[PATCH 01/45] rpm: update 4.17.0 -> 4.17.1

[PATCH 01/45] rpm: update 4.17.0 -> 4.17.1

[Alexander Kanavin]

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
---
 .../rpm/files/0001-CVE-2021-3521.patch        |  57 ---
 ...lib-rpm-as-the-installation-path-for.patch |  14 +-
 ...-linux-gnux32-variant-to-triplet-han.patch |  31 ++
 .../rpm/files/0002-CVE-2021-3521.patch        |  64 ----
 .../rpm/files/0003-CVE-2021-3521.patch        | 329 ------------------
 .../rpm/{rpm_4.17.0.bb => rpm_4.17.1.bb}      |   6 +-
 6 files changed, 40 insertions(+), 461 deletions(-)
 delete mode 100644 meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch
 create mode 100644 meta/recipes-devtools/rpm/files/0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch
 delete mode 100644 meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch
 delete mode 100644 meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch
 rename meta/recipes-devtools/rpm/{rpm_4.17.0.bb => rpm_4.17.1.bb} (97%)

diff --git a/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch b/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch
deleted file mode 100644
index 044b4dd2a0..0000000000
--- a/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From 9a6871126f472feea057d5f803505ec8cc78f083 Mon Sep 17 00:00:00 2001
-From: Panu Matilainen <pmatilai@redhat.com>
-Date: Thu, 30 Sep 2021 09:56:20 +0300
-Subject: [PATCH 1/3] Refactor pgpDigParams construction to helper function
-
-No functional changes, just to reduce code duplication and needed by
-the following commits.
-
-CVE: CVE-2021-3521
-Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/9f03f42e2]
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
----
- rpmio/rpmpgp.c | 13 +++++++++----
- 1 file changed, 9 insertions(+), 4 deletions(-)
-
-diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
-index d0688ebe9a..e472b5320f 100644
---- a/rpmio/rpmpgp.c
-+++ b/rpmio/rpmpgp.c
-@@ -1041,6 +1041,13 @@ unsigned int pgpDigParamsAlgo(pgpDigParams digp, unsigned int algotype)
-     return algo;
- }
- 
-+static pgpDigParams pgpDigParamsNew(uint8_t tag)
-+{
-+    pgpDigParams digp = xcalloc(1, sizeof(*digp));
-+    digp->tag = tag;
-+    return digp;
-+}
-+
- int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype,
- 		 pgpDigParams * ret)
- {
-@@ -1058,8 +1065,7 @@ int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype,
- 	    if (pkttype && pkt.tag != pkttype) {
- 		break;
- 	    } else {
--		digp = xcalloc(1, sizeof(*digp));
--		digp->tag = pkt.tag;
-+		digp = pgpDigParamsNew(pkt.tag);
- 	    }
- 	}
- 
-@@ -1105,8 +1111,7 @@ int pgpPrtParamsSubkeys(const uint8_t *pkts, size_t pktlen,
- 		digps = xrealloc(digps, alloced * sizeof(*digps));
- 	    }
- 
--	    digps[count] = xcalloc(1, sizeof(**digps));
--	    digps[count]->tag = PGPTAG_PUBLIC_SUBKEY;
-+	    digps[count] = pgpDigParamsNew(PGPTAG_PUBLIC_SUBKEY);
- 	    /* Copy UID from main key to subkey */
- 	    digps[count]->userid = xstrdup(mainkey->userid);
- 
--- 
-2.17.1
-
diff --git a/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch b/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch
index 6d236ac400..c6cf9d4c88 100644
--- a/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch
+++ b/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch
@@ -1,4 +1,4 @@
-From 8d013fe154a162305f76141151baf767dd04b598 Mon Sep 17 00:00:00 2001
+From 4ab6a4c5bbad65c3401016bb26b87214cdd0c59b Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Mon, 27 Feb 2017 09:43:30 +0200
 Subject: [PATCH] Do not hardcode "lib/rpm" as the installation path for
@@ -14,10 +14,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
  3 files changed, 4 insertions(+), 4 deletions(-)
 
 diff --git a/configure.ac b/configure.ac
-index eb7d6941b..10a889b5d 100644
+index 372875fc4..1b7add9ee 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -871,7 +871,7 @@ else
+@@ -884,7 +884,7 @@ else
      usrprefix=$prefix
  fi
  
@@ -27,10 +27,10 @@ index eb7d6941b..10a889b5d 100644
  
  AC_SUBST(OBJDUMP)
 diff --git a/macros.in b/macros.in
-index a1f795e5f..689e784ef 100644
+index d53ab5ed5..9d10441c8 100644
 --- a/macros.in
 +++ b/macros.in
-@@ -933,7 +933,7 @@ package or when debugging this package.\
+@@ -911,7 +911,7 @@ package or when debugging this package.\
  %_sharedstatedir	%{_prefix}/com
  %_localstatedir		%{_prefix}/var
  %_lib			lib
@@ -40,7 +40,7 @@ index a1f795e5f..689e784ef 100644
  %_infodir		%{_datadir}/info
  %_mandir		%{_datadir}/man
 diff --git a/rpm.am b/rpm.am
-index 7b57f433b..9bbb9ee96 100644
+index ebe4e40d1..e6920e258 100644
 --- a/rpm.am
 +++ b/rpm.am
 @@ -1,10 +1,10 @@
@@ -55,4 +55,4 @@ index 7b57f433b..9bbb9ee96 100644
 +rpmconfigdir = $(libdir)/rpm
  
