[OE-core][dunfell 00/33] Patch review

[OE-core][dunfell 00/33] Patch review

[Steve Sakoman]

Please review this next set of patches for dunfell and have comments back by
end of day Monday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2417

with the exception of an intermittent issue on qemumips which passed on 
subsequent re-test:

https://autobuilder.yoctoproject.org/typhoon/#/builders/60/builds/3776

The following changes since commit 9ae339ace9274be71bfd3b5e5da64dceac9fa963:

  kernel-devsrc: fix 32bit ARM devsrc builds (2021-07-20 06:36:58 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Armin Kuster (1):
  qemu: Enable seccomp if FEATURE is set

Bruce Ashfield (2):
  linux-yocto/5.4: update to v5.4.134
  linux-yocto/5.4: update to v5.4.135

Changqing Li (1):
  archiver.bbclass: fix do_ar_configured failure for kernel

Khem Raj (1):
  ovmf: Fix VLA warnings with GCC 11

Michael Opdenacker (1):
  oe-setup-builddir: update YP docs and OE URLs

Mike Crowe (1):
  curl: Fix CVE-2021-22924 and CVE-2021-22925

Nathan Rossi (1):
  qemu.inc: Add seccomp PACKAGECONFIG option

Neetika Singh (1):
  curl: Fix for CVE-2021-22898

Nicolas Dechesne (4):
  yocto-check-layer: improve missed dependencies
  checklayer: new function get_layer_dependencies()
  checklayer: rename _find_layer_depends
  yocto-check-layer: ensure that all layer dependencies are tested too

Oleksandr Kravchuk (1):
  bitbake.conf: change GNOME_MIRROR to new one

Ralph Siemsen (1):
  oeqa/manual/toaster: fix small typo

Richard Purdie (2):
  yocto-check-layer: Remove duplicated code
  sstate: Fix rebuilds when changing layer config

Ross Burton (1):
  glew: fix Makefile race

Steve Sakoman (5):
  Revert "gstreamer-plugins-good: ignore CVE-2021-3497/8 since they are
    fixed"
  Revert "gstreamer-plugins-base: ignore CVE-2021-3522 since it is
    fixed"
  gstreamer: ignore CVE-2021-3497, CVE-2021-3498, and CVE-2021-3522
  libxml2: fix CVE-2021-3541
  avahi: fix CVE-2021-3468

Teoh Jay Shen (5):
  oeqa/ethernet_ip_connman : add test for network connections
  oeqa/runtime : add test for RTC(Real Time Clock)
  oeqa/suspend : add test for suspend state
  oeqa/terminal : improve the test case
  oeqa/usb_hid.py : add test to check the usb/human interface device
    status after suspend state

TeohJayShen (1):
  oeqa/runtime: add test for matchbox-terminal

Ulrich Ölmann (1):
  initramfs-framework/setup-live: fix shebang

Wes Lindauer (1):
  oeqa/runtime/cases: Only disable/enable for current boot

Yi Zhao (1):
  ifupdown: added -1 option to dhclient for dhcpv6

leimaohui (1):
  archiver.bbclass: Fix patch error for recipes that inherit dos2unix.

 meta/classes/archiver.bbclass                 |   8 +-
 meta/classes/sstate.bbclass                   |   1 +
 meta/conf/bitbake.conf                        |   2 +-
 .../lib/oeqa/manual/toaster-managed-mode.json |   2 +-
 meta/lib/oeqa/runtime/cases/date.py           |   4 +-
 .../oeqa/runtime/cases/ethernet_ip_connman.py |  36 +++
 meta/lib/oeqa/runtime/cases/rtc.py            |  38 +++
 meta/lib/oeqa/runtime/cases/suspend.py        |  33 +++
 meta/lib/oeqa/runtime/cases/terminal.py       |  21 ++
 meta/lib/oeqa/runtime/cases/usb_hid.py        |  22 ++
 meta/recipes-connectivity/avahi/avahi.inc     |   1 +
 .../avahi/files/CVE-2021-3468.patch           |  42 ++++
 ...-1-option-to-dhclient-on-upping-an-i.patch |  65 +++++
 meta/recipes-core/ifupdown/ifupdown_0.8.35.bb |   1 +
 .../initramfs-framework/setup-live            |   2 +-
 .../libxml/libxml2/CVE-2021-3541.patch        |  73 ++++++
 meta/recipes-core/libxml/libxml2_2.9.10.bb    |   1 +
 .../ovmf/0001-Fix-VLA-parameter-warning.patch |  51 ++++
 meta/recipes-core/ovmf/ovmf_git.bb            |   3 +-
 meta/recipes-devtools/qemu/qemu.inc           |   1 +
 meta/recipes-devtools/qemu/qemu_4.2.0.bb      |   1 +
 .../0001-Fix-build-race-in-Makefile.patch     |  56 +++++
 meta/recipes-graphics/glew/glew_2.2.0.bb      |   1 +
 .../linux/linux-yocto-rt_5.4.bb               |   6 +-
 .../linux/linux-yocto-tiny_5.4.bb             |   8 +-
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  |  22 +-
 .../gstreamer1.0-plugins-base_1.16.3.bb       |   4 -
 .../gstreamer1.0-plugins-good_1.16.3.bb       |   5 -
 .../gstreamer/gstreamer1.0_1.16.3.bb          |   9 +
 .../curl/curl/CVE-2021-22898.patch            |  26 ++
 .../curl/curl/CVE-2021-22924.patch            | 226 ++++++++++++++++++
 .../curl/curl/CVE-2021-22925.patch            |  43 ++++
 meta/recipes-support/curl/curl_7.69.1.bb      |   4 +
 scripts/lib/checklayer/__init__.py            |  11 +-
 scripts/oe-setup-builddir                     |   4 +-
 scripts/yocto-check-layer                     |  25 +-
 36 files changed, 813 insertions(+), 45 deletions(-)
 create mode 100644 meta/lib/oeqa/runtime/cases/ethernet_ip_connman.py
 create mode 100644 meta/lib/oeqa/runtime/cases/rtc.py
 create mode 100644 meta/lib/oeqa/runtime/cases/suspend.py
 create mode 100644 meta/lib/oeqa/runtime/cases/terminal.py
 create mode 100644 meta/lib/oeqa/runtime/cases/usb_hid.py
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2021-3468.patch
 create mode 100644 meta/recipes-core/ifupdown/files/0001-inet6.defn-Added-1-option-to-dhclient-on-upping-an-i.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2021-3541.patch
 create mode 100644 meta/recipes-core/ovmf/ovmf/0001-Fix-VLA-parameter-warning.patch
 create mode 100644 meta/recipes-graphics/glew/glew/0001-Fix-build-race-in-Makefile.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2021-22898.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2021-22924.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2021-22925.patch

-- 
2.25.1

[OE-core][dunfell 01/33] Revert "gstreamer-plugins-good: ignore CVE-2021-3497/8 since they are fixed"

[Steve Sakoman]

Change is correct but should be in gstreamer recipe not gstreamer-plugins-good

This reverts commit d853e2bde1ea083f8438e8d7a80f041196d2e38d.
---
 .../gstreamer/gstreamer1.0-plugins-good_1.16.3.bb            | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.3.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.3.bb
index e8830103ce..1038cbf224 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.3.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.3.bb
@@ -15,11 +15,6 @@ SRC_URI = " \
 SRC_URI[md5sum] = "c79b6c2f8eaadb2bb66615b694db399e"
 SRC_URI[sha256sum] = "d3a23a3fe73de673f591b7655494990c9e8a0e22a3c70d6f1dbf50198b29f85f"
 
-# CPE entries for gst-plugins-good are listed as gstreamer issues
-# so we need to ignore the false hit
-CVE_CHECK_WHITELIST += "CVE-2021-3497"
-CVE_CHECK_WHITELIST += "CVE-2021-3498"
-
 S = "${WORKDIR}/gst-plugins-good-${PV}"
 
 LICENSE = "GPLv2+ & LGPLv2.1+"
-- 
2.25.1

[OE-core][dunfell 02/33] Revert "gstreamer-plugins-base: ignore CVE-2021-3522 since it is fixed"

[Steve Sakoman]

Change is correct but should be in gstreamer recipe not gstreamer-plugins-base

This reverts commit f32e90a7f8918aacda61ef6176eb1655742045b4.
---
 .../gstreamer/gstreamer1.0-plugins-base_1.16.3.bb             | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.16.3.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.16.3.bb
index 431468d459..bcfdef3bbd 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.16.3.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.16.3.bb
@@ -20,10 +20,6 @@ SRC_URI = " \
 SRC_URI[md5sum] = "e3ddb1bae9fb510b49a295f212f1e6e4"
 SRC_URI[sha256sum] = "9f02678b0bbbcc9eff107d3bd89d83ce92fec2154cd607c7c8bd34dc7fee491c"
 
-# CPE entries for gst-plugins-base are listed as gstreamer issues
-# so we need to ignore the false hit
-CVE_CHECK_WHITELIST += "CVE-2021-3522"
-
 S = "${WORKDIR}/gst-plugins-base-${PV}"
 
 DEPENDS += "iso-codes util-linux zlib"
-- 
2.25.1

[OE-core][dunfell 03/33] gstreamer: ignore CVE-2021-3497, CVE-2021-3498, and CVE-2021-3522

[Steve Sakoman]

CPE entries for gst-plugins-* are listed as gstreamer issues
so we need to ignore the false hits for the CVEs we've patched
in plugins recipes

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.3.bb | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.3.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.3.bb
index 7afe56cd7b..a516fabdaf 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.3.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.3.bb
@@ -74,4 +74,13 @@ FILES_${PN}-dbg += "${datadir}/gdb ${datadir}/gstreamer-1.0/gdb"
 
 CVE_PRODUCT = "gstreamer"
 
+# CPE entries for gst-plugins-base are listed as gstreamer issues
+# so we need to ignore the false hits
+CVE_CHECK_WHITELIST += "CVE-2021-3522"
+
+# CPE entries for gst-plugins-good are listed as gstreamer issues
+# so we need to ignore the false hits
+CVE_CHECK_WHITELIST += "CVE-2021-3497"
+CVE_CHECK_WHITELIST += "CVE-2021-3498"
+
 require gstreamer1.0-ptest.inc
-- 
2.25.1

[OE-core][dunfell 04/33] libxml2: fix CVE-2021-3541

[Steve Sakoman]

A flaw was found in libxml2. Exponential entity expansion attack
is possible bypassing all existing protection mechanisms and leading
to denial of service.

https://nvd.nist.gov/vuln/detail/CVE-2021-3541
CVE: 2021-3541

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libxml/libxml2/CVE-2021-3541.patch        | 73 +++++++++++++++++++
 meta/recipes-core/libxml/libxml2_2.9.10.bb    |  1 +
 2 files changed, 74 insertions(+)
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2021-3541.patch

diff --git a/meta/recipes-core/libxml/libxml2/CVE-2021-3541.patch b/meta/recipes-core/libxml/libxml2/CVE-2021-3541.patch
new file mode 100644
index 0000000000..1f392b4cd7
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2021-3541.patch
@@ -0,0 +1,73 @@
+From 8598060bacada41a0eb09d95c97744ff4e428f8e Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Thu, 13 May 2021 14:55:12 +0200
+Subject: [PATCH] Patch for security issue CVE-2021-3541
+
+This is relapted to parameter entities expansion and following
+the line of the billion laugh attack. Somehow in that path the
+counting of parameters was missed and the normal algorithm based
+on entities "density" was useless.
+
+Upstream-Status: Backport
+[https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e]
+CVE: CVE-2021-3541
+Signed-off-by: Steve Sakoman <steve@sakoman.com>
+
+---
+ parser.c | 26 ++++++++++++++++++++++++++
+ 1 file changed, 26 insertions(+)
+
+diff --git a/parser.c b/parser.c
+index f5e5e169..c9312fa4 100644
+--- a/parser.c
++++ b/parser.c
+@@ -140,6 +140,7 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size,
+                      xmlEntityPtr ent, size_t replacement)
+ {
+     size_t consumed = 0;
++    int i;
+ 
+     if ((ctxt == NULL) || (ctxt->options & XML_PARSE_HUGE))
+         return (0);
+@@ -177,6 +178,28 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size,
+ 	    rep = NULL;
+ 	}
+     }
++
++    /*
++     * Prevent entity exponential check, not just replacement while
++     * parsing the DTD
++     * The check is potentially costly so do that only once in a thousand
++     */
++    if ((ctxt->instate == XML_PARSER_DTD) && (ctxt->nbentities > 10000) &&
++        (ctxt->nbentities % 1024 == 0)) {
++	for (i = 0;i < ctxt->inputNr;i++) {
++	    consumed += ctxt->inputTab[i]->consumed +
++	               (ctxt->inputTab[i]->cur - ctxt->inputTab[i]->base);
++	}
++	if (ctxt->nbentities > consumed * XML_PARSER_NON_LINEAR) {
++	    xmlFatalErr(ctxt, XML_ERR_ENTITY_LOOP, NULL);
++	    ctxt->instate = XML_PARSER_EOF;
++	    return (1);
++	}
++	consumed = 0;
++    }
++
++
++
+     if (replacement != 0) {
+ 	if (replacement < XML_MAX_TEXT_LENGTH)
+ 	    return(0);
+@@ -7963,6 +7986,9 @@ xmlParsePEReference(xmlParserCtxtPtr ctxt)
+             xmlChar start[4];
+             xmlCharEncoding enc;
+ 
++	    if (xmlParserEntityCheck(ctxt, 0, entity, 0))
++	        return;
++
+ 	    if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) &&
+ 	        ((ctxt->options & XML_PARSE_NOENT) == 0) &&
+ 		((ctxt->options & XML_PARSE_DTDVALID) == 0) &&
+-- 
+GitLab
+
diff --git a/meta/recipes-core/libxml/libxml2_2.9.10.bb b/meta/recipes-core/libxml/libxml2_2.9.10.bb
index b5fb3e6315..60dc71f38d 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.10.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.10.bb
@@ -26,6 +26,7 @@ SRC_URI = "http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \
            file://CVE-2021-3517.patch \
            file://CVE-2021-3537.patch \
            file://CVE-2021-3518.patch \
+           file://CVE-2021-3541.patch \
            "
 
 SRC_URI[libtar.md5sum] = "10942a1dc23137a8aa07f0639cbfece5"
-- 
2.25.1

[OE-core][dunfell 05/33] avahi: fix CVE-2021-3468

[Steve Sakoman]

A flaw was found in avahi in versions 0.6 up to 0.8. The event used
to signal the termination of the client connection on the avahi Unix
socket is not correctly handled in the client_work function,
allowing a local attacker to trigger an infinite loop. The highest
threat from this vulnerability is to the availability of the avahi
service, which becomes unresponsive after this flaw is triggered.

https://nvd.nist.gov/vuln/detail/CVE-2021-3468
CVE: CVE-2021-3468

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-connectivity/avahi/avahi.inc     |  1 +
 .../avahi/files/CVE-2021-3468.patch           | 42 +++++++++++++++++++
 2 files changed, 43 insertions(+)
 create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2021-3468.patch

diff --git a/meta/recipes-connectivity/avahi/avahi.inc b/meta/recipes-connectivity/avahi/avahi.inc
index 6acedb5412..25bb41b738 100644
--- a/meta/recipes-connectivity/avahi/avahi.inc
+++ b/meta/recipes-connectivity/avahi/avahi.inc
@@ -21,6 +21,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \
 
 SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}.tar.gz \
            file://fix-CVE-2017-6519.patch \
+           file://CVE-2021-3468.patch \
            "
 
 UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/"
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2021-3468.patch b/meta/recipes-connectivity/avahi/files/CVE-2021-3468.patch
new file mode 100644
index 0000000000..638a1f6071
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/CVE-2021-3468.patch
@@ -0,0 +1,42 @@
+From 447affe29991ee99c6b9732fc5f2c1048a611d3b Mon Sep 17 00:00:00 2001
+From: Riccardo Schirone <sirmy15@gmail.com>
+Date: Fri, 26 Mar 2021 11:50:24 +0100
+Subject: [PATCH] Avoid infinite-loop in avahi-daemon by handling HUP event in
+ client_work
+
+If a client fills the input buffer, client_work() disables the
+AVAHI_WATCH_IN event, thus preventing the function from executing the
+`read` syscall the next times it is called. However, if the client then
+terminates the connection, the socket file descriptor receives a HUP
+event, which is not handled, thus the kernel keeps marking the HUP event
+as occurring. While iterating over the file descriptors that triggered
+an event, the client file descriptor will keep having the HUP event and
+the client_work() function is always called with AVAHI_WATCH_HUP but
+without nothing being done, thus entering an infinite loop.
+
+See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938
+
+Upstream-Status: Backport
+CVE: CVE-2021-3468
+Signed-off-by: Steve Sakoman <steve@sakoman.com>
+
+---
+ avahi-daemon/simple-protocol.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/avahi-daemon/simple-protocol.c b/avahi-daemon/simple-protocol.c
+index 3e0ebb11..6c0274d6 100644
+--- a/avahi-daemon/simple-protocol.c
++++ b/avahi-daemon/simple-protocol.c
+@@ -424,6 +424,11 @@ static void client_work(AvahiWatch *watch, AVAHI_GCC_UNUSED int fd, AvahiWatchEv
+         }
+     }
+ 
++    if (events & AVAHI_WATCH_HUP) {
++        client_free(c);
++        return;
++    }
++
+     c->server->poll_api->watch_update(
+         watch,
+         (c->outbuf_length > 0 ? AVAHI_WATCH_OUT : 0) |
-- 
2.25.1

[OE-core][dunfell 06/33] curl: Fix for CVE-2021-22898

[Steve Sakoman]

From: Neetika Singh <Neetika.Singh@kpit.com>

Applied trivial patch for cve issue CVE-2021-22898

Link: https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde

Signed-off-by: Neetika.Singh <Neetika.Singh@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../curl/curl/CVE-2021-22898.patch            | 26 +++++++++++++++++++
 meta/recipes-support/curl/curl_7.69.1.bb      |  1 +
 2 files changed, 27 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2021-22898.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2021-22898.patch b/meta/recipes-support/curl/curl/CVE-2021-22898.patch
new file mode 100644
index 0000000000..0800e10175
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2021-22898.patch
@@ -0,0 +1,26 @@
+From 39ce47f219b09c380b81f89fe54ac586c8db6bde Mon Sep 17 00:00:00 2001
+From: Harry Sintonen <sintonen@iki.fi>
+Date: Fri, 7 May 2021 13:09:57 +0200
+Subject: [PATCH] telnet: check sscanf() for correct number of matches
+
+CVE: CVE-2021-22898
+Upstream-Status: Backport
+Link: https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde
+Bug: https://curl.se/docs/CVE-2021-22898.html
+---
+ lib/telnet.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/telnet.c b/lib/telnet.c
+index 26e0658ba9cc..fdd137fb0c04 100644
+--- a/lib/telnet.c
++++ b/lib/telnet.c
+@@ -922,7 +922,7 @@ static void suboption(struct Curl_easy *data)
+         size_t tmplen = (strlen(v->data) + 1);
+         /* Add the variable only if it fits */
+         if(len + tmplen < (int)sizeof(temp)-6) {
+-          if(sscanf(v->data, "%127[^,],%127s", varname, varval)) {
++          if(sscanf(v->data, "%127[^,],%127s", varname, varval) == 2) {
+             msnprintf((char *)&temp[len], sizeof(temp) - len,
+                       "%c%s%c%s", CURL_NEW_ENV_VAR, varname,
+                       CURL_NEW_ENV_VALUE, varval);
diff --git a/meta/recipes-support/curl/curl_7.69.1.bb b/meta/recipes-support/curl/curl_7.69.1.bb
index 13ab29cf69..9b510bcf9f 100644
--- a/meta/recipes-support/curl/curl_7.69.1.bb
+++ b/meta/recipes-support/curl/curl_7.69.1.bb
@@ -19,6 +19,7 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \
            file://CVE-2020-8286.patch \
            file://CVE-2021-22876.patch \
            file://CVE-2021-22890.patch \
+           file://CVE-2021-22898.patch \
 "
 
 SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42"
-- 
2.25.1

[OE-core][dunfell 07/33] curl: Fix CVE-2021-22924 and CVE-2021-22925

[Steve Sakoman]

From: Mike Crowe <mac@mcrowe.com>

curl v7.78 contained fixes for five CVEs:

CVE-2021-22922[1] and CVE-2021-22923[2] are only present when support
for metalink is enabled. EXTRA_OECONF contains "--without-libmetalink"
so these fixes are unnecessary.

CVE-2021-22926[3] only affects builds for MacOS.

CVE-2021-22924[4] and CVE-2021-22925[5] are both applicable. Take the
patches from Ubuntu 20.04 curl_7.68.0-1ubuntu2.6 package which is close
enough that the patch for CVE-2021-22924 applies without conflicts..

[1] https://curl.se/docs/CVE-2021-22922.html
[2] https://curl.se/docs/CVE-2021-22923.html
[3] https://curl.se/docs/CVE-2021-22926.html
[4] https://curl.se/docs/CVE-2021-22924.html
[5] https://curl.se/docs/CVE-2021-22925.html

Signed-off-by: Mike Crowe <mac@mcrowe.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../curl/curl/CVE-2021-22924.patch            | 226 ++++++++++++++++++
 .../curl/curl/CVE-2021-22925.patch            |  43 ++++
 meta/recipes-support/curl/curl_7.69.1.bb      |   3 +
 3 files changed, 272 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2021-22924.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2021-22925.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2021-22924.patch b/meta/recipes-support/curl/curl/CVE-2021-22924.patch
new file mode 100644
index 0000000000..68fde45ddf
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2021-22924.patch
@@ -0,0 +1,226 @@
+Subject: [PATCH] vtls: fix connection reuse checks for issuer cert and
+ case sensitivity CVE-2021-22924
+
+Reported-by: Harry Sintonen
+Bug: https://curl.se/docs/CVE-2021-22924.html
+CVE: CVE-2021-22924
+Upstream-Status: backport from Ubuntu curl_7.68.0-1ubuntu2.6
+Signed-off-by: Mike Crowe <mac@mcrowe.com>
+---
+ lib/url.c          |  5 +++--
+ lib/urldata.h      |  2 +-
+ lib/vtls/gtls.c    | 10 +++++-----
+ lib/vtls/nss.c     |  4 ++--
+ lib/vtls/openssl.c | 12 ++++++------
+ lib/vtls/vtls.c    | 23 ++++++++++++++++++-----
+ 6 files changed, 35 insertions(+), 21 deletions(-)
+
+diff --git a/lib/url.c b/lib/url.c
+index 47fc66aed..eebad8d32 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -3555,6 +3555,9 @@ static CURLcode create_conn(struct Curl_easy *data,
+   data->set.proxy_ssl.primary.CApath = data->set.str[STRING_SSL_CAPATH_PROXY];
+   data->set.ssl.primary.CAfile = data->set.str[STRING_SSL_CAFILE_ORIG];
+   data->set.proxy_ssl.primary.CAfile = data->set.str[STRING_SSL_CAFILE_PROXY];
++  data->set.ssl.primary.issuercert = data->set.str[STRING_SSL_ISSUERCERT_ORIG];
++  data->set.proxy_ssl.primary.issuercert =
++    data->set.str[STRING_SSL_ISSUERCERT_PROXY];
+   data->set.ssl.primary.random_file = data->set.str[STRING_SSL_RANDOM_FILE];
+   data->set.proxy_ssl.primary.random_file =
+     data->set.str[STRING_SSL_RANDOM_FILE];
+@@ -3575,8 +3578,6 @@ static CURLcode create_conn(struct Curl_easy *data,
+ 
+   data->set.ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE_ORIG];
+   data->set.proxy_ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE_PROXY];
+-  data->set.ssl.issuercert = data->set.str[STRING_SSL_ISSUERCERT_ORIG];
+-  data->set.proxy_ssl.issuercert = data->set.str[STRING_SSL_ISSUERCERT_PROXY];
+   data->set.ssl.cert = data->set.str[STRING_CERT_ORIG];
+   data->set.proxy_ssl.cert = data->set.str[STRING_CERT_PROXY];
+   data->set.ssl.cert_type = data->set.str[STRING_CERT_TYPE_ORIG];
+diff --git a/lib/urldata.h b/lib/urldata.h
+index fbb8b645e..615fbf369 100644
+--- a/lib/urldata.h
++++ b/lib/urldata.h
+@@ -224,6 +224,7 @@ struct ssl_primary_config {
+   long version_max;      /* max supported version the client wants to use*/
+   char *CApath;          /* certificate dir (doesn't work on windows) */
+   char *CAfile;          /* certificate to verify peer against */
++  char *issuercert;      /* optional issuer certificate filename */
+   char *clientcert;
+   char *random_file;     /* path to file containing "random" data */
+   char *egdsocket;       /* path to file containing the EGD daemon socket */
+@@ -240,7 +241,6 @@ struct ssl_config_data {
+   struct ssl_primary_config primary;
+   long certverifyresult; /* result from the certificate verification */
+   char *CRLfile;   /* CRL to check certificate revocation */
+-  char *issuercert;/* optional issuer certificate filename */
+   curl_ssl_ctx_callback fsslctx; /* function to initialize ssl ctx */
+   void *fsslctxp;        /* parameter for call back */
+   char *cert; /* client certificate file name */
+diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
+index 46e149c7d..8c051024f 100644
+--- a/lib/vtls/gtls.c
++++ b/lib/vtls/gtls.c
+@@ -1059,7 +1059,7 @@ gtls_connect_step3(struct connectdata *conn,
+   if(!chainp) {
+     if(SSL_CONN_CONFIG(verifypeer) ||
+        SSL_CONN_CONFIG(verifyhost) ||
+-       SSL_SET_OPTION(issuercert)) {
++       SSL_CONN_CONFIG(issuercert)) {
+ #ifdef USE_TLS_SRP
+       if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP
+          && SSL_SET_OPTION(username) != NULL
+@@ -1241,21 +1241,21 @@ gtls_connect_step3(struct connectdata *conn,
+        gnutls_x509_crt_t format */
+     gnutls_x509_crt_import(x509_cert, chainp, GNUTLS_X509_FMT_DER);
+ 
+-  if(SSL_SET_OPTION(issuercert)) {
++  if(SSL_CONN_CONFIG(issuercert)) {
+     gnutls_x509_crt_init(&x509_issuer);
+-    issuerp = load_file(SSL_SET_OPTION(issuercert));
++    issuerp = load_file(SSL_CONN_CONFIG(issuercert));
+     gnutls_x509_crt_import(x509_issuer, &issuerp, GNUTLS_X509_FMT_PEM);
+     rc = gnutls_x509_crt_check_issuer(x509_cert, x509_issuer);
+     gnutls_x509_crt_deinit(x509_issuer);
+     unload_file(issuerp);
+     if(rc <= 0) {
+       failf(data, "server certificate issuer check failed (IssuerCert: %s)",
+-            SSL_SET_OPTION(issuercert)?SSL_SET_OPTION(issuercert):"none");
++            SSL_CONN_CONFIG(issuercert)?SSL_CONN_CONFIG(issuercert):"none");
+       gnutls_x509_crt_deinit(x509_cert);
+       return CURLE_SSL_ISSUER_ERROR;
+     }
+     infof(data, "\t server certificate issuer check OK (Issuer Cert: %s)\n",
+-          SSL_SET_OPTION(issuercert)?SSL_SET_OPTION(issuercert):"none");
++          SSL_CONN_CONFIG(issuercert)?SSL_CONN_CONFIG(issuercert):"none");
+   }
+ 
+   size = sizeof(certbuf);
+diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
+index ef51b0d91..375c78b1b 100644
+--- a/lib/vtls/nss.c
++++ b/lib/vtls/nss.c
+@@ -2151,9 +2151,9 @@ static CURLcode nss_do_connect(struct connectdata *conn, int sockindex)
+   if(result)
+     goto error;
+ 
+-  if(SSL_SET_OPTION(issuercert)) {
++  if(SSL_CONN_CONFIG(issuercert)) {
+     SECStatus ret = SECFailure;
+-    char *nickname = dup_nickname(data, SSL_SET_OPTION(issuercert));
++    char *nickname = dup_nickname(data, SSL_CONN_CONFIG(issuercert));
+     if(nickname) {
+       /* we support only nicknames in case of issuercert for now */
+       ret = check_issuer_cert(BACKEND->handle, nickname);
+diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
+index 64f43605a..7e81fd3a0 100644
+--- a/lib/vtls/openssl.c
++++ b/lib/vtls/openssl.c
+@@ -3547,7 +3547,7 @@ static CURLcode servercert(struct connectdata *conn,
+        deallocating the certificate. */
+ 
+     /* e.g. match issuer name with provided issuer certificate */
+-    if(SSL_SET_OPTION(issuercert)) {
++    if(SSL_CONN_CONFIG(issuercert)) {
+       fp = BIO_new(BIO_s_file());
+       if(fp == NULL) {
+         failf(data,
+@@ -3560,10 +3560,10 @@ static CURLcode servercert(struct connectdata *conn,
+         return CURLE_OUT_OF_MEMORY;
+       }
+ 
+-      if(BIO_read_filename(fp, SSL_SET_OPTION(issuercert)) <= 0) {
++      if(BIO_read_filename(fp, SSL_CONN_CONFIG(issuercert)) <= 0) {
+         if(strict)
+           failf(data, "SSL: Unable to open issuer cert (%s)",
+-                SSL_SET_OPTION(issuercert));
++                SSL_CONN_CONFIG(issuercert));
+         BIO_free(fp);
+         X509_free(BACKEND->server_cert);
+         BACKEND->server_cert = NULL;
+@@ -3574,7 +3574,7 @@ static CURLcode servercert(struct connectdata *conn,
+       if(!issuer) {
+         if(strict)
+           failf(data, "SSL: Unable to read issuer cert (%s)",
+-                SSL_SET_OPTION(issuercert));
++                SSL_CONN_CONFIG(issuercert));
+         BIO_free(fp);
+         X509_free(issuer);
+         X509_free(BACKEND->server_cert);
+@@ -3585,7 +3585,7 @@ static CURLcode servercert(struct connectdata *conn,
+       if(X509_check_issued(issuer, BACKEND->server_cert) != X509_V_OK) {
+         if(strict)
+           failf(data, "SSL: Certificate issuer check failed (%s)",
+-                SSL_SET_OPTION(issuercert));
++                SSL_CONN_CONFIG(issuercert));
+         BIO_free(fp);
+         X509_free(issuer);
+         X509_free(BACKEND->server_cert);
+@@ -3594,7 +3594,7 @@ static CURLcode servercert(struct connectdata *conn,
+       }
+ 
+       infof(data, " SSL certificate issuer check ok (%s)\n",
+-            SSL_SET_OPTION(issuercert));
++            SSL_CONN_CONFIG(issuercert));
+       BIO_free(fp);
+       X509_free(issuer);
+     }
+diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
+index aaf73ef8f..8c681da14 100644
+--- a/lib/vtls/vtls.c
++++ b/lib/vtls/vtls.c
+@@ -82,6 +82,16 @@
+   else                                       \
+     dest->var = NULL;
+ 
++static bool safecmp(char *a, char *b)
++{
++  if(a && b)
++    return !strcmp(a, b);
++  else if(!a && !b)
++    return TRUE; /* match */
++  return FALSE; /* no match */
++}
++
++
+ bool
+ Curl_ssl_config_matches(struct ssl_primary_config* data,
+                         struct ssl_primary_config* needle)
+@@ -91,11 +101,12 @@ Curl_ssl_config_matches(struct ssl_primary_config* data,
+      (data->verifypeer == needle->verifypeer) &&
+      (data->verifyhost == needle->verifyhost) &&
+      (data->verifystatus == needle->verifystatus) &&
+-     Curl_safe_strcasecompare(data->CApath, needle->CApath) &&
+-     Curl_safe_strcasecompare(data->CAfile, needle->CAfile) &&
+-     Curl_safe_strcasecompare(data->clientcert, needle->clientcert) &&
+-     Curl_safe_strcasecompare(data->random_file, needle->random_file) &&
+-     Curl_safe_strcasecompare(data->egdsocket, needle->egdsocket) &&
++     safecmp(data->CApath, needle->CApath) &&
++     safecmp(data->CAfile, needle->CAfile) &&
++     safecmp(data->issuercert, needle->issuercert) &&
++     safecmp(data->clientcert, needle->clientcert) &&
++     safecmp(data->random_file, needle->random_file) &&
++     safecmp(data->egdsocket, needle->egdsocket) &&
+      Curl_safe_strcasecompare(data->cipher_list, needle->cipher_list) &&
+      Curl_safe_strcasecompare(data->cipher_list13, needle->cipher_list13) &&
+      Curl_safe_strcasecompare(data->pinned_key, needle->pinned_key))
+@@ -117,6 +128,7 @@ Curl_clone_primary_ssl_config(struct ssl_primary_config *source,
+ 
+   CLONE_STRING(CApath);
+   CLONE_STRING(CAfile);
++  CLONE_STRING(issuercert);
+   CLONE_STRING(clientcert);
+   CLONE_STRING(random_file);
+   CLONE_STRING(egdsocket);
+@@ -131,6 +143,7 @@ void Curl_free_primary_ssl_config(struct ssl_primary_config* sslc)
+ {
+   Curl_safefree(sslc->CApath);
+   Curl_safefree(sslc->CAfile);
++  Curl_safefree(sslc->issuercert);
+   Curl_safefree(sslc->clientcert);
+   Curl_safefree(sslc->random_file);
+   Curl_safefree(sslc->egdsocket);
+-- 
+2.30.2
+
diff --git a/meta/recipes-support/curl/curl/CVE-2021-22925.patch b/meta/recipes-support/curl/curl/CVE-2021-22925.patch
new file mode 100644
index 0000000000..13b55f76be
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2021-22925.patch
@@ -0,0 +1,43 @@
+Subject: [PATCH] telnet: fix option parser to not send uninitialized
+ contents CVE-2021-22925
+
+Reported-by: Red Hat Product Security
+Bug: https://curl.se/docs/CVE-2021-22925.html
+CVE: CVE-2021-22925
+Upstream-Status: backport from Ubuntu curl_7.68.0-1ubuntu2.6
+Signed-off-by: Mike Crowe <mac@mcrowe.com>
+---
+ lib/telnet.c | 17 +++++++++++------
+ 1 file changed, 11 insertions(+), 6 deletions(-)
+
+diff --git a/lib/telnet.c b/lib/telnet.c
+index 4bf4c652c..3347ad6d1 100644
+--- a/lib/telnet.c
++++ b/lib/telnet.c
+@@ -967,12 +967,17 @@ static void suboption(struct connectdata *conn)
+         size_t tmplen = (strlen(v->data) + 1);
+         /* Add the variable only if it fits */
+         if(len + tmplen < (int)sizeof(temp)-6) {
+-          if(sscanf(v->data, "%127[^,],%127s", varname, varval) == 2) {
+-            msnprintf((char *)&temp[len], sizeof(temp) - len,
+-                      "%c%s%c%s", CURL_NEW_ENV_VAR, varname,
+-                      CURL_NEW_ENV_VALUE, varval);
+-            len += tmplen;
+-          }
++          int rv;
++          char sep[2] = "";
++          varval[0] = 0;
++          rv = sscanf(v->data, "%127[^,]%1[,]%127s", varname, sep, varval);
++          if(rv == 1)
++            len += msnprintf((char *)&temp[len], sizeof(temp) - len,
++                             "%c%s", CURL_NEW_ENV_VAR, varname);
++          else if(rv >= 2)
++            len += msnprintf((char *)&temp[len], sizeof(temp) - len,
++                             "%c%s%c%s", CURL_NEW_ENV_VAR, varname,
++                             CURL_NEW_ENV_VALUE, varval);
+         }
+       }
+       msnprintf((char *)&temp[len], sizeof(temp) - len,
+-- 
+2.30.2
+
diff --git a/meta/recipes-support/curl/curl_7.69.1.bb b/meta/recipes-support/curl/curl_7.69.1.bb
index 9b510bcf9f..21c673feda 100644
--- a/meta/recipes-support/curl/curl_7.69.1.bb
+++ b/meta/recipes-support/curl/curl_7.69.1.bb
@@ -20,6 +20,8 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \
            file://CVE-2021-22876.patch \
            file://CVE-2021-22890.patch \
            file://CVE-2021-22898.patch \
+           file://CVE-2021-22924.patch \
+           file://CVE-2021-22925.patch \
 "
 
 SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42"
@@ -27,6 +29,7 @@ SRC_URI[sha256sum] = "2ff5e5bd507adf6aa88ff4bbafd4c7af464867ffb688be93b9930717a5
 
 # Curl has used many names over the years...
 CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"
+CVE_CHECK_WHITELIST = "CVE-2021-22922 CVE-2021-22923 CVE-2021-22926"
 
 inherit autotools pkgconfig binconfig multilib_header
 
-- 
2.25.1

[OE-core][dunfell 08/33] linux-yocto/5.4: update to v5.4.134

[Steve Sakoman]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:

    9afc0c209685 Linux 5.4.134
    c1dafbb26164 seq_file: disallow extremely large seq buffer allocations
    b06ab67bd63b misc: alcor_pci: fix inverted branch condition
    f40884382995 scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg()
    e9602efecf19 MIPS: vdso: Invalid GIC access through VDSO
    48351df82dbc mips: disable branch profiling in boot/decompress.o
    d8afab9bc9fe mips: always link byteswap helpers into decompressor
    bb2435840681 scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe()
    2a22a1ca453a firmware: turris-mox-rwtm: fail probing when firmware does not support hwrng
    b7c1bafe813a firmware: turris-mox-rwtm: report failures better
    7934e060732f firmware: turris-mox-rwtm: fix reply status decoding function
    65f32d1e0514 thermal/drivers/rcar_gen3_thermal: Fix coefficient calculations
    a3ea516d8d5b ARM: dts: imx6q-dhcom: Add gpios pinctrl for i2c bus recovery
    c4e2fa6fb0f3 ARM: dts: imx6q-dhcom: Fix ethernet plugin detection problems
    9cc2ef1a784c ARM: dts: imx6q-dhcom: Fix ethernet reset time properties
    85434c3a281e ARM: dts: am437x: align ti,pindir-d0-out-d1-in property with dt-shema
    e1314f75b38a ARM: dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema
    443f6ca6fd18 memory: fsl_ifc: fix leak of private memory on probe failure
    d9213d4f372d memory: fsl_ifc: fix leak of IO mapping on probe failure
    8ef43fa4646f reset: bail if try_module_get() fails
    04bb5b3ea08d ARM: dts: BCM5301X: Fixup SPI binding
    cc10a352e29c firmware: arm_scmi: Reset Rx buffer to max size during async commands
    7dde9387498c firmware: tegra: Fix error return code in tegra210_bpmp_init()
    6ca8e516bc65 ARM: dts: r8a7779, marzen: Fix DU clock names
    52cc83c0282c arm64: dts: renesas: v3msk: Fix memory size
    11d6c1992120 rtc: fix snprintf() checking in is_rtc_hctosys()
    226adc0bf947 memory: pl353: Fix error return code in pl353_smc_probe()
    b782d54b4dca reset: brcmstb: Add missing MODULE_DEVICE_TABLE
    2a9392c6d218 memory: atmel-ebi: add missing of_node_put for loop iteration
    05cfac174796 ARM: dts: exynos: fix PWM LED max brightness on Odroid XU4
    45414bfe5af3 ARM: dts: exynos: fix PWM LED max brightness on Odroid HC1
    cc617c9ddb1f ARM: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3
    13c5fa0a43a0 ARM: exynos: add missing of_node_put for loop iteration
    dc3939d97238 reset: a10sr: add missing of_match_table reference
    b57e025bb0d7 ARM: dts: gemini-rut1xx: remove duplicate ethernet node
    3f870d8c2bc1 hexagon: use common DISCARDS macro
    3b03882123e4 NFSv4/pNFS: Don't call _nfs4_pnfs_v3_ds_connect multiple times
    9f02e9dd8ca2 ALSA: isa: Fix error return code in snd_cmi8330_probe()
    aa8866530d6a nvme-tcp: can't set sk_user_data without write_lock
    496bcc8d4ff9 virtio_net: move tx vq operation under tx queue lock
    aac6a79ee0c0 pwm: imx1: Don't disable clocks at device remove time
    aa51b6bc7907 x86/fpu: Limit xstate copy size in xstateregs_set()
    df749be38c94 PCI: iproc: Support multi-MSI only on uniprocessor kernel
    25bff167719d PCI: iproc: Fix multi-MSI base vector number allocation
    1d9d997850d8 ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode
    d0b32dc1409f nfs: fix acl memory leak of posix_acl_create()
    e7de89b8b285 watchdog: aspeed: fix hardware timeout calculation
    0366238f6af4 um: fix error return code in winch_tramp()
    c43226ac1079 um: fix error return code in slip_open()
    81e03fe5bf8f NFSv4: Initialise connection to the server in nfs4_alloc_client()
    2d2842f5d2cd power: supply: rt5033_battery: Fix device tree enumeration
    c5b104a27028 PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun
    5b6cde3bae6d f2fs: add MODULE_SOFTDEP to ensure crc32 is included in the initramfs
    00fcd8f33e9b x86/signal: Detect and prevent an alternate signal stack overflow
    52bd1bce8624 virtio_console: Assure used length from device is limited
    7909782857c2 virtio_net: Fix error handling in virtnet_restore()
    04c6e60b884c virtio-blk: Fix memory leak among suspend/resume procedure
    8ae24b9bf8f9 ACPI: video: Add quirk for the Dell Vostro 3350
    0bbac736224f ACPI: AMBA: Fix resource name in /proc/iomem
    7d0667521501 pwm: tegra: Don't modify HW state in .remove callback
    f8ba40611be3 pwm: img: Fix PM reference leak in img_pwm_enable()
    9eb5142d3f76 power: supply: ab8500: add missing MODULE_DEVICE_TABLE
    658884b22ac8 power: supply: charger-manager: add missing MODULE_DEVICE_TABLE
    ae1a6af2f8f8 NFS: nfs_find_open_context() may only select open files
    04a333cf982c ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty
    ab720715b8a8 orangefs: fix orangefs df output.
    1680c3ece217 PCI: tegra: Add missing MODULE_DEVICE_TABLE
    12f8d6e7f2c7 x86/fpu: Return proper error codes from user access functions
    f58ab0b02ee7 watchdog: iTCO_wdt: Account for rebooting on second timeout
    bcafecd30431 watchdog: imx_sc_wdt: fix pretimeout
    db222f1477ad watchdog: Fix possible use-after-free by calling del_timer_sync()
    7c56c5508dc2 watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff()
    146cc288fb80 watchdog: Fix possible use-after-free in wdt_startup()
    1e6e806dda4c PCI/P2PDMA: Avoid pci_get_slot(), which may sleep
    d2bc221be148 ARM: 9087/1: kprobes: test-thumb: fix for LLVM_IAS=1
    94cfbe80f0cf power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE
    b6d1d46165f0 power: supply: max17042: Do not enforce (incorrect) interrupt trigger type
    e8794f7bb543 power: supply: ab8500: Avoid NULL pointers
    af619a7455a1 pwm: spear: Don't modify HW state in .remove callback
    f16b1d7dc46f power: supply: sc2731_charger: Add missing MODULE_DEVICE_TABLE
    b8495c08b2e8 power: supply: sc27xx: Add missing MODULE_DEVICE_TABLE
    13b51d90f0a6 lib/decompress_unlz4.c: correctly handle zero-padding around initrds.
    f492dfec0c82 i2c: core: Disable client irq on reboot/shutdown
    ec50ddd8456c intel_th: Wait until port is in reset before programming it
    ba547e7431bf staging: rtl8723bs: fix macro value for 2.4Ghz only device
    6bc7ea6584cb ALSA: usb-audio: scarlett2: Fix 6i6 Gen 2 line out descriptions
    7929bcf1a278 ALSA: hda: Add IRQ check for platform_get_irq()
    0f3821c3281b backlight: lm3630a: Fix return code of .update_status() callback
    84d84143037f ASoC: Intel: kbl_da7219_max98357a: shrink platform_id below 20 characters
    4abe339ce863 powerpc/boot: Fixup device-tree on little endian
    60c88c8ee548 usb: gadget: hid: fix error return code in hid_bind()
    2bfe5a620894 usb: gadget: f_hid: fix endianness issue with descriptors
    eb11ade08bc8 ALSA: usb-audio: scarlett2: Fix scarlett2_*_ctl_put() return values
    f9e5d0137c14 ALSA: usb-audio: scarlett2: Fix data_mutex lock
    33251aa28d1c ALSA: usb-audio: scarlett2: Fix 18i8 Gen 2 PCM Input count
    82343ce5cad2 ALSA: bebob: add support for ToneWeal FW66
    86d56d5a5908 Input: hideep - fix the uninitialized use in hideep_nvm_unlock()
    5f5c1e683351 s390/mem_detect: fix tprot() program check new psw handling
    8a3adb42928c s390/mem_detect: fix diag260() program check new psw handling
    e8df00854840 s390/ipl_parm: fix program check new psw handling
    5176a4d1c43c s390/processor: always inline stap() and __load_psw_mask()
    542d85dda7ba ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing()
    41c488eb5dca gpio: pca953x: Add support for the On Semi pca9655
    6602185b185b selftests/powerpc: Fix "no_handler" EBB selftest
    75dc1942f8b6 ALSA: ppc: fix error return code in snd_pmac_probe()
    8e1b6d96e95f gpio: zynq: Check return value of pm_runtime_get_sync
    b11220803ad1 iommu/arm-smmu: Fix arm_smmu_device refcount leak in address translation
    3761ae0d0e54 iommu/arm-smmu: Fix arm_smmu_device refcount leak when arm_smmu_rpm_get fails
    6c50a56d2bce powerpc/ps3: Add dma_mask to ps3_dma_region
    5169c6b12b19 ALSA: sb: Fix potential double-free of CSP mixer elements
    d481ddb1b6d0 selftests: timers: rtcpie: skip test if default RTC device does not exist
    f0bca3fbf16b s390/sclp_vt220: fix console name to match device
    1028b769600c serial: tty: uartlite: fix console setup
    ba89ba738a82 ASoC: img: Fix PM reference leak in img_i2s_in_probe()
    b5af7cec0f7e mfd: cpcap: Fix cpcap dmamask not set warnings
    c19a95cffe33 mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE
    d05da38c4110 scsi: qedi: Fix null ref during abort handling
    a686ea60c17a scsi: iscsi: Fix shost->max_id use
    d04958a348e5 scsi: iscsi: Fix conn use after free during resets
    173fdf1497d9 scsi: iscsi: Add iscsi_cls_conn refcount helpers
    9896b67e1b56 scsi: megaraid_sas: Handle missing interrupts while re-enabling IRQs
    e8c75b5d88f2 scsi: megaraid_sas: Early detection of VD deletion through RaidMap update
    0c6226601c3e scsi: megaraid_sas: Fix resource leak in case of probe failure
    e54625f3f0f0 fs/jfs: Fix missing error code in lmLogInit()
    077b59810cb6 scsi: scsi_dh_alua: Check for negative result value
    ee16bed95986 tty: serial: 8250: serial_cs: Fix a memory leak in error handling path
    9c543a9197c7 ALSA: ac97: fix PM reference leak in ac97_bus_remove()
    086918e61c37 scsi: core: Cap scsi_host cmd_per_lun at can_queue
    600a91ab5981 scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs
    07aa0d14fc9e scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology
    f1f72dac9219 scsi: hisi_sas: Propagate errors in interrupt_init_v1_hw()
    68ce66ba20cf w1: ds2438: fixing bug that would always get page0
    1c774366428e Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro"
    88262229b778 ALSA: usx2y: Don't call free_pages_exact() with NULL address
    7dff52b311b1 iio: magn: bmc150: Balance runtime pm + use pm_runtime_resume_and_get()
    921b361ce3ee iio: gyro: fxa21002c: Balance runtime pm + use pm_runtime_resume_and_get().
    d2639ffdcad4 misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge
    38660031e80e misc/libmasm/module: Fix two use after free in ibmasm_init_one
    dc195d77dd6c tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero
    fd005f53cb49 srcu: Fix broken node geometry after early ssp init
    35072f336ae8 dmaengine: fsl-qdma: check dma_set_mask return value
    249e0ab80c47 net: moxa: Use devm_platform_get_and_ioremap_resource()
    359311b85ebe fbmem: Do not delete the mode that is still in use
    c17363ccd620 cgroup: verify that source is a string
    d4238c7539c8 tracing: Do not reference char * as a string in histograms
    887bfae2732b scsi: core: Fix bad pointer dereference when ehandler kthread is invalid
    22257d3c6840 KVM: X86: Disable hardware breakpoints unconditionally before kvm_x86->run()
    dc91a480ace2 KVM: x86: Use guest MAXPHYADDR from CPUID.0x8000_0008 iff TDP is enabled
    f2ff9d03432f KVM: mmio: Fix use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio
    795e84798fa7 Linux 5.4.133
    135122f174c3 smackfs: restrict bytes count in smk_set_cipso()
    a21e5cb1a64c jfs: fix GPF in diFree
    f190ca9068e3 pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq()
    f176dec999c8 media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K
    5d2a52732eeb media: gspca/sunplus: fix zero-length control requests
    1c44f2e25d8e media: gspca/sq905: fix control-request direction
    0edd67591672 media: zr364xx: fix memory leak in zr364xx_start_readpipe
    27cd29ab9bf0 media: dtv5100: fix control-request directions
    917791e43441 media: subdev: disallow ioctl for saa6588/davinci
    04d67b34a33c PCI: aardvark: Implement workaround for the readback value of VEND_ID
    a340b84e09d3 PCI: aardvark: Fix checking for PIO Non-posted Request
    86968dfa4b55 PCI: Leave Apple Thunderbolt controllers on for s2idle or standby
    964d57d1962d dm btree remove: assign new_root only when removal succeeds
    ef0a06acc6b1 coresight: tmc-etf: Fix global-out-of-bounds in tmc_update_etf_buffer()
    4e78a2a4fced ipack/carriers/tpci200: Fix a double free in tpci200_pci_probe
    8489ebfac395 tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT
    41aa59030213 tracing: Simplify & fix saved_tgids logic
    4d4f11c3566c rq-qos: fix missed wake-ups in rq_qos_throttle try two
    33ab9138a13e seq_buf: Fix overflow in seq_buf_putmem_hex()
    854bf7196601 extcon: intel-mrfld: Sync hardware and software state on init
    ec31e681cfbf nvmem: core: add a missing of_node_put
    f0f3f0abe58e power: supply: ab8500: Fix an old bug
    7adc05b73d91 ubifs: Fix races between xattr_{set|get} and listxattr operations
    5e4aae9e3e6b thermal/drivers/int340x/processor_thermal: Fix tcc setting
    ec170de13b69 ipmi/watchdog: Stop watchdog timer when the current action is 'none'
    efed363752c0 qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute
    74f81fce1215 ASoC: tegra: Set driver_name=tegra for all machine drivers
    862e1aef2bd4 MIPS: fix "mipsel-linux-ld: decompress.c:undefined reference to `memmove'"
    5078f007d863 fpga: stratix10-soc: Add missing fpga_mgr_free() call
    cfaaed5e4a12 clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround
    7044e6bbc8e8 cpu/hotplug: Cure the cpusets trainwreck
    c90a5b1c3742 ata: ahci_sunxi: Disable DIPM
    a7aa56f57e84 mmc: core: Allow UHS-I voltage switch for SDSC cards if supported
    2d95959fa4f4 mmc: core: clear flags before allowing to retune
    7e3b6e797a43 mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode
    690735ee3a9d drm/arm/malidp: Always list modifiers
    e976698b2642 drm/msm/mdp4: Fix modifier support enabling
    49d05786661b drm/tegra: Don't set allow_fb_modifiers explicitly
    eaabef618cbb drm/amd/display: Reject non-zero src_y and src_x for video planes
    36a9c775a5f8 pinctrl/amd: Add device HID for new AMD GPIO controller
    7af725d1481c drm/amd/display: fix incorrrect valid irq check
    1fe8005303a3 drm/rockchip: dsi: remove extra component_del() call
    85ea095dc081 drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create()
    d05c9f91be93 drm/amdgpu: Update NV SIMD-per-CU to 2
    a5cd29059916 powerpc/barrier: Avoid collision with clang's __lwsync macro
    a82471a14aad powerpc/mm: Fix lockup on kernel exec fault
    233339bf6c7c perf bench: Fix 2 memory sanitizer warnings
    4d579ef78ae6 crypto: ccp - Annotate SEV Firmware file names
    0e105eed0966 fscrypt: don't ignore minor_hash when hash is 0
    5d4fa5e1b907 MIPS: set mips32r5 for virt extensions
    2760c141dd10 MIPS: loongsoon64: Reserve memory below starting pfn to prevent Oops
    a01745edc1c9 sctp: add size validation when walking chunks
    03a5e454614d sctp: validate from_addr_param return
    d04cd2c4fdd0 Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc.
    aa9a2ec7ee08 Bluetooth: Shutdown controller after workqueues are flushed or cancelled
    6aac389d50d9 Bluetooth: Fix the HCI to MGMT status conversion table
    a27610321c31 Bluetooth: btusb: Fixed too many in-token issue for Mediatek Chip.
    032c68b4f5be RDMA/cma: Fix rdma_resolve_route() memory leak
    d27483b844c8 net: ip: avoid OOM kills with large UDP sends over loopback
    3fbae80e24d6 media, bpf: Do not copy more entries than user space requested
    1127eb86b23d wireless: wext-spy: Fix out-of-bounds warning
    161107916c79 sfc: error code if SRIOV cannot be disabled
    a95fddec35f9 sfc: avoid double pci_remove of VFs
    105982781699 iwlwifi: pcie: fix context info freeing
    0b08e9b64b99 iwlwifi: pcie: free IML DMA memory allocation
    6e2df6630636 iwlwifi: mvm: don't change band on bound PHY contexts
    9fd9734e5739 RDMA/rxe: Don't overwrite errno from ib_umem_get()
    75b011df8e00 vsock: notify server to shutdown when client has pending signal
    2a0a6f67c5d5 atm: nicstar: register the interrupt handler in the right place
    8a366dd45518 atm: nicstar: use 'dma_free_coherent' instead of 'kfree'
    002d8b395fa1 MIPS: add PMD table accounting into MIPS'pmd_alloc_one
    e15cff87dff2 rtl8xxxu: Fix device info for RTL8192EU devices
    356bb9411a26 drm/amdkfd: Walk through list with dqm lock hold
    995c3fc302bd net: sched: fix error return code in tcf_del_walker()
    bba660a079a9 net: fix mistake path for netdev_features_strings
    cea6ca260d22 mt76: mt7615: fix fixed-rate tx status reporting
    e217aadc9b55 bpf: Fix up register-based shifts in interpreter to silence KUBSAN
    7f356894ff12 cw1200: add missing MODULE_DEVICE_TABLE
    d71dddeb5380 wl1251: Fix possible buffer overflow in wl1251_cmd_scan
    e919fc655294 wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP
    9981f8f4a8f9 xfrm: Fix error reporting in xfrm_state_construct.
    46a2cd9cecbb drm/amd/display: Verify Gamma & Degamma LUT sizes in amdgpu_dm_atomic_check
    5db647affcbd r8169: avoid link-up interrupt issue on RTL8106e if user enables ASPM
    bfb8eb833e7d selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC
    91f6b357e9c1 fjes: check return value after calling platform_get_resource()
    2c028cee95a4 drm/amdkfd: use allowed domain for vmbo validation
    5756c21dd7b7 drm/amd/display: Set DISPCLK_MAX_ERRDET_CYCLES to 7
    c7010d0f0789 drm/amd/display: Release MST resources on switch from MST to SST
    7182bba3c2c6 drm/amd/display: Update scaling settings on modeset
    2ee8e85ea87e net: micrel: check return value after calling platform_get_resource()
    80240ded7994 net: mvpp2: check return value after calling platform_get_resource()
    6ac291d2b4d9 net: bcmgenet: check return value after calling platform_get_resource()
    627fffae46c2 virtio_net: Remove BUG() to avoid machine dead
    217533e60deb ice: set the value of global config lock timeout longer
    c0b70153f13e pinctrl: mcp23s08: fix race condition in irq handler
    e10062afd67d dm space maps: don't reset space map allocation cursor when committing
    57ef44f35725 RDMA/cxgb4: Fix missing error code in create_qp()
    ccde03a6a0fb ipv6: use prandom_u32() for ID generation
    482708d036be clk: tegra: Ensure that PLLU configuration is applied properly
    050c6bb5cbf7 clk: renesas: r8a77995: Add ZA2 clock
    c84e0757d80b drm/bridge: cdns: Fix PM reference leak in cdns_dsi_transfer()
    cdfd4ceafba9 igb: handle vlan types with checker enabled
    596b031a3d3a e100: handle eeprom as little endian
    80d505aee639 udf: Fix NULL pointer dereference in udf_symlink function
    c32d0f0e164f drm/sched: Avoid data corruptions
    6ebfdf01cc89 drm/virtio: Fix double free on probe failure
    5e2d303b452a reiserfs: add check for invalid 1st journal block
    1a2d21e266c4 drm/mediatek: Fix PM reference leak in mtk_crtc_ddp_hw_init()
    45cc7a653f5a net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT
    bdf5334250c6 atm: nicstar: Fix possible use-after-free in nicstar_cleanup()
    3ecd228c636e mISDN: fix possible use-after-free in HFC_cleanup()
    c9172498d4d6 atm: iphase: fix possible use-after-free in ia_module_exit()
    b52b0d996a13 hugetlb: clear huge pte during flush function on mips platform
    526451e8d241 drm/amd/display: fix use_max_lb flag for 420 pixel formats
    cfd8894619d1 net: pch_gbe: Use proper accessors to BE data in pch_ptp_match()
    f6d326ad0324 drm/vc4: fix argument ordering in vc4_crtc_get_margins()
    997dedaa75e9 drm/amd/amdgpu/sriov disable all ip hw status by default
    34b01e883a5d drm/zte: Don't select DRM_KMS_FB_HELPER
    012439cba95c drm/mxsfb: Don't select DRM_KMS_FB_HELPER

