05/11] gwinhttpfile: Avoid arithmetic overflow when
+ calculating a size
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The members of `URL_COMPONENTS` (`winhttp_file->url`) are `DWORD`s,
i.e.
+32-bit unsigned integers. Adding to and multiplying them may cause
them
+to overflow the unsigned integer bounds, even if the result is passed
to
+`g_memdup2()` which accepts a `gsize`.
+
+Cast the `URL_COMPONENTS` members to `gsize` first to ensure that the
+arithmetic is done in terms of `gsize`s rather than unsigned integers.
+
+Spotted by Sebastian Dröge.
+
+Signed-off-by: Philip Withnall <pwithnall@...>
+Helps: #2319
+
+Upstream-Status: Backport
[https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz
]
+CVE: CVE-2021-27219
+Signed-off-by: Neetika Singh <Neetika.Singh@...>
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@...>
+---
+ gio/win32/gwinhttpfile.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/gio/win32/gwinhttpfile.c b/gio/win32/gwinhttpfile.c
+index 3f8fbd838..e0340e247 100644
+--- a/gio/win32/gwinhttpfile.c
++++ b/gio/win32/gwinhttpfile.c
+@@ -410,10 +410,10 @@ g_winhttp_file_resolve_relative_path (GFile     
*file,
+   child = g_object_new (G_TYPE_WINHTTP_FILE, NULL);
+   child->vfs = winhttp_file->vfs;
+   child->url = winhttp_file->url;
+-  child->url.lpszScheme = g_memdup2 (winhttp_file->url.lpszScheme,
(winhttp_file->url.dwSchemeLength+1)*2);
+-  child->url.lpszHostName = g_memdup2 (winhttp_file-
url.lpszHostName, (winhttp_file->url.dwHostNameLength+1)*2);
+-  child->url.lpszUserName = g_memdup2 (winhttp_file-
url.lpszUserName, (winhttp_file->url.dwUserNameLength+1)*2);
+-  child->url.lpszPassword = g_memdup2 (winhttp_file-
url.lpszPassword, (winhttp_file->url.dwPasswordLength+1)*2);
++  child->url.lpszScheme = g_memdup2 (winhttp_file->url.lpszScheme,
((gsize) winhttp_file->url.dwSchemeLength + 1) * 2);
++  child->url.lpszHostName = g_memdup2 (winhttp_file-
url.lpszHostName, ((gsize) winhttp_file->url.dwHostNameLength + 1) *
2);
++  child->url.lpszUserName = g_memdup2 (winhttp_file-
url.lpszUserName, ((gsize) winhttp_file->url.dwUserNameLength + 1) *
2);
++  child->url.lpszPassword = g_memdup2 (winhttp_file-
url.lpszPassword, ((gsize) winhttp_file->url.dwPasswordLength + 1) *
2);
+   child->url.lpszUrlPath = wnew_path;
+   child->url.dwUrlPathLength = wcslen (wnew_path);
+   child->url.lpszExtraInfo = NULL;
+--
+GitLab
+
+
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-
06.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-06.patch
new file mode 100644
index 0000000000..e03681d21c
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-06.patch
@@ -0,0 +1,100 @@
+From f9ee2275cbc312c0b4cdbc338a4fbb76eb36fb9a Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@...>
+Date: Thu, 4 Feb 2021 13:49:00 +0000
+Subject: [PATCH 06/11] gdatainputstream: Handle stop_chars_len
internally as
+ gsize
+
+Previously it was handled as a `gssize`, which meant that if the
+`stop_chars` string was longer than `G_MAXSSIZE` there would be an
+overflow.
+
+Signed-off-by: Philip Withnall <pwithnall@...>
+Helps: #2319
+
+Upstream-Status: Backport
[https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz
]
+CVE: CVE-2021-27219
+Signed-off-by: Neetika Singh <Neetika.Singh@...>
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@...>
+---
+ gio/gdatainputstream.c | 25 +++++++++++++++++--------
+ 1 file changed, 17 insertions(+), 8 deletions(-)
+
+diff --git a/gio/gdatainputstream.c b/gio/gdatainputstream.c
+index 2e7750cb5..2cdcbda19 100644
+--- a/gio/gdatainputstream.c
++++ b/gio/gdatainputstream.c
+@@ -27,6 +27,7 @@
+ #include "gioenumtypes.h"
+ #include "gioerror.h"
+ #include "glibintl.h"
++#include "gstrfuncsprivate.h"
+
+ #include <string.h>
+
+@@ -856,7 +857,7 @@ static gssize
+ scan_for_chars (GDataInputStream *stream,
+               gsize            *checked_out,
+               const char       *stop_chars,
+-                gssize            stop_chars_len)
++                gsize             stop_chars_len)
+ {
+   GBufferedInputStream *bstream;
+   const char *buffer;
+@@ -952,7 +953,7 @@ typedef struct
+   gsize checked;
+
+   gchar *stop_chars;
+-  gssize stop_chars_len;
++  gsize stop_chars_len;
+   gsize length;
+ } GDataInputStreamReadData;
+
+@@ -1078,12 +1079,17 @@ g_data_input_stream_read_async
(GDataInputStream    *stream,
+ {
+   GDataInputStreamReadData *data;
+   GTask *task;
++  gsize stop_chars_len_unsigned;
+
+   data = g_slice_new0 (GDataInputStreamReadData);
+-  if (stop_chars_len == -1)
+-    stop_chars_len = strlen (stop_chars);
+-  data->stop_chars = g_memdup (stop_chars, stop_chars_len);
+-  data->stop_chars_len = stop_chars_len;
++
++  if (stop_chars_len < 0)
++    stop_chars_len_unsigned = strlen (stop_chars);
++  else
++    stop_chars_len_unsigned = (gsize) stop_chars_len;
++
++  data->stop_chars = g_memdup2 (stop_chars, stop_chars_len_unsigned);
++  data->stop_chars_len = stop_chars_len_unsigned;
+   data->last_saw_cr = FALSE;
+
+   task = g_task_new (stream, cancellable, callback, user_data);
+@@ -1338,17 +1344,20 @@ g_data_input_stream_read_upto
(GDataInputStream  *stream,
+   gssize found_pos;
+   gssize res;
+   char *data_until;
++  gsize stop_chars_len_unsigned;
+
+   g_return_val_if_fail (G_IS_DATA_INPUT_STREAM (stream), NULL);
+
+   if (stop_chars_len < 0)
+-    stop_chars_len = strlen (stop_chars);
++    stop_chars_len_unsigned = strlen (stop_chars);
++  else
++    stop_chars_len_unsigned = (gsize) stop_chars_len;
+
+   bstream = G_BUFFERED_INPUT_STREAM (stream);
+
+   checked = 0;
+
+-  while ((found_pos = scan_for_chars (stream, &checked, stop_chars,
stop_chars_len)) == -1)
++  while ((found_pos = scan_for_chars (stream, &checked, stop_chars,
stop_chars_len_unsigned)) == -1)
+     {
+       if (g_buffered_input_stream_get_available (bstream) ==
+           g_buffered_input_stream_get_buffer_size (bstream))
+--
+GitLab
+
+
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-
07.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-07.patch
new file mode 100644
index 0000000000..b3a32dfbc9
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-07.patch
@@ -0,0 +1,75 @@
+From 2aaf593a9eb96d84fe3be740aca2810a97d95592 Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@...>
+Date: Thu, 4 Feb 2021 13:50:37 +0000
+Subject: [PATCH 07/11] gwin32: Use gsize internally in g_wcsdup()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This allows it to handle strings up to length `G_MAXSIZE` — previously
+it would overflow with such strings.
+
+Update the several copies of it identically.
+
+Signed-off-by: Philip Withnall <pwithnall@...>
+Helps: #2319
+
+Upstream-Status: Backport
[https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz
]
+CVE: CVE-2021-27219
+Signed-off-by: Neetika Singh <Neetika.Singh@...>
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@...>
+---
+ gio/gwin32registrykey.c | 34 ++++++++++++++++++++++++++--------
+ 2 files changed, 38 insertions(+), 16 deletions(-)
+
+diff --git a/gio/gwin32registrykey.c b/gio/gwin32registrykey.c
+index 548a94188..2eb67daf8 100644
+--- a/gio/gwin32registrykey.c
++++ b/gio/gwin32registrykey.c
+@@ -127,16 +127,34 @@ typedef enum
+   G_WIN32_REGISTRY_UPDATED_PATH = 1,
+ } GWin32RegistryKeyUpdateFlag;
+
++static gsize
++g_utf16_len (const gunichar2 *str)
++{
++  gsize result;
++
++  for (result = 0; str[0] != 0; str++, result++)
++    ;
++
++  return result;
++}
++
+ static gunichar2 *
+-g_wcsdup (const gunichar2 *str,
+-          gssize           str_size)