  # Libtool version (current-revision-age) for all our libraries
- rpm_version_info = 11:0:2
+ rpm_version_info = 12:0:3
diff --git a/meta/recipes-devtools/rpm/files/0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch b/meta/recipes-devtools/rpm/files/0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch
new file mode 100644
index 0000000000..2174a79e75
--- /dev/null
+++ b/meta/recipes-devtools/rpm/files/0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch
@@ -0,0 +1,31 @@
+From 8f51462d41d8fe942d5d0a06f08d47f625141995 Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex@linutronix.de>
+Date: Thu, 4 Aug 2022 12:15:08 +0200
+Subject: [PATCH] configure.ac: add linux-gnux32 variant to triplet handling
+
+x32 is a 64 bit x86 ABI with 32 bit pointers.
+
+Upstream-Status: Submitted [https://github.com/rpm-software-management/rpm/pull/2143]
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ configure.ac | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/configure.ac b/configure.ac
+index 372875fc49..7d6a3d274e 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -845,6 +845,10 @@ if echo "$host_os" | grep '.*-gnuabi64$' > /dev/null ; then
+ 	host_os=`echo "${host_os}" | sed 's/-gnuabi64$//'`
+ 	host_os_gnu=-gnuabi64
+ fi
++if echo "$host_os" | grep '.*-gnux32$' > /dev/null ; then
++	host_os=`echo "${host_os}" | sed 's/-gnux32$//'`
++	host_os_gnu=-gnux32
++fi
+ if echo "$host_os" | grep '.*-gnu$' > /dev/null ; then
+ 	host_os=`echo "${host_os}" | sed 's/-gnu$//'`
+ fi
+-- 
+2.30.2
+
diff --git a/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch b/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch
deleted file mode 100644
index 683b57d455..0000000000
--- a/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From c4b1bee51bbdd732b94b431a951481af99117703 Mon Sep 17 00:00:00 2001
-From: Panu Matilainen <pmatilai@redhat.com>
-Date: Thu, 30 Sep 2021 09:51:10 +0300
-Subject: [PATCH 2/3] Process MPI's from all kinds of signatures
-
-No immediate effect but needed by the following commits.
-
-CVE: CVE-2021-3521
-Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/b5e8bc74b]
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
-
----
- rpmio/rpmpgp.c | 13 +++++--------
- 1 file changed, 5 insertions(+), 8 deletions(-)
-
-diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
-index 25f67048fd..509e777e6d 100644
---- a/rpmio/rpmpgp.c
-+++ b/rpmio/rpmpgp.c
-@@ -543,7 +543,7 @@ pgpDigAlg pgpDigAlgFree(pgpDigAlg alg)
-     return NULL;
- }
- 
--static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo, uint8_t sigtype,
-+static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo,
- 		const uint8_t *p, const uint8_t *h, size_t hlen,
- 		pgpDigParams sigp)
- {
-@@ -556,10 +556,8 @@ static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo, uint8_t sigtype,
- 	int mpil = pgpMpiLen(p);
- 	if (pend - p < mpil)
- 	    break;
--	if (sigtype == PGPSIGTYPE_BINARY || sigtype == PGPSIGTYPE_TEXT) {
--	    if (sigalg->setmpi(sigalg, i, p))
--		break;
--	}
-+        if (sigalg->setmpi(sigalg, i, p))
-+            break;
- 	p += mpil;
-     }
- 
-@@ -619,7 +617,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen,
- 	}
- 
- 	p = ((uint8_t *)v) + sizeof(*v);
--	rc = pgpPrtSigParams(tag, v->pubkey_algo, v->sigtype, p, h, hlen, _digp);
-+	rc = pgpPrtSigParams(tag, v->pubkey_algo, p, h, hlen, _digp);
-     }	break;
-     case 4:
-     {   pgpPktSigV4 v = (pgpPktSigV4)h;
-@@ -677,8 +675,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen,
- 	p += 2;
- 	if (p > hend)
- 	    return 1;
--
--	rc = pgpPrtSigParams(tag, v->pubkey_algo, v->sigtype, p, h, hlen, _digp);
-+	rc = pgpPrtSigParams(tag, v->pubkey_algo, p, h, hlen, _digp);
-     }	break;
-     default:
- 	rpmlog(RPMLOG_WARNING, _("Unsupported version of signature: V%d\n"), version);
--- 
-2.17.1
-
diff --git a/meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch b/meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch
deleted file mode 100644
index a5ec802501..0000000000
--- a/meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch
+++ /dev/null
@@ -1,329 +0,0 @@
-From 07676ca03ad8afcf1ca95a2353c83fbb1d970b9b Mon Sep 17 00:00:00 2001
-From: Panu Matilainen <pmatilai@redhat.com>
-Date: Thu, 30 Sep 2021 09:59:30 +0300
-Subject: [PATCH 3/3] Validate and require subkey binding signatures on PGP
- public keys
-
-All subkeys must be followed by a binding signature by the primary key
-as per the OpenPGP RFC, enforce the presence and validity in the parser.
-
-The implementation is as kludgey as they come to work around our
-simple-minded parser structure without touching API, to maximise
-backportability. Store all the raw packets internally as we decode them
-to be able to access previous elements at will, needed to validate ordering
-and access the actual data. Add testcases for manipulated keys whose
-import previously would succeed.
-
-Depends on the two previous commits:
-7b399fcb8f52566e6f3b4327197a85facd08db91 and
-236b802a4aa48711823a191d1b7f753c82a89ec5
-
-Fixes CVE-2021-3521.
-
-Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/bd36c5dc9]
-CVE:CVE-2021-3521
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
-
----
- rpmio/rpmpgp.c                                | 99 +++++++++++++++++--
- tests/Makefile.am                             |  3 +
- tests/data/keys/CVE-2021-3521-badbind.asc     | 25 +++++
- .../data/keys/CVE-2021-3521-nosubsig-last.asc | 25 +++++
- tests/data/keys/CVE-2021-3521-nosubsig.asc    | 37 +++++++
- tests/rpmsigdig.at                            | 28 ++++++
- 6 files changed, 209 insertions(+), 8 deletions(-)
- create mode 100644 tests/data/keys/CVE-2021-3521-badbind.asc
- create mode 100644 tests/data/keys/CVE-2021-3521-nosubsig-last.asc
- create mode 100644 tests/data/keys/CVE-2021-3521-nosubsig.asc
-
-diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
-index 509e777e6d..371ad4d9b6 100644
---- a/rpmio/rpmpgp.c
-+++ b/rpmio/rpmpgp.c
-@@ -1061,33 +1061,116 @@ static pgpDigParams pgpDigParamsNew(uint8_t tag)
-     return digp;
- }
- 
-+static int hashKey(DIGEST_CTX hash, const struct pgpPkt *pkt, int exptag)
-+{
-+    int rc = -1;
-+    if (pkt->tag == exptag) {
-+       uint8_t head[] = {
-+           0x99,
-+           (pkt->blen >> 8),
-+           (pkt->blen     ),
-+       };
-+
-+       rpmDigestUpdate(hash, head, 3);
-+       rpmDigestUpdate(hash, pkt->body, pkt->blen);
-+       rc = 0;
-+    }
-+    return rc;
-+}
-+
-+static int pgpVerifySelf(pgpDigParams key, pgpDigParams selfsig,
-+                       const struct pgpPkt *all, int i)
-+{
-+    int rc = -1;
-+    DIGEST_CTX hash = NULL;
-+
-+    switch (selfsig->sigtype) {
-+    case PGPSIGTYPE_SUBKEY_BINDING:
-+       hash = rpmDigestInit(selfsig->hash_algo, 0);
-+       if (hash) {
-+           rc = hashKey(hash, &all[0], PGPTAG_PUBLIC_KEY);
-+           if (!rc)
-+               rc = hashKey(hash, &all[i-1], PGPTAG_PUBLIC_SUBKEY);
-+       }
-+       break;
-+    default:
-+       /* ignore types we can't handle */
-+       rc = 0;
-+       break;
-+    }
-+
-+    if (hash && rc == 0)
-+       rc = pgpVerifySignature(key, selfsig, hash);
-+
-+    rpmDigestFinal(hash, NULL, NULL, 0);
-+
-+    return rc;
-+}
-+
- int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype,
- 		 pgpDigParams * ret)
- {
-     const uint8_t *p = pkts;
-     const uint8_t *pend = pkts + pktlen;
-     pgpDigParams digp = NULL;
--    struct pgpPkt pkt;
-+    pgpDigParams selfsig = NULL;
-+    int i = 0;
-+    int alloced = 16; /* plenty for normal cases */
-+    struct pgpPkt *all = xmalloc(alloced * sizeof(*all));
-     int rc = -1; /* assume failure */
-+    int expect = 0;
-+    int prevtag = 0;
- 
-     while (p < pend) {
--	if (decodePkt(p, (pend - p), &pkt))
-+	struct pgpPkt *pkt = &all[i];
-+	if (decodePkt(p, (pend - p), pkt))
- 	    break;
- 
- 	if (digp == NULL) {
--	    if (pkttype && pkt.tag != pkttype) {
-+               if (pkttype && pkt->tag != pkttype) {
- 		break;
- 	    } else {
--		digp = pgpDigParamsNew(pkt.tag);
-+		digp = pgpDigParamsNew(pkt->tag);
- 	    }
- 	}
- 
--	if (pgpPrtPkt(&pkt, digp))
-+        if (expect) {
-+            if (pkt->tag != expect)
-+                break;
-+            selfsig = pgpDigParamsNew(pkt->tag);
-+        }
-+	if (pgpPrtPkt(pkt, selfsig ? selfsig : digp))
- 	    break;
- 
--	p += (pkt.body - pkt.head) + pkt.blen;
--	if (pkttype == PGPTAG_SIGNATURE)
--	    break;
-+	if (selfsig) {
-+           /* subkeys must be followed by binding signature */
-+           if (prevtag == PGPTAG_PUBLIC_SUBKEY) {
-+               if (selfsig->sigtype != PGPSIGTYPE_SUBKEY_BINDING)
-+                   break;
-+           }
-+
-+           int xx = pgpVerifySelf(digp, selfsig, all, i);
-+
-+           selfsig = pgpDigParamsFree(selfsig);
-+           if (xx)
-+               break;
-+           expect = 0;
-+       }
-+
-+       if (pkt->tag == PGPTAG_PUBLIC_SUBKEY)
-+           expect = PGPTAG_SIGNATURE;
-+       prevtag = pkt->tag;
-+
-+       i++;
-+       p += (pkt->body - pkt->head) + pkt->blen;
-+       if (pkttype == PGPTAG_SIGNATURE)
-+           break;
-+
-+       if (alloced <= i) {
-+           alloced *= 2;
-+           all = xrealloc(all, alloced * sizeof(*all));
-+       }
-+
-     }
- 
-     rc = (digp && (p == pend)) ? 0 : -1;
-diff --git a/tests/Makefile.am b/tests/Makefile.am
-index a41ce10de8..7bb23247f1 100644
---- a/tests/Makefile.am
-+++ b/tests/Makefile.am
-@@ -107,6 +107,9 @@ EXTRA_DIST += data/SPECS/hello-config-buildid.spec
- EXTRA_DIST += data/SPECS/hello-cd.spec
- EXTRA_DIST += data/keys/rpm.org-rsa-2048-test.pub
- EXTRA_DIST += data/keys/rpm.org-rsa-2048-test.secret
-+EXTRA_DIST += data/keys/CVE-2021-3521-badbind.asc
-+EXTRA_DIST += data/keys/CVE-2022-3521-nosubsig.asc
-+EXTRA_DIST += data/keys/CVE-2022-3521-nosubsig-last.asc
- EXTRA_DIST += data/macros.testfile
- EXTRA_DIST += data/macros.debug
- EXTRA_DIST += data/SOURCES/foo.c
-diff --git a/tests/data/keys/CVE-2021-3521-badbind.asc b/tests/data/keys/CVE-2021-3521-badbind.asc
-new file mode 100644
-index 0000000000..aea00f9d7a
---- /dev/null
-+++ b/tests/data/keys/CVE-2021-3521-badbind.asc
-@@ -0,0 +1,25 @@
-+-----BEGIN PGP PUBLIC KEY BLOCK-----
-+Version: rpm-4.17.90 (NSS-3)
-+
-+mQENBFjmORgBCAC7TMEk6wnjSs8Dr4yqSScWdU2pjcqrkTxuzdWvowcIUPZI0w/g
-+HkRqGd4apjvY2V15kjL10gk3QhFP3pZ/9p7zh8o8NHX7aGdSGDK7NOq1eFaErPRY
-+91LW9RiZ0lbOjXEzIL0KHxUiTQEmdXJT43DJMFPyW9fkCWg0OltiX618FUdWWfI8
-+eySdLur1utnqBvdEbCUvWK2RX3vQZQdvEBODnNk2pxqTyV0w6VPQ96W++lF/5Aas
-+7rUv3HIyIXxIggc8FRrnH+y9XvvHDonhTIlGnYZN4ubm9i4y3gOkrZlGTrEw7elQ
-+1QeMyG2QQEbze8YjpTm4iLABCBrRfPRaQpwrABEBAAG0IXJwbS5vcmcgUlNBIHRl
-+c3RrZXkgPHJzYUBycG0ub3JnPokBNwQTAQgAIQUCWOY5GAIbAwULCQgHAgYVCAkK
-+CwIEFgIDAQIeAQIXgAAKCRBDRFkeGWTF/MxxCACnjqFL+MmPh9W9JQKT2DcLbBzf
-+Cqo6wcEBoCOcwgRSk8dSikhARoteoa55JRJhuMyeKhhEAogE9HRmCPFdjezFTwgB
-+BDVBpO2dZ023mLXDVCYX3S8pShOgCP6Tn4wqCnYeAdLcGg106N4xcmgtcssJE+Pr
-+XzTZksbZsrTVEmL/Ym+R5w5jBfFnGk7Yw7ndwfQsfNXQb5AZynClFxnX546lcyZX
-+fEx3/e6ezw57WNOUK6WT+8b+EGovPkbetK/rGxNXuWaP6X4A/QUm8O98nCuHYFQq
-++mvNdsCBqGf7mhaRGtpHk/JgCn5rFvArMDqLVrR9hX0LdCSsH7EGE+bR3r7wuQEN
-+BFjmORgBCACk+vDZrIXQuFXEYToZVwb2attzbbJJCqD71vmZTLsW0QxuPKRgbcYY
-+zp4K4lVBnHhFrF8MOUOxJ7kQWIJZMZFt+BDcptCYurbD2H4W2xvnWViiC+LzCMzz
-+iMJT6165uefL4JHTDPxC2fFiM9yrc72LmylJNkM/vepT128J5Qv0gRUaQbHiQuS6
-+Dm/+WRnUfx3i89SV4mnBxb/Ta93GVqoOciWwzWSnwEnWYAvOb95JL4U7c5J5f/+c
-+KnQDHsW7sIiIdscsWzvgf6qs2Ra1Zrt7Fdk4+ZS2f/adagLhDO1C24sXf5XfMk5m
-+L0OGwZSr9m5s17VXxfspgU5ugc8kBJfzABEBAAE=
-+=WCfs
-+-----END PGP PUBLIC KEY BLOCK-----
-+
-diff --git a/tests/data/keys/CVE-2021-3521-nosubsig-last.asc b/tests/data/keys/CVE-2021-3521-nosubsig-last.asc
-new file mode 100644
-index 0000000000..aea00f9d7a
---- /dev/null
-+++ b/tests/data/keys/CVE-2021-3521-nosubsig-last.asc
-@@ -0,0 +1,25 @@
-+-----BEGIN PGP PUBLIC KEY BLOCK-----
-+Version: rpm-4.17.90 (NSS-3)
-+
-+mQENBFjmORgBCAC7TMEk6wnjSs8Dr4yqSScWdU2pjcqrkTxuzdWvowcIUPZI0w/g
-+HkRqGd4apjvY2V15kjL10gk3QhFP3pZ/9p7zh8o8NHX7aGdSGDK7NOq1eFaErPRY
-+91LW9RiZ0lbOjXEzIL0KHxUiTQEmdXJT43DJMFPyW9fkCWg0OltiX618FUdWWfI8
-+eySdLur1utnqBvdEbCUvWK2RX3vQZQdvEBODnNk2pxqTyV0w6VPQ96W++lF/5Aas
-+7rUv3HIyIXxIggc8FRrnH+y9XvvHDonhTIlGnYZN4ubm9i4y3gOkrZlGTrEw7elQ
-+1QeMyG2QQEbze8YjpTm4iLABCBrRfPRaQpwrABEBAAG0IXJwbS5vcmcgUlNBIHRl
-+c3RrZXkgPHJzYUBycG0ub3JnPokBNwQTAQgAIQUCWOY5GAIbAwULCQgHAgYVCAkK
-+CwIEFgIDAQIeAQIXgAAKCRBDRFkeGWTF/MxxCACnjqFL+MmPh9W9JQKT2DcLbBzf
-+Cqo6wcEBoCOcwgRSk8dSikhARoteoa55JRJhuMyeKhhEAogE9HRmCPFdjezFTwgB
-+BDVBpO2dZ023mLXDVCYX3S8pShOgCP6Tn4wqCnYeAdLcGg106N4xcmgtcssJE+Pr
-+XzTZksbZsrTVEmL/Ym+R5w5jBfFnGk7Yw7ndwfQsfNXQb5AZynClFxnX546lcyZX
-+fEx3/e6ezw57WNOUK6WT+8b+EGovPkbetK/rGxNXuWaP6X4A/QUm8O98nCuHYFQq
-++mvNdsCBqGf7mhaRGtpHk/JgCn5rFvArMDqLVrR9hX0LdCSsH7EGE+bR3r7wuQEN
-+BFjmORgBCACk+vDZrIXQuFXEYToZVwb2attzbbJJCqD71vmZTLsW0QxuPKRgbcYY
-+zp4K4lVBnHhFrF8MOUOxJ7kQWIJZMZFt+BDcptCYurbD2H4W2xvnWViiC+LzCMzz
-+iMJT6165uefL4JHTDPxC2fFiM9yrc72LmylJNkM/vepT128J5Qv0gRUaQbHiQuS6
-+Dm/+WRnUfx3i89SV4mnBxb/Ta93GVqoOciWwzWSnwEnWYAvOb95JL4U7c5J5f/+c
-+KnQDHsW7sIiIdscsWzvgf6qs2Ra1Zrt7Fdk4+ZS2f/adagLhDO1C24sXf5XfMk5m
-+L0OGwZSr9m5s17VXxfspgU5ugc8kBJfzABEBAAE=
-+=WCfs
-+-----END PGP PUBLIC KEY BLOCK-----
-+
-diff --git a/tests/data/keys/CVE-2021-3521-nosubsig.asc b/tests/data/keys/CVE-2021-3521-nosubsig.asc
-new file mode 100644
-index 0000000000..3a2e7417f8
---- /dev/null
-+++ b/tests/data/keys/CVE-2021-3521-nosubsig.asc
-@@ -0,0 +1,37 @@
-+-----BEGIN PGP PUBLIC KEY BLOCK-----
-+Version: rpm-4.17.90 (NSS-3)
-+
-+mQENBFjmORgBCAC7TMEk6wnjSs8Dr4yqSScWdU2pjcqrkTxuzdWvowcIUPZI0w/g
-+HkRqGd4apjvY2V15kjL10gk3QhFP3pZ/9p7zh8o8NHX7aGdSGDK7NOq1eFaErPRY
-+91LW9RiZ0lbOjXEzIL0KHxUiTQEmdXJT43DJMFPyW9fkCWg0OltiX618FUdWWfI8
-+eySdLur1utnqBvdEbCUvWK2RX3vQZQdvEBODnNk2pxqTyV0w6VPQ96W++lF/5Aas
-+7rUv3HIyIXxIggc8FRrnH+y9XvvHDonhTIlGnYZN4ubm9i4y3gOkrZlGTrEw7elQ
-+1QeMyG2QQEbze8YjpTm4iLABCBrRfPRaQpwrABEBAAG0IXJwbS5vcmcgUlNBIHRl
-+c3RrZXkgPHJzYUBycG0ub3JnPokBNwQTAQgAIQUCWOY5GAIbAwULCQgHAgYVCAkK
-+CwIEFgIDAQIeAQIXgAAKCRBDRFkeGWTF/MxxCACnjqFL+MmPh9W9JQKT2DcLbBzf
-+Cqo6wcEBoCOcwgRSk8dSikhARoteoa55JRJhuMyeKhhEAogE9HRmCPFdjezFTwgB
-+BDVBpO2dZ023mLXDVCYX3S8pShOgCP6Tn4wqCnYeAdLcGg106N4xcmgtcssJE+Pr
-+XzTZksbZsrTVEmL/Ym+R5w5jBfFnGk7Yw7ndwfQsfNXQb5AZynClFxnX546lcyZX
-+fEx3/e6ezw57WNOUK6WT+8b+EGovPkbetK/rGxNXuWaP6X4A/QUm8O98nCuHYFQq
-++mvNdsCBqGf7mhaRGtpHk/JgCn5rFvArMDqLVrR9hX0LdCSsH7EGE+bR3r7wuQEN
-+BFjmORgBCACk+vDZrIXQuFXEYToZVwb2attzbbJJCqD71vmZTLsW0QxuPKRgbcYY
-+zp4K4lVBnHhFrF8MOUOxJ7kQWIJZMZFt+BDcptCYurbD2H4W2xvnWViiC+LzCMzz
-+iMJT6165uefL4JHTDPxC2fFiM9yrc72LmylJNkM/vepT128J5Qv0gRUaQbHiQuS6
-+Dm/+WRnUfx3i89SV4mnBxb/Ta93GVqoOciWwzWSnwEnWYAvOb95JL4U7c5J5f/+c
-+KnQDHsW7sIiIdscsWzvgf6qs2Ra1Zrt7Fdk4+ZS2f/adagLhDO1C24sXf5XfMk5m
-+L0OGwZSr9m5s17VXxfspgU5ugc8kBJfzABEBAAG5AQ0EWOY5GAEIAKT68NmshdC4
-+VcRhOhlXBvZq23NtskkKoPvW+ZlMuxbRDG48pGBtxhjOngriVUGceEWsXww5Q7En
-+uRBYglkxkW34ENym0Ji6tsPYfhbbG+dZWKIL4vMIzPOIwlPrXrm558vgkdMM/ELZ
-+8WIz3KtzvYubKUk2Qz+96lPXbwnlC/SBFRpBseJC5LoOb/5ZGdR/HeLz1JXiacHF
-+v9Nr3cZWqg5yJbDNZKfASdZgC85v3kkvhTtzknl//5wqdAMexbuwiIh2xyxbO+B/
-+qqzZFrVmu3sV2Tj5lLZ/9p1qAuEM7ULbixd/ld8yTmYvQ4bBlKv2bmzXtVfF+ymB
-+Tm6BzyQEl/MAEQEAAYkBHwQYAQgACQUCWOY5GAIbDAAKCRBDRFkeGWTF/PANB/9j
-+mifmj6z/EPe0PJFhrpISt9PjiUQCt0IPtiL5zKAkWjHePIzyi+0kCTBF6DDLFxos
-+3vN4bWnVKT1kBhZAQlPqpJTg+m74JUYeDGCdNx9SK7oRllATqyu+5rncgxjWVPnQ
-+zu/HRPlWJwcVFYEVXYL8xzfantwQTqefjmcRmBRdA2XJITK+hGWwAmrqAWx+q5xX
-+Pa8wkNMxVzNS2rUKO9SoVuJ/wlUvfoShkJ/VJ5HDp3qzUqncADfdGN35TDzscngQ
-+gHvnMwVBfYfSCABV1hNByoZcc/kxkrWMmsd/EnIyLd1Q1baKqc3cEDuC6E6/o4yJ
-+E4XX4jtDmdZPreZALsiB
-+=rRop
-+-----END PGP PUBLIC KEY BLOCK-----
-+
-diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at
-index 8e7c759b8f..e2d30a7f1b 100644
---- a/tests/rpmsigdig.at
-+++ b/tests/rpmsigdig.at
-@@ -2,6 +2,34 @@
- 
- AT_BANNER([RPM signatures and digests])
- 
-+AT_SETUP([rpmkeys --import invalid keys])
-+AT_KEYWORDS([rpmkeys import])
-+RPMDB_INIT
-+
-+AT_CHECK([
-+runroot rpmkeys --import /data/keys/CVE-2021-3521-badbind.asc
-+],
-+[1],
-+[],
-+[error: /data/keys/CVE-2021-3521-badbind.asc: key 1 import failed.]
-+)
-+AT_CHECK([
-+runroot rpmkeys --import /data/keys/CVE-2021-3521-nosubsig.asc
-+],
-+[1],
-+[],
-+[error: /data/keys/CVE-2021-3521-nosubsig.asc: key 1 import failed.]
-+)
-+
-+AT_CHECK([
-+runroot rpmkeys --import /data/keys/CVE-2021-3521-nosubsig-last.asc
-+],
-+[1],
-+[],
-+[error: /data/keys/CVE-2021-3521-nosubsig-last.asc: key 1 import failed.]
-+)
-+AT_CLEANUP
-+
- # ------------------------------
- # Test pre-built package verification
- AT_SETUP([rpmkeys -Kv <unsigned> 1])
--- 
-2.17.1
-
diff --git a/meta/recipes-devtools/rpm/rpm_4.17.0.bb b/meta/recipes-devtools/rpm/rpm_4.17.1.bb
similarity index 97%
rename from meta/recipes-devtools/rpm/rpm_4.17.0.bb
rename to meta/recipes-devtools/rpm/rpm_4.17.1.bb
index c392ac0db4..9b6446f265 100644
--- a/meta/recipes-devtools/rpm/rpm_4.17.0.bb
+++ b/meta/recipes-devtools/rpm/rpm_4.17.1.bb
@@ -39,13 +39,11 @@ SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.17.x;protoc
            file://0001-tools-Add-error.h-for-non-glibc-case.patch \
            file://0001-docs-do-not-build-manpages-requires-pandoc.patch \
            file://0001-build-pack.c-do-not-insert-payloadflags-into-.rpm-me.patch \
-           file://0001-CVE-2021-3521.patch \
-           file://0002-CVE-2021-3521.patch \
-           file://0003-CVE-2021-3521.patch \
+           file://0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch \
            "
 
