Re: [OE-core] [PATCH 1/3] glibc: Upgrade to 2.38 release
On Fri, Aug 4, 2023 at 2:44 PM Alexandre Belloni wrote: > > Hello, > > This caused failures: > > https://autobuilder.yoctoproject.org/typhoon/#/builders/65/builds/7616/steps/11/logs/stdio > > ERROR: glibc-tests-2.38-r0 do_package_qa: QA Issue: > /usr/lib/glibc-tests/ptest/tests/glibc-ptest/tst-y2039-time64 contained in > package glibc-tests requires libgcc_s.so.1(GCC_3.5), but no providers found > in RDEPENDS:glibc-tests? [file-rdeps] > ERROR: glibc-tests-2.38-r0 do_package_qa: QA Issue: > /usr/lib/glibc-tests/ptest/tests/glibc-ptest/tst-y2039-time64 contained in > package glibc-tests requires libgcc_s.so.1, but no providers found in > RDEPENDS:glibc-tests? [file-rdeps] > ERROR: glibc-tests-2.38-r0 do_package_qa: Fatal QA errors were found, failing > task. > NOTE: Running task 15486 of 17391 > (virtual:mcextend:apr:/home/pokybuild/yocto-worker/beaglebone/build/meta/recipes-core/images/core-image-ptest.bb:do_image_tar) > > I believe this also causes the following autoconf failure: > > https://autobuilder.yoctoproject.org/typhoon/#/builders/20/builds/7948/steps/12/logs/stdio > Finally got to this. sent a v3 series which should fix it. > > On 31/07/2023 20:27:00-0700, Khem Raj wrote: > > Announcement - > > https://mail.gnu.org/archive/html/info-gnu/2023-07/msg00010.html > > > > Signed-off-by: Khem Raj > > --- > > meta/conf/distro/include/tcmode-default.inc | 2 +- > > ...2.37.bb => cross-localedef-native_2.38.bb} | 0 > > meta/recipes-core/glibc/glibc-common.inc | 3 +- > > ...bc-locale_2.37.bb => glibc-locale_2.38.bb} | 0 > > ...bc-mtrace_2.37.bb => glibc-mtrace_2.38.bb} | 0 > > ...-scripts_2.37.bb => glibc-scripts_2.38.bb} | 0 > > ...libc-tests_2.37.bb => glibc-tests_2.38.bb} | 0 > > ...tsuite_2.37.bb => glibc-testsuite_2.38.bb} | 0 > > meta/recipes-core/glibc/glibc-version.inc | 8 +- > > ...dd-hardlink-resolver-from-util-linux.patch | 2 +- > > ...-fix-ups-hardlink-to-make-it-compile.patch | 2 +- > > ...Look-for-host-system-ld.so.cache-as-.patch | 8 +- > > ...Fix-buffer-overrun-with-a-relocated-.patch | 6 +- > > ...Raise-the-size-of-arrays-containing-.patch | 16 ++-- > > ...k-glibc-Allow-64-bit-atomics-for-x86.patch | 2 +- > > ...Make-relocatable-install-for-locales.patch | 6 +- > > ...Fall-back-to-faccessat-on-faccess2-r.patch | 2 +- > > ...the-path-sets-wrong-config-variables.patch | 86 +-- > > ...ss-building-and-testing-instructions.patch | 2 +- > > ...glibc-Help-bootstrap-cross-toolchain.patch | 4 +- > > ...eglibc-Resolve-__fpscr_values-on-SH4.patch | 4 +- > > ...port-cross-locale-generation-support.patch | 6 +- > > ...-archive-uses-a-hard-coded-locale-pa.patch | 4 +- > > ...Do-not-ask-compiler-for-finding-arch.patch | 4 +- > > ...y-the-header-between-arm-and-aarch64.patch | 42 +++-- > > ...h-printf-builtin-in-nscd-init-script.patch | 2 +- > > ...igure.ac-Set-libc_cv_rootsbindir-onl.patch | 7 +- > > ...ell-interpreter-overridable-in-tzsel.patch | 4 +- > > ...Use-bin-sh-default-shell-interpreter.patch | 2 +- > > ...d-failed-in-unprivileged-process-BZ-.patch | 10 +-- > > ...build-time-paths-in-the-output-binar.patch | 6 +- > > .../glibc/{glibc_2.37.bb => glibc_2.38.bb}| 0 > > 32 files changed, 111 insertions(+), 129 deletions(-) > > rename meta/recipes-core/glibc/{cross-localedef-native_2.37.bb => > > cross-localedef-native_2.38.bb} (100%) > > rename meta/recipes-core/glibc/{glibc-locale_2.37.bb => > > glibc-locale_2.38.bb} (100%) > > rename meta/recipes-core/glibc/{glibc-mtrace_2.37.bb => > > glibc-mtrace_2.38.bb} (100%) > > rename meta/recipes-core/glibc/{glibc-scripts_2.37.bb => > > glibc-scripts_2.38.bb} (100%) > > rename meta/recipes-core/glibc/{glibc-tests_2.37.bb => > > glibc-tests_2.38.bb} (100%) > > rename meta/recipes-core/glibc/{glibc-testsuite_2.37.bb => > > glibc-testsuite_2.38.bb} (100%) > > rename meta/recipes-core/glibc/{glibc_2.37.bb => glibc_2.38.bb} (100%) > > > > diff --git a/meta/conf/distro/include/tcmode-default.inc > > b/meta/conf/distro/include/tcmode-default.inc > > index 18daf446e51..8c62a317a0d 100644 > > --- a/meta/conf/distro/include/tcmode-default.inc > > +++ b/meta/conf/distro/include/tcmode-default.inc > > @@ -20,7 +20,7 @@ GCCVERSION ?= "13.%" > > SDKGCCVERSION ?= "${GCCVERSION}" > > BINUVERSION ?= "2.40%" > > GDBVERSION ?= "13.%" > > -GLIBCVERSION ?= "2.37" > > +GLIBCVERSION ?= "2.38" > > LINUXLIBCVERSION ?= "6.4%" > > QEMUVERSION ?= "8.0%" > > GOVERSION ?= "1.20%" > > diff --git a/meta/recipes-core/glibc/cross-localedef-native_2.37.bb > > b/meta/recipes-core/glibc/cross-localedef-native_2.38.bb > > similarity index 100% > > rename from meta/recipes-core/glibc/cross-localedef-native_2.37.bb > > rename to meta/recipes-core/glibc/cross-localedef-native_2.38.bb > > diff --git a/meta/recipes-core/glibc/glibc-common.inc > > b/meta/recipes-core/glibc/glibc-common.inc > > index b93b55fe77d..be33c29857c 100644 > > --- a/meta/recipes-core/glibc/glibc-com
[OE-core] [PATCH v3 5/5] glibc-tests: Add missing libgcc runtime dependency
Some tests e.g. tst-y2039-time64 from glibc 2.38+ needs it. Signed-off-by: Khem Raj --- v3: Implemented new meta/recipes-core/glibc/glibc-tests_2.38.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-core/glibc/glibc-tests_2.38.bb b/meta/recipes-core/glibc/glibc-tests_2.38.bb index 9352a058fbe..95eb774db70 100644 --- a/meta/recipes-core/glibc/glibc-tests_2.38.bb +++ b/meta/recipes-core/glibc/glibc-tests_2.38.bb @@ -27,7 +27,7 @@ python __anonymous() { # Remove any leftovers from original glibc recipe RPROVIDES:${PN} = "${PN}" RRECOMMENDS:${PN} = "" -RDEPENDS:${PN} = " glibc sed bash" +RDEPENDS:${PN} = "glibc libgcc sed bash" RDEPENDS:${PN}-ptest = "${PN}" DEPENDS += "sed" -- 2.41.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185921): https://lists.openembedded.org/g/openembedded-core/message/185921 Mute This Topic: https://lists.openembedded.org/mt/100731468/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v3 4/5] glibc: Fix SVE detection on aarch64
Signed-off-by: Khem Raj --- v2: Implemented new v3: Rebase ...e-Pass-mcpu-along-with-march-to-dete.patch | 56 +++ meta/recipes-core/glibc/glibc_2.38.bb | 2 + 2 files changed, 58 insertions(+) create mode 100644 meta/recipes-core/glibc/glibc/0023-aarch64-configure-Pass-mcpu-along-with-march-to-dete.patch diff --git a/meta/recipes-core/glibc/glibc/0023-aarch64-configure-Pass-mcpu-along-with-march-to-dete.patch b/meta/recipes-core/glibc/glibc/0023-aarch64-configure-Pass-mcpu-along-with-march-to-dete.patch new file mode 100644 index 000..7be9fc981d6 --- /dev/null +++ b/meta/recipes-core/glibc/glibc/0023-aarch64-configure-Pass-mcpu-along-with-march-to-dete.patch @@ -0,0 +1,56 @@ +From d836f008a96aa9b2e88c7b394bfc110542e57176 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Fri, 4 Aug 2023 09:34:50 -0700 +Subject: [PATCH] aarch64/configure: Pass -mcpu along with -march to detect sve + support + +SVE support logic in configure is rightly passing -march=+sve to +compiler to override whatever user might have passed via environment, +however GCC does not do as intended when -mcpu is part of environment +compiler flags, then it overrides the -march computed from -mcpu and +igonores other -march values so this test fails for lot of aarch64 +machines which pass -mcpu that does not support sve. This is seemingly a +bug in GCC [1], until that is fixed we preempt -mcpu along with -march +in the configure test itself. It does not change functionality and yet +lets us through the GCC inconsistency. + +[1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110901 + +Upstream-Status: Inappropriate [Workaround for a GCC issue] +Signed-off-by: Khem Raj + +Signed-off-by: Khem Raj +--- + sysdeps/aarch64/configure| 2 +- + sysdeps/aarch64/configure.ac | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/sysdeps/aarch64/configure b/sysdeps/aarch64/configure +index 5e91fab023..39dddc66d4 100644 +--- a/sysdeps/aarch64/configure b/sysdeps/aarch64/configure +@@ -327,7 +327,7 @@ else $as_nop + cat > conftest.s <<\EOF + ptrue p0.b + EOF +-if { ac_try='${CC-cc} -c -march=armv8.2-a+sve conftest.s 1>&5' ++if { ac_try='${CC-cc} -c -mcpu=generic+sve -march=armv8.2-a+sve conftest.s 1>&5' + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5 + (eval $ac_try) 2>&5 + ac_status=$? +diff --git a/sysdeps/aarch64/configure.ac b/sysdeps/aarch64/configure.ac +index 8a708f2ef4..b6a146d2be 100644 +--- a/sysdeps/aarch64/configure.ac b/sysdeps/aarch64/configure.ac +@@ -92,7 +92,7 @@ AC_CACHE_CHECK([for SVE support in assembler], [libc_cv_aarch64_sve_asm], [dnl + cat > conftest.s <<\EOF + ptrue p0.b + EOF +-if AC_TRY_COMMAND(${CC-cc} -c -march=armv8.2-a+sve conftest.s 1>&AS_MESSAGE_LOG_FD); then ++if AC_TRY_COMMAND(${CC-cc} -c -mcpu=generic+sve -march=armv8.2-a+sve conftest.s 1>&AS_MESSAGE_LOG_FD); then + libc_cv_aarch64_sve_asm=yes + else + libc_cv_aarch64_sve_asm=no +-- +2.41.0 + diff --git a/meta/recipes-core/glibc/glibc_2.38.bb b/meta/recipes-core/glibc/glibc_2.38.bb index c02730bcb58..32ccb888f0f 100644 --- a/meta/recipes-core/glibc/glibc_2.38.bb +++ b/meta/recipes-core/glibc/glibc_2.38.bb @@ -50,6 +50,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ file://0020-tzselect.ksh-Use-bin-sh-default-shell-interpreter.patch \ file://0021-fix-create-thread-failed-in-unprivileged-process-BZ-.patch \ file://0022-Avoid-hardcoded-build-time-paths-in-the-output-binar.patch \ + file://0023-aarch64-configure-Pass-mcpu-along-with-march-to-dete.patch \ " S = "${WORKDIR}/git" B = "${WORKDIR}/build-${TARGET_SYS}" @@ -86,6 +87,7 @@ EXTRA_OECONF:append:x86 = " ${@bb.utils.contains_any('TUNE_FEATURES', 'i586 c3', EXTRA_OECONF:append:x86-64 = " --enable-cet" PACKAGECONFIG ??= "nscd memory-tagging" + PACKAGECONFIG[nscd] = "--enable-nscd,--disable-nscd" PACKAGECONFIG[memory-tagging] = "--enable-memory-tagging,--disable-memory-tagging" -- 2.41.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185920): https://lists.openembedded.org/g/openembedded-core/message/185920 Mute This Topic: https://lists.openembedded.org/mt/100731467/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v3 3/5] glibc: Drop --enable-tunables