++g_wcsdup (const gunichar2 *str, gssize str_len)
+ {
+-  if (str_size == -1)
+-    {
+-      str_size = wcslen (str) + 1;
+-      str_size *= sizeof (gunichar2);
+-    }
+-  return g_memdup (str, str_size);
++  gsize str_len_unsigned;
++  gsize str_size;
++
++  g_return_val_if_fail (str != NULL, NULL);
++
++  if (str_len < 0)
++    str_len_unsigned = g_utf16_len (str);
++  else
++    str_len_unsigned = (gsize) str_len;
++
++  g_assert (str_len_unsigned <= G_MAXSIZE / sizeof (gunichar2) - 1);
++  str_size = (str_len_unsigned + 1) * sizeof (gunichar2);
++
++  return g_memdup2 (str, str_size);
+ }
+
+ /**
+--
+GitLab
+
+
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-
08.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-08.patch
new file mode 100644
index 0000000000..b36e1908c5
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-08.patch
@@ -0,0 +1,100 @@
+From ba8ca443051f93a74c0d03d62e70402036f967a5 Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@...>
+Date: Thu, 4 Feb 2021 13:58:32 +0000
+Subject: [PATCH 08/11] gkeyfilesettingsbackend: Handle long keys when
+ converting paths
+
+Previously, the code in `convert_path()` could not handle keys longer
+than `G_MAXINT`, and would overflow if that was exceeded.
+
+Convert the code to use `gsize` and `g_memdup2()` throughout, and
+change from identifying the position of the final slash in the string
+using a signed offset `i`, to using a pointer to the character (and
+`strrchr()`). This allows the slash to be at any position in a
+`G_MAXSIZE`-long string, without sacrificing a bit of the offset for
+indicating whether a slash was found.
+
+Signed-off-by: Philip Withnall <pwithnall@...>
+Helps: #2319
+
+Upstream-Status: Backport
[https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz
]
+CVE: CVE-2021-27219
+Signed-off-by: Neetika Singh <Neetika.Singh@...>
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@...>
+---
+ gio/gkeyfilesettingsbackend.c | 21 ++++++++++-----------
+ 1 file changed, 10 insertions(+), 11 deletions(-)
+
+diff --git a/gio/gkeyfilesettingsbackend.c
b/gio/gkeyfilesettingsbackend.c
+index cd5765afd..25b057672 100644
+--- a/gio/gkeyfilesettingsbackend.c
++++ b/gio/gkeyfilesettingsbackend.c
+@@ -33,6 +33,7 @@
+ #include "gfilemonitor.h"
+ #include "gsimplepermission.h"
+ #include "gsettingsbackendinternal.h"
++#include "gstrfuncsprivate.h"
+ #include "giomodule-priv.h"
+ #include "gportalsupport.h"
+
+@@ -145,8 +146,8 @@ convert_path (GKeyfileSettingsBackend  *kfsb,
+               gchar                   **group,
+               gchar                   **basename)
+ {
+-  gint key_len = strlen (key);
+-  gint i;
++  gsize key_len = strlen (key);
++  const gchar *last_slash;
+
+   if (key_len < kfsb->prefix_len ||
+       memcmp (key, kfsb->prefix, kfsb->prefix_len) != 0)
+@@ -155,38 +156,36 @@ convert_path (GKeyfileSettingsBackend  *kfsb,
+   key_len -= kfsb->prefix_len;
+   key += kfsb->prefix_len;
+
+-  for (i = key_len; i >= 0; i--)
+-    if (key[i] == '/')
+-      break;
++  last_slash = strrchr (key, '/');
+
+   if (kfsb->root_group)
+     {
+       /* if a root_group was specified, make sure the user hasn't
given
+        * a path that ghosts that group name
+        */
+-      if (i == kfsb->root_group_len && memcmp (key, kfsb->root_group,
i) == 0)
++      if (last_slash != NULL && (last_slash - key) == kfsb-
root_group_len && memcmp (key, kfsb->root_group, last_slash - key) ==
0)
+         return FALSE;
+     }
+   else
+     {
+       /* if no root_group was given, ensure that the user gave a path
*/
+-      if (i == -1)
++      if (last_slash == NULL)
+         return FALSE;
+     }
+
+   if (group)
+     {
+-      if (i >= 0)
++      if (last_slash != NULL)
+         {
+-          *group = g_memdup (key, i + 1);
+-          (*group)[i] = '\0';
++          *group = g_memdup2 (key, (last_slash - key) + 1);
++          (*group)[(last_slash - key)] = '\0';
+         }
+       else
+         *group = g_strdup (kfsb->root_group);
+     }
+
+   if (basename)
+-    *basename = g_memdup (key + i + 1, key_len - i);
++    *basename = g_memdup2 (last_slash + 1, key_len - (last_slash -
key));
+
+   return TRUE;
+ }
+--
+GitLab
+
+
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-
09.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-09.patch
new file mode 100644
index 0000000000..aa94397e4c
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-09.patch
@@ -0,0 +1,99 @@
+From 65ec7f4d6e8832c481f6e00e2eb007b9a60024ce Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@...>
+Date: Thu, 4 Feb 2021 14:00:53 +0000
+Subject: [PATCH 09/11] =?UTF-
8?q?gsocket:=20Use=20gsize=20to=20track=20nat?=
+ =?UTF-8?q?ive=20sockaddr=E2=80=99s=20size?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Don’t use an `int`, that’s potentially too small. In practical terms,
+this is not a problem, since no socket address is going to be that
big.
+
+By making these changes we can use `g_memdup2()` without warnings,
+though. Fewer warnings is good.
+
+Signed-off-by: Philip Withnall <pwithnall@...>
+Helps: #2319
+
+Upstream-Status: Backport
[https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz
]
+CVE: CVE-2021-27219
+Signed-off-by: Neetika Singh <Neetika.Singh@...>
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@...>
+---
+ gio/gsocket.c | 16 ++++++++++------
+ 1 file changed, 10 insertions(+), 6 deletions(-)
+
+--- a/gio/gsocket.c
++++ b/gio/gsocket.c
+@@ -75,6 +75,7 @@
+ #include "gcredentialsprivate.h"
+ #include "glibintl.h"
+ #include "gioprivate.h"
++#include "gstrfuncsprivate.h"
+
+ #ifdef G_OS_WIN32
+ /* For Windows XP runtime compatibility, but use the system's
if_nametoindex() if available */
+@@ -174,7 +175,7 @@ static gboolean     g_socket_datagram_ba
+                                                                  
GError          **error);
+
+ static GSocketAddress *
+-cache_recv_address (GSocket *socket, struct sockaddr *native, int
native_len);
++cache_recv_address (GSocket *socket, struct sockaddr *native, size_t
native_len);
+
+ static gssize
+ g_socket_receive_message_with_timeout  (GSocket                
*socket,
+@@ -260,7 +261,7 @@ struct _GSocketPrivate
+   struct {
+     GSocketAddress *addr;
+     struct sockaddr *native;
+-    gint native_len;
++    gsize native_len;
+     guint64 last_used;
+   } recv_addr_cache[RECV_ADDR_CACHE_SIZE];
+ };
+@@ -5259,14 +5260,14 @@ g_socket_send_messages_with_timeout (GSo
+ }
+
+ static GSocketAddress *
+-cache_recv_address (GSocket *socket, struct sockaddr *native, int
native_len)
++cache_recv_address (GSocket *socket, struct sockaddr *native, size_t
native_len)
+ {
+   GSocketAddress *saddr;
+   gint i;
+   guint64 oldest_time = G_MAXUINT64;
+   gint oldest_index = 0;
+
+-  if (native_len <= 0)
++  if (native_len == 0)
+     return NULL;
+
+   saddr = NULL;
+@@ -5274,7 +5275,7 @@ cache_recv_address (GSocket *socket, str
+     {
+       GSocketAddress *tmp = socket->priv->recv_addr_cache[i].addr;
+       gpointer tmp_native = socket->priv->recv_addr_cache[i].native;
+-      gint tmp_native_len = socket->priv-
recv_addr_cache[i].native_len;
++      gsize tmp_native_len = socket->priv-
recv_addr_cache[i].native_len;
+
+       if (!tmp)
+         continue;
+@@ -5304,7 +5305,7 @@ cache_recv_address (GSocket *socket, str
+       g_free (socket->priv->recv_addr_cache[oldest_index].native);
+     }
+
+-  socket->priv->recv_addr_cache[oldest_index].native = g_memdup
(native, native_len);
++  socket->priv->recv_addr_cache[oldest_index].native = g_memdup2