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f38fa9ad02b625534b91328755efbbdcff200010)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux/linux-yocto-rt_5.4.bb               |  6 ++---
 .../linux/linux-yocto-tiny_5.4.bb             |  8 +++----
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  | 22 +++++++++----------
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index dcf4f12f45..7d7470bec4 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "135b02c845043f37c8eac73607b62b0735286756"
-SRCREV_meta ?= "2ff6e592745fd397ec2da205ab02daafbf49351a"
+SRCREV_machine ?= "849a67646d942d3a6d706f456df39954367ac7bf"
+SRCREV_meta ?= "d6aec4fb69bae34f34db6f153871a0847d8198f3"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.4.132"
+LINUX_VERSION ?= "5.4.134"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index eaef9d9b64..95ead533d1 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.4.132"
+LINUX_VERSION ?= "5.4.134"
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine_qemuarm ?= "629ca595e3eafd1fdc3a3d978d6ed4547b419968"
-SRCREV_machine ?= "35abc20f52ebdd41bbe76e6f2d6ee189ab3078f6"
-SRCREV_meta ?= "2ff6e592745fd397ec2da205ab02daafbf49351a"
+SRCREV_machine_qemuarm ?= "86c31c51c87557af60e4d4dbee73f18618bc4c92"
+SRCREV_machine ?= "bf89a54b3f77fbac15dd0194870db288aee5c8b7"
+SRCREV_meta ?= "d6aec4fb69bae34f34db6f153871a0847d8198f3"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index cb3ff75d27..1816287217 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86  ?= "v5.4/standard/base"
 KBRANCH_qemux86-64 ?= "v5.4/standard/base"
 KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "cf8b645d7a1c268d071bdfe606f01d739afbdb80"
-SRCREV_machine_qemuarm64 ?= "8d40ced691b9d211840801614a1031089ed6c2a2"
-SRCREV_machine_qemumips ?= "c574c7303a75e700cb7123fc93a7ca7c19c963d6"
-SRCREV_machine_qemuppc ?= "5550c64c43f81e6c29abfbc6ce31f44f200644ec"
-SRCREV_machine_qemuriscv64 ?= "92705f96294a9c4ac611d3242f20651d5cf6224a"
-SRCREV_machine_qemux86 ?= "92705f96294a9c4ac611d3242f20651d5cf6224a"
-SRCREV_machine_qemux86-64 ?= "92705f96294a9c4ac611d3242f20651d5cf6224a"
-SRCREV_machine_qemumips64 ?= "9cd841f768e0b5a07251df29ba202b5ff2bdf114"
-SRCREV_machine ?= "92705f96294a9c4ac611d3242f20651d5cf6224a"
-SRCREV_meta ?= "2ff6e592745fd397ec2da205ab02daafbf49351a"
+SRCREV_machine_qemuarm ?= "bea52ab7529ef152f99a0f6ebd97cc7e904e5360"
+SRCREV_machine_qemuarm64 ?= "8a29c9de0fc366bd89ce6954685dce0e330dbabe"
+SRCREV_machine_qemumips ?= "b15816ccad0762d27c78c269e7a1986504e60c63"
+SRCREV_machine_qemuppc ?= "906f9509a8d2f842ec8766bf81287f8939ff1fa8"
+SRCREV_machine_qemuriscv64 ?= "dd8a64a523fb714a98328441e0de72cde115a6fc"
+SRCREV_machine_qemux86 ?= "dd8a64a523fb714a98328441e0de72cde115a6fc"
+SRCREV_machine_qemux86-64 ?= "dd8a64a523fb714a98328441e0de72cde115a6fc"
+SRCREV_machine_qemumips64 ?= "152e33a0782920e9707c36ccacf53585a8911e9f"
+SRCREV_machine ?= "dd8a64a523fb714a98328441e0de72cde115a6fc"
+SRCREV_meta ?= "d6aec4fb69bae34f34db6f153871a0847d8198f3"
 
 # remap qemuarm to qemuarma15 for the 5.4 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.132"
+LINUX_VERSION ?= "5.4.134"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
-- 
2.25.1

[OE-core][dunfell 09/33] oeqa/manual/toaster: fix small typo

[Steve Sakoman]

From: Ralph Siemsen <ralph.siemsen@linaro.org>

PACKAGE_CLASES should be PACKAGE_CLASSES.