Its removed and is implicit default in 2.38+ [1] [1] https://mail.gnu.org/archive/html/info-gnu/2023-07/msg00010.html Signed-off-by: Khem Raj --- v2: Rebase v3: Rebase meta/recipes-core/glibc/glibc_2.38.bb | 1 - 1 file changed, 1 deletion(-) diff --git a/meta/recipes-core/glibc/glibc_2.38.bb b/meta/recipes-core/glibc/glibc_2.38.bb index 94bff8f4486..c02730bcb58 100644 --- a/meta/recipes-core/glibc/glibc_2.38.bb +++ b/meta/recipes-core/glibc/glibc_2.38.bb @@ -70,7 +70,6 @@ EXTRA_OECONF = "--enable-kernel=${OLDEST_KERNEL} \ --enable-clocale=gnu \ --with-headers=${STAGING_INCDIR} \ --without-selinux \ ---enable-tunables \ --enable-bind-now \ --enable-stack-protector=strong \ --disable-crypt \ -- 2.41.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185919): https://lists.openembedded.org/g/openembedded-core/message/185919 Mute This Topic: https://lists.openembedded.org/mt/100731466/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v3 1/5] glibc: Upgrade to 2.38 release
Announcement - https://mail.gnu.org/archive/html/info-gnu/2023-07/msg00010.html Signed-off-by: Khem Raj --- v2: Rebase v3: Rebase meta/conf/distro/include/tcmode-default.inc | 2 +- ...2.37.bb => cross-localedef-native_2.38.bb} | 0 meta/recipes-core/glibc/glibc-common.inc | 3 +- ...bc-locale_2.37.bb => glibc-locale_2.38.bb} | 0 ...bc-mtrace_2.37.bb => glibc-mtrace_2.38.bb} | 0 ...-scripts_2.37.bb => glibc-scripts_2.38.bb} | 0 ...libc-tests_2.37.bb => glibc-tests_2.38.bb} | 0 ...tsuite_2.37.bb => glibc-testsuite_2.38.bb} | 0 meta/recipes-core/glibc/glibc-version.inc | 8 +- ...dd-hardlink-resolver-from-util-linux.patch | 2 +- ...-fix-ups-hardlink-to-make-it-compile.patch | 2 +- ...Look-for-host-system-ld.so.cache-as-.patch | 8 +- ...Fix-buffer-overrun-with-a-relocated-.patch | 6 +- ...Raise-the-size-of-arrays-containing-.patch | 16 ++-- ...k-glibc-Allow-64-bit-atomics-for-x86.patch | 2 +- ...Make-relocatable-install-for-locales.patch | 6 +- ...Fall-back-to-faccessat-on-faccess2-r.patch | 2 +- ...the-path-sets-wrong-config-variables.patch | 86 +-- ...ss-building-and-testing-instructions.patch | 2 +- ...glibc-Help-bootstrap-cross-toolchain.patch | 4 +- ...eglibc-Resolve-__fpscr_values-on-SH4.patch | 4 +- ...port-cross-locale-generation-support.patch | 6 +- ...-archive-uses-a-hard-coded-locale-pa.patch | 4 +- ...Do-not-ask-compiler-for-finding-arch.patch | 4 +- ...y-the-header-between-arm-and-aarch64.patch | 42 +++-- ...h-printf-builtin-in-nscd-init-script.patch | 2 +- ...igure.ac-Set-libc_cv_rootsbindir-onl.patch | 7 +- ...ell-interpreter-overridable-in-tzsel.patch | 4 +- ...Use-bin-sh-default-shell-interpreter.patch | 2 +- ...d-failed-in-unprivileged-process-BZ-.patch | 10 +-- ...build-time-paths-in-the-output-binar.patch | 6 +- .../glibc/{glibc_2.37.bb => glibc_2.38.bb}| 0 32 files changed, 111 insertions(+), 129 deletions(-) rename meta/recipes-core/glibc/{cross-localedef-native_2.37.bb => cross-localedef-native_2.38.bb} (100%) rename meta/recipes-core/glibc/{glibc-locale_2.37.bb => glibc-locale_2.38.bb} (100%) rename meta/recipes-core/glibc/{glibc-mtrace_2.37.bb => glibc-mtrace_2.38.bb} (100%) rename meta/recipes-core/glibc/{glibc-scripts_2.37.bb => glibc-scripts_2.38.bb} (100%) rename meta/recipes-core/glibc/{glibc-tests_2.37.bb => glibc-tests_2.38.bb} (100%) rename meta/recipes-core/glibc/{glibc-testsuite_2.37.bb => glibc-testsuite_2.38.bb} (100%) rename meta/recipes-core/glibc/{glibc_2.37.bb => glibc_2.38.bb} (100%) diff --git a/meta/conf/distro/include/tcmode-default.inc b/meta/conf/distro/include/tcmode-default.inc index 1c4a22aef00..660ca5f72d6 100644 --- a/meta/conf/distro/include/tcmode-default.inc +++ b/meta/conf/distro/include/tcmode-default.inc @@ -20,7 +20,7 @@ GCCVERSION ?= "13.%" SDKGCCVERSION ?= "${GCCVERSION}" BINUVERSION ?= "2.41%" GDBVERSION ?= "13.%" -GLIBCVERSION ?= "2.37" +GLIBCVERSION ?= "2.38" LINUXLIBCVERSION ?= "6.4%" QEMUVERSION ?= "8.0%" GOVERSION ?= "1.20%" diff --git a/meta/recipes-core/glibc/cross-localedef-native_2.37.bb b/meta/recipes-core/glibc/cross-localedef-native_2.38.bb similarity index 100% rename from meta/recipes-core/glibc/cross-localedef-native_2.37.bb rename to meta/recipes-core/glibc/cross-localedef-native_2.38.bb diff --git a/meta/recipes-core/glibc/glibc-common.inc b/meta/recipes-core/glibc/glibc-common.inc index b93b55fe77d..be33c29857c 100644 --- a/meta/recipes-core/glibc/glibc-common.inc +++ b/meta/recipes-core/glibc/glibc-common.inc @@ -22,5 +22,4 @@ ARM_INSTRUCTION_SET:armv6 = "arm" # COMPATIBLE_HOST:libc-musl:class-target = "null" -PV = "2.37" -PR = "r1" +PV = "2.38" diff --git a/meta/recipes-core/glibc/glibc-locale_2.37.bb b/meta/recipes-core/glibc/glibc-locale_2.38.bb similarity index 100% rename from meta/recipes-core/glibc/glibc-locale_2.37.bb rename to meta/recipes-core/glibc/glibc-locale_2.38.bb diff --git a/meta/recipes-core/glibc/glibc-mtrace_2.37.bb b/meta/recipes-core/glibc/glibc-mtrace_2.38.bb similarity index 100% rename from meta/recipes-core/glibc/glibc-mtrace_2.37.bb rename to meta/recipes-core/glibc/glibc-mtrace_2.38.bb diff --git a/meta/recipes-core/glibc/glibc-scripts_2.37.bb b/meta/recipes-core/glibc/glibc-scripts_2.38.bb similarity index 100% rename from meta/recipes-core/glibc/glibc-scripts_2.37.bb rename to meta/recipes-core/glibc/glibc-scripts_2.38.bb diff --git a/meta/recipes-core/glibc/glibc-tests_2.37.bb b/meta/recipes-core/glibc/glibc-tests_2.38.bb similarity index 100% rename from meta/recipes-core/glibc/glibc-tests_2.37.bb rename to meta/recipes-core/glibc/glibc-tests_2.38.bb diff --git a/meta/recipes-core/glibc/glibc-testsuite_2.37.bb b/meta/recipes-core/glibc/glibc-testsuite_2.38.bb similarity index 100% rename from meta/recipes-core/glibc/glibc-testsuite_2.37.bb rename to meta/recipes-core/glibc/glibc-testsuite_2.38.bb diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/g
[OE-core] [PATCH v3 2/5] glibc: Enable fortify sources by defaults
Signed-off-by: Khem Raj --- v2: Rebase v3: Rebase meta/recipes-core/glibc/glibc_2.38.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-core/glibc/glibc_2.38.bb b/meta/recipes-core/glibc/glibc_2.38.bb index 851aa612b1e..94bff8f4486 100644 --- a/meta/recipes-core/glibc/glibc_2.38.bb +++ b/meta/recipes-core/glibc/glibc_2.38.bb @@ -76,6 +76,7 @@ EXTRA_OECONF = "--enable-kernel=${OLDEST_KERNEL} \ --disable-crypt \ --with-default-link \ --disable-werror \ +--enable-fortify-source \ ${@bb.utils.contains_any('SELECTED_OPTIMIZATION', '-O0 -Og', '--disable-werror', '', d)} \ ${GLIBCPIE} \ ${GLIBC_EXTRA_OECONF}" -- 2.41.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185918): https://lists.openembedded.org/g/openembedded-core/message/185918 Mute This Topic: https://lists.openembedded.org/mt/100731465/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell][PATCH] curl: Backport fix CVE-2023-32001