 PE = "1"
-SRCREV = "3e74e8ba2dd5e76a5353d238dc7fc38651ce27b3"
+SRCREV = "5bef402da334595ed9302b8bca1acdf5e88bfe11"
 
 S = "${WORKDIR}/git"
 
-- 
2.30.2

[PATCH 02/45] dropbear: merge .inc into .bb

[Alexander Kanavin]

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
---
 meta/recipes-core/dropbear/dropbear.inc       | 128 -----------------
 .../recipes-core/dropbear/dropbear_2022.82.bb | 129 +++++++++++++++++-
 2 files changed, 127 insertions(+), 130 deletions(-)
 delete mode 100644 meta/recipes-core/dropbear/dropbear.inc

diff --git a/meta/recipes-core/dropbear/dropbear.inc b/meta/recipes-core/dropbear/dropbear.inc
deleted file mode 100644
index e170587d08..0000000000
--- a/meta/recipes-core/dropbear/dropbear.inc
+++ /dev/null
@@ -1,128 +0,0 @@
-SUMMARY = "A lightweight SSH and SCP implementation"
-HOMEPAGE = "http://matt.ucc.asn.au/dropbear/dropbear.html"
-DESCRIPTION = "Dropbear is a relatively small SSH server and client. It runs on a variety of POSIX-based platforms. Dropbear is open source software, distributed under a MIT-style license. Dropbear is particularly useful for "embedded"-type Linux (or other Unix) systems, such as wireless routers."
-SECTION = "console/network"
-
-# some files are from other projects and have others license terms:
-#   public domain, OpenSSH 3.5p1, OpenSSH3.6.1p2, PuTTY
-LICENSE = "MIT & BSD-3-Clause & BSD-2-Clause & PD"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=25cf44512b7bc8966a48b6b1a9b7605f"
-
-DEPENDS = "zlib virtual/crypt"
-RPROVIDES:${PN} = "ssh sshd"
-RCONFLICTS:${PN} = "openssh-sshd openssh"
-
-DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
-
-SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \
-           file://0001-urandom-xauth-changes-to-options.h.patch \
-           file://init \
-           file://dropbearkey.service \
-           file://dropbear@.service \
-           file://dropbear.socket \
-           file://dropbear.default \
-           ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
-           ${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} "
-
-PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \
-               file://0006-dropbear-configuration-file.patch \
-               file://dropbear"
-
-PAM_PLUGINS = "libpam-runtime \
-	pam-plugin-deny \
-	pam-plugin-permit \
-	pam-plugin-unix \
-	"
-RDEPENDS:${PN} += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_PLUGINS}', '', d)}"
-
-inherit autotools update-rc.d systemd
-
-CVE_PRODUCT = "dropbear_ssh"
-
-INITSCRIPT_NAME = "dropbear"
-INITSCRIPT_PARAMS = "defaults 10"
-
-SYSTEMD_SERVICE:${PN} = "dropbear.socket"
-
-SBINCOMMANDS = "dropbear dropbearkey dropbearconvert"
-BINCOMMANDS = "dbclient ssh scp"
-EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS} ${BINCOMMANDS}"'
-
-PACKAGECONFIG ?= "disable-weak-ciphers"
-PACKAGECONFIG[system-libtom] = "--disable-bundled-libtom,--enable-bundled-libtom,libtommath libtomcrypt"
-PACKAGECONFIG[disable-weak-ciphers] = ""
-
-EXTRA_OECONF += "\
- ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)}"
-
-# This option appends to CFLAGS and LDFLAGS from OE
-# This is causing [textrel] QA warning
-EXTRA_OECONF += "--disable-harden"
-
-# musl does not implement wtmp/logwtmp APIs
-EXTRA_OECONF:append:libc-musl = " --disable-wtmp --disable-lastlog"
-
-do_install() {
-	install -d ${D}${sysconfdir} \
-		${D}${sysconfdir}/init.d \
-		${D}${sysconfdir}/default \
-		${D}${sysconfdir}/dropbear \
-		${D}${bindir} \
-		${D}${sbindir} \
-		${D}${localstatedir}
-
-	install -m 0644 ${WORKDIR}/dropbear.default ${D}${sysconfdir}/default/dropbear
-
-	install -m 0755 dropbearmulti ${D}${sbindir}/
-
-	for i in ${BINCOMMANDS}
-	do
-		# ssh and scp symlinks are created by update-alternatives
-		if [ $i = ssh ] || [ $i = scp ]; then continue; fi
-		ln -s ${sbindir}/dropbearmulti ${D}${bindir}/$i
-	done
-	for i in ${SBINCOMMANDS}
-	do
-		ln -s ./dropbearmulti ${D}${sbindir}/$i
-	done
-	sed -e 's,/etc,${sysconfdir},g' \
-		-e 's,/usr/sbin,${sbindir},g' \
-		-e 's,/var,${localstatedir},g' \
-		-e 's,/usr/bin,${bindir},g' \
-		-e 's,/usr,${prefix},g' ${WORKDIR}/init > ${D}${sysconfdir}/init.d/dropbear
-	chmod 755 ${D}${sysconfdir}/init.d/dropbear
-	if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then
-		install -d ${D}${sysconfdir}/pam.d
-		install -m 0644 ${WORKDIR}/dropbear  ${D}${sysconfdir}/pam.d/
-	fi
-
-	# deal with systemd unit files
-	install -d ${D}${systemd_system_unitdir}
-	install -m 0644 ${WORKDIR}/dropbearkey.service ${D}${systemd_system_unitdir}
-	install -m 0644 ${WORKDIR}/dropbear@.service ${D}${systemd_system_unitdir}
-	install -m 0644 ${WORKDIR}/dropbear.socket ${D}${systemd_system_unitdir}
-	sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
-		-e 's,@BINDIR@,${bindir},g' \
-		-e 's,@SBINDIR@,${sbindir},g' \
-		${D}${systemd_system_unitdir}/dropbear.socket ${D}${systemd_system_unitdir}/*.service
-}
-
-inherit update-alternatives
-
-ALTERNATIVE_PRIORITY = "20"
-ALTERNATIVE:${PN} = "${@bb.utils.filter('BINCOMMANDS', 'scp ssh', d)}"
-
-ALTERNATIVE_TARGET = "${sbindir}/dropbearmulti"
-
-pkg_postrm:${PN} () {
-  if [ -f "${sysconfdir}/dropbear/dropbear_rsa_host_key" ]; then
-        rm ${sysconfdir}/dropbear/dropbear_rsa_host_key
-  fi
-  if [ -f "${sysconfdir}/dropbear/dropbear_dss_host_key" ]; then
-        rm ${sysconfdir}/dropbear/dropbear_dss_host_key
-  fi
-}
-
-CONFFILES:${PN} = "${sysconfdir}/default/dropbear"
-
-FILES:${PN} += "${bindir}"
diff --git a/meta/recipes-core/dropbear/dropbear_2022.82.bb b/meta/recipes-core/dropbear/dropbear_2022.82.bb
index 154a407a19..e170587d08 100644
--- a/meta/recipes-core/dropbear/dropbear_2022.82.bb
+++ b/meta/recipes-core/dropbear/dropbear_2022.82.bb
@@ -1,3 +1,128 @@
-require dropbear.inc
+SUMMARY = "A lightweight SSH and SCP implementation"
+HOMEPAGE = "http://matt.ucc.asn.au/dropbear/dropbear.html"
+DESCRIPTION = "Dropbear is a relatively small SSH server and client. It runs on a variety of POSIX-based platforms. Dropbear is open source software, distributed under a MIT-style license. Dropbear is particularly useful for "embedded"-type Linux (or other Unix) systems, such as wireless routers."
+SECTION = "console/network"
 