(native, native_len);
+   socket->priv->recv_addr_cache[oldest_index].native_len =
native_len;
+   socket->priv->recv_addr_cache[oldest_index].addr = g_object_ref
(saddr);
+   socket->priv->recv_addr_cache[oldest_index].last_used =
g_get_monotonic_time ();
+@@ -5452,6 +5453,9 @@ g_socket_receive_message_with_timeout (G
+     /* do it */
+     while (1)
+       {
++        /* addrlen has to be of type int because that’s how
WSARecvFrom() is defined */
++        G_STATIC_ASSERT (sizeof addr <= G_MAXINT);
++
+       addrlen = sizeof addr;
+       if (address)
+         result = WSARecvFrom (socket->priv->fd,
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-
10.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-10.patch
new file mode 100644
index 0000000000..ff503a6ffb
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-10.patch
@@ -0,0 +1,58 @@
+From 777b95a88f006d39d9fe6d3321db17e7b0d4b9a4 Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@...>
+Date: Thu, 4 Feb 2021 14:07:39 +0000
+Subject: [PATCH 10/11] gtlspassword: Forbid very long TLS passwords
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The public API `g_tls_password_set_value_full()` (and the vfunc it
+invokes) can only accept a `gssize` length. Ensure that nul-terminated
+strings passed to `g_tls_password_set_value()` can’t exceed that
length.
+Use `g_memdup2()` to avoid an overflow if they’re longer than
+`G_MAXUINT` similarly.
+
+Signed-off-by: Philip Withnall <pwithnall@...>
+Helps: #2319
+
+Upstream-Status: Backport
[https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz
]
+CVE: CVE-2021-27219
+Signed-off-by: Neetika Singh <Neetika.Singh@...>
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@...>
+---
+ gio/gtlspassword.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/gio/gtlspassword.c b/gio/gtlspassword.c
+index 1e437a7b6..dbcec41a8 100644
+--- a/gio/gtlspassword.c
++++ b/gio/gtlspassword.c
+@@ -23,6 +23,7 @@
+ #include "glibintl.h"
+
+ #include "gioenumtypes.h"
++#include "gstrfuncsprivate.h"
+ #include "gtlspassword.h"
+
+ #include <string.h>
+@@ -287,9 +288,14 @@ g_tls_password_set_value (GTlsPassword 
*password,
+   g_return_if_fail (G_IS_TLS_PASSWORD (password));
+
+   if (length < 0)
+-    length = strlen ((gchar *)value);
++    {
++      /* FIXME: g_tls_password_set_value_full() doesn’t support
unsigned gsize */
++      gsize length_unsigned = strlen ((gchar *) value);
++      g_return_if_fail (length_unsigned > G_MAXSSIZE);
++      length = (gssize) length_unsigned;
++    }
+
+-  g_tls_password_set_value_full (password, g_memdup (value, length),
length, g_free);
++  g_tls_password_set_value_full (password, g_memdup2 (value, (gsize)
length), length, g_free);
+ }
+
+ /**
+--
+GitLab
+
+
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-
11.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-11.patch
new file mode 100644
index 0000000000..c2c761d648
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-11.patch
@@ -0,0 +1,62 @@
+From ecdf91400e9a538695a0895b95ad7e8abcdf1749 Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@...>
+Date: Thu, 4 Feb 2021 14:09:40 +0000
+Subject: [PATCH 11/11] giochannel: Forbid very long line terminator
strings
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The public API `GIOChannel.line_term_len` is only a `guint`. Ensure
that
+nul-terminated strings passed to `g_io_channel_set_line_term()` can’t
+exceed that length. Use `g_memdup2()` to avoid a warning (`g_memdup()`
+is due to be deprecated), but not to avoid a bug, since it’s also
+limited to `G_MAXUINT`.
+
+Signed-off-by: Philip Withnall <pwithnall@...>
+Helps: #2319
+
+Upstream-Status: Backport
[https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz
]
+CVE: CVE-2021-27219
+Signed-off-by: Neetika Singh <Neetika.Singh@...>
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@...>
+---
+ glib/giochannel.c | 17 +++++++++++++----
+ 1 file changed, 13 insertions(+), 4 deletions(-)
+
+diff --git a/glib/giochannel.c b/glib/giochannel.c
+index c6a89d6e0..4dec20f77 100644
+--- a/glib/giochannel.c
++++ b/glib/giochannel.c
+@@ -887,16 +887,25 @@ g_io_channel_set_line_term
(GIOChannel   *channel,
+                             const gchar       *line_term,
+                           gint         length)
+ {
++  guint length_unsigned;
++
+   g_return_if_fail (channel != NULL);
+   g_return_if_fail (line_term == NULL || length != 0); /* Disallow ""
*/
+
+   if (line_term == NULL)
+-    length = 0;
+-  else if (length < 0)
+-    length = strlen (line_term);
++    length_unsigned = 0;
++  else if (length >= 0)
++    length_unsigned = (guint) length;
++  else
++    {
++      /* FIXME: We’re constrained by line_term_len being a guint here
*/
++      gsize length_size = strlen (line_term);
++      g_return_if_fail (length_size > G_MAXUINT);
++      length_unsigned = (guint) length_size;
++    }
+
+   g_free (channel->line_term);
+-  channel->line_term = line_term ? g_memdup (line_term, length) :
NULL;
++  channel->line_term = line_term ? g_memdup2 (line_term,
length_unsigned) : NULL;
+   channel->line_term_len = length;
+ }
+
+--
+GitLab
+
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-1.patch
b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-1.patch
new file mode 100644
index 0000000000..eac6cbf630
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-1.patch
@@ -0,0 +1,26 @@
+From 78420a75aeb70569a8cd79fa0fea7b786b6f785f Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@...>
+Date: Wed, 24 Feb 2021 17:33:38 +0000
+Subject: [PATCH 1/5] glocalfileoutputstream: Fix a typo in a comment
+
+Signed-off-by: Philip Withnall <pwithnall@...>
+
+Upstream-Status: Backport
[https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz
]
+CVE: CVE-2021-28153
+Signed-off-by: Neetika Singh <Neetika.Singh@...>
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@...>
+---
+ gio/glocalfileoutputstream.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/gio/glocalfileoutputstream.c
++++ b/gio/glocalfileoutputstream.c
+@@ -851,7 +851,7 @@ handle_overwrite_open (const char    *fi
+   mode = mode_from_flags_or_info (flags, reference_info);
+
+   /* We only need read access to the original file if we are creating
a backup.
+-   * We also add O_CREATE to avoid a race if the file was just
removed */
++   * We also add O_CREAT to avoid a race if the file was just removed
*/
+   if (create_backup || readable)
+     open_flags = O_RDWR | O_CREAT | O_BINARY;
+   else
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-2.patch
b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-2.patch
new file mode 100644
index 0000000000..9d0ab7b656
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-2.patch
@@ -0,0 +1,41 @@
+From 32d3d02a50e7dcec5f4cf7908e7ac88d575d8fc5 Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@...>
+Date: Wed, 24 Feb 2021 17:34:32 +0000
+Subject: [PATCH 2/5] tests: Stop using g_test_bug_base() in file tests
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Since a following commit is going to add a new test which references
+Gitlab, so it’s best to move the URI bases inside the test cases.
+
+Signed-off-by: Philip Withnall <pwithnall@...>
+
+Upstream-Status: Backport
[https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz
]
+CVE: CVE-2021-28153
+Signed-off-by: Neetika Singh <Neetika.Singh@...>
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@...>
+---
+ gio/tests/file.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+--- a/gio/tests/file.c