Signed-off-by: Ashish Sharma --- .../curl/curl/CVE-2023-32001.patch| 38 +++ meta/recipes-support/curl/curl_7.69.1.bb | 1 + 2 files changed, 39 insertions(+) create mode 100644 meta/recipes-support/curl/curl/CVE-2023-32001.patch diff --git a/meta/recipes-support/curl/curl/CVE-2023-32001.patch b/meta/recipes-support/curl/curl/CVE-2023-32001.patch new file mode 100644 index 000..f533992bcdc --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2023-32001.patch @@ -0,0 +1,38 @@ +From 0c667188e0c6cda615a036b8a2b4125f2c404dde Mon Sep 17 00:00:00 2001 +From: SaltyMilk +Date: Mon, 10 Jul 2023 21:43:28 +0200 +Subject: [PATCH] fopen: optimize + +Closes #11419 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/0c667188e0c6cda615a036b8a2b4125f2c404dde] +CVE: CVE-2023-32001 +Signed-off-by: Ashish Sharma + + lib/fopen.c | 12 ++-- + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/lib/fopen.c b/lib/fopen.c +index c9c9e3d6e73a2..b6e3cadddef65 100644 +--- a/lib/fopen.c b/lib/fopen.c +@@ -56,13 +56,13 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename, + int fd = -1; + *tempname = NULL; + +- if(stat(filename, &sb) == -1 || !S_ISREG(sb.st_mode)) { +-/* a non-regular file, fallback to direct fopen() */ +-*fh = fopen(filename, FOPEN_WRITETEXT); +-if(*fh) +- return CURLE_OK; ++ *fh = fopen(filename, FOPEN_WRITETEXT); ++ if(!*fh) + goto fail; +- } ++ if(fstat(fileno(*fh), &sb) == -1 || !S_ISREG(sb.st_mode)) ++return CURLE_OK; ++ fclose(*fh); ++ *fh = NULL; + + result = Curl_rand_hex(data, randsuffix, sizeof(randsuffix)); + if(result) diff --git a/meta/recipes-support/curl/curl_7.69.1.bb b/meta/recipes-support/curl/curl_7.69.1.bb index ce81df0f05c..2a52e8233ee 100644 --- a/meta/recipes-support/curl/curl_7.69.1.bb +++ b/meta/recipes-support/curl/curl_7.69.1.bb @@ -52,6 +52,7 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \ file://CVE-2023-27536.patch \ file://CVE-2023-28320.patch \ file://CVE-2023-28320-fol1.patch \ + file://CVE-2023-32001.patch \ " SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42" -- 2.24.4 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185916): https://lists.openembedded.org/g/openembedded-core/message/185916 Mute This Topic: https://lists.openembedded.org/mt/100730647/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] kernel.bbclass: Use KERNEL_STRIP instead of STRIP
On Sun, Aug 13, 2023 at 10:25 PM Khem Raj wrote: > > Kernel uses its own variables KERNEL_* instead of general toolchain env > variables, therefore use KERNEL_STRIP here explicitly, Problems happen > when using llvm-strip as default STRIP in distro settings, since kernel > defaults to using gcc, system does not stage llvm/clang toolchain into > kernel's staging sysroot and this function ends up with > > FileNotFoundError: [Errno 2] No such file or directory: > 'riscv64-yoe-linux-llvm-strip' Makes sense to me. Bruce > > Signed-off-by: Khem Raj > Cc: Bruce Ashfield > --- > meta/classes-recipe/kernel.bbclass | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/meta/classes-recipe/kernel.bbclass > b/meta/classes-recipe/kernel.bbclass > index bb5995b4954..acb43bd4d57 100644 > --- a/meta/classes-recipe/kernel.bbclass > +++ b/meta/classes-recipe/kernel.bbclass > @@ -760,7 +760,7 @@ addtask kernel_link_images after do_compile before > do_strip > python do_strip() { > import shutil > > -strip = d.getVar('STRIP') > +strip = d.getVar('KERNEL_STRIP') > extra_sections = d.getVar('KERNEL_IMAGE_STRIP_EXTRA_SECTIONS') > kernel_image = d.getVar('B') + "/" + d.getVar('KERNEL_OUTPUT_DIR') + > "/vmlinux" > > -- > 2.41.0 > -- - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end - "Use the force Harry" - Gandalf, Star Trek II -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185915): https://lists.openembedded.org/g/openembedded-core/message/185915 Mute This Topic: https://lists.openembedded.org/mt/100730149/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] kernel.bbclass: Use KERNEL_STRIP instead of STRIP
Kernel uses its own variables KERNEL_* instead of general toolchain env variables, therefore use KERNEL_STRIP here explicitly, Problems happen when using llvm-strip as default STRIP in distro settings, since kernel defaults to using gcc, system does not stage llvm/clang toolchain into kernel's staging sysroot and this function ends up with FileNotFoundError: [Errno 2] No such file or directory: 'riscv64-yoe-linux-llvm-strip' Signed-off-by: Khem Raj Cc: Bruce Ashfield --- meta/classes-recipe/kernel.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes-recipe/kernel.bbclass b/meta/classes-recipe/kernel.bbclass index bb5995b4954..acb43bd4d57 100644 --- a/meta/classes-recipe/kernel.bbclass +++ b/meta/classes-recipe/kernel.bbclass @@ -760,7 +760,7 @@ addtask kernel_link_images after do_compile before do_strip python do_strip() { import shutil -strip = d.getVar('STRIP') +strip = d.getVar('KERNEL_STRIP') extra_sections = d.getVar('KERNEL_IMAGE_STRIP_EXTRA_SECTIONS') kernel_image = d.getVar('B') + "/" + d.getVar('KERNEL_OUTPUT_DIR') + "/vmlinux" -- 2.41.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185914): https://lists.openembedded.org/g/openembedded-core/message/185914 Mute This Topic: https://lists.openembedded.org/mt/100730149/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 22/22] kernel: skip installing fitImage when using Initramfs bundles
From: Abdellatif El Khlifi When including an initramfs bundle inside a FIT image, the fitImage is created after the install task by do_assemble_fitimage_initramfs. This happens after the generation of the initramfs bundle (done by do_bundle_initramfs). So, at the level of the install task we should not try to install the fitImage. The fitImage is still not generated yet. After the generation of the fitImage, the deploy task copies the fitImage from the build directory to the deploy folder. Change-Id: I3eaa6bba1412f388f710fa0f389f66631c1c4826 Signed-off-by: Abdellatif El Khlifi Signed-off-by: Richard Purdie (cherry picked from commit 1b67fd9ac74935fa41e960478c54e45422339138) Signed-off-by: Frederic Martinsons Signed-off-by: Steve Sakoman --- meta/classes/kernel.bbclass | 20 +--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/meta/classes/kernel.bbclass b/meta/classes/kernel.bbclass index c6310d8de7..5d8b3b062a 100644 --- a/meta/classes/kernel.bbclass +++ b/meta/classes/kernel.bbclass @@ -417,12 +417,26 @@ kernel_do_install() { # install -d ${D}/${KERNEL_IMAGEDEST} install -d ${D}/boot + + # + # When including an initramfs bundle inside a FIT image, the fitImage is created after the install task + # by do_assemble_fitimage_initramfs. + # This happens after the generation of the initramfs bundle (done by do_bundle_initramfs). + # So, at the level of the install task we should not try to install the fitImage. fitImage is still not + # generated yet. + # After the generation of the fitImage, the deploy task copies the fitImage from the build directory to + # the deploy folder. + # + for imageType in ${KERNEL_IMAGETYPES} ; do - install -m 0644 ${KERNEL_OUTPUT_DIR}/${imageType} ${D}/${KERNEL_IMAGEDEST}/${imageType}-${KERNEL_VERSION} - if [ "${KERNEL_PACKAGE_NAME}" = "kernel" ]; then - ln -sf ${imageType}-${KERNEL_VERSION} ${D}/${KERNEL_IMAGEDEST}/${imageType} + if [ $imageType != "fitImage" ] || [ "${INITRAMFS_IMAGE_BUNDLE}" != "1" ] ; then + install -m 0644 ${KERNEL_OUTPUT_DIR}/${imageType} ${D}/${KERNEL_IMAGEDEST}/${imageType}-${KERNEL_VERSION} + if [ "${KERNEL_PACKAGE_NAME}" = "kernel" ]; then + ln -sf ${imageType}-${KERNEL_VERSION} ${D}/${KERNEL_IMAGEDEST}/${imageType} + fi fi done + install -m 0644 System.map ${D}/boot/System.map-${KERNEL_VERSION} install -m 0644 .config ${D}/boot/config-${KERNEL_VERSION} install -m 0644 vmlinux ${D}/boot/vmlinux-${KERNEL_VERSION} -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185913): https://lists.openembedded.org/g/openembedded-core/message/185913 Mute This Topic: https://lists.openembedded.org/mt/100725553/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 21/22] systemd-systemctl: fix errors in instance name expansion
From: Yuta Hayama If the instance name indicated by %i begins with a number, the meaning of the replacement string "\\1{}".format(instance) is ambiguous. To indicate group number 1 regardless of the instance name, use "\g<1>". (From OE-Core rev: d18b939fb08b37380ce95934da38e6522392621c) Signed-off-by: Yuta Hayama Signed-off-by: Richard Purdie Signed-off-by: Steve Sakoman --- meta/recipes-core/systemd/systemd-systemctl/systemctl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-core/systemd/systemd-systemctl/systemctl b/meta/recipes-core/systemd/systemd-systemctl/systemctl index b890bdd6f0..e003c860e3 100755 --- a/meta/recipes-core/systemd/systemd-systemctl/systemctl +++ b/meta/recipes-core/systemd/systemd-systemctl/systemctl @@ -189,7 +189,7 @@ class SystemdUnit(): try: for dependent in config.get('Install', prop): # expand any %i to instance (ignoring escape sequence %%) -dependent = re.sub("([^%](%%)*)%i", "\\1{}".format(instance), dependent) +dependent = re.sub("([^%](%%)*)%i", "\\g<1>{}".format(instance), dependent) wants = systemdir / "{}.{}".format(dependent, dirstem) / service add_link(wants, target) -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185912): https://lists.openembedded.org/g/openembedded-core/message/185912 Mute This Topic: https://lists.openembedded.org/mt/100725552/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 20/22] linux-firmware: Fix mediatek mt7601u firmware path