-SRC_URI[sha256sum] = "3a038d2bbc02bf28bbdd20c012091f741a3ec5cbe460691811d714876aad75d1"
+# some files are from other projects and have others license terms:
+#   public domain, OpenSSH 3.5p1, OpenSSH3.6.1p2, PuTTY
+LICENSE = "MIT & BSD-3-Clause & BSD-2-Clause & PD"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=25cf44512b7bc8966a48b6b1a9b7605f"
+
+DEPENDS = "zlib virtual/crypt"
+RPROVIDES:${PN} = "ssh sshd"
+RCONFLICTS:${PN} = "openssh-sshd openssh"
+
+DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
+
+SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \
+           file://0001-urandom-xauth-changes-to-options.h.patch \
+           file://init \
+           file://dropbearkey.service \
+           file://dropbear@.service \
+           file://dropbear.socket \
+           file://dropbear.default \
+           ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
+           ${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} "
+
+PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \
+               file://0006-dropbear-configuration-file.patch \
+               file://dropbear"
+
+PAM_PLUGINS = "libpam-runtime \
+	pam-plugin-deny \
+	pam-plugin-permit \
+	pam-plugin-unix \
+	"
+RDEPENDS:${PN} += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_PLUGINS}', '', d)}"
+
+inherit autotools update-rc.d systemd
+
+CVE_PRODUCT = "dropbear_ssh"
+
+INITSCRIPT_NAME = "dropbear"
+INITSCRIPT_PARAMS = "defaults 10"
+
+SYSTEMD_SERVICE:${PN} = "dropbear.socket"
+
+SBINCOMMANDS = "dropbear dropbearkey dropbearconvert"
+BINCOMMANDS = "dbclient ssh scp"
+EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS} ${BINCOMMANDS}"'
+
+PACKAGECONFIG ?= "disable-weak-ciphers"
+PACKAGECONFIG[system-libtom] = "--disable-bundled-libtom,--enable-bundled-libtom,libtommath libtomcrypt"
+PACKAGECONFIG[disable-weak-ciphers] = ""
+
+EXTRA_OECONF += "\
+ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)}"
+
+# This option appends to CFLAGS and LDFLAGS from OE
+# This is causing [textrel] QA warning
+EXTRA_OECONF += "--disable-harden"
+
+# musl does not implement wtmp/logwtmp APIs
+EXTRA_OECONF:append:libc-musl = " --disable-wtmp --disable-lastlog"
+
+do_install() {
+	install -d ${D}${sysconfdir} \
+		${D}${sysconfdir}/init.d \
+		${D}${sysconfdir}/default \
+		${D}${sysconfdir}/dropbear \
+		${D}${bindir} \
+		${D}${sbindir} \
+		${D}${localstatedir}
+
+	install -m 0644 ${WORKDIR}/dropbear.default ${D}${sysconfdir}/default/dropbear
+
+	install -m 0755 dropbearmulti ${D}${sbindir}/
+
+	for i in ${BINCOMMANDS}
+	do
+		# ssh and scp symlinks are created by update-alternatives
+		if [ $i = ssh ] || [ $i = scp ]; then continue; fi
+		ln -s ${sbindir}/dropbearmulti ${D}${bindir}/$i
+	done
+	for i in ${SBINCOMMANDS}
+	do
+		ln -s ./dropbearmulti ${D}${sbindir}/$i
+	done
+	sed -e 's,/etc,${sysconfdir},g' \
+		-e 's,/usr/sbin,${sbindir},g' \
+		-e 's,/var,${localstatedir},g' \
+		-e 's,/usr/bin,${bindir},g' \
+		-e 's,/usr,${prefix},g' ${WORKDIR}/init > ${D}${sysconfdir}/init.d/dropbear
+	chmod 755 ${D}${sysconfdir}/init.d/dropbear
+	if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then
+		install -d ${D}${sysconfdir}/pam.d
+		install -m 0644 ${WORKDIR}/dropbear  ${D}${sysconfdir}/pam.d/
+	fi
+
+	# deal with systemd unit files
+	install -d ${D}${systemd_system_unitdir}
+	install -m 0644 ${WORKDIR}/dropbearkey.service ${D}${systemd_system_unitdir}
+	install -m 0644 ${WORKDIR}/dropbear@.service ${D}${systemd_system_unitdir}
+	install -m 0644 ${WORKDIR}/dropbear.socket ${D}${systemd_system_unitdir}
+	sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
+		-e 's,@BINDIR@,${bindir},g' \
+		-e 's,@SBINDIR@,${sbindir},g' \
+		${D}${systemd_system_unitdir}/dropbear.socket ${D}${systemd_system_unitdir}/*.service
+}
+
+inherit update-alternatives
+
+ALTERNATIVE_PRIORITY = "20"
+ALTERNATIVE:${PN} = "${@bb.utils.filter('BINCOMMANDS', 'scp ssh', d)}"
+
+ALTERNATIVE_TARGET = "${sbindir}/dropbearmulti"
+
+pkg_postrm:${PN} () {
+  if [ -f "${sysconfdir}/dropbear/dropbear_rsa_host_key" ]; then
+        rm ${sysconfdir}/dropbear/dropbear_rsa_host_key
+  fi
+  if [ -f "${sysconfdir}/dropbear/dropbear_dss_host_key" ]; then
+        rm ${sysconfdir}/dropbear/dropbear_dss_host_key
+  fi
+}
+
+CONFFILES:${PN} = "${sysconfdir}/default/dropbear"
+
+FILES:${PN} += "${bindir}"
-- 
2.30.2

[PATCH 03/45] dropbear: use git to get sources as the website is down

[Alexander Kanavin]

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
---
 meta/recipes-core/dropbear/dropbear_2022.82.bb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-core/dropbear/dropbear_2022.82.bb b/meta/recipes-core/dropbear/dropbear_2022.82.bb
index e170587d08..cff2e6c024 100644
--- a/meta/recipes-core/dropbear/dropbear_2022.82.bb
+++ b/meta/recipes-core/dropbear/dropbear_2022.82.bb
@@ -14,7 +14,7 @@ RCONFLICTS:${PN} = "openssh-sshd openssh"
 
 DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
 
-SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \
+SRC_URI = "git://github.com/mkj/dropbear.git;branch=master;protocol=https \
            file://0001-urandom-xauth-changes-to-options.h.patch \
            file://init \
            file://dropbearkey.service \
@@ -23,6 +23,8 @@ SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \
            file://dropbear.default \
            ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
            ${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} "
+SRCREV = "b8669b063bd2fc1906a13fb4b50c8b4697bf49ce"
+S = "${WORKDIR}/git"
 
 PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \
                file://0006-dropbear-configuration-file.patch \
-- 
2.30.2

[PATCH 04/45] go: update 1.18.4 -> 1.19

[Alexander Kanavin]

Rebase patches.

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
---
 meta/conf/distro/include/tcmode-default.inc   |  2 +-
 .../go/{go-1.18.4.inc => go-1.19.inc}         |  2 +-
 ...ive_1.18.4.bb => go-binary-native_1.19.bb} |  4 +-
 ...an_1.18.4.bb => go-cross-canadian_1.19.bb} |  0
 .../{go-cross_1.18.4.bb => go-cross_1.19.bb}  |  0
 ...crosssdk_1.18.4.bb => go-crosssdk_1.19.bb} |  0
 ...{go-native_1.18.4.bb => go-native_1.19.bb} |  0
 ...o-runtime_1.18.4.bb => go-runtime_1.19.bb} |  0
 ...ent-based-hash-generation-less-pedan.patch | 39 ++++++++------
 ...-to-be-overridden-in-the-environment.patch | 18 ++++---
 ...4-ld-add-soname-to-shareable-objects.patch | 17 +++---
 ...de-CC-when-building-dist-and-go_boot.patch | 12 +++--
 ...dist-separate-host-and-target-builds.patch | 41 +++++++-------
 .../go/go/filter-build-paths.patch            | 53 +++++++++++--------
 .../go/{go_1.18.4.bb => go_1.19.bb}           |  0
 15 files changed, 106 insertions(+), 82 deletions(-)
 rename meta/recipes-devtools/go/{go-1.18.4.inc => go-1.19.inc} (89%)
 rename meta/recipes-devtools/go/{go-binary-native_1.18.4.bb => go-binary-native_1.19.bb} (83%)
 rename meta/recipes-devtools/go/{go-cross-canadian_1.18.4.bb => go-cross-canadian_1.19.bb} (100%)
 rename meta/recipes-devtools/go/{go-cross_1.18.4.bb => go-cross_1.19.bb} (100%)
 rename meta/recipes-devtools/go/{go-crosssdk_1.18.4.bb => go-crosssdk_1.19.bb} (100%)
 rename meta/recipes-devtools/go/{go-native_1.18.4.bb => go-native_1.19.bb} (100%)
 rename meta/recipes-devtools/go/{go-runtime_1.18.4.bb => go-runtime_1.19.bb} (100%)
 rename meta/recipes-devtools/go/{go_1.18.4.bb => go_1.19.bb} (100%)

diff --git a/meta/conf/distro/include/tcmode-default.inc b/meta/conf/distro/include/tcmode-default.inc
index 4477689157..a3227ecb71 100644
--- a/meta/conf/distro/include/tcmode-default.inc
+++ b/meta/conf/distro/include/tcmode-default.inc
@@ -23,7 +23,7 @@ GDBVERSION ?= "12.%"
 GLIBCVERSION ?= "2.35"
 LINUXLIBCVERSION ?= "5.16%"
 QEMUVERSION ?= "7.0%"
-GOVERSION ?= "1.18%"
+GOVERSION ?= "1.19%"
 # This can not use wildcards like 8.0.% since it is also used in mesa to denote
 # llvm version being used, so always bump it with llvm recipe version bump
 LLVMVERSION ?= "14.0.6"
diff --git a/meta/recipes-devtools/go/go-1.18.4.inc b/meta/recipes-devtools/go/go-1.19.inc
similarity index 89%
rename from meta/recipes-devtools/go/go-1.18.4.inc
rename to meta/recipes-devtools/go/go-1.19.inc
index bfda15c54f..3bccfcbecf 100644
--- a/meta/recipes-devtools/go/go-1.18.4.inc
+++ b/meta/recipes-devtools/go/go-1.19.inc
@@ -15,4 +15,4 @@ SRC_URI += "\
     file://0001-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \
     file://filter-build-paths.patch \
 "
-SRC_URI[main.sha256sum] = "4525aa6b0e3cecb57845f4060a7075aafc9ab752bb7b6b4cf8a212d43078e1e4"
+SRC_URI[main.sha256sum] = "9419cc70dc5a2523f29a77053cafff658ed21ef3561d9b6b020280ebceab28b9"
diff --git a/meta/recipes-devtools/go/go-binary-native_1.18.4.bb b/meta/recipes-devtools/go/go-binary-native_1.19.bb
similarity index 83%
rename from meta/recipes-devtools/go/go-binary-native_1.18.4.bb
rename to meta/recipes-devtools/go/go-binary-native_1.19.bb
index 252c467a00..ca424a66b8 100644
--- a/meta/recipes-devtools/go/go-binary-native_1.18.4.bb
+++ b/meta/recipes-devtools/go/go-binary-native_1.19.bb
@@ -8,8 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707"
 PROVIDES = "go-native"
 
 SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}"
-SRC_URI[go_linux_amd64.sha256sum] = "c9b099b68d93f5c5c8a8844a89f8db07eaa58270e3a1e01804f17f4cf8df02f5"
-SRC_URI[go_linux_arm64.sha256sum] = "35014d92b50d97da41dade965df7ebeb9a715da600206aa59ce1b2d05527421f"
+SRC_URI[go_linux_amd64.sha256sum] = "464b6b66591f6cf055bc5df90a9750bf5fbc9d038722bb84a9d56a2bea974be6"
+SRC_URI[go_linux_arm64.sha256sum] = "efa97fac9574fc6ef6c9ff3e3758fb85f1439b046573bf434cccb5e012bd00c8"
 
 UPSTREAM_CHECK_URI = "https://golang.org/dl/"
 UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux"
diff --git a/meta/recipes-devtools/go/go-cross-canadian_1.18.4.bb b/meta/recipes-devtools/go/go-cross-canadian_1.19.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-cross-canadian_1.18.4.bb
rename to meta/recipes-devtools/go/go-cross-canadian_1.19.bb
diff --git a/meta/recipes-devtools/go/go-cross_1.18.4.bb b/meta/recipes-devtools/go/go-cross_1.19.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-cross_1.18.4.bb
rename to meta/recipes-devtools/go/go-cross_1.19.bb
diff --git a/meta/recipes-devtools/go/go-crosssdk_1.18.4.bb b/meta/recipes-devtools/go/go-crosssdk_1.19.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-crosssdk_1.18.4.bb
rename to meta/recipes-devtools/go/go-crosssdk_1.19.bb
diff --git a/meta/recipes-devtools/go/go-native_1.18.4.bb b/meta/recipes-devtools/go/go-native_1.19.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-native_1.18.4.bb
rename to meta/recipes-devtools/go/go-native_1.19.bb
diff --git a/meta/recipes-devtools/go/go-runtime_1.18.4.bb b/meta/recipes-devtools/go/go-runtime_1.19.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-runtime_1.18.4.bb
rename to meta/recipes-devtools/go/go-runtime_1.19.bb
diff --git a/meta/recipes-devtools/go/go/0001-cmd-go-make-content-based-hash-generation-less-pedan.patch b/meta/recipes-devtools/go/go/0001-cmd-go-make-content-based-hash-generation-less-pedan.patch
index f9db5df4eb..8cbed93017 100644
--- a/meta/recipes-devtools/go/go/0001-cmd-go-make-content-based-hash-generation-less-pedan.patch
+++ b/meta/recipes-devtools/go/go/0001-cmd-go-make-content-based-hash-generation-less-pedan.patch
@@ -1,4 +1,4 @@
-From 61de6067f5ad127d246543527947a357647f95e5 Mon Sep 17 00:00:00 2001
+From a3db4da51df37d163ff9e8c1e1057280c648c545 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Mon, 28 Mar 2022 10:59:03 -0700
 Subject: [PATCH] cmd/go: make content-based hash generation less pedantic
@@ -25,14 +25,17 @@ Upstream-Status: Inappropriate [OE specific]
 Signed-off-by: Alex Kube <alexander.j.kube@gmail.com>
 Signed-off-by: Matt Madison <matt@madison.systems>
 Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
 ---
  src/cmd/go/internal/envcmd/env.go |  2 +-
- src/cmd/go/internal/work/exec.go  | 42 +++++++++++++++++++++++++------
- 2 files changed, 35 insertions(+), 9 deletions(-)
+ src/cmd/go/internal/work/exec.go  | 42 ++++++++++++++++++++++++-------
+ 2 files changed, 34 insertions(+), 10 deletions(-)
 