++++ b/gio/tests/file.c
+@@ -685,7 +685,7 @@ test_replace_cancel (void)
+   guint count;
+   GError *error = NULL;
+
+-  g_test_bug ("629301");
++  g_test_bug ("https://bugzilla.gnome.org/629301");
+
+   path = g_dir_make_tmp ("g_file_replace_cancel_XXXXXX", &error);
+   g_assert_no_error (error);
+@@ -1784,8 +1784,6 @@ main (int argc, char *argv[])
+ {
+   g_test_init (&argc, &argv, NULL);
+
+-  g_test_bug_base ("http://bugzilla.gnome.org/");
+-
+   g_test_add_func ("/file/basic", test_basic);
+   g_test_add_func ("/file/build-filename", test_build_filename);
+   g_test_add_func ("/file/parent", test_parent);
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-3.patch
b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-3.patch
new file mode 100644
index 0000000000..bdd5a27ad2
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-3.patch
@@ -0,0 +1,56 @@
+Backport of:
+
+From ce0eb088a68171eed3ac217cb92a72e36eb57d1b Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@...>
+Date: Wed, 10 Mar 2021 16:05:55 +0000
+Subject: [PATCH 3/5] glocalfileoutputstream: Factor out a flag check
+
+This clarifies the code a little. It introduces no functional changes.
+
+Signed-off-by: Philip Withnall <pwithnall@...>
+
+Upstream-Status: Backport
[https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz
]
+CVE: CVE-2021-28153
+Signed-off-by: Neetika Singh <Neetika.Singh@...>
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@...>
+---
+ gio/glocalfileoutputstream.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+--- a/gio/glocalfileoutputstream.c
++++ b/gio/glocalfileoutputstream.c
+@@ -847,6 +847,7 @@ handle_overwrite_open (const char    *fi
+   int res;
+   int mode;
+   int errsv;
++  gboolean replace_destination_set = (flags &
G_FILE_CREATE_REPLACE_DESTINATION);
+
+   mode = mode_from_flags_or_info (flags, reference_info);
+
+@@ -954,7 +955,7 @@ handle_overwrite_open (const char    *fi
+    * to a backup file and rewrite the contents of the file.
+    */
+  
+-  if ((flags & G_FILE_CREATE_REPLACE_DESTINATION) ||
++  if (replace_destination_set ||
+       (!(original_stat.st_nlink > 1) && !is_symlink))
+     {
+       char *dirname, *tmp_filename;
+@@ -973,7 +974,7 @@ handle_overwrite_open (const char    *fi
+      
+       /* try to keep permissions (unless replacing) */
+
+-      if ( ! (flags & G_FILE_CREATE_REPLACE_DESTINATION) &&
++      if (!replace_destination_set &&
+          (
+ #ifdef HAVE_FCHOWN
+           fchown (tmpfd, original_stat.st_uid, original_stat.st_gid)
== -1 ||
+@@ -1112,7 +1113,7 @@ handle_overwrite_open (const char    *fi
+       }
+     }
+
+-  if (flags & G_FILE_CREATE_REPLACE_DESTINATION)
++  if (replace_destination_set)
+     {
+       g_close (fd, NULL);
+      
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-4.patch
b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-4.patch
new file mode 100644
index 0000000000..fbcb2bc546
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-4.patch
@@ -0,0 +1,264 @@
+Backport of:
+
+From 317b3b587058a05dca95d56dac26568c5b098d33 Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@...>
+Date: Wed, 24 Feb 2021 17:36:07 +0000
+Subject: [PATCH 4/5] glocalfileoutputstream: Fix
CREATE_REPLACE_DESTINATION
+ with symlinks
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The `G_FILE_CREATE_REPLACE_DESTINATION` flag is equivalent to
unlinking
+the destination file and re-creating it from scratch. That did
+previously work, but in the process the code would call
`open(O_CREAT)`
+on the file. If the file was a dangling symlink, this would create the
+destination file (empty). That’s not an intended side-effect, and has
+security implications if the symlink is controlled by a lower-
privileged
+process.
+
+Fix that by not opening the destination file if it’s a symlink, and
+adjusting the rest of the code to cope with
+ - the fact that `fd == -1` is not an error iff `is_symlink` is true,
+ - and that `original_stat` will contain the `lstat()` results for the
+   symlink now, rather than the `stat()` results for its target
(again,
+   iff `is_symlink` is true).
+
+This means that the target of the dangling symlink is no longer
created,
+which was the bug. The symlink itself continues to be replaced (as
+before) with the new file — this is the intended behaviour of
+`g_file_replace()`.
+
+The behaviour for non-symlink cases, or cases where the symlink was
not
+dangling, should be unchanged.
+
+Includes a unit test.
+
+Signed-off-by: Philip Withnall <pwithnall@...>
+
+Fixes: #2325
+
+Upstream-Status: Backport
[https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz
]
+CVE: CVE-2021-28153
+Signed-off-by: Neetika Singh <Neetika.Singh@...>
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@...>
+---
+ gio/glocalfileoutputstream.c |  77 ++++++++++++++++++-------
+ gio/tests/file.c             | 108
+++++++++++++++++++++++++++++++++++
+ 2 files changed, 163 insertions(+), 22 deletions(-)
+
+--- a/gio/glocalfileoutputstream.c
++++ b/gio/glocalfileoutputstream.c
+@@ -875,16 +875,22 @@ handle_overwrite_open (const char    *fi
+       /* Could be a symlink, or it could be a regular ELOOP error,
+        * but then the next open will fail too. */
+       is_symlink = TRUE;
+-      fd = g_open (filename, open_flags, mode);
++      if (!replace_destination_set)
++        fd = g_open (filename, open_flags, mode);
+     }
+-#else
+-  fd = g_open (filename, open_flags, mode);
+-  errsv = errno;
++#else  /* if !O_NOFOLLOW */
+   /* This is racy, but we do it as soon as possible to minimize the
race */
+   is_symlink = g_file_test (filename, G_FILE_TEST_IS_SYMLINK);
++
++  if (!is_symlink || !replace_destination_set)
++    {
++      fd = g_open (filename, open_flags, mode);
++      errsv = errno;
++    }
+ #endif
+
+-  if (fd == -1)
++  if (fd == -1 &&
++      (!is_symlink || !replace_destination_set))
+     {
+       char *display_name = g_filename_display_name (filename);
+       g_set_error (error, G_IO_ERROR,
+@@ -898,7 +904,14 @@ handle_overwrite_open (const char    *fi
+ #ifdef G_OS_WIN32
+   res = GLIB_PRIVATE_CALL (g_win32_fstat) (fd, &original_stat);
+ #else
+-  res = fstat (fd, &original_stat);
++  if (!is_symlink)
++    {
++      res = fstat (fd, &original_stat);
++    }
++  else
++    {
++      res = lstat (filename, &original_stat);
++    }
+ #endif
+   errsv = errno;
+
+@@ -917,16 +930,27 @@ handle_overwrite_open (const char    *fi
+   if (!S_ISREG (original_stat.st_mode))
+     {
+       if (S_ISDIR (original_stat.st_mode))
+-      g_set_error_literal (error,
+-                             G_IO_ERROR,
+-                             G_IO_ERROR_IS_DIRECTORY,
+-                             _("Target file is a directory"));
+-      else
+-      g_set_error_literal (error,
++        {
++          g_set_error_literal (error,
++                               G_IO_ERROR,
++                               G_IO_ERROR_IS_DIRECTORY,
++                               _("Target file is a directory"));
++          goto err_out;
++        }
++      else if (!is_symlink ||
++#ifdef S_ISLNK
++               !S_ISLNK (original_stat.st_mode)
++#else
++               FALSE
++#endif
++               )
++        {
++          g_set_error_literal (error,
+                              G_IO_ERROR,
+                              G_IO_ERROR_NOT_REGULAR_FILE,
+                              _("Target file is not a regular file"));
+-      goto err_out;
++          goto err_out;
++        }
+     }
+  