From: Marek Vasut The following linux-firmware commit moved the mt7601u firmware blob into a mediatek/ subdirectory, update the path accordingly. 8451c2b1 ("mt76xx: Move the old Mediatek WiFi firmware to mediatek") (From OE-Core rev: 6fa5c4967a7e70192e9233c92534f27ec3e394c8) Fixes: 64603f602d ("linux-firmware: upgrade 20230404 -> 20230515") Signed-off-by: Marek Vasut Signed-off-by: Steve Sakoman --- meta/recipes-kernel/linux-firmware/linux-firmware_20230515.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20230515.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20230515.bb index a367a9fd01..206de1bcd1 100644 --- a/meta/recipes-kernel/linux-firmware/linux-firmware_20230515.bb +++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20230515.bb @@ -411,7 +411,7 @@ LICENSE_${PN}-mt7601u-license = "Firmware-ralink_a_mediatek_company_firmware" FILES_${PN}-mt7601u-license = "${nonarch_base_libdir}/firmware/LICENCE.ralink_a_mediatek_company_firmware" FILES_${PN}-mt7601u = " \ - ${nonarch_base_libdir}/firmware/mt7601u.bin \ + ${nonarch_base_libdir}/firmware/mediatek/mt7601u.bin \ " RDEPENDS_${PN}-mt7601u += "${PN}-mt7601u-license" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185911): https://lists.openembedded.org/g/openembedded-core/message/185911 Mute This Topic: https://lists.openembedded.org/mt/100725551/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 19/22] openssl: Upgrade 1.1.1t -> 1.1.1v
From: Peter Marko https://www.openssl.org/news/openssl-1.1.1-notes.html Major changes between OpenSSL 1.1.1u and OpenSSL 1.1.1v [1 Aug 2023] * Fix excessive time spent checking DH q parameter value (CVE-2023-3817) * Fix DH_check() excessive time with over sized modulus (CVE-2023-3446) Major changes between OpenSSL 1.1.1t and OpenSSL 1.1.1u [30 May 2023] * Mitigate for very slow `OBJ_obj2txt()` performance with gigantic OBJECT IDENTIFIER sub-identities. (CVE-2023-2650) * Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466) * Fixed handling of invalid certificate policies in leaf certificates (CVE-2023-0465) * Limited the number of nodes created in a policy tree ([CVE-2023-0464]) All CVEs for upgrade to 1.1.1u were already patched, so effectively this will apply patches for CVE-2023-3446 and CVE-2023-3817 plus several non-CVE fixes. Because of mips build changes were backported to openssl 1.1.1 branch, backport of a patch from kirkstone is necessary. Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- ...1-Configure-do-not-tweak-mips-cflags.patch | 37 +++ .../openssl/openssl/CVE-2023-0464.patch | 226 -- .../openssl/openssl/CVE-2023-0465.patch | 60 - .../openssl/openssl/CVE-2023-0466.patch | 82 --- .../openssl/openssl/CVE-2023-2650.patch | 122 -- .../{openssl_1.1.1t.bb => openssl_1.1.1v.bb} | 7 +- 6 files changed, 39 insertions(+), 495 deletions(-) create mode 100644 meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-0464.patch delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-0465.patch delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-0466.patch delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-2650.patch rename meta/recipes-connectivity/openssl/{openssl_1.1.1t.bb => openssl_1.1.1v.bb} (96%) diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch new file mode 100644 index 00..b3f6a942d5 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch @@ -0,0 +1,37 @@ +From 326909baf81a638d51fa8be1d8227518784f5cc4 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin +Date: Tue, 14 Sep 2021 12:18:25 +0200 +Subject: [PATCH] Configure: do not tweak mips cflags + +This conflicts with mips machine definitons from yocto, +e.g. +| Error: -mips3 conflicts with the other architecture options, which imply -mips64r2 + +Upstream-Status: Inappropriate [oe-core specific] +Signed-off-by: Alexander Kanavin +Signed-off-by: Peter Marko +--- + Configure | 10 -- + 1 file changed, 10 deletions(-) + +Index: openssl-3.0.4/Configure +=== +--- openssl-3.0.4.orig/Configure openssl-3.0.4/Configure +@@ -1243,16 +1243,6 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m) + push @{$config{shared_ldflag}}, "-mno-cygwin"; + } + +-if ($target =~ /linux.*-mips/ && !$disabled{asm} +-&& !grep { $_ =~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) { +-# minimally required architecture flags for assembly modules +-my $value; +-$value = '-mips2' if ($target =~ /mips32/); +-$value = '-mips3' if ($target =~ /mips64/); +-unshift @{$config{cflags}}, $value; +-unshift @{$config{cxxflags}}, $value if $config{CXX}; +-} +- + # If threads aren't disabled, check how possible they are + unless ($disabled{threads}) { + if ($auto_threads) { diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2023-0464.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2023-0464.patch deleted file mode 100644 index cce5bad9f0..00 --- a/meta/recipes-connectivity/openssl/openssl/CVE-2023-0464.patch +++ /dev/null @@ -1,226 +0,0 @@ -From 879f7080d7e141f415c79eaa3a8ac4a3dad0348b Mon Sep 17 00:00:00 2001 -From: Pauli -Date: Wed, 8 Mar 2023 15:28:20 +1100 -Subject: [PATCH] x509: excessive resource use verifying policy constraints - -A security vulnerability has been identified in all supported versions -of OpenSSL related to the verification of X.509 certificate chains -that include policy constraints. Attackers may be able to exploit this -vulnerability by creating a malicious certificate chain that triggers -exponential use of computational resources, leading to a denial-of-service -(DoS) attack on affected systems. - -Fixes CVE-2023-0464 - -Reviewed-by: Tomas Mraz -Reviewed-by: Shane Lontis -(Merged from https://github.com/openssl/openssl/pull/20569) - -CVE: CVE-2023-0464 -Upstream-Status: Backport [https://git.openssl.org/gitweb/?p=openssl.git;a=patch;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b] -Signed-off-by: Nik
[OE-core][dunfell 18/22] linux-yocto/5.4: update to v5.4.251
From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: 887433e4bc93 Linux 5.4.251 1e02fbe4f0ed tracing/histograms: Return an error if we fail to add histogram to hist_vars list b1062596556e tcp: annotate data-races around fastopenq.max_qlen 21c325d01ecc tcp: annotate data-races around tp->notsent_lowat 7175277b4d0b tcp: annotate data-races around rskq_defer_accept 3121d649e4c6 tcp: annotate data-races around tp->linger2 b1cd5655fc13 net: Replace the limit of TCP_LINGER2 with TCP_FIN_TIMEOUT_MAX 8ce44cf35ef6 tcp: annotate data-races around tp->tcp_tx_delay c822536b3e41 netfilter: nf_tables: can't schedule in nft_chain_validate caa228792fb5 netfilter: nf_tables: fix spurious set element insertion failure b8944e53ee70 llc: Don't drop packet from non-root netns. b07e31824df6 fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe 6d39e9fc5934 Revert "tcp: avoid the lookup process failing to get sk in ehash table" 0c0bd9789a8d net:ipv6: check return value of pskb_trim() 17046107ca15 iavf: Fix use-after-free in free_netdev 765e1eaf42de net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field() 3b6f56021af6 pinctrl: amd: Use amd_pinconf_set() for all config options 951f4e9730f1 fbdev: imxfb: warn about invalid left/right margin 3e03319ab97d spi: bcm63xx: fix max prepend length c9f56f3c7bc9 igb: Fix igb_down hung on surprise removal 7d80e834625c wifi: iwlwifi: mvm: avoid baid size integer overflow 41d149376078 wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point() 970c7035f4b0 devlink: report devlink_port_type_warn source device e09a285ea1e8 bpf: Address KCSAN report on bpf_lru_list cec1857b1ea5 sched/fair: Don't balance task to its current running CPU 9d8d3df71516 arm64: mm: fix VA-range sanity check 8ad6679a5bb9 posix-timers: Ensure timer ID search-loop limit is valid d0345f7c7dbc md/raid10: prevent soft lockup while flush writes 09539f9e2076 md: fix data corruption for raid456 when reshape restart while grow up 4181c30a2c55 nbd: Add the maximum limit of allocated index in nbd_dev_add d4f1cd9b9d66 debugobjects: Recheck debug_objects_enabled before reporting 0afcebcec057 ext4: correct inline offset when handling xattrs in inode body 5d580017bdb9 drm/client: Fix memory leak in drm_client_modeset_probe 52daf6ba2e0d drm/client: Fix memory leak in drm_client_target_cloned 9533dbfac0ff can: bcm: Fix UAF in bcm_proc_show() 5dd838be69e4 selftests: tc: set timeout to 15 minutes 7f83199862c2 fuse: revalidate: don't invalidate if interrupted ae91ab710d8e btrfs: fix warning when putting transaction with qgroups enabled after abort e217a3d19e10 perf probe: Add test for regression introduced by switch to die_get_decl_file() 380c7ceabdde drm/atomic: Fix potential use-after-free in nonblocking commits b7084ebf4f54 scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue 3f22f9ddbb29 scsi: qla2xxx: Pointer may be dereferenced a1c5149a82de scsi: qla2xxx: Correct the index of array 1b7e5bdf2be2 scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() 4f90a8b04816 scsi: qla2xxx: Fix potential NULL pointer dereference d25fded78d88 scsi: qla2xxx: Wait for io return on terminate rport 056fd1820724 tracing/probes: Fix not to count error code to total length 93114cbc7cb1 tracing: Fix null pointer dereference in tracing_err_log_open() 597eb52583d4 xtensa: ISS: fix call to split_if_spec e84829522fc7 ring-buffer: Fix deadloop issue on reading trace_pipe 481535905608 tracing/histograms: Add histograms to hist_vars if they have referenced variables 46574e5a0a2a tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk 30962268fa1a tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error 0697a1a592c7 Revert "8250: add support for ASIX devices with a FIFO bug" 45e55e9cac13 meson saradc: fix clock divider mask length 2cdced57bc00 ceph: don't let check_caps skip sending responses for revoke msgs 1883a484c87e hwrng: imx-rngc - fix the timeout for init and self check e3373e6b6c79 firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() 826c7bfe5c49 serial: atmel: don't enable IRQs prematurely 15d4bd0f0a6b drm/rockchip: vop: Leave vblank enabled in self-refresh 6bc6ec8b0a0b drm/atomic: Allow vblank-enabled + self-refresh "disable" f86942709b0e fs: dlm: return positive pid value for F_GETLK ecfd1f82c4f5 md/raid0: add discard support for the 'original' layout dac4afa3efae misc: pci_endpoint_test: Re-init completion for every test dd2210379205 misc: pci_endpoint_test: Free IRQs before removing the device 9cfa4ef25de5 PCI: rockchip: Set address alignment for endpoint mode 35aec6bc0c04 PCI: ro