+diff --git a/src/cmd/go/internal/envcmd/env.go b/src/cmd/go/internal/envcmd/env.go
+index 529351d..df791b0 100644
 --- a/src/cmd/go/internal/envcmd/env.go
 +++ b/src/cmd/go/internal/envcmd/env.go
-@@ -169,7 +169,7 @@ func ExtraEnvVars() []cfg.EnvVar {
+@@ -176,7 +176,7 @@ func ExtraEnvVars() []cfg.EnvVar {
  func ExtraEnvVarsCostly() []cfg.EnvVar {
  	var b work.Builder
  	b.Init()
@@ -41,9 +44,11 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
  	if err != nil {
  		// Should not happen - b.CFlags was given an empty package.
  		fmt.Fprintf(os.Stderr, "go: invalid cflags: %v\n", err)
+diff --git a/src/cmd/go/internal/work/exec.go b/src/cmd/go/internal/work/exec.go
+index c88b315..a06455c 100644
 --- a/src/cmd/go/internal/work/exec.go
 +++ b/src/cmd/go/internal/work/exec.go
-@@ -213,6 +213,8 @@ func (b *Builder) Do(ctx context.Context
+@@ -213,6 +213,8 @@ func (b *Builder) Do(ctx context.Context, root *Action) {
  	writeActionGraph()
  }
  
@@ -52,7 +57,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
  // buildActionID computes the action ID for a build action.
  func (b *Builder) buildActionID(a *Action) cache.ActionID {
  	p := a.Package
-@@ -234,7 +236,7 @@ func (b *Builder) buildActionID(a *Actio
+@@ -234,7 +236,7 @@ func (b *Builder) buildActionID(a *Action) cache.ActionID {
  		if p.Module != nil {
  			fmt.Fprintf(h, "module %s@%s\n", p.Module.Path, p.Module.Version)
  		}
@@ -61,7 +66,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
  		// The Go compiler always hides the exact value of $GOROOT
  		// when building things in GOROOT.
  		//
-@@ -266,9 +268,9 @@ func (b *Builder) buildActionID(a *Actio
+@@ -266,9 +268,9 @@ func (b *Builder) buildActionID(a *Action) cache.ActionID {
  	}
  	if len(p.CgoFiles)+len(p.SwigFiles)+len(p.SwigCXXFiles) > 0 {
  		fmt.Fprintf(h, "cgo %q\n", b.toolID("cgo"))
@@ -73,7 +78,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
  		fmt.Fprintf(h, "CC=%q %q %q %q\n", ccExe, cppflags, cflags, ldflags)
  		// Include the C compiler tool ID so that if the C
  		// compiler changes we rebuild the package.
-@@ -281,14 +283,14 @@ func (b *Builder) buildActionID(a *Actio
+@@ -281,14 +283,14 @@ func (b *Builder) buildActionID(a *Action) cache.ActionID {
  			}
  		}
  		if len(p.CXXFiles)+len(p.SwigCXXFiles) > 0 {
@@ -90,16 +95,16 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
  			fmt.Fprintf(h, "FC=%q %q\n", fcExe, fflags)
  			if fcID, err := b.gccToolID(fcExe[0], "f95"); err == nil {
  				fmt.Fprintf(h, "FC ID=%q\n", fcID)
-@@ -304,7 +306,7 @@ func (b *Builder) buildActionID(a *Actio
- 			fmt.Fprintf(h, "fuzz %q\n", fuzzFlags)
+@@ -305,7 +307,7 @@ func (b *Builder) buildActionID(a *Action) cache.ActionID {
  		}
  	}
--	fmt.Fprintf(h, "modinfo %q\n", p.Internal.BuildInfo)
-+	//fmt.Fprintf(h, "modinfo %q\n", p.Internal.BuildInfo)
+ 	if p.Internal.BuildInfo != "" {
+-		fmt.Fprintf(h, "modinfo %q\n", p.Internal.BuildInfo)
++		//fmt.Fprintf(h, "modinfo %q\n", p.Internal.BuildInfo)
+ 	}
  
  	// Configuration specific to compiler toolchain.
- 	switch cfg.BuildToolchainName {
-@@ -2679,8 +2681,23 @@ func envList(key, def string) []string {
+@@ -2705,8 +2707,23 @@ func envList(key, def string) []string {
  	return args
  }
  
@@ -124,7 +129,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
  	defaults := "-g -O2"
  
  	if cppflags, err = buildFlags("CPPFLAGS", "", p.CgoCPPFLAGS, checkCompilerFlags); err != nil {
-@@ -2698,6 +2715,13 @@ func (b *Builder) CFlags(p *load.Package
+@@ -2724,6 +2741,13 @@ func (b *Builder) CFlags(p *load.Package) (cppflags, cflags, cxxflags, fflags, l
  	if ldflags, err = buildFlags("LDFLAGS", defaults, p.CgoLDFLAGS, checkLinkerFlags); err != nil {
  		return
  	}
@@ -138,7 +143,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
  
  	return
  }
-@@ -2713,7 +2737,7 @@ var cgoRe = lazyregexp.New(`[/\\:]`)
+@@ -2739,7 +2763,7 @@ var cgoRe = lazyregexp.New(`[/\\:]`)
  
  func (b *Builder) cgo(a *Action, cgoExe, objdir string, pcCFLAGS, pcLDFLAGS, cgofiles, gccfiles, gxxfiles, mfiles, ffiles []string) (outGo, outObj []string, err error) {
  	p := a.Package
@@ -147,7 +152,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
  	if err != nil {
  		return nil, nil, err
  	}
-@@ -3174,7 +3198,7 @@ func (b *Builder) swigIntSize(objdir str
+@@ -3246,7 +3270,7 @@ func (b *Builder) swigIntSize(objdir string) (intsize string, err error) {
  
  // Run SWIG on one SWIG input file.
  func (b *Builder) swigOne(a *Action, p *load.Package, file, objdir string, pcCFLAGS []string, cxx bool, intgosize string) (outGo, outC string, err error) {
diff --git a/meta/recipes-devtools/go/go/0003-allow-GOTOOLDIR-to-be-overridden-in-the-environment.patch b/meta/recipes-devtools/go/go/0003-allow-GOTOOLDIR-to-be-overridden-in-the-environment.patch
index c3ccffc3e9..30068d8e74 100644
--- a/meta/recipes-devtools/go/go/0003-allow-GOTOOLDIR-to-be-overridden-in-the-environment.patch
+++ b/meta/recipes-devtools/go/go/0003-allow-GOTOOLDIR-to-be-overridden-in-the-environment.patch
@@ -1,4 +1,4 @@
-From 8512964c0bfdfc3c9c3805743ea7de551a1d476a Mon Sep 17 00:00:00 2001
+From 7e0136a882757da0a374ab8592209586eced0e1c Mon Sep 17 00:00:00 2001
 From: Alex Kube <alexander.j.kube@gmail.com>
 Date: Wed, 23 Oct 2019 21:15:37 +0430
 Subject: [PATCH] cmd/go: Allow GOTOOLDIR to be overridden in the environment
@@ -18,9 +18,11 @@ Signed-off-by: Alexander J Kube <alexander.j.kube@gmail.com>
  src/cmd/go/internal/cfg/cfg.go | 6 +++++-
  2 files changed, 8 insertions(+), 2 deletions(-)
 
+diff --git a/src/cmd/dist/build.go b/src/cmd/dist/build.go
+index 7c44c4a..3024d0c 100644
 --- a/src/cmd/dist/build.go
 +++ b/src/cmd/dist/build.go
-@@ -251,7 +251,9 @@ func xinit() {
+@@ -264,7 +264,9 @@ func xinit() {
  	}
  	xatexit(rmworkdir)
  
@@ -31,18 +33,20 @@ Signed-off-by: Alexander J Kube <alexander.j.kube@gmail.com>
  }
  
  // compilerEnv returns a map from "goos/goarch" to the
+diff --git a/src/cmd/go/internal/cfg/cfg.go b/src/cmd/go/internal/cfg/cfg.go
+index c6ddfe5..605adb1 100644
 --- a/src/cmd/go/internal/cfg/cfg.go
 +++ b/src/cmd/go/internal/cfg/cfg.go
-@@ -76,7 +76,11 @@ func defaultContext() build.Context {
+@@ -162,7 +162,11 @@ func SetGOROOT(goroot string) {
  		// variables. This matches the initialization of ToolDir in
- 		// go/build, except for using ctxt.GOROOT rather than
+ 		// go/build, except for using BuildContext.GOROOT rather than
  		// runtime.GOROOT.
--		build.ToolDir = filepath.Join(ctxt.GOROOT, "pkg/tool/"+runtime.GOOS+"_"+runtime.GOARCH)
+-		build.ToolDir = filepath.Join(goroot, "pkg/tool/"+runtime.GOOS+"_"+runtime.GOARCH)
 +		if s := os.Getenv("GOTOOLDIR"); s != "" {
 +			build.ToolDir = filepath.Clean(s)
 +		} else {
-+			build.ToolDir = filepath.Join(ctxt.GOROOT, "pkg/tool/"+runtime.GOOS+"_"+runtime.GOARCH)
++			build.ToolDir = filepath.Join(goroot, "pkg/tool/"+runtime.GOOS+"_"+runtime.GOARCH)
 +		}
  	}
+ }
  
- 	ctxt.GOPATH = envOr("GOPATH", gopath(ctxt))
diff --git a/meta/recipes-devtools/go/go/0004-ld-add-soname-to-shareable-objects.patch b/meta/recipes-devtools/go/go/0004-ld-add-soname-to-shareable-objects.patch
index 058fa64225..b700634910 100644
--- a/meta/recipes-devtools/go/go/0004-ld-add-soname-to-shareable-objects.patch
+++ b/meta/recipes-devtools/go/go/0004-ld-add-soname-to-shareable-objects.patch
@@ -1,7 +1,7 @@
-From bf5cf5301ae5914498454c87293d1df2e1d8489f Mon Sep 17 00:00:00 2001
+From 68867eae5d3a51f32b2a2e16374323338408781e Mon Sep 17 00:00:00 2001
 From: Alex Kube <alexander.j.kube@gmail.com>
 Date: Wed, 23 Oct 2019 21:16:32 +0430
-Subject: [PATCH 4/9] ld: add soname to shareable objects
+Subject: [PATCH] ld: add soname to shareable objects
 
 so that OE's shared library dependency handling
 can find them.
@@ -13,21 +13,24 @@ Matt Madison <matt@madison.systems>.
 Upstream-Status: Inappropriate [OE specific]
 
 Signed-off-by: Alexander J Kube <alexander.j.kube@gmail.com>
+
 ---
  src/cmd/link/internal/ld/lib.go | 3 +++
  1 file changed, 3 insertions(+)
 
+diff --git a/src/cmd/link/internal/ld/lib.go b/src/cmd/link/internal/ld/lib.go
+index 18910dd..b2e1d36 100644
 --- a/src/cmd/link/internal/ld/lib.go
 +++ b/src/cmd/link/internal/ld/lib.go
-@@ -1347,6 +1347,7 @@ func (ctxt *Link) hostlink() {
+@@ -1459,6 +1459,7 @@ func (ctxt *Link) hostlink() {
  				argv = append(argv, "-Wl,-z,relro")
  			}
  			argv = append(argv, "-shared")
 +			argv = append(argv, fmt.Sprintf("-Wl,-soname,%s", filepath.Base(*flagOutfile)))
  			if ctxt.HeadType == objabi.Hwindows {
- 				if *flagAslr {
- 					argv = addASLRargs(argv)
-@@ -1364,6 +1365,7 @@ func (ctxt *Link) hostlink() {
+ 				argv = addASLRargs(argv, *flagAslr)
+ 			} else {
+@@ -1474,6 +1475,7 @@ func (ctxt *Link) hostlink() {
  			argv = append(argv, "-Wl,-z,relro")
  		}
  		argv = append(argv, "-shared")
@@ -35,7 +38,7 @@ Signed-off-by: Alexander J Kube <alexander.j.kube@gmail.com>
  	case BuildModePlugin:
  		if ctxt.HeadType == objabi.Hdarwin {
  			argv = append(argv, "-dynamiclib")
-@@ -1372,6 +1374,7 @@ func (ctxt *Link) hostlink() {
+@@ -1482,6 +1484,7 @@ func (ctxt *Link) hostlink() {
  				argv = append(argv, "-Wl,-z,relro")
  			}
  			argv = append(argv, "-shared")
diff --git a/meta/recipes-devtools/go/go/0005-make.bash-override-CC-when-building-dist-and-go_boot.patch b/meta/recipes-devtools/go/go/0005-make.bash-override-CC-when-building-dist-and-go_boot.patch
index a6937672f5..608f1eb5a0 100644
--- a/meta/recipes-devtools/go/go/0005-make.bash-override-CC-when-building-dist-and-go_boot.patch
+++ b/meta/recipes-devtools/go/go/0005-make.bash-override-CC-when-building-dist-and-go_boot.patch
@@ -1,4 +1,4 @@
-From 153e2dda6103fd9dd871be4bb495a8da5328301e Mon Sep 17 00:00:00 2001
+From 8f020921c464e95ded850950382115154448580a Mon Sep 17 00:00:00 2001
 From: Alex Kube <alexander.j.kube@gmail.com>
 Date: Wed, 23 Oct 2019 21:17:16 +0430
 Subject: [PATCH] make.bash: override CC when building dist and go_bootstrap
@@ -17,18 +17,20 @@ Signed-off-by: Alexander J Kube <alexander.j.kube@gmail.com>
  src/make.bash | 4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)
 