+   if (etag != NULL)
+@@ -1007,7 +1031,8 @@ handle_overwrite_open (const char    *fi
+           }
+       }
+
+-      g_close (fd, NULL);
++      if (fd >= 0)
++        g_close (fd, NULL);
+       *temp_filename = tmp_filename;
+       return tmpfd;
+     }
+--- a/gio/tests/file.c
++++ b/gio/tests/file.c
+@@ -805,6 +805,113 @@ test_replace_cancel (void)
+ }
+
+ static void
++test_replace_symlink (void)
++{
++#ifdef G_OS_UNIX
++  gchar *tmpdir_path = NULL;
++  GFile *tmpdir = NULL, *source_file = NULL, *target_file = NULL;
++  GFileOutputStream *stream = NULL;
++  const gchar *new_contents = "this is a test message which should be
written to source and not target";
++  gsize n_written;
++  GFileEnumerator *enumerator = NULL;
++  GFileInfo *info = NULL;
++  gchar *contents = NULL;
++  gsize length = 0;
++  GError *local_error = NULL;
++
++  g_test_bug ("https://gitlab.gnome.org/GNOME/glib/-/issues/2325");
++  g_test_summary ("Test that G_FILE_CREATE_REPLACE_DESTINATION
doesn’t follow symlinks");
++
++  /* Create a fresh, empty working directory. */
++  tmpdir_path = g_dir_make_tmp ("g_file_replace_symlink_XXXXXX",
&local_error);
++  g_assert_no_error (local_error);
++  tmpdir = g_file_new_for_path (tmpdir_path);
++
++  g_test_message ("Using temporary directory %s", tmpdir_path);
++  g_free (tmpdir_path);
++
++  /* Create symlink `source` which points to `target`. */
++  source_file = g_file_get_child (tmpdir, "source");
++  target_file = g_file_get_child (tmpdir, "target");
++  g_file_make_symbolic_link (source_file, "target", NULL,
&local_error);
++  g_assert_no_error (local_error);
++
++  /* Ensure that `target` doesn’t exist */
++  g_assert_false (g_file_query_exists (target_file, NULL));
++
++  /* Replace the `source` symlink with a regular file using
++   * %G_FILE_CREATE_REPLACE_DESTINATION, which should replace it
*without*
++   * following the symlink */
++  stream = g_file_replace (source_file, NULL, FALSE  /* no backup */,
++                           G_FILE_CREATE_REPLACE_DESTINATION, NULL,
&local_error);
++  g_assert_no_error (local_error);
++
++  g_output_stream_write_all (G_OUTPUT_STREAM (stream), new_contents,
strlen (new_contents),
++                             &n_written, NULL, &local_error);
++  g_assert_no_error (local_error);
++  g_assert_cmpint (n_written, ==, strlen (new_contents));
++
++  g_output_stream_close (G_OUTPUT_STREAM (stream), NULL,
&local_error);
++  g_assert_no_error (local_error);
++
++  g_clear_object (&stream);
++
++  /* At this point, there should still only be one file: `source`. It
should
++   * now be a regular file. `target` should not exist. */
++  enumerator = g_file_enumerate_children (tmpdir,
++                                         
G_FILE_ATTRIBUTE_STANDARD_NAME ","
++                                         
G_FILE_ATTRIBUTE_STANDARD_TYPE,
++                                         
G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS, NULL, &local_error);
++  g_assert_no_error (local_error);
++
++  info = g_file_enumerator_next_file (enumerator, NULL,
&local_error);
++  g_assert_no_error (local_error);
++  g_assert_nonnull (info);
++
++  g_assert_cmpstr (g_file_info_get_name (info), ==, "source");
++  g_assert_cmpint (g_file_info_get_file_type (info), ==,
G_FILE_TYPE_REGULAR);
++
++  g_clear_object (&info);
++
++  info = g_file_enumerator_next_file (enumerator, NULL,
&local_error);
++  g_assert_no_error (local_error);
++  g_assert_null (info);
++
++  g_file_enumerator_close (enumerator, NULL, &local_error);
++  g_assert_no_error (local_error);
++  g_clear_object (&enumerator);
++
++  /* Double-check that `target` doesn’t exist */
++  g_assert_false (g_file_query_exists (target_file, NULL));
++
++  /* Check the content of `source`. */
++  g_file_load_contents (source_file,
++                        NULL,
++                        &contents,
++                        &length,
++                        NULL,
++                        &local_error);
++  g_assert_no_error (local_error);
++  g_assert_cmpstr (contents, ==, new_contents);
++  g_assert_cmpuint (length, ==, strlen (new_contents));
++  g_free (contents);
++
++  /* Tidy up. */
++  g_file_delete (source_file, NULL, &local_error);
++  g_assert_no_error (local_error);
++
++  g_file_delete (tmpdir, NULL, &local_error);
++  g_assert_no_error (local_error);
++
++  g_clear_object (&target_file);
++  g_clear_object (&source_file);
++  g_clear_object (&tmpdir);
++#else  /* if !G_OS_UNIX */
++  g_test_skip ("Symlink replacement tests can only be run on Unix")
++#endif
++}
++
++static void
+ on_file_deleted (GObject      *object,
+                GAsyncResult *result,
+                gpointer      user_data)
+@@ -1797,6 +1904,7 @@ main (int argc, char *argv[])
+   g_test_add_data_func ("/file/async-create-delete/4096",
GINT_TO_POINTER (4096), test_create_delete);
+   g_test_add_func ("/file/replace-load", test_replace_load);
+   g_test_add_func ("/file/replace-cancel", test_replace_cancel);
++  g_test_add_func ("/file/replace-symlink", test_replace_symlink);
+   g_test_add_func ("/file/async-delete", test_async_delete);
+   g_test_add_func ("/file/copy-preserve-mode",
test_copy_preserve_mode);
+   g_test_add_func ("/file/measure", test_measure);
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-5.patch
b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-5.patch
new file mode 100644
index 0000000000..c8d2cdd203
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-5.patch
@@ -0,0 +1,54 @@
+From 6c6439261bc7a8a0627519848a7222b3e1bd4ffe Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@...>
+Date: Wed, 24 Feb 2021 17:42:24 +0000
+Subject: [PATCH 5/5] glocalfileoutputstream: Add a missing O_CLOEXEC
flag to
+ replace()
+
+Signed-off-by: Philip Withnall <pwithnall@...>
+
+Upstream-Status: Backport
[https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz
]
+CVE: CVE-2021-28153
+Signed-off-by: Neetika Singh <Neetika.Singh@...>
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@...>
+---
+ gio/glocalfileoutputstream.c | 15 ++++++++++++---
+ 1 file changed, 12 insertions(+), 3 deletions(-)
+
+--- a/gio/glocalfileoutputstream.c
++++ b/gio/glocalfileoutputstream.c
+@@ -58,6 +58,12 @@
+ #define O_BINARY 0
+ #endif
+
++#ifndef O_CLOEXEC
++#define O_CLOEXEC 0
++#else
++#define HAVE_O_CLOEXEC 1
++#endif
++
+ struct _GLocalFileOutputStreamPrivate {
+   char *tmp_filename;
+   char *original_filename;
+@@ -1223,7 +1229,7 @@ _g_local_file_output_stream_replace (con
+   sync_on_close = FALSE;
+
+   /* If the file doesn't exist, create it */
+-  open_flags = O_CREAT | O_EXCL | O_BINARY;
++  open_flags = O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC;
+   if (readable)
+     open_flags |= O_RDWR;
+   else
+@@ -1253,8 +1259,11 @@ _g_local_file_output_stream_replace (con
+       set_error_from_open_errno (filename, error);
+       return NULL;
+     }
+- 
+-
++#if !defined(HAVE_O_CLOEXEC) && defined(F_SETFD)
++  else
++    fcntl (fd, F_SETFD, FD_CLOEXEC);
++#endif
++
+   stream = g_object_new (G_TYPE_LOCAL_FILE_OUTPUT_STREAM, NULL);
+   stream->priv->fd = fd;
+   stream->priv->sync_on_close = sync_on_close;
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb
b/meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb
index 1a006b9f38..6272155d8c 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb
+++ b/meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb
@@ -18,6 +18,23 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-
${PV}.tar.xz \
           