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7a96f3bceb2c857f841b1dbeb4587a8aaace529e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/manual/toaster-managed-mode.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/lib/oeqa/manual/toaster-managed-mode.json b/meta/lib/oeqa/manual/toaster-managed-mode.json
index 12374c7c64..9566d9d10e 100644
--- a/meta/lib/oeqa/manual/toaster-managed-mode.json
+++ b/meta/lib/oeqa/manual/toaster-managed-mode.json
@@ -136,7 +136,7 @@
           "expected_results": ""
         },
         "3": {
-          "action": "Check that default values are as follows: \n\tDISTRO - poky \n\tIMAGE_FSTYPES - ext3 jffs2 tar.bz2 \n\tIMAGE_INSTALL_append - \"Not set\" \n\tPACKAGE_CLASES - package_rpm \n        SSTATE_DIR  - /homeDirectory/poky/sstate-cache \n\n",
+          "action": "Check that default values are as follows: \n\tDISTRO - poky \n\tIMAGE_FSTYPES - ext3 jffs2 tar.bz2 \n\tIMAGE_INSTALL_append - \"Not set\" \n\tPACKAGE_CLASSES - package_rpm \n        SSTATE_DIR  - /homeDirectory/poky/sstate-cache \n\n",
           "expected_results": ""
         },
         "4": {
-- 
2.25.1

[OE-core][dunfell 10/33] ovmf: Fix VLA warnings with GCC 11

[Steve Sakoman]

From: Khem Raj <raj.khem@gmail.com>

(From OE-Core rev: 5406ce83e07c3f89b9f2bb26f083861467b7bc59)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ovmf/0001-Fix-VLA-parameter-warning.patch | 51 +++++++++++++++++++
 meta/recipes-core/ovmf/ovmf_git.bb            |  3 +-
 2 files changed, 53 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-core/ovmf/ovmf/0001-Fix-VLA-parameter-warning.patch

diff --git a/meta/recipes-core/ovmf/ovmf/0001-Fix-VLA-parameter-warning.patch b/meta/recipes-core/ovmf/ovmf/0001-Fix-VLA-parameter-warning.patch
new file mode 100644
index 0000000000..d658123b81
--- /dev/null
+++ b/meta/recipes-core/ovmf/ovmf/0001-Fix-VLA-parameter-warning.patch
@@ -0,0 +1,51 @@
+From 498627ebda6271b59920f43a0b9b6187edeb7b09 Mon Sep 17 00:00:00 2001
+From: Adrian Herrera <adr.her.arc.95@gmail.com>
+Date: Mon, 22 Mar 2021 21:06:47 +0000
+Subject: [PATCH] Fix VLA parameter warning
+
+Make VLA buffer types consistent in declarations and definitions.
+Resolves build crash when using -Werror due to "vla-parameter" warning.
+
+Upstream-Status: Submitted [https://github.com/google/brotli/pull/893]
+Signed-off-by: Adrian Herrera <adr.her.arc.95@gmail.com>
+---
+ c/dec/decode.c | 6 ++++--
+ c/enc/encode.c | 5 +++--
+ 2 files changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/BaseTools/Source/C/BrotliCompress/brotli/c/dec/decode.c b/BaseTools/Source/C/BrotliCompress/brotli/c/dec/decode.c
+index 114c505..bb6f1ab 100644
+--- a/BaseTools/Source/C/BrotliCompress/brotli/c/dec/decode.c
++++ b/BaseTools/Source/C/BrotliCompress/brotli/c/dec/decode.c
+@@ -2030,8 +2030,10 @@ static BROTLI_NOINLINE BrotliDecoderErrorCode SafeProcessCommands(
+ }
+ 
+ BrotliDecoderResult BrotliDecoderDecompress(
+-    size_t encoded_size, const uint8_t* encoded_buffer, size_t* decoded_size,
+-    uint8_t* decoded_buffer) {
++    size_t encoded_size,
++    const uint8_t encoded_buffer[BROTLI_ARRAY_PARAM(encoded_size)],
++    size_t* decoded_size,
++    uint8_t decoded_buffer[BROTLI_ARRAY_PARAM(*decoded_size)]) {
+   BrotliDecoderState s;
+   BrotliDecoderResult result;
+   size_t total_out = 0;
+diff --git a/c/enc/encode.c b/c/enc/encode.c
+index 68548ef..ab0a490 100644
+--- a/BaseTools/Source/C/BrotliCompress/brotli/c/enc/encode.c
++++ c/BaseTools/Source/C/BrotliCompress/brotli/c/enc/encode.c
+@@ -1470,8 +1470,9 @@ static size_t MakeUncompressedStream(
+ 
+ BROTLI_BOOL BrotliEncoderCompress(
+     int quality, int lgwin, BrotliEncoderMode mode, size_t input_size,
+-    const uint8_t* input_buffer, size_t* encoded_size,
+-    uint8_t* encoded_buffer) {
++    const uint8_t input_buffer[BROTLI_ARRAY_PARAM(input_size)],
++    size_t* encoded_size,
++    uint8_t encoded_buffer[BROTLI_ARRAY_PARAM(*encoded_size)]) {
+   BrotliEncoderState* s;
+   size_t out_size = *encoded_size;
+   const uint8_t* input_start = input_buffer;
+-- 
+2.31.1
+
diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb
index 088e348bdc..a73bb916b0 100644
--- a/meta/recipes-core/ovmf/ovmf_git.bb
+++ b/meta/recipes-core/ovmf/ovmf_git.bb
@@ -17,7 +17,8 @@ SRC_URI = "gitsm://github.com/tianocore/edk2.git;branch=master;protocol=https \
            file://0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch \
            file://0003-ovmf-enable-long-path-file.patch \
            file://0004-ovmf-Update-to-latest.patch \
-        "
+           file://0001-Fix-VLA-parameter-warning.patch \
+           "
 
 PV = "edk2-stable202008"
 SRCREV = "06dc822d045c2bb42e497487935485302486e151"
-- 
2.25.1

[OE-core][dunfell 11/33] archiver.bbclass: Fix patch error for recipes that inherit dos2unix.

[Steve Sakoman]

From: leimaohui <leimaohui@fujitsu.com>

do_unpack_and_patch error happens for these recipes inherit dos2unix.

Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2ceda7c90c0087f52693c54d5ccab143b27f4d21)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/archiver.bbclass | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/classes/archiver.bbclass b/meta/classes/archiver.bbclass
index 7ca35a573b..49717d4f57 100644
--- a/meta/classes/archiver.bbclass
+++ b/meta/classes/archiver.bbclass
@@ -484,6 +484,9 @@ python do_unpack_and_patch() {
         src_orig = '%s.orig' % src
         oe.path.copytree(src, src_orig)
 
+    if bb.data.inherits_class('dos2unix', d):
+        bb.build.exec_func('do_convert_crlf_to_lf', d)
+
     # Make sure gcc and kernel sources are patched only once
     if not (d.getVar('SRC_URI') == "" or is_work_shared(d)):
         bb.build.exec_func('do_patch', d)
-- 
2.25.1

[OE-core][dunfell 12/33] bitbake.conf: change GNOME_MIRROR to new one

[Steve Sakoman]

From: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>

URI has been permanently moved and returns HTTP 301.

Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a3a85d54af38a30f6de5f6d23e432afa26859888)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/conf/bitbake.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf
index 76942d923b..0141919021 100644
--- a/meta/conf/bitbake.conf
+++ b/meta/conf/bitbake.conf
@@ -639,7 +639,7 @@ APACHE_MIRROR = "https://archive.apache.org/dist"
 DEBIAN_MIRROR = "http://ftp.debian.org/debian/pool"
 GENTOO_MIRROR = "http://distfiles.gentoo.org/distfiles"
 GNOME_GIT = "git://gitlab.gnome.org/GNOME"
-GNOME_MIRROR = "https://ftp.gnome.org/pub/GNOME/sources"
+GNOME_MIRROR = "https://download.gnome.org/sources/"
 GNU_MIRROR = "https://ftp.gnu.org/gnu"
 GNUPG_MIRROR = "https://www.gnupg.org/ftp/gcrypt"
 GPE_MIRROR = "http://gpe.linuxtogo.org/download/source"
-- 
2.25.1

[OE-core][dunfell 13/33] initramfs-framework/setup-live: fix shebang

[Steve Sakoman]

From: Ulrich Ölmann <u.oelmann@pengutronix.de>

Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 71f1f6bc9402ee0fad82aaf0757fffb73da4b706)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/initrdscripts/initramfs-framework/setup-live | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-core/initrdscripts/initramfs-framework/setup-live b/meta/recipes-core/initrdscripts/initramfs-framework/setup-live
index 4c79f41285..7e92f93322 100644
--- a/meta/recipes-core/initrdscripts/initramfs-framework/setup-live
+++ b/meta/recipes-core/initrdscripts/initramfs-framework/setup-live
@@ -1,4 +1,4 @@
-#/bin/sh
+#!/bin/sh
 # Copyright (C) 2011 O.S. Systems Software LTDA.
 # Licensed on MIT
 
-- 
2.25.1

[OE-core][dunfell 14/33] yocto-check-layer: Remove duplicated code

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

Nicolas Dechesne spotted there was duplicate code I had introduced with a
previous fix. Remove the second statement since the earlier one is correct
all that is needed.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f3e8d9f0e53e73de5498fccce81d049a88f6473b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 scripts/yocto-check-layer | 2 --
 1 file changed, 2 deletions(-)

diff --git a/scripts/yocto-check-layer b/scripts/yocto-check-layer
index deba3cb4f8..84fb0011e9 100755
--- a/scripts/yocto-check-layer
+++ b/scripts/yocto-check-layer
@@ -152,8 +152,6 @@ def main():
         logger.info("Setting up for %s(%s), %s" % (layer['name'], layer['type'],
             layer['path']))
 
-        shutil.copyfile(bblayersconf + '.backup', bblayersconf)
-
         missing_dependencies = not add_layer_dependencies(bblayersconf, layer, dep_layers, logger)
         if not missing_dependencies:
             for additional_layer in additional_layers:
-- 
2.25.1

[OE-core][dunfell 15/33] glew: fix Makefile race

[Steve Sakoman]

From: Ross Burton <ross@burtonini.com>

Fix a Makefile race resulting in the target creating a directory being
executed after the target to write into that directory.

[ YOCTO #14485 ]

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e90c1d3b80e35fb685d4b321972743771eb2c2c0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../0001-Fix-build-race-in-Makefile.patch     | 56 +++++++++++++++++++
 meta/recipes-graphics/glew/glew_2.2.0.bb      |  1 +
 2 files changed, 57 insertions(+)
 create mode 100644 meta/recipes-graphics/glew/glew/0001-Fix-build-race-in-Makefile.patch

diff --git a/meta/recipes-graphics/glew/glew/0001-Fix-build-race-in-Makefile.patch b/meta/recipes-graphics/glew/glew/0001-Fix-build-race-in-Makefile.patch
new file mode 100644
index 0000000000..7edcfe8de8
--- /dev/null
+++ b/meta/recipes-graphics/glew/glew/0001-Fix-build-race-in-Makefile.patch
@@ -0,0 +1,56 @@
+Upstream-Status: Submitted [https://github.com/nigels-com/glew/pull/311]
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 0ce0a85597db48a2fca619bd95e34af091e54ae8 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@arm.com>
+Date: Thu, 22 Jul 2021 16:31:11 +0100
+Subject: [PATCH] Fix build race in Makefile
+
+The current rule for the binaries is:
+
+glew.bin: glew.lib bin bin/$(GLEWINFO.BIN) bin/$(VISUALINFO.BIN)
+
+In parallel builds, all of those targets happen at the same time. This
+means that 'bin' can happen *after* 'bin/$(GLEWINFO.BIN)', which is a
+problem as the 'bin' target's responsibility is to create the directory
+that the other target writes into.
+
+Solve this by not having a separate 'create directory' target which is
+fundamentally racy, and simply mkdir in each target which writes into it.
+---
+ Makefile | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index d0e4614..04af44c 100644
+--- a/Makefile
++++ b/Makefile
+@@ -171,21 +171,20 @@ VISUALINFO.BIN.OBJ := $(VISUALINFO.BIN.OBJ:.c=.o)
+ # Don't build glewinfo or visualinfo for NaCL, yet.
+ 
+ ifneq ($(filter nacl%,$(SYSTEM)),)
+-glew.bin: glew.lib bin
++glew.bin: glew.lib
+ else
+-glew.bin: glew.lib bin bin/$(GLEWINFO.BIN) bin/$(VISUALINFO.BIN) 
++glew.bin: glew.lib bin/$(GLEWINFO.BIN) bin/$(VISUALINFO.BIN)
+ endif
+ 
+-bin:
+-	mkdir bin
+-
+ bin/$(GLEWINFO.BIN): $(GLEWINFO.BIN.OBJ) $(LIB.SHARED.DIR)/$(LIB.SHARED)
++	@mkdir -p $(dir $@)
+ 	$(CC) $(CFLAGS) -o $@ $(GLEWINFO.BIN.OBJ) $(BIN.LIBS)
+ ifneq ($(STRIP),)
+ 	$(STRIP) -x $@
+ endif
+ 
+ bin/$(VISUALINFO.BIN): $(VISUALINFO.BIN.OBJ) $(LIB.SHARED.DIR)/$(LIB.SHARED)
++	@mkdir -p $(dir $@)
+ 	$(CC) $(CFLAGS) -o $@ $(VISUALINFO.BIN.OBJ) $(BIN.LIBS)
+ ifneq ($(STRIP),)
+ 	$(STRIP) -x $@
+-- 
+2.25.1
+
diff --git a/meta/recipes-graphics/glew/glew_2.2.0.bb b/meta/recipes-graphics/glew/glew_2.2.0.bb
index 8948444e08..92b6083648 100644
--- a/meta/recipes-graphics/glew/glew_2.2.0.bb
+++ b/meta/recipes-graphics/glew/glew_2.2.0.bb
@@ -6,6 +6,7 @@ LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=2ac251558de685c6b9478d89be3149c2"
 
 SRC_URI = "${SOURCEFORGE_MIRROR}/project/glew/glew/${PV}/glew-${PV}.tgz \
+           file://0001-Fix-build-race-in-Makefile.patch \
            file://no-strip.patch"
 
 SRC_URI[md5sum] = "3579164bccaef09e36c0af7f4fd5c7c7"
-- 
2.25.1

[OE-core][dunfell 16/33] oe-setup-builddir: update YP docs and OE URLs

[Steve Sakoman]

From: Michael Opdenacker <michael.opdenacker@bootlin.com>

This updates the link to the YP docs
and proposes to access the OE website through https

Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 87686233aeffc639c3f412fd5c4898b32b15013b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 scripts/oe-setup-builddir | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/oe-setup-builddir b/scripts/oe-setup-builddir
index 30eaa8efbe..5a51fa793f 100755
--- a/scripts/oe-setup-builddir
+++ b/scripts/oe-setup-builddir
@@ -113,10 +113,10 @@ if [ ! -z "$SHOWYPDOC" ]; then
     cat <<EOM
 The Yocto Project has extensive documentation about OE including a reference
 manual which can be found at:
-    http://yoctoproject.org/documentation
+    https://docs.yoctoproject.org
 
 For more information about OpenEmbedded see their website:
-    http://www.openembedded.org/
+    https://www.openembedded.org/
 
 EOM
 #    unset SHOWYPDOC
-- 
2.25.1

[OE-core][dunfell 17/33] qemu.inc: Add seccomp PACKAGECONFIG option

[Steve Sakoman]

From: Nathan Rossi <nathan@nathanrossi.com>

Add the seccomp PACKAGECONFIG option to allow building seccomp features
in QEMU. The libseccomp library is available in additional layers (e.g.
meta-security).

Additionally this serves as a way to disable seccomp by default to avoid
the configure of QEMU automatically finding it (via pkg-config) on the
build host when building qemu-system-native and auto enabling the
feature.