+diff --git a/src/make.bash b/src/make.bash
+index ab2ce19..37ec1fb 100755
 --- a/src/make.bash
 +++ b/src/make.bash
-@@ -195,7 +195,7 @@ if [ "$GOROOT_BOOTSTRAP" = "$GOROOT" ];
+@@ -198,7 +198,7 @@ if [ "$GOROOT_BOOTSTRAP" = "$GOROOT" ]; then
  	exit 1
  fi
  rm -f cmd/dist/dist
--GOROOT="$GOROOT_BOOTSTRAP" GOOS="" GOARCH="" GO111MODULE=off "$GOROOT_BOOTSTRAP/bin/go" build -o cmd/dist/dist ./cmd/dist
-+CC="${BUILD_CC:-${CC}}" GOROOT="$GOROOT_BOOTSTRAP" GOOS="" GOARCH="" GO111MODULE=off "$GOROOT_BOOTSTRAP/bin/go" build -o cmd/dist/dist ./cmd/dist
+-GOROOT="$GOROOT_BOOTSTRAP" GOOS="" GOARCH="" GO111MODULE=off GOEXPERIMENT="" GOENV=off GOFLAGS="" "$GOROOT_BOOTSTRAP/bin/go" build -o cmd/dist/dist ./cmd/dist
++CC="${BUILD_CC:-${CC}}" GOROOT="$GOROOT_BOOTSTRAP" GOOS="" GOARCH="" GO111MODULE=off GOEXPERIMENT="" GOENV=off GOFLAGS="" "$GOROOT_BOOTSTRAP/bin/go" build -o cmd/dist/dist ./cmd/dist
  
  # -e doesn't propagate out of eval, so check success by hand.
  eval $(./cmd/dist/dist env -p || echo FAIL=true)
-@@ -220,7 +220,7 @@ fi
+@@ -223,7 +223,7 @@ fi
  # Run dist bootstrap to complete make.bash.
  # Bootstrap installs a proper cmd/dist, built with the new toolchain.
  # Throw ours, built with Go 1.4, away after bootstrap.
diff --git a/meta/recipes-devtools/go/go/0006-cmd-dist-separate-host-and-target-builds.patch b/meta/recipes-devtools/go/go/0006-cmd-dist-separate-host-and-target-builds.patch
index ee743ab990..2c864baa0e 100644
--- a/meta/recipes-devtools/go/go/0006-cmd-dist-separate-host-and-target-builds.patch
+++ b/meta/recipes-devtools/go/go/0006-cmd-dist-separate-host-and-target-builds.patch
@@ -1,4 +1,4 @@
-From 7bc891e00be4263311d75aa2b2ee6a3b7b75355f Mon Sep 17 00:00:00 2001
+From ef5fddafdec78cab9963d21736e64d71ca520bcc Mon Sep 17 00:00:00 2001
 From: Alex Kube <alexander.j.kube@gmail.com>
 Date: Wed, 23 Oct 2019 21:18:12 +0430
 Subject: [PATCH] cmd/dist: separate host and target builds
@@ -36,12 +36,14 @@ Matt Madison <matt@madison.systems>.
 Signed-off-by: Alexander J Kube <alexander.j.kube@gmail.com>
 
 ---
- src/cmd/dist/build.go | 156 ++++++++++++++++++++++++++++++------------
- 1 file changed, 113 insertions(+), 43 deletions(-)
+ src/cmd/dist/build.go | 154 ++++++++++++++++++++++++++++++------------
+ 1 file changed, 112 insertions(+), 42 deletions(-)
 
+diff --git a/src/cmd/dist/build.go b/src/cmd/dist/build.go
+index 3024d0c..45ebee0 100644
 --- a/src/cmd/dist/build.go
 +++ b/src/cmd/dist/build.go
-@@ -44,6 +44,7 @@ var (
+@@ -45,6 +45,7 @@ var (
  	goexperiment     string
  	workdir          string
  	tooldir          string
@@ -49,7 +51,7 @@ Signed-off-by: Alexander J Kube <alexander.j.kube@gmail.com>
  	oldgoos          string
  	oldgoarch        string
  	exe              string
-@@ -54,6 +55,7 @@ var (
+@@ -55,6 +56,7 @@ var (
  
  	rebuildall   bool
  	defaultclang bool
@@ -57,7 +59,7 @@ Signed-off-by: Alexander J Kube <alexander.j.kube@gmail.com>
  
  	vflag int // verbosity
  )
-@@ -254,6 +256,8 @@ func xinit() {
+@@ -267,6 +269,8 @@ func xinit() {
  	if tooldir = os.Getenv("GOTOOLDIR"); tooldir == "" {
  		tooldir = pathf("%s/pkg/tool/%s_%s", goroot, gohostos, gohostarch)
  	}
@@ -66,7 +68,7 @@ Signed-off-by: Alexander J Kube <alexander.j.kube@gmail.com>
  }
  
  // compilerEnv returns a map from "goos/goarch" to the
-@@ -499,8 +503,10 @@ func setup() {
+@@ -468,8 +472,10 @@ func setup() {
  	p := pathf("%s/pkg/%s_%s", goroot, gohostos, gohostarch)
  	if rebuildall {
  		xremoveall(p)
@@ -77,7 +79,7 @@ Signed-off-by: Alexander J Kube <alexander.j.kube@gmail.com>
  
  	if goos != gohostos || goarch != gohostarch {
  		p := pathf("%s/pkg/%s_%s", goroot, goos, goarch)
-@@ -1252,17 +1258,35 @@ func cmdbootstrap() {
+@@ -1248,17 +1254,35 @@ func cmdbootstrap() {
  
  	var noBanner, noClean bool
  	var debug bool
@@ -114,7 +116,7 @@ Signed-off-by: Alexander J Kube <alexander.j.kube@gmail.com>
  	// Set GOPATH to an internal directory. We shouldn't actually
  	// need to store files here, since the toolchain won't
  	// depend on modules outside of vendor directories, but if
-@@ -1330,8 +1354,13 @@ func cmdbootstrap() {
+@@ -1326,8 +1350,13 @@ func cmdbootstrap() {
  		xprintf("\n")
  	}
  
@@ -128,9 +130,9 @@ Signed-off-by: Alexander J Kube <alexander.j.kube@gmail.com>
 +		goldflags = os.Getenv("GO_LDFLAGS") // we were using $BOOT_GO_LDFLAGS until now
 +	}
  	goBootstrap := pathf("%s/go_bootstrap", tooldir)
- 	cmdGo := pathf("%s/go", gobin)
+ 	cmdGo := pathf("%s/go", gorootBin)
  	if debug {
-@@ -1360,7 +1389,11 @@ func cmdbootstrap() {
+@@ -1356,7 +1385,11 @@ func cmdbootstrap() {
  		xprintf("\n")
  	}
  	xprintf("Building Go toolchain2 using go_bootstrap and Go toolchain1.\n")
@@ -143,7 +145,7 @@ Signed-off-by: Alexander J Kube <alexander.j.kube@gmail.com>
  	// Now that cmd/go is in charge of the build process, enable GOEXPERIMENT.
  	os.Setenv("GOEXPERIMENT", goexperiment)
  	goInstall(goBootstrap, append([]string{"-i"}, toolchain...)...)
-@@ -1399,50 +1432,84 @@ func cmdbootstrap() {
+@@ -1395,50 +1428,84 @@ func cmdbootstrap() {
  	}
  	checkNotStale(goBootstrap, append(toolchain, "runtime/internal/sys")...)
  
@@ -235,7 +237,12 @@ Signed-off-by: Alexander J Kube <alexander.j.kube@gmail.com>
 -		timelog("build", "target toolchain")
 -		if vflag > 0 {
 -			xprintf("\n")
--		}
++		if debug {
++			run("", ShowOutput|CheckExit, pathf("%s/compile", tooldir), "-V=full")
++			run("", ShowOutput|CheckExit, pathf("%s/buildid", tooldir), pathf("%s/pkg/%s_%s/runtime/internal/sys.a", goroot, goos, goarch))
++			checkNotStale(goBootstrap, append(toolchain, "runtime/internal/sys")...)
++			copyfile(pathf("%s/compile4", tooldir), pathf("%s/compile", tooldir), writeExec)
+ 		}
 -		goos = oldgoos
 -		goarch = oldgoarch
 -		os.Setenv("GOOS", goos)
@@ -256,16 +263,10 @@ Signed-off-by: Alexander J Kube <alexander.j.kube@gmail.com>
 -		run("", ShowOutput|CheckExit, pathf("%s/buildid", tooldir), pathf("%s/pkg/%s_%s/runtime/internal/sys.a", goroot, goos, goarch))
 -		checkNotStale(goBootstrap, append(toolchain, "runtime/internal/sys")...)
 -		copyfile(pathf("%s/compile4", tooldir), pathf("%s/compile", tooldir), writeExec)
-+		if debug {
-+			run("", ShowOutput|CheckExit, pathf("%s/compile", tooldir), "-V=full")
-+			run("", ShowOutput|CheckExit, pathf("%s/buildid", tooldir), pathf("%s/pkg/%s_%s/runtime/internal/sys.a", goroot, goos, goarch))
-+			checkNotStale(goBootstrap, append(toolchain, "runtime/internal/sys")...)
-+			copyfile(pathf("%s/compile4", tooldir), pathf("%s/compile", tooldir), writeExec)
-+		}
  	}
  
  	// Check that there are no new files in $GOROOT/bin other than
-@@ -1459,8 +1526,11 @@ func cmdbootstrap() {
+@@ -1455,8 +1522,11 @@ func cmdbootstrap() {
  		}
  	}
  
diff --git a/meta/recipes-devtools/go/go/filter-build-paths.patch b/meta/recipes-devtools/go/go/filter-build-paths.patch
index caf727714e..a1aa37c2a4 100644
--- a/meta/recipes-devtools/go/go/filter-build-paths.patch
+++ b/meta/recipes-devtools/go/go/filter-build-paths.patch
@@ -1,3 +1,8 @@
+From 3bdbce685c688a27eece36ccc8be9b50b4849498 Mon Sep 17 00:00:00 2001
+From: Richard Purdie <richard.purdie@linuxfoundation.org>
+Date: Sat, 2 Jul 2022 23:08:13 +0100
+Subject: [PATCH] go: Filter build paths on staticly linked arches
+
 Filter out build time paths from ldflags and other flags variables when they're
 embedded in the go binary so that builds are reproducible regardless of build
 location. This codepath is hit for statically linked go binaries such as those
@@ -6,11 +11,15 @@ on mips/ppc.
 Upstream-Status: Pending
 Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 
-Index: go/src/cmd/go/internal/load/pkg.go
-===================================================================
---- go.orig/src/cmd/go/internal/load/pkg.go
-+++ go/src/cmd/go/internal/load/pkg.go
-@@ -2225,6 +2225,17 @@ func (p *Package) collectDeps() {
+---
+ src/cmd/go/internal/load/pkg.go | 15 +++++++++++++--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/src/cmd/go/internal/load/pkg.go b/src/cmd/go/internal/load/pkg.go
+index 046f508..353cbc4 100644
+--- a/src/cmd/go/internal/load/pkg.go
++++ b/src/cmd/go/internal/load/pkg.go
+@@ -2256,6 +2256,17 @@ func (p *Package) collectDeps() {
  // to their VCS information (vcsStatusError).
  var vcsStatusCache par.Cache
  
@@ -28,21 +37,21 @@ Index: go/src/cmd/go/internal/load/pkg.go
  // setBuildInfo gathers build information, formats it as a string to be
  // embedded in the binary, then sets p.Internal.BuildInfo to that string.
  // setBuildInfo should only be called on a main package with no errors.
-@@ -2329,7 +2340,7 @@ func (p *Package) setBuildInfo(includeVC
- 			appendSetting("-gcflags", BuildGcflags.String())
- 		}
- 		if BuildLdflags.present {
--			appendSetting("-ldflags", BuildLdflags.String())
-+			appendSetting("-ldflags", filterCompilerFlags(BuildLdflags.String()))
- 		}
- 		if cfg.BuildMSan {
- 			appendSetting("-msan", "true")
-@@ -2347,7 +2358,7 @@ func (p *Package) setBuildInfo(includeVC
- 		appendSetting("CGO_ENABLED", cgo)
- 		if cfg.BuildContext.CgoEnabled {
- 			for _, name := range []string{"CGO_CFLAGS", "CGO_CPPFLAGS", "CGO_CXXFLAGS", "CGO_LDFLAGS"} {
--				appendSetting(name, cfg.Getenv(name))
-+				appendSetting(name, filterCompilerFlags(cfg.Getenv(name)))
- 			}
+@@ -2353,7 +2364,7 @@ func (p *Package) setBuildInfo(includeVCS bool) {
+ 	if gcflags := BuildGcflags.String(); gcflags != "" && cfg.BuildContext.Compiler == "gc" {
+ 		appendSetting("-gcflags", gcflags)
+ 	}
+-	if ldflags := BuildLdflags.String(); ldflags != "" {
++	if ldflags := filterCompilerFlags(BuildLdflags.String()); ldflags != "" {
+ 		// https://go.dev/issue/52372: only include ldflags if -trimpath is not set,
+ 		// since it can include system paths through various linker flags (notably
+ 		// -extar, -extld, and -extldflags).
+@@ -2392,7 +2403,7 @@ func (p *Package) setBuildInfo(includeVCS bool) {
+ 	// subset of flags that are known not to be paths?
+ 	if cfg.BuildContext.CgoEnabled && !cfg.BuildTrimpath {
+ 		for _, name := range []string{"CGO_CFLAGS", "CGO_CPPFLAGS", "CGO_CXXFLAGS", "CGO_LDFLAGS"} {
+-			appendSetting(name, cfg.Getenv(name))
++			appendSetting(name, filterCompilerFlags(cfg.Getenv(name)))
  		}
- 		appendSetting("GOARCH", cfg.BuildContext.GOARCH)
+ 	}
+ 	appendSetting("GOARCH", cfg.BuildContext.GOARCH)
diff --git a/meta/recipes-devtools/go/go_1.18.4.bb b/meta/recipes-devtools/go/go_1.19.bb
similarity index 100%
rename from meta/recipes-devtools/go/go_1.18.4.bb
rename to meta/recipes-devtools/go/go_1.19.bb
-- 
2.30.2