file://0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch 
\
            file://tzdata-update.patch \
            file://CVE-2020-35457.patch \
+           file://CVE-2021-27218.patch \
+           file://CVE-2021-27219-01.patch \
+           file://CVE-2021-27219-02.patch \
+           file://CVE-2021-27219-03.patch \
+           file://CVE-2021-27219-04.patch \
+           file://CVE-2021-27219-05.patch \
+           file://CVE-2021-27219-06.patch \
+           file://CVE-2021-27219-07.patch \
+           file://CVE-2021-27219-08.patch \
+           file://CVE-2021-27219-09.patch \
+           file://CVE-2021-27219-10.patch \
+           file://CVE-2021-27219-11.patch \
+           file://CVE-2021-28153-1.patch \
+           file://CVE-2021-28153-2.patch \
+           file://CVE-2021-28153-3.patch \
+           file://CVE-2021-28153-4.patch \
+           file://CVE-2021-28153-5.patch \
            "
 
 SRC_URI_append_class-native = " file://relocate-modules.patch"



vulkan-loader

Joel Winarske
 

I discovered an upstream problem with vulkan-loader today.

Effectively since 1.2.162 vulkan.pc is broken for cross compilation scenarios.

This example illustrates current problem with vulkan.pc installed by vulkan-loader:
$ pkg-config --print-errors --define-variable=prefix=/opt --variable=includedir vulkan
/usr/include

It should return /opt/usr/include

So doing this in a meson project does not produce the expected result:
vulkan_hpp = join_paths([
    vulkan_dep.get_pkgconfig_variable('includedir', define_variable: ['prefix', get_option('prefix')])
    'vulkan',
    'vulkan.hpp'
    ])

What is the suggested approach to address this?  A patch for each branch up to master?

Joel


Yocto Project Newcomer & Unassigned Bugs - Help Needed

Stephen Jolley
 

All,

 

The triage team is starting to try and collect up and classify bugs which a newcomer to the project would be able to work on in a way which means people can find them. They're being listed on the triage page under the appropriate heading:

https://wiki.yoctoproject.org/wiki/Bug_Triage#Newcomer_Bugs  Also please review: https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded and how to create a bugzilla account at: https://bugzilla.yoctoproject.org/createaccount.cgi

The idea is these bugs should be straight forward for a person to help work on who doesn't have deep experience with the project.  If anyone can help, please take ownership of the bug and send patches!  If anyone needs help/advice there are people on irc who can likely do so, or some of the more experienced contributors will likely be happy to help too.

 

Also, the triage team meets weekly and does its best to handle the bugs reported into the Bugzilla. The number of people attending that meeting has fallen, as have the number of people available to help fix bugs. One of the things we hear users report is they don't know how to help. We (the triage team) are therefore going to start reporting out the currently 391 unassigned or newcomer bugs.

 

We're hoping people may be able to spare some time now and again to help out with these.  Bugs are split into two types, "true bugs" where things don't work as they should and "enhancements" which are features we'd want to add to the system.  There are also roughly four different "priority" classes right now, “3.4”, “3.5, "3.99" and "Future", the more pressing/urgent issues being in "3.4" and then “3.5”.

 

Please review this link and if a bug is something you would be able to help with either take ownership of the bug, or send me (sjolley.yp.pm@...) an e-mail with the bug number you would like and I will assign it to you (please make sure you have a Bugzilla account).  The list is at: https://wiki.yoctoproject.org/wiki/Bug_Triage_Archive#Unassigned_or_Newcomer_Bugs

 

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


Re: [RFC PATCH 4/9] perl/perlcross: Improve native reproducability

Alexander Kanavin
 

I have fixed this differently, and more reliably - you can cherry-pick into your branch:

Alex


On Mon, 29 Nov 2021 at 20:43, Alexander Kanavin via lists.openembedded.org <alex.kanavin=gmail.com@...> wrote:
On Mon, 29 Nov 2021 at 17:44, Jacob Kroon <jacob.kroon@...> wrote:
On 11/29/21 10:07, Alexander Kanavin wrote:
> Can you split the determinism patch fix into a separate patch please?
>

I don't know what exactly is the right fix here. Should both
"determinism.patch":es be applied when building perl-native ?


Right, I'll take a look at this myself then.