Signed-off-by: Nathan Rossi <nathan@nathanrossi.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Ruslan Babayev <fib@cisco.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/qemu/qemu.inc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 8f927bdf54..e25c2524aa 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -210,6 +210,7 @@ PACKAGECONFIG[glusterfs] = "--enable-glusterfs,--disable-glusterfs"
 PACKAGECONFIG[xkbcommon] = "--enable-xkbcommon,--disable-xkbcommon,libxkbcommon"
 PACKAGECONFIG[libudev] = "--enable-libudev,--disable-libudev,eudev"
 PACKAGECONFIG[libxml2] = "--enable-libxml2,--disable-libxml2,libxml2"
+PACKAGECONFIG[seccomp] = "--enable-seccomp,--disable-seccomp,libseccomp"
 
 INSANE_SKIP_${PN} = "arch"
 
-- 
2.25.1

[OE-core][dunfell 18/33] qemu: Enable seccomp if FEATURE is set

[Steve Sakoman]

From: Armin Kuster <akuster808@gmail.com>

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Ruslan Babayev <fib@cisco.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/qemu/qemu_4.2.0.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-devtools/qemu/qemu_4.2.0.bb b/meta/recipes-devtools/qemu/qemu_4.2.0.bb
index 9c76144749..f9905e2812 100644
--- a/meta/recipes-devtools/qemu/qemu_4.2.0.bb
+++ b/meta/recipes-devtools/qemu/qemu_4.2.0.bb
@@ -26,5 +26,6 @@ do_install_append_class-nativesdk() {
 PACKAGECONFIG ??= " \
     fdt sdl kvm \
     ${@bb.utils.filter('DISTRO_FEATURES', 'alsa xen', d)} \
+    ${@bb.utils.filter('DISTRO_FEATURES', 'seccomp', d)} \
 "
 PACKAGECONFIG_class-nativesdk ??= "fdt sdl kvm"
-- 
2.25.1

[OE-core][dunfell 19/33] ifupdown: added -1 option to dhclient for dhcpv6

[Steve Sakoman]

From: Yi Zhao <yi.zhao@windriver.com>

When dhclient is used with ifupdown and in the /etc/network/interfaces
file is something like e.g. "iface eth0 inet6 dhcp" the system does not
boot but hangs at the after dhcp configuration of IPv4 at the stage
where IPv6 should be configured.
The reason seems to be, that ifupdown calls the dhclient in a blocking
way which leads to a permanent block of the boot when no DHCPv6 server
is available.
A similar bug in Redhat:
https://bugzilla.redhat.com/show_bug.cgi?id=585047

[YOCTO #14117]

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...-1-option-to-dhclient-on-upping-an-i.patch | 65 +++++++++++++++++++
 meta/recipes-core/ifupdown/ifupdown_0.8.35.bb |  1 +
 2 files changed, 66 insertions(+)
 create mode 100644 meta/recipes-core/ifupdown/files/0001-inet6.defn-Added-1-option-to-dhclient-on-upping-an-i.patch

diff --git a/meta/recipes-core/ifupdown/files/0001-inet6.defn-Added-1-option-to-dhclient-on-upping-an-i.patch b/meta/recipes-core/ifupdown/files/0001-inet6.defn-Added-1-option-to-dhclient-on-upping-an-i.patch
new file mode 100644
index 0000000000..e374d8ca59
--- /dev/null
+++ b/meta/recipes-core/ifupdown/files/0001-inet6.defn-Added-1-option-to-dhclient-on-upping-an-i.patch
@@ -0,0 +1,65 @@
+From e2263b58d7733835355d7b46c3caa96d911a4717 Mon Sep 17 00:00:00 2001
+From: Simon Schwarz <simon.schwarz@infoteam.de>
+Date: Fri, 6 Nov 2020 08:53:20 +0100
+Subject: [PATCH] inet6.defn: Added -1 option to dhclient on upping an
+ interface
+
+This prevents hangs on startup when no server is available and dhcpv6 is used
+
+Upstream-Status: Pending
+
+Signed-off-by: Simon Schwarz <simon.schwarz@infoteam.de>
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ inet6.defn | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/inet6.defn b/inet6.defn
+index 73dce24..25022e3 100644
+--- a/inet6.defn
++++ b/inet6.defn
+@@ -29,9 +29,9 @@ method auto
+         if (var_set("accept_ra", ifd) && !var_true("accept_ra", ifd))
+     /sbin/ip link set dev %iface% up
+     /lib/ifupdown/wait-for-ll6.sh if (var_true("dhcp", ifd) && execable("/lib/ifupdown/wait-for-ll6.sh"))
+-    /sbin/dhclient -6 -v -P -pf /run/dhclient6.%iface%.pid -lf /var/lib/dhcp/dhclient6.%iface%.leases -I -df /var/lib/dhcp/dhclient.%iface%.leases %iface% \
++    /sbin/dhclient -6 -1 -v -P -pf /run/dhclient6.%iface%.pid -lf /var/lib/dhcp/dhclient6.%iface%.leases -I -df /var/lib/dhcp/dhclient.%iface%.leases %iface% \
+         if (var_true("dhcp", ifd) && execable("/sbin/dhclient") && var_true("request_prefix", ifd))
+-    /sbin/dhclient -6 -v -S -pf /run/dhclient6.%iface%.pid -lf /var/lib/dhcp/dhclient6.%iface%.leases -I -df /var/lib/dhcp/dhclient.%iface%.leases %iface% \
++    /sbin/dhclient -6 -1 -v -S -pf /run/dhclient6.%iface%.pid -lf /var/lib/dhcp/dhclient6.%iface%.leases -I -df /var/lib/dhcp/dhclient.%iface%.leases %iface% \
+         elsif (var_true("dhcp", ifd) && execable("/sbin/dhclient"))
+     echo 'No DHCPv6 client software found!' >&2; false \
+         elsif (var_true("dhcp", ifd))
+@@ -154,9 +154,9 @@ method dhcp
+         if (var_set("accept_ra", ifd) && !var_true("accept_ra", ifd))
+     /sbin/ip link set dev %iface% [[address %hwaddress%]] up
+     /lib/ifupdown/wait-for-ll6.sh if (execable("/lib/ifupdown/wait-for-ll6.sh"))
+-    /sbin/dhclient -6 -v -pf /run/dhclient6.%iface%.pid -lf /var/lib/dhcp/dhclient6.%iface%.leases -I -P -N -df /var/lib/dhcp/dhclient.%iface%.leases %iface% \
++    /sbin/dhclient -6 -1 -v -pf /run/dhclient6.%iface%.pid -lf /var/lib/dhcp/dhclient6.%iface%.leases -I -P -N -df /var/lib/dhcp/dhclient.%iface%.leases %iface% \
+         if (execable("/sbin/dhclient") && var_true("request_prefix", ifd))
+-    /sbin/dhclient -6 -v -pf /run/dhclient6.%iface%.pid -lf /var/lib/dhcp/dhclient6.%iface%.leases -I -df /var/lib/dhcp/dhclient.%iface%.leases %iface% \
++    /sbin/dhclient -6 -1 -v -pf /run/dhclient6.%iface%.pid -lf /var/lib/dhcp/dhclient6.%iface%.leases -I -df /var/lib/dhcp/dhclient.%iface%.leases %iface% \
+         elsif (execable("/sbin/dhclient"))
+     echo 'No DHCPv6 client software found!' >&2; false \
+         elsif (1)
+@@ -325,7 +325,7 @@ method dhcp
+ 
+   up
+     /sbin/ifconfig %iface% [[link %hwaddress%]] up
+-    /sbin/dhclient -6 -pf /run/dhclient6.%iface%.pid -lf /var/lib/dhcp/dhclient6.%iface%.leases -I -df /var/lib/dhcp/dhclient.%iface%.leases %iface% \
++    /sbin/dhclient -6 -1 -pf /run/dhclient6.%iface%.pid -lf /var/lib/dhcp/dhclient6.%iface%.leases -I -df /var/lib/dhcp/dhclient.%iface%.leases %iface% \
+         if (execable("/sbin/dhclient"))
+     echo 'No DHCPv6 client software found!' >&2; false \
+         elsif (1)
+@@ -397,7 +397,7 @@ method dhcp
+   up
+     [[Warning: Option hwaddress: %hwaddress% not yet supported]]
+     inetutils-ifconfig --interface %iface% --up
+-    /sbin/dhclient -6 -pf /run/dhclient6.%iface///.%.pid -lf /var/lib/dhcp/dhclient6.%iface///.%.leases -I -df /var/lib/dhcp/dhclient.%iface///.%.leases %iface% \
++    /sbin/dhclient -6 -1 -pf /run/dhclient6.%iface///.%.pid -lf /var/lib/dhcp/dhclient6.%iface///.%.leases -I -df /var/lib/dhcp/dhclient.%iface///.%.leases %iface% \
+         if (execable("/sbin/dhclient"))
+     echo 'No DHCPv6 client software found!' >&2; false \
+         elsif (1)
+-- 
+2.17.1
+
diff --git a/meta/recipes-core/ifupdown/ifupdown_0.8.35.bb b/meta/recipes-core/ifupdown/ifupdown_0.8.35.bb
index ae175848b7..16807eb675 100644
--- a/meta/recipes-core/ifupdown/ifupdown_0.8.35.bb
+++ b/meta/recipes-core/ifupdown/ifupdown_0.8.35.bb
@@ -12,6 +12,7 @@ SRC_URI = "git://salsa.debian.org/debian/ifupdown.git;protocol=https \
            file://99_network \
            file://0001-Define-FNM_EXTMATCH-for-musl.patch \
            file://0001-Makefile-do-not-use-dpkg-for-determining-OS-type.patch \
+           file://0001-inet6.defn-Added-1-option-to-dhclient-on-upping-an-i.patch \
            file://run-ptest \
            ${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'file://tweak-ptest-script.patch', '', d)} \
            "
-- 
2.25.1

[OE-core][dunfell 20/33] oeqa/ethernet_ip_connman : add test for network connections

[Steve Sakoman]

From: Teoh Jay Shen <jay.shen.teoh@intel.com>

This test mimic the ethernet_static_ip_set_in_connman and ethernet_get_IP_in_connman_via_DHCP test case from oeqa/manual/bsp-hw.json.
The ethernet_static_ip_set_in_connman and ethernet_get_IP_in_connman_via_DHCP manual test case should be remove from oeqa/manual/bsp-hw.json if this patch get merged.

Signed-off-by: Teoh Jay Shen <jay.shen.teoh@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit aaabc94dbe353b12297ba4a237f6817b2c6d4a31)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../oeqa/runtime/cases/ethernet_ip_connman.py | 36 +++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 meta/lib/oeqa/runtime/cases/ethernet_ip_connman.py

diff --git a/meta/lib/oeqa/runtime/cases/ethernet_ip_connman.py b/meta/lib/oeqa/runtime/cases/ethernet_ip_connman.py
new file mode 100644
index 0000000000..e010612838
--- /dev/null
+++ b/meta/lib/oeqa/runtime/cases/ethernet_ip_connman.py
@@ -0,0 +1,36 @@
+from oeqa.runtime.case import OERuntimeTestCase
+from oeqa.core.decorator.depends import OETestDepends
+from oeqa.core.decorator.data import skipIfQemu
+
+class Ethernet_Test(OERuntimeTestCase):
+
+    def set_ip(self, x): 
+        x = x.split(".")
+        sample_host_address = '150'        
+        x[3] = sample_host_address
+        x = '.'.join(x)
+        return x
+    
+    @skipIfQemu('qemuall', 'Test only runs on real hardware')    
+    @OETestDepends(['ssh.SSHTest.test_ssh'])
+    def test_set_virtual_ip(self):
+        (status, output) = self.target.run("ifconfig eth0 | grep 'inet ' | awk '{print $2}'")
+        self.assertEqual(status, 0, msg='Failed to get ip address. Make sure you have an ethernet connection on your device, output: %s' % output)
+        original_ip = output 
+        virtual_ip = self.set_ip(original_ip)
+        
+        (status, output) = self.target.run("ifconfig eth0:1 %s netmask 255.255.255.0 && sleep 2 && ping -c 5 %s && ifconfig eth0:1 down" % (virtual_ip,virtual_ip))
+        self.assertEqual(status, 0, msg='Failed to create virtual ip address, output: %s' % output)
+        
+    @OETestDepends(['ethernet_ip_connman.Ethernet_Test.test_set_virtual_ip'])  
+    def test_get_ip_from_dhcp(self): 
+        (status, output) = self.target.run("connmanctl services | grep -E '*AO Wired|*AR Wired' | awk '{print $3}'")
+        self.assertEqual(status, 0, msg='No wired interfaces are detected, output: %s' % output)
+        wired_interfaces = output
+        
+        (status, output) = self.target.run("ip route | grep default | awk '{print $3}'")
+        self.assertEqual(status, 0, msg='Failed to retrieve the default gateway, output: %s' % output)
+        default_gateway = output
+
+        (status, output) = self.target.run("connmanctl config %s --ipv4 dhcp && sleep 2 && ping -c 5 %s" % (wired_interfaces,default_gateway))
+        self.assertEqual(status, 0, msg='Failed to get dynamic IP address via DHCP in connmand, output: %s' % output)
\ No newline at end of file
-- 
2.25.1

[OE-core][dunfell 21/33] oeqa/runtime : add test for RTC(Real Time Clock)

[Steve Sakoman]

From: Teoh Jay Shen <jay.shen.teoh@intel.com>

This test is checking the functionality of the RTC(Real Time Clock). The Check_if_RTC_(Real_Time_Clock)_can_work_correctly manual test case from oeqa/manual/bsp-hw can be replace by this runtime test.

Signed-off-by: Teoh Jay Shen <jay.shen.teoh@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c6961c2fc04edbc5bc3827c7703997085d9c609e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/runtime/cases/rtc.py | 38 ++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 meta/lib/oeqa/runtime/cases/rtc.py

diff --git a/meta/lib/oeqa/runtime/cases/rtc.py b/meta/lib/oeqa/runtime/cases/rtc.py
new file mode 100644
index 0000000000..a34c101a9d
--- /dev/null
+++ b/meta/lib/oeqa/runtime/cases/rtc.py
@@ -0,0 +1,38 @@
+from oeqa.runtime.case import OERuntimeTestCase
+from oeqa.core.decorator.depends import OETestDepends
+from oeqa.runtime.decorator.package import OEHasPackage
+
+import re
+
+class RTCTest(OERuntimeTestCase):
+
+    def setUp(self):
+        if self.tc.td.get('VIRTUAL-RUNTIME_init_manager') == 'systemd':
+            self.logger.debug('Stopping systemd-timesyncd daemon')
+            self.target.run('systemctl disable --now systemd-timesyncd')
+
+    def tearDown(self):
+        if self.tc.td.get('VIRTUAL-RUNTIME_init_manager') == 'systemd':
+            self.logger.debug('Starting systemd-timesyncd daemon')
+            self.target.run('systemctl enable --now systemd-timesyncd')
+
+    @OETestDepends(['ssh.SSHTest.test_ssh'])
+    @OEHasPackage(['coreutils', 'busybox'])
+    def test_rtc(self):
+        (status, output) = self.target.run('hwclock -r')
+        self.assertEqual(status, 0, msg='Failed to get RTC time, output: %s' % output)
+        
+        (status, current_datetime) = self.target.run('date +"%m%d%H%M%Y"')
+        self.assertEqual(status, 0, msg='Failed to get system current date & time, output: %s' % current_datetime)
+
+        example_datetime = '062309452008'
+        (status, output) = self.target.run('date %s ; hwclock -w ; hwclock -r' % example_datetime)
+        check_hwclock = re.search('2008-06-23 09:45:..', output)
+        self.assertTrue(check_hwclock, msg='The RTC time was not set correctly, output: %s' % output)
+
+        (status, output) = self.target.run('date %s' % current_datetime)
+        self.assertEqual(status, 0, msg='Failed to reset system date & time, output: %s' % output)
+        
+        (status, output) = self.target.run('hwclock -w')
+        self.assertEqual(status, 0, msg='Failed to reset RTC time, output: %s' % output)
+        
-- 
2.25.1

[OE-core][dunfell 22/33] oeqa/runtime/cases: Only disable/enable for current boot

[Steve Sakoman]

From: Wes Lindauer <wesley.lindauer@gmail.com>

Previously doing a stop/start worked, but using a disable/enable does
not work on a read-only rootfs. Add a --runtime flag to systemctl so
that systemd only modifies the current boot and does not attempt to
write to the filesystem.

This also keeps the test from making a permanent (one could argue
policy) change to the running system being tested. i.e. What if the
image being tested had intentionally disabled the timesyncd service in
preference to using chrony or ntpd? The test shouldn't assume that the
user wants the timesyncd service enabled.