[OE-core][dunfell 17/22] linux-yocto/5.4: update to v5.4.250
From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: 27745d94abe1 Linux 5.4.250 00363ef30797 x86/cpu/amd: Add a Zenbleed fix 92b292bed627 x86/cpu/amd: Move the errata checking functionality up 4d4112e2845c x86/microcode/AMD: Load late on both threads too Signed-off-by: Bruce Ashfield Signed-off-by: Steve Sakoman --- .../linux/linux-yocto-rt_5.4.bb | 6 ++--- .../linux/linux-yocto-tiny_5.4.bb | 8 +++ meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +-- 3 files changed, 18 insertions(+), 18 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb index 8e2ac6f853..f31b920ca7 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "7c1c3e523391507938420fb93bfafbbf1788e6b1" -SRCREV_meta ?= "cc142627e073a6ef70b2646df36a8119cda3c736" +SRCREV_machine ?= "0057180769503ac049b495a794f864053965c7ea" +SRCREV_meta ?= "863d597749c6214d272d704c8c04ead3373142f4" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.4.249" +LINUX_VERSION ?= "5.4.250" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb index 710fc63d47..6f94fe3bd6 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb @@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.4.249" +LINUX_VERSION ?= "5.4.250" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine_qemuarm ?= "532857ef9f2014098015fa9ba30501639f8840ee" -SRCREV_machine ?= "de0d74f8949990ebd464742fbb4b4e5bfaace7b3" -SRCREV_meta ?= "cc142627e073a6ef70b2646df36a8119cda3c736" +SRCREV_machine_qemuarm ?= "f0ae300728e87e4b1e51305737b9f4dda383e7bf" +SRCREV_machine ?= "de7c8d928de44e1c130760bf11d741d25e1c0213" +SRCREV_meta ?= "863d597749c6214d272d704c8c04ead3373142f4" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb index 3e4c1ca08b..9589ca280a 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb @@ -12,16 +12,16 @@ KBRANCH_qemux86 ?= "v5.4/standard/base" KBRANCH_qemux86-64 ?= "v5.4/standard/base" KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64" -SRCREV_machine_qemuarm ?= "05e04a6628f7da8169ee7c46288bdcf5694de623" -SRCREV_machine_qemuarm64 ?= "23ac11eda9c661a3d01fc0142a6e23aad03f2b08" -SRCREV_machine_qemumips ?= "08adf55a99423b9a86b9cf0b11dcf1f6bf0a280d" -SRCREV_machine_qemuppc ?= "5b29dfbf9af0afb45cc588154a9ac6c7f68f4d81" -SRCREV_machine_qemuriscv64 ?= "19998b76926cac29365e10bc1abc976ff2481cb5" -SRCREV_machine_qemux86 ?= "19998b76926cac29365e10bc1abc976ff2481cb5" -SRCREV_machine_qemux86-64 ?= "19998b76926cac29365e10bc1abc976ff2481cb5" -SRCREV_machine_qemumips64 ?= "a70b5911861ec339487b3fd3edc49983d3e46669" -SRCREV_machine ?= "19998b76926cac29365e10bc1abc976ff2481cb5" -SRCREV_meta ?= "cc142627e073a6ef70b2646df36a8119cda3c736" +SRCREV_machine_qemuarm ?= "fb7218e03f4d75e77f3bc50217855e043e32b06a" +SRCREV_machine_qemuarm64 ?= "9561485ac053a0ea76ee95fa8dead1da30a41a8a" +SRCREV_machine_qemumips ?= "7bd91d1af3b4a24e1f34e3a9583d02d7f08aaf53" +SRCREV_machine_qemuppc ?= "f4145ff9d93b0e0b0393d16c1889bcf3c6e13e15" +SRCREV_machine_qemuriscv64 ?= "c862ec7816d3f8b34c6e2a9ba9d2dae79eda31d1" +SRCREV_machine_qemux86 ?= "c862ec7816d3f8b34c6e2a9ba9d2dae79eda31d1" +SRCREV_machine_qemux86-64 ?= "c862ec7816d3f8b34c6e2a9ba9d2dae79eda31d1" +SRCREV_machine_qemumips64 ?= "72944e165489f0dc5121461bfc74fb2bfaa3d7d7" +SRCREV_machine ?= "c862ec7816d3f8b34c6e2a9ba9d2dae79eda31d1" +SRCREV_meta ?= "863d597749c6214d272d704c8c04ead3373142f4" # remap qemuarm to qemuarma15 for the 5.4 kernel # KMACHINE_qemuarm ?= "qemuarma15" @@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" -LINUX_VERSION ?= "5.4.249" +LINUX_VERSION ?= "5.4.250" DEPENDS += "${@bb.utils.contains('A
[OE-core][dunfell 16/22] linux-yocto/5.4: update to v5.4.249
From: Bruce Ashfield Updating to the latest korg -stable release that comprises the following commits: b30db4f7e45f Linux 5.4.249 c87439055174 xfs: verify buffer contents when we skip log replay 72ab3d39b443 mm: make wait_on_page_writeback() wait for multiple pending writebacks 9ea42ba3e695 mm: fix VM_BUG_ON(PageTail) and BUG_ON(PageWriteback) dffd25725e99 i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle f89bcf03e90c x86/apic: Fix kernel panic when booting with intremap=off and x2apic_phys a43c763f9cbe drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl 45f574d8dfc1 drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl c81a542e45a0 drm/exynos: vidi: fix a wrong error return 948b8b5fd0f3 ARM: dts: Fix erroneous ADS touchscreen polarities 8d6f9f5f3bfc ASoC: nau8824: Add quirk to active-high jack-detect d6fd1b3f7648 s390/cio: unregister device when the only path is gone 0de32d3dd39d usb: gadget: udc: fix NULL dereference in remove() 823dd7de8213 nfcsim.c: Fix error checking for debugfs_create_dir c32b39d0707b media: cec: core: don't set last_initiator if tx in progress a69a15a1e789 arm64: Add missing Set/Way CMO encodings 99de9a18e646 HID: wacom: Add error check to wacom_parse_and_register() 2af8d9637270 scsi: target: iscsi: Prevent login threads from racing between each other 321a81d26c8d sch_netem: acquire qdisc lock in netem_change() 91274bbe78a2 Revert "net: phy: dp83867: perform soft reset and retain established link" 25c8d38c7560 netfilter: nfnetlink_osf: fix module autoload 476c617e4dd4 netfilter: nf_tables: disallow element updates of bound anonymous sets d3b110395fea be2net: Extend xmit workaround to BE3 chip 789d5286060f net: dsa: mt7530: fix trapping frames on non-MT7621 SoC MT7530 switch 35373d602bd4 ipvs: align inner_mac_header for encapsulation ee155675bda8 mmc: usdhi60rol0: fix deferred probing 0bd483fb95ce mmc: sh_mmcif: fix deferred probing 6160d37db171 mmc: sdhci-acpi: fix deferred probing b25875cf5e3b mmc: omap_hsmmc: fix deferred probing cbb0118f8aa0 mmc: omap: fix deferred probing e0d505356973 mmc: mvsdio: fix deferred probing c2e675509ff8 mmc: mvsdio: convert to devm_platform_ioremap_resource 3ef787d61972 mmc: mtk-sd: fix deferred probing 3c01d64996be net: qca_spi: Avoid high load if QCA7000 is not available bf7a4fd33669 xfrm: Linearize the skb after offloading if needed. d0fe8a733fa7 ieee802154: hwsim: Fix possible memory leaks dfcac203a36a rcu: Upgrade rcu_swap_protected() to rcu_replace_pointer() 94199d4727f6 x86/mm: Avoid using set_pgd() outside of real PGD pages be178a5eae0f cifs: Fix potential deadlock when updating vol in cifs_reconnect() 8a5aaa4562a9 cifs: Merge is_path_valid() into get_normalized_path() 339134c15c64 cifs: Introduce helpers for finding TCP connection cf8c7aa90618 cifs: Get rid of kstrdup_const()'d paths 3fa4c08104c4 cifs: Clean up DFS referral cache b73539b887a4 nilfs2: prevent general protection fault in nilfs_clear_dirty_page() 1cc7dcfdeb5e writeback: fix dereferencing NULL mapping->host on writeback_page_template 18a0202bec17 ip_tunnels: allow VXLAN/GENEVE to inherit TOS/TTL from VLAN ab530c9bec51 mmc: meson-gx: remove redundant mmc_request_done() call from irq context 88b373d1c5e9 cgroup: Do not corrupt task iteration when rebinding subsystem c06c568e43e7 PCI: hv: Fix a race condition bug in hv_pci_query_relations() f02a67690777 Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs 966708ed9dd9 nilfs2: fix buffer corruption due to concurrent device reads a93ae93e9f1b media: dvb-core: Fix use-after-free due to race at dvb_register_device() 225bd8cc9c3f media: dvbdev: fix error logic at dvb_register_device() 5bc971f0435f media: dvbdev: Fix memleak in dvb_register_device 40d7530bc7fd tick/common: Align tick period during sched_timer setup b9b61fd1f74d x86/purgatory: remove PGO flags 4d02a166cbee tracing: Add tracing_reset_all_online_cpus_unlocked() function e14e9cc588bd epoll: ep_autoremove_wake_function should use list_del_init_careful e77e5481d5bf list: add "list_del_init_careful()" to go with "list_empty_careful()" c32ab1c1959a mm: rewrite wait_on_page_bit_common() logic 559cefc7c25f nilfs2: reject devices with insufficient block count Signed-off-by: Bruce Ashfield Signed-off-by: Steve Sakoman --- .../linux/linux-yocto-rt_5.4.bb | 6 ++--- .../linux/linux-yocto-tiny_5.4.bb | 8 +++ meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +-- 3 files changed, 18 insertions(+), 18 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb index d775a60e9f..8e2ac6f853 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb
[OE-core][dunfell 15/22] harfbuzz: Resolve backported commit bug.