Alex
 

Jacob

> Alex
>
> On Sun, 28 Nov 2021 at 10:46, Jacob Kroon <jacob.kroon@...
> <mailto:jacob.kroon@...>> wrote:
>
>     In order to make perlcross-native independent of build path we need
>     to follow
>     the symlinks when copying the patches, otherwise they will point to
>     whereever
>     oe-core is checked out for that particular build.
>
>     Doing this reveals an issue in perl-native, where it copies the patches
>     from perlcross-native's sysroot, but both perlcross and perl have a
>     patch called "determinism.patch", so one of them gets overridden. Rename
>     the patch in perlcross so that this doesn't happen.
>
>     Signed-off-by: Jacob Kroon <jacob.kroon@...
>     <mailto:jacob.kroon@...>>
>     ---
>      .../{determinism.patch => perl-cross-determinism.patch}      | 0
>      meta/recipes-devtools/perl-cross/perlcross_1.3.6.bb
>     <http://perlcross_1.3.6.bb>          | 4 ++--
>      meta/recipes-devtools/perl/perl_5.34.0.bb <http://perl_5.34.0.bb
>                       | 5 +++++
>      3 files changed, 7 insertions(+), 2 deletions(-)
>      rename meta/recipes-devtools/perl-cross/files/{determinism.patch =>
>     perl-cross-determinism.patch} (100%)
>
>     diff --git
>     a/meta/recipes-devtools/perl-cross/files/determinism.patch
>     b/meta/recipes-devtools/perl-cross/files/perl-cross-determinism.patch
>     similarity index 100%
>     rename from meta/recipes-devtools/perl-cross/files/determinism.patch
>     rename to
>     meta/recipes-devtools/perl-cross/files/perl-cross-determinism.patch
>     diff --git a/meta/recipes-devtools/perl-cross/perlcross_1.3.6.bb
>     <http://perlcross_1.3.6.bb>
>     b/meta/recipes-devtools/perl-cross/perlcross_1.3.6.bb
>     <http://perlcross_1.3.6.bb>
>     index 2759ef8a53..dab7f4558f 100644
>     --- a/meta/recipes-devtools/perl-cross/perlcross_1.3.6.bb
>     <http://perlcross_1.3.6.bb>
>     +++ b/meta/recipes-devtools/perl-cross/perlcross_1.3.6.bb
>     <http://perlcross_1.3.6.bb>
>     @@ -15,7 +15,7 @@ SRC_URI =
>     "https://github.com/arsv/perl-cross/releases/download/${PV}/perl-cross
>     <https://github.com/arsv/perl-cross/releases/download/$%7BPV%7D/perl-cross>
>                
>     file://0001-configure_tool.sh-do-not-quote-the-argument-to-comma.patch \
>                
>     file://0001-perl-cross-add-LDFLAGS-when-linking-libperl.patch \
>                
>     file://0001-configure_path.sh-do-not-hardcode-prefix-lib-as-libr.patch \
>     -           file://determinism.patch \
>     +           file://perl-cross-determinism.patch \
>                
>     file://0001-cnf-configure_func_sel.sh-disable-thread_safe_nl_lan.patch \
>                
>     file://0001-Makefile-check-the-file-if-patched-or-not.patch \
>                 "
>     @@ -33,7 +33,7 @@ do_compile () {
>
>      do_install:class-native() {
>          mkdir -p ${D}/${datadir}/perl-cross/
>     -    cp -rf ${S}/* ${D}/${datadir}/perl-cross/
>     +    cp -rfL ${S}/* ${D}/${datadir}/perl-cross/
>      }
>
>      BBCLASSEXTEND = "native"
>     diff --git a/meta/recipes-devtools/perl/perl_5.34.0.bb
>     <http://perl_5.34.0.bb> b/meta/recipes-devtools/perl/perl_5.34.0.bb
>     <http://perl_5.34.0.bb>
>     index 16d45ccff3..0b74d5f072 100644
>     --- a/meta/recipes-devtools/perl/perl_5.34.0.bb <http://perl_5.34.0.bb>
>     +++ b/meta/recipes-devtools/perl/perl_5.34.0.bb <http://perl_5.34.0.bb>
>     @@ -97,6 +97,9 @@ do_configure:class-native() {
>          -Dvendorprefix=${prefix} \
>          -Ui_xlocale \
>          ${PACKAGECONFIG_CONFARGS}
>     +
>     +    # See the comment above
>     +    sed -i -e "s,${STAGING_DIR_NATIVE},/non/existent,g" config.h
>      }
>
>      do_configure:append() {
>     @@ -395,3 +398,5 @@ SSTATE_HASHEQUIV_FILEMAP = " \
>          populate_sysroot:*/lib*/perl5/config.sh:${TMPDIR} \
>          populate_sysroot:*/lib*/perl5/config.sh:${COREBASE} \
>          "
>     +
>     +EXTRA_STAGING_FIXMES:append:class-native = " RPATH_PADDING"
>
>     
>




Re: [RFC PATCH 4/9] perl/perlcross: Improve native reproducability

Alexander Kanavin
 

On Mon, 29 Nov 2021 at 17:44, Jacob Kroon <jacob.kroon@...> wrote:
On 11/29/21 10:07, Alexander Kanavin wrote:
> Can you split the determinism patch fix into a separate patch please?
>

I don't know what exactly is the right fix here. Should both
"determinism.patch":es be applied when building perl-native ?


Right, I'll take a look at this myself then.

Alex
 

Jacob

> Alex
>
> On Sun, 28 Nov 2021 at 10:46, Jacob Kroon <jacob.kroon@...
> <mailto:jacob.kroon@...>> wrote:
>
>     In order to make perlcross-native independent of build path we need
>     to follow
>     the symlinks when copying the patches, otherwise they will point to
>     whereever
>     oe-core is checked out for that particular build.
>
>     Doing this reveals an issue in perl-native, where it copies the patches
>     from perlcross-native's sysroot, but both perlcross and perl have a
>     patch called "determinism.patch", so one of them gets overridden. Rename
>     the patch in perlcross so that this doesn't happen.
>
>     Signed-off-by: Jacob Kroon <jacob.kroon@...
>     <mailto:jacob.kroon@...>>
>     ---
>      .../{determinism.patch => perl-cross-determinism.patch}      | 0
>      meta/recipes-devtools/perl-cross/perlcross_1.3.6.bb
>     <http://perlcross_1.3.6.bb>          | 4 ++--
>      meta/recipes-devtools/perl/perl_5.34.0.bb <http://perl_5.34.0.bb
>                       | 5 +++++
>      3 files changed, 7 insertions(+), 2 deletions(-)
>      rename meta/recipes-devtools/perl-cross/files/{determinism.patch =>
>     perl-cross-determinism.patch} (100%)
>
>     diff --git
>     a/meta/recipes-devtools/perl-cross/files/determinism.patch
>     b/meta/recipes-devtools/perl-cross/files/perl-cross-determinism.patch
>     similarity index 100%
>     rename from meta/recipes-devtools/perl-cross/files/determinism.patch
>     rename to
>     meta/recipes-devtools/perl-cross/files/perl-cross-determinism.patch
>     diff --git a/meta/recipes-devtools/perl-cross/perlcross_1.3.6.bb
>     <http://perlcross_1.3.6.bb>
>     b/meta/recipes-devtools/perl-cross/perlcross_1.3.6.bb
>     <http://perlcross_1.3.6.bb>
>     index 2759ef8a53..dab7f4558f 100644
>     --- a/meta/recipes-devtools/perl-cross/perlcross_1.3.6.bb
>     <http://perlcross_1.3.6.bb>
>     +++ b/meta/recipes-devtools/perl-cross/perlcross_1.3.6.bb
>     <http://perlcross_1.3.6.bb>
>     @@ -15,7 +15,7 @@ SRC_URI =
>     "https://github.com/arsv/perl-cross/releases/download/${PV}/perl-cross
>     <https://github.com/arsv/perl-cross/releases/download/$%7BPV%7D/perl-cross>
>                
>     file://0001-configure_tool.sh-do-not-quote-the-argument-to-comma.patch \
>                
>     file://0001-perl-cross-add-LDFLAGS-when-linking-libperl.patch \
>                
>     file://0001-configure_path.sh-do-not-hardcode-prefix-lib-as-libr.patch \
>     -           file://determinism.patch \
>     +           file://perl-cross-determinism.patch \
>                
>     file://0001-cnf-configure_func_sel.sh-disable-thread_safe_nl_lan.patch \
>                
>     file://0001-Makefile-check-the-file-if-patched-or-not.patch \
>                 "
>     @@ -33,7 +33,7 @@ do_compile () {
>
>      do_install:class-native() {
>          mkdir -p ${D}/${datadir}/perl-cross/
>     -    cp -rf ${S}/* ${D}/${datadir}/perl-cross/
>     +    cp -rfL ${S}/* ${D}/${datadir}/perl-cross/
>      }
>
>      BBCLASSEXTEND = "native"
>     diff --git a/meta/recipes-devtools/perl/perl_5.34.0.bb
>     <http://perl_5.34.0.bb> b/meta/recipes-devtools/perl/perl_5.34.0.bb
>     <http://perl_5.34.0.bb>
>     index 16d45ccff3..0b74d5f072 100644
>     --- a/meta/recipes-devtools/perl/perl_5.34.0.bb <http://perl_5.34.0.bb>
>     +++ b/meta/recipes-devtools/perl/perl_5.34.0.bb <http://perl_5.34.0.bb>
>     @@ -97,6 +97,9 @@ do_configure:class-native() {
>          -Dvendorprefix=${prefix} \
>          -Ui_xlocale \
>          ${PACKAGECONFIG_CONFARGS}
>     +
>     +    # See the comment above
>     +    sed -i -e "s,${STAGING_DIR_NATIVE},/non/existent,g" config.h
>      }
>
>      do_configure:append() {
>     @@ -395,3 +398,5 @@ SSTATE_HASHEQUIV_FILEMAP = " \
>          populate_sysroot:*/lib*/perl5/config.sh:${TMPDIR} \
>          populate_sysroot:*/lib*/perl5/config.sh:${COREBASE} \
>          "
>     +
>     +EXTRA_STAGING_FIXMES:append:class-native = " RPATH_PADDING"
>
>     
>


Re: Not able to install chrony on zeus

Khem Raj
 

On Mon, Nov 29, 2021 at 9:25 AM mohammed aqdam <mohammedaqdam@...> wrote:

Thanks Khem Raj,

Is it possible to install both?
maybe if they can be make to coexist perhaps by using update-alternatives etc.