Signed-off-by: Wes Lindauer <wesley.lindauer@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 43dd83b6a325589368c980a3f17cab90935aaeb0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/runtime/cases/date.py | 4 ++--
 meta/lib/oeqa/runtime/cases/rtc.py  | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/meta/lib/oeqa/runtime/cases/date.py b/meta/lib/oeqa/runtime/cases/date.py
index fdd2a6ae58..e14322911d 100644
--- a/meta/lib/oeqa/runtime/cases/date.py
+++ b/meta/lib/oeqa/runtime/cases/date.py
@@ -13,12 +13,12 @@ class DateTest(OERuntimeTestCase):
     def setUp(self):
         if self.tc.td.get('VIRTUAL-RUNTIME_init_manager') == 'systemd':
             self.logger.debug('Stopping systemd-timesyncd daemon')
-            self.target.run('systemctl disable --now systemd-timesyncd')
+            self.target.run('systemctl disable --now --runtime systemd-timesyncd')
 
     def tearDown(self):
         if self.tc.td.get('VIRTUAL-RUNTIME_init_manager') == 'systemd':
             self.logger.debug('Starting systemd-timesyncd daemon')
-            self.target.run('systemctl enable --now systemd-timesyncd')
+            self.target.run('systemctl enable --now --runtime systemd-timesyncd')
 
     @OETestDepends(['ssh.SSHTest.test_ssh'])
     @OEHasPackage(['coreutils', 'busybox'])
diff --git a/meta/lib/oeqa/runtime/cases/rtc.py b/meta/lib/oeqa/runtime/cases/rtc.py
index a34c101a9d..c4e6681324 100644
--- a/meta/lib/oeqa/runtime/cases/rtc.py
+++ b/meta/lib/oeqa/runtime/cases/rtc.py
@@ -9,12 +9,12 @@ class RTCTest(OERuntimeTestCase):
     def setUp(self):
         if self.tc.td.get('VIRTUAL-RUNTIME_init_manager') == 'systemd':
             self.logger.debug('Stopping systemd-timesyncd daemon')
-            self.target.run('systemctl disable --now systemd-timesyncd')
+            self.target.run('systemctl disable --now --runtime systemd-timesyncd')
 
     def tearDown(self):
         if self.tc.td.get('VIRTUAL-RUNTIME_init_manager') == 'systemd':
             self.logger.debug('Starting systemd-timesyncd daemon')
-            self.target.run('systemctl enable --now systemd-timesyncd')
+            self.target.run('systemctl enable --now --runtime systemd-timesyncd')
 
     @OETestDepends(['ssh.SSHTest.test_ssh'])
     @OEHasPackage(['coreutils', 'busybox'])
-- 
2.25.1

[OE-core][dunfell 23/33] oeqa/suspend : add test for suspend state

[Steve Sakoman]

From: Teoh Jay Shen <jay.shen.teoh@intel.com>

This test case is checking the command and LAN device behaviour before and after suspend state. The Test_if_LAN_device_works_well_after_resume_from_suspend_state and standby manual test cases from oeqa/manual/bsp-hw can be replace by this runtime test.

Signed-off-by: Teoh Jay Shen <jay.shen.teoh@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 10728035a606483ea67f6cb8ba5779558856593a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/runtime/cases/suspend.py | 33 ++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 meta/lib/oeqa/runtime/cases/suspend.py

diff --git a/meta/lib/oeqa/runtime/cases/suspend.py b/meta/lib/oeqa/runtime/cases/suspend.py
new file mode 100644
index 0000000000..67b6f7e56f
--- /dev/null
+++ b/meta/lib/oeqa/runtime/cases/suspend.py
@@ -0,0 +1,33 @@
+from oeqa.runtime.case import OERuntimeTestCase
+from oeqa.core.decorator.depends import OETestDepends
+from oeqa.core.decorator.data import skipIfQemu
+import threading
+import time
+
+class Suspend_Test(OERuntimeTestCase):
+
+    def test_date(self): 
+        (status, output) = self.target.run('date')
+        self.assertEqual(status, 0,  msg = 'Failed to run date command, output : %s' % output)
+        
+    def test_ping(self):
+        t_thread = threading.Thread(target=self.target.run, args=("ping 8.8.8.8",))
+        t_thread.start()
+        time.sleep(2)
+        
+        status, output = self.target.run('pidof ping')
+        self.target.run('kill -9 %s' % output)
+        self.assertEqual(status, 0, msg = 'Not able to find process that runs ping, output : %s' % output)  
+        
+    def set_suspend(self): 
+        (status, output) = self.target.run('sudo rtcwake -m mem -s 10')
+        self.assertEqual(status, 0,  msg = 'Failed to suspends your system to RAM, output : %s' % output)
+    
+    @skipIfQemu('qemuall', 'Test only runs on real hardware')
+    @OETestDepends(['ssh.SSHTest.test_ssh'])
+    def test_suspend(self):
+        self.test_date()
+        self.test_ping()
+        self.set_suspend()
+        self.test_date()
+        self.test_ping()
-- 
2.25.1

[OE-core][dunfell 24/33] oeqa/runtime: add test for matchbox-terminal

[Steve Sakoman]

From: TeohJayShen <jay.shen.teoh@intel.com>

This test is checking that the terminal application is able to run. The click_terminal_icon_on_X_desktop manual test case from oeqa/manual/bsp-hw can be replace by this runtime test.

Signed-off-by: TeohJayShen <jay.shen.teoh@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cfa9c1ce853bfd31c1febe61d0f7ad9c5d35f709)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/runtime/cases/terminal.py | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 meta/lib/oeqa/runtime/cases/terminal.py

diff --git a/meta/lib/oeqa/runtime/cases/terminal.py b/meta/lib/oeqa/runtime/cases/terminal.py
new file mode 100644
index 0000000000..a268f26880
--- /dev/null
+++ b/meta/lib/oeqa/runtime/cases/terminal.py
@@ -0,0 +1,18 @@
+from oeqa.runtime.case import OERuntimeTestCase
+from oeqa.core.decorator.depends import OETestDepends
+from oeqa.runtime.decorator.package import OEHasPackage
+
+import threading
+import time
+
+class TerminalTest(OERuntimeTestCase):
+
+    @OEHasPackage(['matchbox-terminal'])
+    @OETestDepends(['ssh.SSHTest.test_ssh'])
+    def test_terminal_running(self):
+        t_thread = threading.Thread(target=self.target.run, args=('export DISPLAY=:0 && matchbox-terminal',))
+        t_thread.start()
+        time.sleep(2)
+        status, output = self.target.run('pidof matchbox-terminal')
+        self.target.run('kill -9 %s' % output)
+        self.assertEqual(status, 0, msg='Not able to find process that runs terminal.')   
-- 
2.25.1

[OE-core][dunfell 25/33] oeqa/terminal : improve the test case

[Steve Sakoman]

From: Teoh Jay Shen <jay.shen.teoh@intel.com>

-Improve this test case to fulfill the requirements of replacing the click_terminal_icon_on_X_desktop manual test case from oeqa/manual/bsp-hw :
1) verify that the terminal window is working without problem
2) verify that there's only 1 terminal window is launched

Signed-off-by: Teoh Jay Shen <jay.shen.teoh@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 824713174fae0617240a236d1bbfd2929bf4b24f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/runtime/cases/terminal.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/meta/lib/oeqa/runtime/cases/terminal.py b/meta/lib/oeqa/runtime/cases/terminal.py
index a268f26880..8fcca99f47 100644
--- a/meta/lib/oeqa/runtime/cases/terminal.py
+++ b/meta/lib/oeqa/runtime/cases/terminal.py
@@ -10,9 +10,12 @@ class TerminalTest(OERuntimeTestCase):
     @OEHasPackage(['matchbox-terminal'])
     @OETestDepends(['ssh.SSHTest.test_ssh'])
     def test_terminal_running(self):
-        t_thread = threading.Thread(target=self.target.run, args=('export DISPLAY=:0 && matchbox-terminal',))
+        t_thread = threading.Thread(target=self.target.run, args=("export DISPLAY=:0 && matchbox-terminal -e 'sh -c \"uname -a && exec sh\"'",))
         t_thread.start()
         time.sleep(2)
+        
         status, output = self.target.run('pidof matchbox-terminal')
+        number_of_terminal = len(output.split())
+        self.assertEqual(number_of_terminal, 1, msg='There should be only one terminal being launched. Number of terminal launched : %s' % number_of_terminal)
         self.target.run('kill -9 %s' % output)
-        self.assertEqual(status, 0, msg='Not able to find process that runs terminal.')   
+        self.assertEqual(status, 0, msg='Not able to find process that runs terminal.')     
-- 
2.25.1

[OE-core][dunfell 26/33] oeqa/usb_hid.py : add test to check the usb/human interface device status after suspend state

[Steve Sakoman]

From: Teoh Jay Shen <jay.shen.teoh@intel.com>

This test mimic the Test_if_usb_hid_device_works_well_after_resume_from_suspend_state manual test case from oeqa/manual/bsp-hw.json.

Signed-off-by: Teoh Jay Shen <jay.shen.teoh@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 23a3dc370a52907ee3261746405fb9b2af9e9a11)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/lib/oeqa/runtime/cases/usb_hid.py | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 meta/lib/oeqa/runtime/cases/usb_hid.py

diff --git a/meta/lib/oeqa/runtime/cases/usb_hid.py b/meta/lib/oeqa/runtime/cases/usb_hid.py
new file mode 100644
index 0000000000..3c292cf661
--- /dev/null
+++ b/meta/lib/oeqa/runtime/cases/usb_hid.py
@@ -0,0 +1,22 @@
+from oeqa.runtime.case import OERuntimeTestCase
+from oeqa.core.decorator.depends import OETestDepends
+from oeqa.core.decorator.data import skipIfQemu
+from oeqa.runtime.decorator.package import OEHasPackage
+
+class USB_HID_Test(OERuntimeTestCase):
+
+    def keyboard_mouse_simulation(self): 
+        (status, output) = self.target.run('export DISPLAY=:0 && xdotool key F2 && xdotool mousemove 100 100')
+        return self.assertEqual(status, 0,  msg = 'Failed to simulate keyboard/mouse input event, output : %s' % output)
+             
+    def set_suspend(self): 
+        (status, output) = self.target.run('sudo rtcwake -m mem -s 10')
+        return self.assertEqual(status, 0,  msg = 'Failed to suspends your system to RAM, output : %s' % output)
+    
+    @OEHasPackage(['xdotool'])
+    @skipIfQemu('qemuall', 'Test only runs on real hardware')
+    @OETestDepends(['ssh.SSHTest.test_ssh'])
+    def test_USB_Hid_input(self):
+        self.keyboard_mouse_simulation()
+        self.set_suspend()
+        self.keyboard_mouse_simulation()  
-- 
2.25.1

[OE-core][dunfell 27/33] yocto-check-layer: improve missed dependencies

[Steve Sakoman]

From: Nicolas Dechesne <nicolas.dechesne@linaro.org>

The first 2 calls to add_layer_dependencies() are here to add all
dependencies for the 'layer under test' and the additional layers
provided by the users.

In both cases, we use misssing_dependencies boolean to indicate if any
dependency is missing. But we then never really use
missing_dependencies. Instead the script is calling
add_layer_dependencies() again (for both the layer under test, and the
additional layers) to detect if there are any missing dependency. As a
result, we are trying to add again all dependencies, and we can see
that from the traces:

INFO: Detected layers:
INFO: meta-aws: LayerType.SOFTWARE, /work/oe/sources/meta-aws
INFO: checklayer: Doesn't have conf/layer.conf file, so ignoring
INFO:
INFO: Setting up for meta-aws(LayerType.SOFTWARE), /work/oe/sources/meta-aws
INFO: Adding layer meta-python
INFO: Adding layer meta-oe
INFO: Adding layer meta-networking
-->
INFO: Adding layer meta-python
INFO: meta-python is already in /work/oe/poky/master/build-checklayer/conf/bblayers.conf
INFO: Adding layer meta-oe
INFO: meta-oe is already in /work/oe/poky/master/build-checklayer/conf/bblayers.conf
INFO: Adding layer meta-networking
INFO: meta-networking is already in /work/oe/poky/master/build-checklayer/conf/bblayers.conf
<--
INFO: Getting initial bitbake variables ...

The code appears more complex than it should, and we can simply
replace the complex if statement by using missing_dependencies, and
avoid duplicating the call to add_layer_dependencies().

Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fceb84f7bc472731b8f96ee1ebf0f4485943226c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 scripts/yocto-check-layer | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/scripts/yocto-check-layer b/scripts/yocto-check-layer
index 84fb0011e9..847fabfd9d 100755
--- a/scripts/yocto-check-layer
+++ b/scripts/yocto-check-layer
@@ -158,9 +158,7 @@ def main():
                 if not add_layer_dependencies(bblayersconf, additional_layer, dep_layers, logger):
                     missing_dependencies = True
                     break
-        if not add_layer_dependencies(bblayersconf, layer, dep_layers, logger) or \
-           any(map(lambda additional_layer: not add_layer_dependencies(bblayersconf, additional_layer, dep_layers, logger),
-                   additional_layers)):
+        if missing_dependencies:
             logger.info('Skipping %s due to missing dependencies.' % layer['name'])
             results[layer['name']] = None
             results_status[layer['name']] = 'SKIPPED (Missing dependencies)'
-- 
2.25.1

[OE-core][dunfell 28/33] checklayer: new function get_layer_dependencies()

[Steve Sakoman]

From: Nicolas Dechesne <nicolas.dechesne@linaro.org>

Split add_layer_dependencies() into 2 parts. First search for layer
dependencies, and then add them to the config. That allows us to
call get_layer_dependencies() independently.

Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 08edf928aac3f2daaa0c256d4c21e56e2db72bff)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 scripts/lib/checklayer/__init__.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/scripts/lib/checklayer/__init__.py b/scripts/lib/checklayer/__init__.py
index fe545607bb..72d9df0a62 100644
--- a/scripts/lib/checklayer/__init__.py
+++ b/scripts/lib/checklayer/__init__.py
@@ -156,7 +156,7 @@ def _find_layer_depends(depend, layers):
                 return layer
     return None
 
-def add_layer_dependencies(bblayersconf, layer, layers, logger):
+def get_layer_dependencies(layer, layers, logger):
     def recurse_dependencies(depends, layer, layers, logger, ret = []):
         logger.debug('Processing dependencies %s for layer %s.' % \
                     (depends, layer['name']))
@@ -203,6 +203,11 @@ def add_layer_dependencies(bblayersconf, layer, layers, logger):
         layer_depends = recurse_dependencies(depends, layer, layers, logger, layer_depends)
 
     # Note: [] (empty) is allowed, None is not!
+    return layer_depends
+
+def add_layer_dependencies(bblayersconf, layer, layers, logger):
+
+    layer_depends = get_layer_dependencies(layer, layers, logger)
     if layer_depends is None:
         return False
     else:
-- 
2.25.1

[OE-core][dunfell 29/33] checklayer: rename _find_layer_depends

[Steve Sakoman]

From: Nicolas Dechesne <nicolas.dechesne@linaro.org>

What this function does is really to find a layer, not a 'depends'. We
are using this function to find a dependent layer, but the name is
confusing.

Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e9b7690ab30d0e7c07471034f6cb89ccc3168a11)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 scripts/lib/checklayer/__init__.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/lib/checklayer/__init__.py b/scripts/lib/checklayer/__init__.py
index 72d9df0a62..e69a10f452 100644
--- a/scripts/lib/checklayer/__init__.py
+++ b/scripts/lib/checklayer/__init__.py
@@ -146,7 +146,7 @@ def detect_layers(layer_directories, no_auto):
 
     return layers
 
-def _find_layer_depends(depend, layers):
+def _find_layer(depend, layers):
     for layer in layers:
         if 'collections' not in layer:
             continue
@@ -166,7 +166,7 @@ def get_layer_dependencies(layer, layers, logger):
             if depend == 'core':
                 continue
 
-            layer_depend = _find_layer_depends(depend, layers)
+            layer_depend = _find_layer(depend, layers)
             if not layer_depend:
                 logger.error('Layer %s depends on %s and isn\'t found.' % \
                         (layer['name'], depend))
-- 
2.25.1

[OE-core][dunfell 30/33] yocto-check-layer: ensure that all layer dependencies are tested too

[Steve Sakoman]

From: Nicolas Dechesne <nicolas.dechesne@linaro.org>

In order to be compliant with the YP compatible status, a layer also
needs to ensure that all its dependencies are compatible
too. Currently yocto-check-layer only checks the requested layer,
without testing any dependencies.

With this change, all dependencies are also checked by default, so the
summary printed at the end will give a clear picture whether all
dependencies pass the script or not.