From: Dhairya Nagodra The commit [https://github.com/openembedded/openembedded-core/commit/c22bbe9b45e3] backports fix for CVE-2023-25193 for version 2.6.4. The apply() in src/hb-ot-layout-gpos-table.hh ends prematurely. The if block in apply() has an extra return statement, which causes it to return w/o executing buffer->unsafe_to_concat_from_outbuffer() function. Signed-off-by: Dhairya Nagodra Signed-off-by: Steve Sakoman --- .../harfbuzz/harfbuzz/CVE-2023-25193.patch | 16 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch b/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch index 8243117551..e4ac13dbad 100644 --- a/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch +++ b/meta/recipes-graphics/harfbuzz/harfbuzz/CVE-2023-25193.patch @@ -1,4 +1,4 @@ -From 8708b9e081192786c027bb7f5f23d76dbe5c19e8 Mon Sep 17 00:00:00 2001 +From 9c8e972dbecda93546038d2d8216397d75a3 Mon Sep 17 00:00:00 2001 From: Behdad Esfahbod Date: Mon, 6 Feb 2023 14:51:25 -0700 Subject: [PATCH] [GPOS] Avoid O(n^2) behavior in mark-attachment @@ -8,13 +8,15 @@ Comment1: The Original Patch [https://github.com/harfbuzz/harfbuzz/commit/85be87 Comment2: The Patch contained files MarkBasePosFormat1.hh and MarkLigPosFormat1.hh which were moved from hb-ot-layout-gpos-table.hh as per https://github.com/harfbuzz/harfbuzz/commit/197d9a5c994eb41c8c89b7b958b26b1eacfeeb00 CVE: CVE-2023-25193 Signed-off-by: Siddharth Doshi +Signed-off-by: Dhairya Nagodra + --- - src/hb-ot-layout-gpos-table.hh | 101 - + src/hb-ot-layout-gpos-table.hh | 103 +++-- src/hb-ot-layout-gsubgpos.hh | 5 +- - 2 files changed, 77 insertions(+), 29 deletions(-) + 2 files changed, 78 insertions(+), 30 deletions(-) diff --git a/src/hb-ot-layout-gpos-table.hh b/src/hb-ot-layout-gpos-table.hh -index 024312d..88df13d 100644 +index 024312d..db5f9ae 100644 --- a/src/hb-ot-layout-gpos-table.hh +++ b/src/hb-ot-layout-gpos-table.hh @@ -1458,6 +1458,25 @@ struct MarkBasePosFormat1 @@ -102,8 +104,9 @@ index 024312d..88df13d 100644 +//if (!_hb_glyph_info_is_base_glyph (&buffer->info[idx])) { return_trace (false); } -unsigned int base_index = (this+baseCoverage).get_coverage (buffer->info[skippy_iter.idx].codepoint); +-if (base_index == NOT_COVERED) return_trace (false); +unsigned int base_index = (this+baseCoverage).get_coverage (buffer->info[idx].codepoint); - if (base_index == NOT_COVERED) return_trace (false); ++if (base_index == NOT_COVERED) +{ + buffer->unsafe_to_concat_from_outbuffer (idx, buffer->idx + 1); + return_trace (false); @@ -174,6 +177,3 @@ index 5a7e564..437123c 100644 void set_auto_zwj (bool auto_zwj_) { auto_zwj = auto_zwj_; init_iters (); } void set_auto_zwnj (bool auto_zwnj_) { auto_zwnj = auto_zwnj_; init_iters (); } void set_random (bool random_) { random = random_; } --- -2.25.1 - -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185906): https://lists.openembedded.org/g/openembedded-core/message/185906 Mute This Topic: https://lists.openembedded.org/mt/100725546/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 14/22] cve-update-nvd2-native: always pass str for json.loads()
From: Yuta Hayama Currently json.loads() accepts one of the types str, bytes, or bytearray as an argument, but bytes and bytearrays have only been allowed since python 3.6. The version of Python3 provided by default on Ubuntu 16.04 and Debian 9.x is 3.5, so make raw_data type str to work correctly on these build hosts. Signed-off-by: Yuta Hayama Signed-off-by: Steve Sakoman --- meta/recipes-core/meta/cve-update-nvd2-native.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index 2f7dad7e82..67d76f75dd 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -136,7 +136,7 @@ def nvd_request_next(url, api_key, args): if (r.headers['content-encoding'] == 'gzip'): buf = r.read() -raw_data = gzip.decompress(buf) +raw_data = gzip.decompress(buf).decode("utf-8") else: raw_data = r.read().decode("utf-8") -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185905): https://lists.openembedded.org/g/openembedded-core/message/185905 Mute This Topic: https://lists.openembedded.org/mt/100725545/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 13/22] procps: patch CVE-2023-4016
From: Peter Marko Backport patch from upstream master. There were three changes needed to apply the patch: * move NEWS change to start of the file * change file location from src/ps/ to ps/ * change xmalloc/xcmalloc to malloc/cmalloc The x*malloc functions were introduced in commit in future version. https://gitlab.com/procps-ng/procps/-/commit/584028dbe513127ef68c55aa631480454bcc26bf They call the original function plus additionally throw error when out of memory. https://gitlab.com/procps-ng/procps/-/blob/v4.0.3/local/xalloc.h?ref_type=tags So this replacement is correct in context of our version. Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- .../procps/procps/CVE-2023-4016.patch | 85 +++ meta/recipes-extended/procps/procps_3.3.16.bb | 1 + 2 files changed, 86 insertions(+) create mode 100644 meta/recipes-extended/procps/procps/CVE-2023-4016.patch diff --git a/meta/recipes-extended/procps/procps/CVE-2023-4016.patch b/meta/recipes-extended/procps/procps/CVE-2023-4016.patch new file mode 100644 index 00..50582a8649 --- /dev/null +++ b/meta/recipes-extended/procps/procps/CVE-2023-4016.patch @@ -0,0 +1,85 @@ +From 2c933ecba3bb1d3041a5a7a53a7b4078a6003413 Mon Sep 17 00:00:00 2001 +From: Craig Small +Date: Thu, 10 Aug 2023 21:18:38 +1000 +Subject: [PATCH] ps: Fix possible buffer overflow in -C option + +ps allocates memory using malloc(length of arg * len of struct). +In certain strange circumstances, the arg length could be very large +and the multiplecation will overflow, allocating a small amount of +memory. + +Subsequent strncpy() will then write into unallocated memory. +The fix is to use calloc. It's slower but this is a one-time +allocation. Other malloc(x * y) calls have also been replaced +by calloc(x, y) + +References: + https://www.freelists.org/post/procps/ps-buffer-overflow-CVE-20234016 + https://nvd.nist.gov/vuln/detail/CVE-2023-4016 + https://gitlab.com/procps-ng/procps/-/issues/297 + https://bugs.debian.org/1042887 + +Signed-off-by: Craig Small + +CVE: CVE-2023-4016 +Upstream-Status: Backport [https://gitlab.com/procps-ng/procps/-/commit/2c933ecba3bb1d3041a5a7a53a7b4078a6003413] + +Signed-off-by: Peter Marko + +--- + NEWS| 1 + + ps/parser.c | 8 + 2 files changed, 5 insertions(+), 4 deletions(-) + +diff --git a/NEWS b/NEWS +index b9509734..64fa3da8 100644 +--- a/NEWS b/NEWS +@@ -1,3 +1,5 @@ ++ * ps: Fix buffer overflow in -C option CVE-2023-4016 Debian #1042887, issue #297 ++ + procps-ng-3.3.16 + + * library: Increment to 8:2:0 +diff --git a/ps/parser.c b/ps/parser.c +index 248aa741..15873dfa 100644 +--- a/ps/parser.c b/ps/parser.c +@@ -184,7 +184,6 @@ static const char *parse_list(const char *arg, const char *(*parse_fn)(char *, s + const char *err; /* error code that could or did happen */ + /*** prepare to operate ***/ + node = malloc(sizeof(selection_node)); +- node->u = malloc(strlen(arg)*sizeof(sel_union)); /* waste is insignificant */ + node->n = 0; + buf = strdup(arg); + /*** sanity check and count items ***/ +@@ -205,6 +204,7 @@ static const char *parse_list(const char *arg, const char *(*parse_fn)(char *, s + } while (*++walk); + if(need_item) goto parse_error; + node->n = items; ++ node->u = calloc(items, sizeof(sel_union)); + /*** actually parse the list ***/ + walk = buf; + while(items--){ +@@ -1031,15 +1031,15 @@ static const char *parse_trailing_pids(void){ + thisarg = ps_argc - 1; /* we must be at the end now */ + + pidnode = malloc(sizeof(selection_node)); +- pidnode->u = malloc(i*sizeof(sel_union)); /* waste is insignificant */ ++ pidnode->u = calloc(i, sizeof(sel_union)); /* waste is insignificant */ + pidnode->n = 0; + + grpnode = malloc(sizeof(selection_node)); +- grpnode->u = malloc(i*sizeof(sel_union)); /* waste is insignificant */ ++ grpnode->u = calloc(i,sizeof(sel_union)); /* waste is insignificant */ + grpnode->n = 0; + + sidnode = malloc(sizeof(selection_node)); +- sidnode->u = malloc(i*sizeof(sel_union)); /* waste is insignificant */ ++ sidnode->u = calloc(i, sizeof(sel_union)); /* waste is insignificant */ + sidnode->n = 0; + + while(i--){ +-- +GitLab + diff --git a/meta/recipes-extended/procps/procps_3.3.16.bb b/meta/recipes-extended/procps/procps_3.3.16.bb index 3a8289b359..ac27734a6f 100644 --- a/meta/recipes-extended/procps/procps_3.3.16.bb +++ b/meta/recipes-extended/procps/procps_3.3.16.bb @@ -14,6 +14,7 @@ inherit autotools gettext pkgconfig update-alternatives SRC_URI = "git://gitlab.com/procps-ng/procps.git;protocol=https;branch=master \ file://sysctl.conf \ + file://CVE-2023-4016.patch \ " SRCREV = "59c88e18f29000ceaf7e5f98181b07be443cf12f" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185904): https://lists.openembedded.org/g/openembedded-core/message/185904 Mute This Topic:
[OE-core][dunfell 12/22] ghostscript: backport fix for CVE-2023-38559
From: Vijay Anusuri Upstream-Status: Backport from https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1fb9991bb95f1201abb5dea55f57f Signed-off-by: Vijay Anusuri Signed-off-by: Steve Sakoman --- ...pcx-buffer-overrun-fix-from-devices-.patch | 31 +++ .../ghostscript/ghostscript_9.52.bb | 1 + 2 files changed, 32 insertions(+) create mode 100644 meta/recipes-extended/ghostscript/ghostscript/0001-Bug-706897-Copy-pcx-buffer-overrun-fix-from-devices-.patch diff --git a/meta/recipes-extended/ghostscript/ghostscript/0001-Bug-706897-Copy-pcx-buffer-overrun-fix-from-devices-.patch b/meta/recipes-extended/ghostscript/ghostscript/0001-Bug-706897-Copy-pcx-buffer-overrun-fix-from-devices-.patch new file mode 100644 index 00..91b9f6df50 --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/0001-Bug-706897-Copy-pcx-buffer-overrun-fix-from-devices-.patch @@ -0,0 +1,31 @@ +From d81b82c70bc1fb9991bb95f1201abb5dea55f57f Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Mon, 17 Jul 2023 14:06:37 +0100 +Subject: [PATCH] Bug 706897: Copy pcx buffer overrun fix from + devices/gdevpcx.c + +Bounds check the buffer, before dereferencing the pointer. + +Upstream-Status: Backport [https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1fb9991bb95f1201abb5dea55f57f] +CVE: CVE-2023-38559 +Signed-off-by: Vijay Anusuri +--- + base/gdevdevn.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/base/gdevdevn.c b/base/gdevdevn.c +index 3b019d6..2888776 100644 +--- a/base/gdevdevn.c b/base/gdevdevn.c +@@ -1980,7 +1980,7 @@ devn_pcx_write_rle(const byte * from, const byte * end, int step, gp_file * file + byte data = *from; + + from += step; +-if (data != *from || from == end) { ++if (from >= end || data != *from) { + if (data >= 0xc0) + gp_fputc(0xc1, file); + } else { +-- +2.25.1 + diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.52.bb b/meta/recipes-extended/ghostscript/ghostscript_9.52.bb index 57f0b51ad3..37e9ed8e84 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_9.52.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_9.52.bb @@ -40,6 +40,7 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d file://CVE-2021-3781_2.patch \ file://CVE-2021-3781_3.patch \ file://CVE-2023-28879.patch \ + file://0001-Bug-706897-Copy-pcx-buffer-overrun-fix-from-devices-.patch \ " SRC_URI = "${SRC_URI_BASE} \ -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185903): https://lists.openembedded.org/g/openembedded-core/message/185903 Mute This Topic: https://lists.openembedded.org/mt/100725543/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 11/22] qemu:fix CVE-2023-3354 VNC: improper I/O watch removal in TLS handshake can lead to remote unauthenticated denial of service
From: Vivek Kumbhar Signed-off-by: Vivek Kumbhar Signed-off-by: Steve Sakoman --- meta/recipes-devtools/qemu/qemu.inc | 1 + .../qemu/qemu/CVE-2023-3354.patch | 87 +++ 2 files changed, 88 insertions(+) create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3354.patch diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 352277573b..2871818cb1 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -138,6 +138,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://CVE-2021-3409-5.patch \ file://hw-display-qxl-Pass-requested-buffer-size-to-qxl_phy.patch \ file://CVE-2023-0330.patch \ + file://CVE-2023-3354.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar" diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-3354.patch b/meta/recipes-devtools/qemu/qemu/CVE-2023-3354.patch new file mode 100644 index 00..2942e84cac --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2023-3354.patch @@ -0,0 +1,87 @@ +From 10be627d2b5ec2d6b3dce045144aa739eef678b4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 20 Jun 2023 09:45:34 +0100 +Subject: [PATCH] io: remove io watch if TLS channel is closed during handshake +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The TLS handshake make take some time to complete, during which time an +I/O watch might be registered with the main loop. If the owner of the +I/O channel invokes qio_channel_close() while the handshake is waiting +to continue the I/O watch must be removed. Failing to remove it will +later trigger the completion callback which the owner is not expecting +to receive. In the case of the VNC server, this results in a SEGV as +vnc_disconnect_start() tries to shutdown a client connection that is +already gone / NULL. + +CVE-2023-3354 +Reported-by: jiangyegen +Signed-off-by: Daniel P. Berrangé + +Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/10be627d2b5ec2d6b3dce045144aa739eef678b4] +CVE: CVE-2023-3354 +Signed-off-by: Vivek Kumbhar +--- + include/io/channel-tls.h | 1 + + io/channel-tls.c | 18 -- + 2 files changed, 13 insertions(+), 6 deletions(-) + +diff --git a/include/io/channel-tls.h b/include/io/channel-tls.h +index fdbdf12f..e49e2831 100644 +--- a/include/io/channel-tls.h b/include/io/channel-tls.h +@@ -49,6 +49,7 @@ struct QIOChannelTLS { + QIOChannel *master; + QCryptoTLSSession *session; + QIOChannelShutdown shutdown; ++guint hs_ioc_tag; + }; + + /** +diff --git a/io/channel-tls.c b/io/channel-tls.c +index 7ec8ceff..8b32fbde 100644 +--- a/io/channel-tls.c b/io/channel-tls.c +@@ -194,12 +194,13 @@ static void qio_channel_tls_handshake_task(QIOChannelTLS *ioc, + } + + trace_qio_channel_tls_handshake_pending(ioc, status); +-qio_channel_add_watch_full(ioc->master, +- condition, +- qio_channel_tls_handshake_io, +- data, +- NULL, +- context); ++ioc->hs_ioc_tag = ++qio_channel_add_watch_full(ioc->master, ++ condition, ++ qio_channel_tls_handshake_io, ++ data, ++ NULL, ++ context); + } + } + +@@ -214,6 +215,7 @@ static gboolean qio_channel_tls_handshake_io(QIOChannel *ioc, + QIOChannelTLS *tioc = QIO_CHANNEL_TLS( + qio_task_get_source(task)); + ++tioc->hs_ioc_tag = 0; + g_free(data); + qio_channel_tls_handshake_task(tioc, task, context); + +@@ -371,6 +373,10 @@ static int qio_channel_tls_close(QIOChannel *ioc, + { + QIOChannelTLS *tioc = QIO_CHANNEL_TLS(ioc); + ++if (tioc->hs_ioc_tag) { ++g_clear_handle_id(&tioc->hs_ioc_tag, g_source_remove); ++} ++ + return qio_channel_close(tioc->master, errp); + } + +-- +2.25.1 + -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185902): https://lists.openembedded.org/g/openembedded-core/message/185902 Mute This Topic: https://lists.openembedded.org/mt/100725542/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 10/22] qemu: CVE-ID correction for CVE-2020-35505
From: Emily Vekariya - The commit [https://github.com/qemu/qemu/commit/995457517340] ("esp: ensure cmdfifo is not empty and current_dev is non-NULL") fixes CVE-2020-35505 instead of CVE-2020-35504. - Hence, corrected the CVE-ID in CVE-2020-35505.patch. - Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1909769 Signed-off-by: Emily Vekariya Signed-off-by: Steve Sakoman --- meta/recipes-devtools/qemu/qemu/CVE-2020-35505.patch | 11 +++ 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-35505.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-35505.patch index c5ff6e89ff..40c0b1e74f 100644 --- a/meta/recipes-devtools/qemu/qemu/CVE-2020-35505.patch +++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-35505.patch @@ -20,16 +20,19 @@ Reviewed-by: Philippe Mathieu-Daudé Tested-by: Alexander Bulekov Message-Id: <20210407195801.685-7-mark.cave-ayl...@ilande.co.uk> -CVE: CVE-2020-35504 +CVE: CVE-2020-35505 Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/qemu/tree/debian/patches/CVE-2020-35505.patch?h=ubuntu/focal-security Upstream commit https://github.com/qemu/qemu/commit/99545751734035b76bd372c4e7215bb337428d89 ] Signed-off-by: Chee Yang Lee +Signed-off-by: Emily Vekariya --- - hw/scsi/esp.c | 3 +++ - 1 file changed, 3 insertions(+) + hw/scsi/esp.c | 4 + 1 file changed, 4 insertions(+) +diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c +index c7d701bf..c2a67bc8 100644 --- a/hw/scsi/esp.c +++ b/hw/scsi/esp.c -@@ -193,6 +193,10 @@ static void do_busid_cmd(ESPState *s, ui +@@ -193,6 +193,10 @@ static void do_busid_cmd(ESPState *s, uint8_t *buf, uint8_t busid) trace_esp_do_busid_cmd(busid); lun = busid & 7; -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185901): https://lists.openembedded.org/g/openembedded-core/message/185901 Mute This Topic: https://lists.openembedded.org/mt/100725541/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 09/22] dmidecode 3.2: Fix CVE-2023-30630