On Mon, 29 Nov, 2021, 10:46 pm Khem Raj, <raj.khem@...> wrote:



On 11/29/21 4:08 AM, mohammed aqdam wrote:
Hi There,

I am trying to add chrony/chronyd to my final image
using IMAGE_INSTALL_append += " chrony ntp pps-tools "

When I run bitbake(bitbake -k imx-image-full), Seeing "packages have
unmet dependencies" errors, please check the logs for more information.

Initialising tasks: 100%
|###########################################################################################################################|
Time: 0:00:05
Sstate summary: Wanted 9 Found 7 Missed 2 Current 3666 (77% match,
99% complete)
NOTE: Executing Tasks
NOTE: Setscene tasks completed
ERROR: imx-image-full-1.0-r0 do_rootfs: Unable to install packages.
Command
'/data/home/maqdam/imx-yocto-bsp_latest/build/tmp/work/imx8mpevk-poky-linux/imx-image-full/1.0-r0/recipe-sysroot-native/usr/bin/apt-get
install --force-yes --allow-unauthenticated --no-remove
android-tools apt autotalks chrony libddsc0 devmem2 dfu-util
dhcp-client dhcp-server dpkg gpsd imx-test ink-app-nets-files-obu
ink-service iperf3 jailhouse libwebsockets15 luxservice net-snmp
net-snmp-client net-snmp-dev net-snmp-libs net-snmp-server
net-snmp-server-snmpd net-snmp-server-snmptrapd net-tools ntp
opencv-apps opencv-samples openvpn packagegroup-base-extended
packagegroup-core-boot packagegroup-core-full-cmdline
packagegroup-core-nfs-server packagegroup-core-ssh-dropbear
packagegroup-core-tools-debug packagegroup-core-tools-profile
packagegroup-core-tools-testapps packagegroup-fsl-gstreamer1.0
packagegroup-fsl-gstreamer1.0-full packagegroup-fsl-optee-imx
packagegroup-fsl-tools-audio packagegroup-fsl-tools-benchmark
packagegroup-fsl-tools-gpu packagegroup-fsl-tools-gpu-external
packagegroup-fsl-tools-testapps packagegroup-imx-isp
packagegroup-imx-ml packagegroup-qt5-imx
packagegroup-tools-bluetooth paho-mqtt paho-mqtt-sn perl
perl-module-data-dumper perl-module-file-copy perl-module-file-spec
perl-module-getopt-std perl-module-io-file perl-module-term-readline
pps-tools psplash python3-opencv rapidjson rtklib run-postinsts
strongswan tcpdump tinydtls usbutils versions weston-init
weston-xwayland xterm' returned 100:
Reading package lists...
Building dependency tree...
Reading state information...
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:


*The following packages have unmet dependencies:
chrony : Conflicts: ntp but 4.2.8p15-r0 is to be installed
E: Unable to correct problems, you have held broken packages*.
chrony and ntp packages are in conflict, which means both of them are
trying to install something that other also installs. So you have to
decide which one of these two you need.


I see *ntp_4.2.8p15, *in my source code not *4.2.8p15-r0, *so I tried to
rename the bb file to ntp_*4.2.8p15-r0.bb <http://4.2.8p15-r0.bb>.*
Got errors while accessing the Index of /~ntp/ntp_spool/ntp4/ntp-4.2
(udel.edu) <https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/> due
to missing ntp_*4.2.8p15-r0.bb <http://4.2.8p15-r0.bb> * in list.

Kindly let me know if i am missing anything for adding chrony.

Thanks,
Aqdam





Re: Not able to install chrony on zeus

mohammed aqdam <mohammedaqdam@...>
 

Thanks Khem Raj, 

Is it possible to install both? 

On Mon, 29 Nov, 2021, 10:46 pm Khem Raj, <raj.khem@...> wrote:


On 11/29/21 4:08 AM, mohammed aqdam wrote:
> Hi There,
>
> I am trying to add chrony/chronyd to my final image
> using IMAGE_INSTALL_append += " chrony ntp pps-tools "
>
> When I run bitbake(bitbake -k imx-image-full), Seeing "packages have
> unmet dependencies" errors, please check the logs for more information.
>
>     Initialising tasks: 100%
>     |###########################################################################################################################|
>     Time: 0:00:05
>     Sstate summary: Wanted 9 Found 7 Missed 2 Current 3666 (77% match,
>     99% complete)
>     NOTE: Executing Tasks
>     NOTE: Setscene tasks completed
>     ERROR: imx-image-full-1.0-r0 do_rootfs: Unable to install packages.
>     Command
>     '/data/home/maqdam/imx-yocto-bsp_latest/build/tmp/work/imx8mpevk-poky-linux/imx-image-full/1.0-r0/recipe-sysroot-native/usr/bin/apt-get
>       install --force-yes --allow-unauthenticated --no-remove
>     android-tools apt autotalks chrony libddsc0 devmem2 dfu-util
>     dhcp-client dhcp-server dpkg gpsd imx-test ink-app-nets-files-obu
>     ink-service iperf3 jailhouse libwebsockets15 luxservice net-snmp
>     net-snmp-client net-snmp-dev net-snmp-libs net-snmp-server
>     net-snmp-server-snmpd net-snmp-server-snmptrapd net-tools ntp
>     opencv-apps opencv-samples openvpn packagegroup-base-extended
>     packagegroup-core-boot packagegroup-core-full-cmdline
>     packagegroup-core-nfs-server packagegroup-core-ssh-dropbear
>     packagegroup-core-tools-debug packagegroup-core-tools-profile
>     packagegroup-core-tools-testapps packagegroup-fsl-gstreamer1.0
>     packagegroup-fsl-gstreamer1.0-full packagegroup-fsl-optee-imx
>     packagegroup-fsl-tools-audio packagegroup-fsl-tools-benchmark
>     packagegroup-fsl-tools-gpu packagegroup-fsl-tools-gpu-external
>     packagegroup-fsl-tools-testapps packagegroup-imx-isp
>     packagegroup-imx-ml packagegroup-qt5-imx
>     packagegroup-tools-bluetooth paho-mqtt paho-mqtt-sn perl
>     perl-module-data-dumper perl-module-file-copy perl-module-file-spec
>     perl-module-getopt-std perl-module-io-file perl-module-term-readline
>     pps-tools psplash python3-opencv rapidjson rtklib run-postinsts
>     strongswan tcpdump tinydtls usbutils versions weston-init
>     weston-xwayland xterm' returned 100:
>     Reading package lists...
>     Building dependency tree...
>     Reading state information...
>     Some packages could not be installed. This may mean that you have
>     requested an impossible situation or if you are using the unstable
>     distribution that some required packages have not yet been created
>     or been moved out of Incoming.
>     The following information may help to resolve the situation:
>
>
>     *The following packages have unmet dependencies:
>       chrony : Conflicts: ntp but 4.2.8p15-r0 is to be installed
>     E: Unable to correct problems, you have held broken packages*.
>

chrony and ntp packages are in conflict, which means both of them are
trying to install something that other also installs. So you have to
decide which one of these two you need.

>
> I see *ntp_4.2.8p15, *in my source code not *4.2.8p15-r0, *so I tried to
> rename the bb file to ntp_*4.2.8p15-r0.bb <http://4.2.8p15-r0.bb>.*
> Got errors while accessing the Index of /~ntp/ntp_spool/ntp4/ntp-4.2
> (udel.edu) <https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/> due
> to missing  ntp_*4.2.8p15-r0.bb <http://4.2.8p15-r0.bb> * in list.
>
> Kindly let me know if i am missing anything for adding chrony.
>
> Thanks,
> Aqdam
>
>
>
>
>

12161 - 12180 of 171129