[PATCH 05/45] go fix 2

[Alexander Kanavin]

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
---
 meta/recipes-devtools/go/go-1.19.inc          |  1 +
 .../go/go/stack-protector.patch               | 32 +++++++++++++++++++
 2 files changed, 33 insertions(+)
 create mode 100644 meta/recipes-devtools/go/go/stack-protector.patch

diff --git a/meta/recipes-devtools/go/go-1.19.inc b/meta/recipes-devtools/go/go-1.19.inc
index 3bccfcbecf..f733a807b4 100644
--- a/meta/recipes-devtools/go/go-1.19.inc
+++ b/meta/recipes-devtools/go/go-1.19.inc
@@ -14,5 +14,6 @@ SRC_URI += "\
     file://0001-exec.go-do-not-write-linker-flags-into-buildids.patch \
     file://0001-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \
     file://filter-build-paths.patch \
+    file://stack-protector.patch \
 "
 SRC_URI[main.sha256sum] = "9419cc70dc5a2523f29a77053cafff658ed21ef3561d9b6b020280ebceab28b9"
diff --git a/meta/recipes-devtools/go/go/stack-protector.patch b/meta/recipes-devtools/go/go/stack-protector.patch
new file mode 100644
index 0000000000..cc92a444a7
--- /dev/null
+++ b/meta/recipes-devtools/go/go/stack-protector.patch
@@ -0,0 +1,32 @@
+From c537b87782293fe222f2ef5eb1ae818092118e97 Mon Sep 17 00:00:00 2001
+From: Ian Lance Taylor <iant@golang.org>
+Date: Sun, 07 Aug 2022 19:21:15 -0700
+Subject: [PATCH] runtime/cgo: add -fno-stack-protector to CFLAGS
+
+Some compilers default to having -fstack-protector on, which breaks
+when using internal linking because the linker doesn't know how to
+find the support functions.
+
+Fixes #52919
+Fixes #54313
+
+Change-Id: I6f51d5e906503f61fc768ad8e30c163bad135087
+Upstream-Status: Submitted [https://github.com/golang/go/issues/54313]
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+---
+
+diff --git a/src/runtime/cgo/cgo.go b/src/runtime/cgo/cgo.go
+index 298aa63..4b7046e 100644
+--- a/src/runtime/cgo/cgo.go
++++ b/src/runtime/cgo/cgo.go
+@@ -23,7 +23,9 @@
+ #cgo solaris LDFLAGS: -lxnet
+ #cgo solaris LDFLAGS: -lsocket
+ 
+-#cgo CFLAGS: -Wall -Werror
++// We use -fno-stack-protector because internal linking won't find
++// the support functions. See issues #52919 and #54313.
++#cgo CFLAGS: -Wall -Werror -fno-stack-protector
+ 
+ #cgo solaris CPPFLAGS: -D_POSIX_PTHREAD_SEMANTICS
+ 
-- 
2.30.2

[PATCH 06/45] rust: update 1.62.0 -> 1.62.1

[Alexander Kanavin]

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
---
 ...-cross-canadian_1.62.0.bb => cargo-cross-canadian_1.62.1.bb} | 0
 .../recipes-devtools/cargo/{cargo_1.62.0.bb => cargo_1.62.1.bb} | 0
 .../rust/{libstd-rs_1.62.0.bb => libstd-rs_1.62.1.bb}           | 0
 ...t-cross-canadian_1.62.0.bb => rust-cross-canadian_1.62.1.bb} | 0
 .../rust/{rust-cross_1.62.0.bb => rust-cross_1.62.1.bb}         | 0
 .../rust/{rust-crosssdk_1.62.0.bb => rust-crosssdk_1.62.1.bb}   | 0
 .../rust/{rust-llvm_1.62.0.bb => rust-llvm_1.62.1.bb}           | 0
 meta/recipes-devtools/rust/rust-source.inc                      | 2 +-
 ...s-canadian_1.62.0.bb => rust-tools-cross-canadian_1.62.1.bb} | 0
 meta/recipes-devtools/rust/{rust_1.62.0.bb => rust_1.62.1.bb}   | 0
 10 files changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-devtools/cargo/{cargo-cross-canadian_1.62.0.bb => cargo-cross-canadian_1.62.1.bb} (100%)
 rename meta/recipes-devtools/cargo/{cargo_1.62.0.bb => cargo_1.62.1.bb} (100%)
 rename meta/recipes-devtools/rust/{libstd-rs_1.62.0.bb => libstd-rs_1.62.1.bb} (100%)
 rename meta/recipes-devtools/rust/{rust-cross-canadian_1.62.0.bb => rust-cross-canadian_1.62.1.bb} (100%)
 rename meta/recipes-devtools/rust/{rust-cross_1.62.0.bb => rust-cross_1.62.1.bb} (100%)
 rename meta/recipes-devtools/rust/{rust-crosssdk_1.62.0.bb => rust-crosssdk_1.62.1.bb} (100%)
 rename meta/recipes-devtools/rust/{rust-llvm_1.62.0.bb => rust-llvm_1.62.1.bb} (100%)
 rename meta/recipes-devtools/rust/{rust-tools-cross-canadian_1.62.0.bb => rust-tools-cross-canadian_1.62.1.bb} (100%)
 rename meta/recipes-devtools/rust/{rust_1.62.0.bb => rust_1.62.1.bb} (100%)

diff --git a/meta/recipes-devtools/cargo/cargo-cross-canadian_1.62.0.bb b/meta/recipes-devtools/cargo/cargo-cross-canadian_1.62.1.bb
similarity index 100%
rename from meta/recipes-devtools/cargo/cargo-cross-canadian_1.62.0.bb
rename to meta/recipes-devtools/cargo/cargo-cross-canadian_1.62.1.bb
diff --git a/meta/recipes-devtools/cargo/cargo_1.62.0.bb b/meta/recipes-devtools/cargo/cargo_1.62.1.bb
similarity index 100%
rename from meta/recipes-devtools/cargo/cargo_1.62.0.bb
rename to meta/recipes-devtools/cargo/cargo_1.62.1.bb
diff --git a/meta/recipes-devtools/rust/libstd-rs_1.62.0.bb b/meta/recipes-devtools/rust/libstd-rs_1.62.1.bb
similarity index 100%
rename from meta/recipes-devtools/rust/libstd-rs_1.62.0.bb
rename to meta/recipes-devtools/rust/libstd-rs_1.62.1.bb
diff --git a/meta/recipes-devtools/rust/rust-cross-canadian_1.62.0.bb b/meta/recipes-devtools/rust/rust-cross-canadian_1.62.1.bb
similarity index 100%
rename from meta/recipes-devtools/rust/rust-cross-canadian_1.62.0.bb
rename to meta/recipes-devtools/rust/rust-cross-canadian_1.62.1.bb
diff --git a/meta/recipes-devtools/rust/rust-cross_1.62.0.bb b/meta/recipes-devtools/rust/rust-cross_1.62.1.bb
similarity index 100%
rename from meta/recipes-devtools/rust/rust-cross_1.62.0.bb
rename to meta/recipes-devtools/rust/rust-cross_1.62.1.bb
diff --git a/meta/recipes-devtools/rust/rust-crosssdk_1.62.0.bb b/meta/recipes-devtools/rust/rust-crosssdk_1.62.1.bb
similarity index 100%
rename from meta/recipes-devtools/rust/rust-crosssdk_1.62.0.bb
rename to meta/recipes-devtools/rust/rust-crosssdk_1.62.1.bb
diff --git a/meta/recipes-devtools/rust/rust-llvm_1.62.0.bb b/meta/recipes-devtools/rust/rust-llvm_1.62.1.bb
similarity index 100%
rename from meta/recipes-devtools/rust/rust-llvm_1.62.0.bb
rename to meta/recipes-devtools/rust/rust-llvm_1.62.1.bb
diff --git a/meta/recipes-devtools/rust/rust-source.inc b/meta/recipes-devtools/rust/rust-source.inc
index fda26534e8..0896020b6a 100644
--- a/meta/recipes-devtools/rust/rust-source.inc
+++ b/meta/recipes-devtools/rust/rust-source.inc
@@ -1,5 +1,5 @@
 SRC_URI += "https://static.rust-lang.org/dist/rustc-${PV}-src.tar.xz;name=rust"
-SRC_URI[rust.sha256sum] = "6c00ef115c894c2645e60b5049a4f5dacf1dc0c993f3074f7ae4fdf4c755dd5e"
+SRC_URI[rust.sha256sum] = "02066a93c2f6596cc046a897d5716c86e3607c1cd0f54db9a867ae8c8265072e"
 
 RUSTSRC = "${WORKDIR}/rustc-${PV}-src"
 
diff --git a/meta/recipes-devtools/rust/rust-tools-cross-canadian_1.62.0.bb b/meta/recipes-devtools/rust/rust-tools-cross-canadian_1.62.1.bb
similarity index 100%
rename from meta/recipes-devtools/rust/rust-tools-cross-canadian_1.62.0.bb
rename to meta/recipes-devtools/rust/rust-tools-cross-canadian_1.62.1.bb
diff --git a/meta/recipes-devtools/rust/rust_1.62.0.bb b/meta/recipes-devtools/rust/rust_1.62.1.bb
similarity index 100%
rename from meta/recipes-devtools/rust/rust_1.62.0.bb
rename to meta/recipes-devtools/rust/rust_1.62.1.bb
-- 
2.30.2

[PATCH 07/45] cmake: update 3.23.2 -> 3.24.0

[Alexander Kanavin]

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
---
 .../cmake/{cmake-native_3.23.2.bb => cmake-native_3.24.0.bb}  | 0
 meta/recipes-devtools/cmake/cmake.inc                         | 4 ++--
 .../cmake/{cmake_3.23.2.bb => cmake_3.24.0.bb}                | 0
 3 files changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-devtools/cmake/{cmake-native_3.23.2.bb => cmake-native_3.24.0.bb} (100%)
 rename meta/recipes-devtools/cmake/{cmake_3.23.2.bb => cmake_3.24.0.bb} (100%)

diff --git a/meta/recipes-devtools/cmake/cmake-native_3.23.2.bb b/meta/recipes-devtools/cmake/cmake-native_3.24.0.bb
similarity index 100%
rename from meta/recipes-devtools/cmake/cmake-native_3.23.2.bb
rename to meta/recipes-devtools/cmake/cmake-native_3.24.0.bb
diff --git a/meta/recipes-devtools/cmake/cmake.inc b/meta/recipes-devtools/cmake/cmake.inc
index 4a6884e871..d64afffdc1 100644
--- a/meta/recipes-devtools/cmake/cmake.inc
+++ b/meta/recipes-devtools/cmake/cmake.inc
@@ -10,7 +10,7 @@ HOMEPAGE = "http://www.cmake.org/"
 BUGTRACKER = "http://public.kitware.com/Bug/my_view_page.php"
 SECTION = "console/utils"
 LICENSE = "BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://Copyright.txt;md5=f2102a52df7aa592cf072180e7ebc8c7 \
+LIC_FILES_CHKSUM = "file://Copyright.txt;md5=45025187a129339459b6f1a24f7fac6e \
                     file://Source/cmake.h;beginline=1;endline=2;md5=a5f70e1fef8614734eae0d62b4f5891b \
                     "
 
@@ -21,7 +21,7 @@ SRC_URI = "https://cmake.org/files/v${CMAKE_MAJOR_VERSION}/cmake-${PV}.tar.gz \
            file://0004-Fail-silently-if-system-Qt-installation-is-broken.patch \
 "
 
-SRC_URI[sha256sum] = "f316b40053466f9a416adf981efda41b160ca859e97f6a484b447ea299ff26aa"
+SRC_URI[sha256sum] = "c2b61f7cdecb1576cad25f918a8f42b8685d88a832fd4b62b9e0fa32e915a658"
 
 UPSTREAM_CHECK_REGEX = "cmake-(?P<pver>\d+(\.\d+)+)\.tar"
 
diff --git a/meta/recipes-devtools/cmake/cmake_3.23.2.bb b/meta/recipes-devtools/cmake/cmake_3.24.0.bb
similarity index 100%
rename from meta/recipes-devtools/cmake/cmake_3.23.2.bb
rename to meta/recipes-devtools/cmake/cmake_3.24.0.bb
-- 
2.30.2

[PATCH 08/45] bluez5: update 5.64 -> 5.65

[Alexander Kanavin]

Drop fix_service.patch as it is merged upstream.