Using --no-auto-dependency can be used to skip that.

Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 45d59b774b95c91193a8376b83c05291d555e5c8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 scripts/yocto-check-layer | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/scripts/yocto-check-layer b/scripts/yocto-check-layer
index 847fabfd9d..dd930cdddd 100755
--- a/scripts/yocto-check-layer
+++ b/scripts/yocto-check-layer
@@ -24,7 +24,7 @@ import scriptpath
 scriptpath.add_oe_lib_path()
 scriptpath.add_bitbake_lib_path()
 
-from checklayer import LayerType, detect_layers, add_layers, add_layer_dependencies, get_signatures, check_bblayers
+from checklayer import LayerType, detect_layers, add_layers, add_layer_dependencies, get_layer_dependencies, get_signatures, check_bblayers
 from oeqa.utils.commands import get_bb_vars
 
 PROGNAME = 'yocto-check-layer'
@@ -51,6 +51,8 @@ def main():
             help='File to output log (optional)', action='store')
     parser.add_argument('--dependency', nargs="+",
             help='Layers to process for dependencies', action='store')
+    parser.add_argument('--no-auto-dependency', help='Disable automatic testing of dependencies',
+            action='store_true')
     parser.add_argument('--machines', nargs="+",
             help='List of MACHINEs to be used during testing', action='store')
     parser.add_argument('--additional-layers', nargs="+",
@@ -121,6 +123,21 @@ def main():
     if not layers:
         return 1
 
+    # Find all dependencies, and get them checked too
+    if not args.no_auto_dependency:
+        depends = []
+        for layer in layers:
+            layer_depends = get_layer_dependencies(layer, dep_layers, logger)
+            if layer_depends:
+                for d in layer_depends:
+                    if d not in depends:
+                        depends.append(d)
+
+        for d in depends:
+            if d not in layers:
+                logger.info("Adding %s to the list of layers to test, as a dependency", d['name'])
+                layers.append(d)
+
     shutil.copyfile(bblayersconf, bblayersconf + '.backup')
     def cleanup_bblayers(signum, frame):
         shutil.copyfile(bblayersconf + '.backup', bblayersconf)
-- 
2.25.1

[OE-core][dunfell 31/33] archiver.bbclass: fix do_ar_configured failure for kernel

[Steve Sakoman]

From: Changqing Li <changqing.li@windriver.com>

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d7776a23cbea836ddb8ac5ec77012af2449ab875)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/archiver.bbclass | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/meta/classes/archiver.bbclass b/meta/classes/archiver.bbclass
index 49717d4f57..9ef18ebd3c 100644
--- a/meta/classes/archiver.bbclass
+++ b/meta/classes/archiver.bbclass
@@ -281,7 +281,10 @@ python do_ar_configured() {
         # ${STAGING_DATADIR}/aclocal/libtool.m4, so we can't re-run the
         # do_configure, we archive the already configured ${S} to
         # instead of.
-        elif pn != 'libtool-native':
+        # The kernel class functions require it to be on work-shared, we
+        # don't unpack, patch, configure again, just archive the already
+        # configured ${S}
+        elif not (pn == 'libtool-native' or is_work_shared(d)):
             def runTask(task):
                 prefuncs = d.getVarFlag(task, 'prefuncs') or ''
                 for func in prefuncs.split():
-- 
2.25.1

[OE-core][dunfell 32/33] linux-yocto/5.4: update to v5.4.135

[Steve Sakoman]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:

    0a0beb1f9120 Linux 5.4.135
    d2f7b384a74f udp: annotate data races around unix_sk(sk)->gso_size
    c72374978b3f perf test bpf: Free obj_buf
    17bc942c0b96 bpftool: Properly close va_list 'ap' by va_end() on error
    84ed8340941a ipv6: tcp: drop silly ICMPv6 packet too big messages
    315033cab379 tcp: annotate data races around tp->mtu_info
    41f45e91c92c dma-buf/sync_file: Don't leak fences on merge failure
    04b06716838b net: fddi: fix UAF in fza_probe
    8aa13a86964c net: validate lwtstate->data before returning from skb_tunnel_info()
    8cff7b28ab05 net: send SYNACK packet with accepted fwmark
    b7e5563f2a78 net: ti: fix UAF in tlan:remove_one
    2b70ca92847c net: qcom/emac: fix UAF in emac:remove
    463c0addb4eb net: moxa: fix UAF in moxart_mac_probe
    7ac4a6a74e75 net: ip_tunnel: fix mtu calculation for ETHER tunnel devices
    d5dc50ca1f7a net: bcmgenet: Ensure all TX/RX queues DMAs are disabled
    7ecd40801e5b net: bridge: sync fdb to new unicast-filtering ports
    813d45499f51 net/sched: act_ct: fix err check for nf_conntrack_confirm
    24973073562f netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo
    c6f4a71153f4 net: ipv6: fix return value of ip6_skb_dst_mtu
    9872273b670a net: dsa: mv88e6xxx: enable .rmu_disable() on Topaz
    6148ddff2dcb net: dsa: mv88e6xxx: enable .port_set_policy() on Topaz
    d73c180e6add dm writecache: return the exact table values that were set
    8a85afc6621a mm: slab: fix kmem_cache_create failed when sysfs node not destroyed
    f53729b828db usb: cdns3: Enable TDL_CHK only for OUT ep
    52b01a808696 f2fs: Show casefolding support only when supported
    91d846016729 arm64: dts: marvell: armada-37xx: move firmware node to generic dtsi file
    f696cc7f1bc8 firmware: turris-mox-rwtm: add marvell,armada-3700-rwtm-firmware compatible string
    e2b28026b861 arm64: dts: armada-3720-turris-mox: add firmware node
    f7d1fa65e742 cifs: prevent NULL deref in cifs_compose_mount_options()
    06d8a7eb5803 s390: introduce proper type handling call_on_stack() macro
    2a47e0719ae7 sched/fair: Fix CFS bandwidth hrtimer expiry type
    5b7d065868a6 scsi: qedf: Add check to synchronize abort and flush
    0fe70c15f943 scsi: libfc: Fix array index out of bound exception
    d7b647d05586 scsi: libsas: Add LUN number check in .slave_alloc callback
    863c4bc883d5 scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8
    712e9ed6134f rtc: max77686: Do not enforce (incorrect) interrupt trigger type
    199d8ea4c7b1 kbuild: mkcompile_h: consider timestamp if KBUILD_BUILD_TIMESTAMP is set
    484193b635a7 thermal/core: Correct function name thermal_zone_device_unregister()
    556cf0283035 arm64: dts: imx8mq: assign PCIe clocks
    9d3eb68a5385 arm64: dts: ls208xa: remove bus-num from dspi node
    e054b361caec firmware: tegra: bpmp: Fix Tegra234-only builds
    94d009577033 soc/tegra: fuse: Fix Tegra234-only builds
    270a2e9fafea ARM: dts: stm32: move stmmac axi config in ethernet node on stm32mp15
    4bc66215bc22 ARM: dts: stm32: fix i2c node name on stm32f746 to prevent warnings
    856c753237ae ARM: dts: rockchip: fix supply properties in io-domains nodes
    c5bb9cc2ce23 arm64: dts: juno: Update SCPI nodes as per the YAML schema
    f572a9139396 ARM: dts: stm32: fix timer nodes on STM32 MCU to prevent warnings
    95e795474c81 ARM: dts: stm32: fix RCC node name on stm32f429 MCU
    a898aa9f88cc ARM: dts: stm32: fix gpio-keys node on STM32 MCU boards
    5c17edaaead7 ARM: dts: am437x-gp-evm: fix ti,no-reset-on-init flag for gpios
    3446233096ff ARM: dts: am57xx-cl-som-am57x: fix ti,no-reset-on-init flag for gpios
    e79e29a4e162 kbuild: sink stdout from cmd for silent build
    f817d4677582 rtc: mxc_v2: add missing MODULE_DEVICE_TABLE
    0a22b5178276 ARM: imx: pm-imx5: Fix references to imx5_cpu_suspend_info
    e20e85639e25 ARM: dts: imx6: phyFLEX: Fix UART hardware flow control
    a5b19d33ae22 ARM: dts: Hurricane 2: Fix NAND nodes names
    f83535a47ff8 ARM: dts: BCM63xx: Fix NAND nodes names
    cb05b84ad7f1 ARM: NSP: dts: fix NAND nodes names
    14e3bad3b548 ARM: Cygnus: dts: fix NAND nodes names
    587a757afe73 ARM: brcmstb: dts: fix NAND nodes names
    a9c32c7aeee6 reset: ti-syscon: fix to_ti_syscon_reset_data macro
    b400afa42739 arm64: dts: rockchip: Fix power-controller node names for rk3328
    dfb4e8ed0792 arm64: dts: rockchip: Fix power-controller node names for px30
    789070f17886 ARM: dts: rockchip: Fix power-controller node names for rk3288
    6aaffe6ce8a9 ARM: dts: rockchip: Fix power-controller node names for rk3188
    439115ee56d8 ARM: dts: rockchip: Fix power-controller node names for rk3066a
    3b4c34728382 ARM: dts: rockchip: Fix IOMMU nodes properties on rk322x
    c9d29d62da59 ARM: dts: rockchip: Fix the timer clocks order
    d105e15de610 arm64: dts: rockchip: fix pinctrl sleep nodename for rk3399.dtsi
    cfe3d29e5cde ARM: dts: rockchip: fix pinctrl sleep nodename for rk3036-kylin and rk3288
    79573c64410b ARM: dts: gemini: add device_type on pci
    7037876393ce ARM: dts: gemini: rename mdio to the right name

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5c36549fab7cc27bd2f4f9e8b6be1ec8546d32bd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../linux/linux-yocto-rt_5.4.bb               |  6 ++---
 .../linux/linux-yocto-tiny_5.4.bb             |  8 +++----
 meta/recipes-kernel/linux/linux-yocto_5.4.bb  | 22 +++++++++----------
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
index 7d7470bec4..6d2b1fd198 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "849a67646d942d3a6d706f456df39954367ac7bf"
-SRCREV_meta ?= "d6aec4fb69bae34f34db6f153871a0847d8198f3"
+SRCREV_machine ?= "f4e30367bf1e579ff497fc9e7a16010c879048dc"
+SRCREV_meta ?= "231d3a07e10680c7c89ea101cd803b0684482b11"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.4.134"
+LINUX_VERSION ?= "5.4.135"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
index 95ead533d1..d7911cd54e 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.4.134"
+LINUX_VERSION ?= "5.4.135"
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine_qemuarm ?= "86c31c51c87557af60e4d4dbee73f18618bc4c92"
-SRCREV_machine ?= "bf89a54b3f77fbac15dd0194870db288aee5c8b7"
-SRCREV_meta ?= "d6aec4fb69bae34f34db6f153871a0847d8198f3"
+SRCREV_machine_qemuarm ?= "fa414639057bbad7acd21a1a70a3847f9be469c0"
+SRCREV_machine ?= "c81f0e376b1fce7a1198eec7b286966d98eae44d"
+SRCREV_meta ?= "231d3a07e10680c7c89ea101cd803b0684482b11"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
index 1816287217..38a0f8f700 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86  ?= "v5.4/standard/base"
 KBRANCH_qemux86-64 ?= "v5.4/standard/base"
 KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "bea52ab7529ef152f99a0f6ebd97cc7e904e5360"
-SRCREV_machine_qemuarm64 ?= "8a29c9de0fc366bd89ce6954685dce0e330dbabe"
-SRCREV_machine_qemumips ?= "b15816ccad0762d27c78c269e7a1986504e60c63"
-SRCREV_machine_qemuppc ?= "906f9509a8d2f842ec8766bf81287f8939ff1fa8"
-SRCREV_machine_qemuriscv64 ?= "dd8a64a523fb714a98328441e0de72cde115a6fc"
-SRCREV_machine_qemux86 ?= "dd8a64a523fb714a98328441e0de72cde115a6fc"
-SRCREV_machine_qemux86-64 ?= "dd8a64a523fb714a98328441e0de72cde115a6fc"
-SRCREV_machine_qemumips64 ?= "152e33a0782920e9707c36ccacf53585a8911e9f"
-SRCREV_machine ?= "dd8a64a523fb714a98328441e0de72cde115a6fc"
-SRCREV_meta ?= "d6aec4fb69bae34f34db6f153871a0847d8198f3"
+SRCREV_machine_qemuarm ?= "f367cbe6d0c21c65257c66a4c9b1845fd43285f8"
+SRCREV_machine_qemuarm64 ?= "8dcb7ee83e58da8bf51ed8b72165e1ed35beb928"
+SRCREV_machine_qemumips ?= "3d4c6263bfdf95960894b75c76aa450d240e3e8e"
+SRCREV_machine_qemuppc ?= "125a824c8d14c49b640bc0d6e040d495177caa10"
+SRCREV_machine_qemuriscv64 ?= "997c04e7a40084a53bc3d45490949584364697bd"
+SRCREV_machine_qemux86 ?= "997c04e7a40084a53bc3d45490949584364697bd"
+SRCREV_machine_qemux86-64 ?= "997c04e7a40084a53bc3d45490949584364697bd"
+SRCREV_machine_qemumips64 ?= "7082f58984404a5aad90bca1dac4e27773fff26e"
+SRCREV_machine ?= "997c04e7a40084a53bc3d45490949584364697bd"
+SRCREV_meta ?= "231d3a07e10680c7c89ea101cd803b0684482b11"
 
 # remap qemuarm to qemuarma15 for the 5.4 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.134"
+LINUX_VERSION ?= "5.4.135"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
-- 
2.25.1

[OE-core][dunfell 33/33] sstate: Fix rebuilds when changing layer config

[Steve Sakoman]

From: Richard Purdie <richard.purdie@linuxfoundation.org>

When adding a layer which changed SSTATE_EXCLUDEDEPS_SYSROOT, the state
hashes were changing when they should not. This was caused by wider use
of setscene_depvalid which means the dependency on the variable was seen
when it was previously not.

Exclude the variable since this should be be included in the hashes.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 09725a29365c69ccbd603fe3a1de72189f26d5ac)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/sstate.bbclass | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass
index 0a25e3ed9d..c148fc9edd 100644
--- a/meta/classes/sstate.bbclass
+++ b/meta/classes/sstate.bbclass
@@ -1014,6 +1014,7 @@ def sstate_checkhashes(sq_data, d, siginfo=False, currentcount=0, summary=True,
         bb.parse.siggen.checkhashes(sq_data, missed, found, d)
 
     return found
+setscene_depvalid[vardepsexclude] = "SSTATE_EXCLUDEDEPS_SYSROOT"
 
 BB_SETSCENE_DEPVALID = "setscene_depvalid"
 
-- 
2.25.1

Re: [OE-core][dunfell 07/33] curl: Fix CVE-2021-22924 and CVE-2021-22925

[Mike Crowe]

On Thursday 05 August 2021 at 05:33:44 -1000, Steve Sakoman wrote:
> From: Mike Crowe <mac@mcrowe.com>
> 
> curl v7.78 contained fixes for five CVEs:
> 
> CVE-2021-22922[1] and CVE-2021-22923[2] are only present when support
> for metalink is enabled. EXTRA_OECONF contains "--without-libmetalink"
> so these fixes are unnecessary.
> 
> CVE-2021-22926[3] only affects builds for MacOS.
> 
> CVE-2021-22924[4] and CVE-2021-22925[5] are both applicable. Take the
> patches from Ubuntu 20.04 curl_7.68.0-1ubuntu2.6 package which is close
> enough that the patch for CVE-2021-22924 applies without conflicts..

Now that you've added back the "== 2", I believe the final sentence is now
true for both patches. That may not be worth worrying about.

> 
> [1] https://curl.se/docs/CVE-2021-22922.html
> [2] https://curl.se/docs/CVE-2021-22923.html
> [3] https://curl.se/docs/CVE-2021-22926.html
> [4] https://curl.se/docs/CVE-2021-22924.html
> [5] https://curl.se/docs/CVE-2021-22925.html
> 
> Signed-off-by: Mike Crowe <mac@mcrowe.com>
> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Mike.