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
---
 meta/recipes-connectivity/bluez5/bluez5.inc   |  1 -
 .../bluez5/bluez5/fix_service.patch           | 30 -------------------
 .../bluez5/{bluez5_5.64.bb => bluez5_5.65.bb} |  2 +-
 3 files changed, 1 insertion(+), 32 deletions(-)
 delete mode 100644 meta/recipes-connectivity/bluez5/bluez5/fix_service.patch
 rename meta/recipes-connectivity/bluez5/{bluez5_5.64.bb => bluez5_5.65.bb} (95%)

diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc
index 22dd07b348..79d4645ca8 100644
--- a/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -53,7 +53,6 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
            ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \
            file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
            file://0001-test-gatt-Fix-hung-issue.patch \
-           file://fix_service.patch \
            "
 S = "${WORKDIR}/bluez-${PV}"
 
diff --git a/meta/recipes-connectivity/bluez5/bluez5/fix_service.patch b/meta/recipes-connectivity/bluez5/bluez5/fix_service.patch
deleted file mode 100644
index 96fdf6b299..0000000000
--- a/meta/recipes-connectivity/bluez5/bluez5/fix_service.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-The systemd bluetooth service failed to start because the /var/lib/bluetooth
-path of ReadWritePaths= is created by the bluetooth daemon itself.
-
-The commit systemd: Add more filesystem lockdown (442d211) add ReadWritePaths=/etc/bluetooth
-and ReadOnlyPaths=/var/lib/bluetooth options to the bluetooth systemd service.
-The existing ProtectSystem=full option mounts the /usr, the boot loader
-directories and /etc read-only. This means the two option are useless and could be removed.
-
-Upstream-Status: Submitted [https://github.com/bluez/bluez/issues/329]
-
-Index: bluez-5.64/src/bluetooth.service.in
-===================================================================
---- bluez-5.64.orig/src/bluetooth.service.in
-+++ bluez-5.64/src/bluetooth.service.in
-@@ -15,12 +15,12 @@ LimitNPROC=1
- 
- # Filesystem lockdown
- ProtectHome=true
--ProtectSystem=full
-+ProtectSystem=strict
- PrivateTmp=true
- ProtectKernelTunables=true
- ProtectControlGroups=true
--ReadWritePaths=@statedir@
--ReadOnlyPaths=@confdir@
-+ConfigurationDirectory=bluetooth
-+StateDirectory=bluetooth
- 
- # Execute Mappings
- MemoryDenyWriteExecute=true
diff --git a/meta/recipes-connectivity/bluez5/bluez5_5.64.bb b/meta/recipes-connectivity/bluez5/bluez5_5.65.bb
similarity index 95%
rename from meta/recipes-connectivity/bluez5/bluez5_5.64.bb
rename to meta/recipes-connectivity/bluez5/bluez5_5.65.bb
index 4319f9aae8..4c15aeb46d 100644
--- a/meta/recipes-connectivity/bluez5/bluez5_5.64.bb
+++ b/meta/recipes-connectivity/bluez5/bluez5_5.65.bb
@@ -1,6 +1,6 @@
 require bluez5.inc
 
-SRC_URI[sha256sum] = "ae437e65b6b3070c198bc5b0109fe9cdeb9eaa387380e2072f9de65fe8a1de34"
+SRC_URI[sha256sum] = "2565a4d48354b576e6ad92e25b54ed66808296581c8abb80587051f9993d96d4"
 
 # These issues have kernel fixes rather than bluez fixes so exclude here
 CVE_CHECK_IGNORE += "CVE-2020-12352 CVE-2020-24490"
-- 
2.30.2

[PATCH 09/45] patchelf: update 0.14.5 -> 0.15.0

[Alexander Kanavin]

Drop handle-read-only-files.patch: read only files should
be handled by making them writeable explicitly. See
the upstream discussion:
https://github.com/NixOS/patchelf/pull/89

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
---
 .../patchelf/handle-read-only-files.patch     | 65 -------------------
 ...{patchelf_0.14.5.bb => patchelf_0.15.0.bb} |  6 +-
 2 files changed, 2 insertions(+), 69 deletions(-)
 delete mode 100644 meta/recipes-devtools/patchelf/patchelf/handle-read-only-files.patch
 rename meta/recipes-devtools/patchelf/{patchelf_0.14.5.bb => patchelf_0.15.0.bb} (79%)

diff --git a/meta/recipes-devtools/patchelf/patchelf/handle-read-only-files.patch b/meta/recipes-devtools/patchelf/patchelf/handle-read-only-files.patch
deleted file mode 100644
index b755a263a4..0000000000
--- a/meta/recipes-devtools/patchelf/patchelf/handle-read-only-files.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From 682fb48c137b687477008b68863c2a0b73ed47d1 Mon Sep 17 00:00:00 2001
-From: Fabio Berton <fabio.berton@ossystems.com.br>
-Date: Fri, 9 Sep 2016 16:00:42 -0300
-Subject: [PATCH] handle read-only files
-
-Patch from:
-https://github.com/darealshinji/patchelf/commit/40e66392bc4b96e9b4eda496827d26348a503509
-
-Upstream-Status: Denied [https://github.com/NixOS/patchelf/pull/89]
-
-Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
-
----
- src/patchelf.cc | 16 +++++++++++++++-
- 1 file changed, 15 insertions(+), 1 deletion(-)
-
-Index: git/src/patchelf.cc
-===================================================================
---- git.orig/src/patchelf.cc
-+++ git/src/patchelf.cc
-@@ -534,9 +534,19 @@ void ElfFile<ElfFileParamNames>::sortShd
- 
- static void writeFile(const std::string & fileName, const FileContents & contents)
- {
-+    struct stat st;
-+    int fd;
-+
-     debug("writing %s\n", fileName.c_str());
- 
--    int fd = open(fileName.c_str(), O_CREAT | O_TRUNC | O_WRONLY, 0777);
-+    if (stat(fileName.c_str(), &st) != 0)
-+        error("stat");
-+
-+    if (chmod(fileName.c_str(), 0600) != 0)
-+        error("chmod");
-+
-+    fd = open(fileName.c_str(), O_CREAT | O_TRUNC | O_WRONLY, 0777);
-+
-     if (fd == -1)
-         error("open");
- 
-@@ -551,8 +561,6 @@ static void writeFile(const std::string
-         bytesWritten += portion;
-     }
- 
--    if (close(fd) >= 0)
--        return;
-     /*
-      * Just ignore EINTR; a retry loop is the wrong thing to do.
-      *
-@@ -561,9 +569,11 @@ static void writeFile(const std::string
-      * http://utcc.utoronto.ca/~cks/space/blog/unix/CloseEINTR
-      * https://sites.google.com/site/michaelsafyan/software-engineering/checkforeintrwheninvokingclosethinkagain
-      */
--    if (errno == EINTR)
--        return;
--    error("close");
-+    if ((close(fd) < 0) && errno != EINTR)
-+        error("close");
-+
-+    if (chmod(fileName.c_str(), st.st_mode) != 0)
-+        error("chmod");
- }
- 
- 
diff --git a/meta/recipes-devtools/patchelf/patchelf_0.14.5.bb b/meta/recipes-devtools/patchelf/patchelf_0.15.0.bb
similarity index 79%
rename from meta/recipes-devtools/patchelf/patchelf_0.14.5.bb
rename to meta/recipes-devtools/patchelf/patchelf_0.15.0.bb
index 0fa2c00f1d..26abde2ed5 100644
--- a/meta/recipes-devtools/patchelf/patchelf_0.14.5.bb
+++ b/meta/recipes-devtools/patchelf/patchelf_0.15.0.bb
@@ -4,10 +4,8 @@ HOMEPAGE = "https://github.com/NixOS/patchelf"
 
 LICENSE = "GPL-3.0-only"
 
-SRC_URI = "git://github.com/NixOS/patchelf;protocol=https;branch=master \
-           file://handle-read-only-files.patch \
-           "
-SRCREV = "a35054504293f9ff64539850d1ed0bfd2f5399f2"
+SRC_URI = "git://github.com/NixOS/patchelf;protocol=https;branch=master"
+SRCREV = "49008002562355b0e35075cbc1c42c645ff04e28"
 
 S = "${WORKDIR}/git"
 
-- 
2.30.2

Re: [OE-core] [PATCH 09/45] patchelf: update 0.14.5 -> 0.15.0

[Richard Purdie]

On Mon, 2022-08-08 at 08:38 +0200, Alexander Kanavin wrote:
> Drop handle-read-only-files.patch: read only files should
> be handled by making them writeable explicitly. See
> the upstream discussion:
> https://github.com/NixOS/patchelf/pull/89
> 
> Signed-off-by: Alexander Kanavin <alex@linutronix.de>
> ---
>  .../patchelf/handle-read-only-files.patch     | 65 -------------------
>  ...{patchelf_0.14.5.bb => patchelf_0.15.0.bb} |  6 +-
>  2 files changed, 2 insertions(+), 69 deletions(-)
>  delete mode 100644 meta/recipes-devtools/patchelf/patchelf/handle-read-only-files.patch
>  rename meta/recipes-devtools/patchelf/{patchelf_0.14.5.bb => patchelf_0.15.0.bb} (79%)

patchelf is used by uninative and you have no idea the world of pain
you're pushing onto others by dropping this one. It isn't as simple as
you think due to the places patchelf is used. I don't remember the
details, I do remember thinking along the lines of this patch and then
changing my mind though.

Cheers,

Richard

Re: [OE-core] [PATCH 09/45] patchelf: update 0.14.5 -> 0.15.0

[Alexander Kanavin]

On Mon, 8 Aug 2022 at 09:43, Richard Purdie
<richard.purdie@linuxfoundation.org> wrote:
>
> On Mon, 2022-08-08 at 08:38 +0200, Alexander Kanavin wrote:
> > Drop handle-read-only-files.patch: read only files should
> > be handled by making them writeable explicitly. See
> > the upstream discussion:
> > https://github.com/NixOS/patchelf/pull/89
> >
> > Signed-off-by: Alexander Kanavin <alex@linutronix.de>
> > ---
> >  .../patchelf/handle-read-only-files.patch     | 65 -------------------
> >  ...{patchelf_0.14.5.bb => patchelf_0.15.0.bb} |  6 +-
> >  2 files changed, 2 insertions(+), 69 deletions(-)
> >  delete mode 100644 meta/recipes-devtools/patchelf/patchelf/handle-read-only-files.patch
> >  rename meta/recipes-devtools/patchelf/{patchelf_0.14.5.bb => patchelf_0.15.0.bb} (79%)
>
> patchelf is used by uninative and you have no idea the world of pain
> you're pushing onto others by dropping this one. It isn't as simple as
> you think due to the places patchelf is used. I don't remember the
> details, I do remember thinking along the lines of this patch and then
> changing my mind though.

Usage of patchelf in uninative seems to be contained in
uninative_changeinterp, which can be tweaked
to handle r/o files before invoking patchelf. Was it that all usages
of it need to be tweaked similarly?

In upgrades like these I only see what the autobuilder and the commit
history and the patch header say. I can restore and rebase the patch,
but it would benefit from a better explanation.

Alex

Re: [OE-core] [PATCH 09/45] patchelf: update 0.14.5 -> 0.15.0

[Alexander Kanavin]

On Mon, 8 Aug 2022 at 10:23, Alexander Kanavin via
lists.openembedded.org <alex.kanavin=gmail.com@lists.openembedded.org>
wrote:
> Usage of patchelf in uninative seems to be contained in
> uninative_changeinterp, which can be tweaked
> to handle r/o files before invoking patchelf. Was it that all usages
> of it need to be tweaked similarly?

Ok, I couldnt find other usages of it that would require similar
tweaking (icecc uses host patchelf if available, rust.inc/cargo.inc
operate on only a few static filenames), so maybe it's ok to move what
the patch does into uninative_changeinterp (add +r before invocation,
restore original permissions after). Still better than carrying a
rejected patch.

Alex

Re: [OE-core] [PATCH 09/45] patchelf: update 0.14.5 -> 0.15.0

[Richard Purdie]

On Mon, 2022-08-08 at 11:35 +0200, Alexander Kanavin wrote:
> On Mon, 8 Aug 2022 at 10:23, Alexander Kanavin via
> lists.openembedded.org <alex.kanavin=gmail.com@lists.openembedded.org>
> wrote:
> > Usage of patchelf in uninative seems to be contained in
> > uninative_changeinterp, which can be tweaked
> > to handle r/o files before invoking patchelf. Was it that all usages
> > of it need to be tweaked similarly?
> 
> Ok, I couldnt find other usages of it that would require similar
> tweaking (icecc uses host patchelf if available, rust.inc/cargo.inc
> operate on only a few static filenames), so maybe it's ok to move what
> the patch does into uninative_changeinterp (add +r before invocation,
> restore original permissions after). Still better than carrying a
> rejected patch.

It feels like there is something we're missing. I wish I could remember
what :(.

Note that the testing cycle for changing patchelf is a pain as we need
to merge, create a uninative release and upgrade to before we have the
full cycle and know any change is fully working.

Cheers,

Richard