From: Dhairya Nagodra Upstream Repository: https://git.savannah.gnu.org/git/dmidecode.git Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2023-30630 Type: Security Fix CVE: CVE-2023-30630 Score: 7.8 Patch: https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=6ca381c1247c Signed-off-by: Dhairya Nagodra Signed-off-by: Steve Sakoman --- .../CVE-2023-30630-dependent_p1.patch | 236 ++ .../CVE-2023-30630-dependent_p2.patch | 198 +++ .../dmidecode/dmidecode/CVE-2023-30630.patch | 62 + .../dmidecode/dmidecode_3.2.bb| 3 + 4 files changed, 499 insertions(+) create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630-dependent_p1.patch create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630-dependent_p2.patch create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630.patch diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630-dependent_p1.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630-dependent_p1.patch new file mode 100644 index 00..f1d449acbe --- /dev/null +++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630-dependent_p1.patch @@ -0,0 +1,236 @@ +From 24def311c6168d0dfb7c5f0f183b72b709c49265 Mon Sep 17 00:00:00 2001 +From: Jean Delvare +Date: Mon, 20 Feb 2023 14:53:21 +0100 +Subject: [PATCH] dmidecode: Split table fetching from decoding + +Clean up function dmi_table so that it does only one thing: +* dmi_table() is renamed to dmi_table_get(). It now retrieves the + DMI table, but does not process it any longer. +* Decoding or dumping the table is now done in smbios3_decode(), + smbios_decode() and legacy_decode(). +No functional change. + +A side effect of this change is that writing the header and body of +dump files is now done in a single location. This is required to +further consolidate the writing of dump files. + +CVE-ID: CVE-2023-30630 +Upstream-Status: Backport [https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=39b2dd7b6ab7] + +Backport Changes: +- In the file dmidecode.c, the commit [dd593d2] in v3.3 introduces + pr_info(). This is backported to printf() as per v3.2. + +Signed-off-by: Jean Delvare +Reviewed-by: Jerry Hoemann +(cherry picked from commit 39b2dd7b6ab719b920e96ed832cfb4bdd664e808) +Signed-off-by: Dhairya Nagodra +--- + dmidecode.c | 86 ++--- + 1 file changed, 62 insertions(+), 24 deletions(-) + +diff --git a/dmidecode.c b/dmidecode.c +index a3e9d6c..d6eedd1 100644 +--- a/dmidecode.c b/dmidecode.c +@@ -5211,8 +5211,9 @@ static void dmi_table_decode(u8 *buf, u32 len, u16 num, u16 ver, u32 flags) + } + } + +-static void dmi_table(off_t base, u32 len, u16 num, u32 ver, const char *devmem, +-u32 flags) ++/* Allocates a buffer for the table, must be freed by the caller */ ++static u8 *dmi_table_get(off_t base, u32 *len, u16 num, u32 ver, ++ const char *devmem, u32 flags) + { + u8 *buf; + +@@ -5231,7 +5232,7 @@ static void dmi_table(off_t base, u32 len, u16 num, u32 ver, const char *devmem, + { + if (num) + printf("%u structures occupying %u bytes.\n", +- num, len); ++ num, *len); + if (!(opt.flags & FLAG_FROM_DUMP)) + printf("Table at 0x%08llX.\n", + (unsigned long long)base); +@@ -5249,19 +5250,19 @@ static void dmi_table(off_t base, u32 len, u16 num, u32 ver, const char *devmem, +* would be the result of the kernel truncating the table on +* parse error. +*/ +- size_t size = len; ++ size_t size = *len; + buf = read_file(flags & FLAG_NO_FILE_OFFSET ? 0 : base, + &size, devmem); +- if (!(opt.flags & FLAG_QUIET) && num && size != (size_t)len) ++ if (!(opt.flags & FLAG_QUIET) && num && size != (size_t)*len) + { + fprintf(stderr, "Wrong DMI structures length: %u bytes " + "announced, only %lu bytes available.\n", +- len, (unsigned long)size); ++ *len, (unsigned long)size); + } +- len = size; ++ *len = size; + } + else +- buf = mem_chunk(base, len, devmem); ++ buf = mem_chunk(base, *len, devmem); + + if (buf == NULL) + { +@@ -5271,15 +5272,9 @@ static void dmi_table(off_t base, u32 len, u16 num, u32 ver, const char *devmem, + fprintf(stderr, + "Try compiling dmidecode with -DUSE_MMAP.\n"); + #endif +- return; + } + +- if (opt.
[OE-core][dunfell 08/22] tiff: fix multiple CVEs
From: Hitendra Prajapati Backport fixes for: * CVE-2023-2908 - Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f * CVE-2023-3316 - Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/d63de61b1ec3385f6383ef9a1f453e4b8b11d536 * CVE-2023-3618 - Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/881a070194783561fd209b7c789a4e75566f7f37 && https://gitlab.com/libtiff/libtiff/-/commit/b5c7d4c4e0ac16b5cfb11acaaeaa493334f8 Signed-off-by: Hitendra Prajapati Signed-off-by: Steve Sakoman --- .../libtiff/files/CVE-2023-2908.patch | 33 +++ .../libtiff/files/CVE-2023-3316.patch | 59 +++ .../libtiff/files/CVE-2023-3618-1.patch | 34 +++ .../libtiff/files/CVE-2023-3618-2.patch | 47 +++ meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | 4 ++ 5 files changed, 177 insertions(+) create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-2908.patch create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-3316.patch create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-3618-1.patch create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-3618-2.patch diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-2908.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-2908.patch new file mode 100644 index 00..62a5e1831c --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2023-2908.patch @@ -0,0 +1,33 @@ +From 8c0859a80444c90b8dfb862a9f16de74e16f0a9e Mon Sep 17 00:00:00 2001 +From: xiaoxiaoafeifei +Date: Fri, 21 Apr 2023 13:01:34 + +Subject: [PATCH] countInkNamesString(): fix `UndefinedBehaviorSanitizer`: + applying zero offset to null pointer + +Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f] +CVE: CVE-2023-2908 +Signed-off-by: Hitendra Prajapati +--- + libtiff/tif_dir.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c +index 9d8267a..6389b40 100644 +--- a/libtiff/tif_dir.c b/libtiff/tif_dir.c +@@ -145,10 +145,10 @@ static uint16 + countInkNamesString(TIFF *tif, uint32 slen, const char *s) + { + uint16 i = 0; +- const char *ep = s + slen; +- const char *cp = s; + + if (slen > 0) { ++ const char *ep = s + slen; ++ const char *cp = s; + do { + for (; cp < ep && *cp != '\0'; cp++) {} + if (cp >= ep) +-- +2.25.1 + diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-3316.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-3316.patch new file mode 100644 index 00..8db24fc714 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2023-3316.patch @@ -0,0 +1,59 @@ +From d63de61b1ec3385f6383ef9a1f453e4b8b11d536 Mon Sep 17 00:00:00 2001 +From: Su_Laus +Date: Fri, 3 Feb 2023 17:38:55 +0100 +Subject: [PATCH] TIFFClose() avoid NULL pointer dereferencing. fix#515 + +Closes #515 + +Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/d63de61b1ec3385f6383ef9a1f453e4b8b11d536] +CVE: CVE-2023-3316 +Signed-off-by: Hitendra Prajapati +--- + libtiff/tif_close.c | 11 +++ + tools/tiffcrop.c| 5 - + 2 files changed, 11 insertions(+), 5 deletions(-) + +diff --git a/libtiff/tif_close.c b/libtiff/tif_close.c +index e4228df..335e80f 100644 +--- a/libtiff/tif_close.c b/libtiff/tif_close.c +@@ -118,13 +118,16 @@ TIFFCleanup(TIFF* tif) + */ + + void +-TIFFClose(TIFF* tif) ++TIFFClose(TIFF *tif) + { +- TIFFCloseProc closeproc = tif->tif_closeproc; +- thandle_t fd = tif->tif_clientdata; ++if (tif != NULL) ++{ ++TIFFCloseProc closeproc = tif->tif_closeproc; ++thandle_t fd = tif->tif_clientdata; + + TIFFCleanup(tif); +- (void) (*closeproc)(fd); ++(void)(*closeproc)(fd); ++} + } + + /* vim: set ts=8 sts=8 sw=8 noet: */ +diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c +index a533089..f14bb0c 100644 +--- a/tools/tiffcrop.c b/tools/tiffcrop.c +@@ -2526,7 +2526,10 @@ main(int argc, char* argv[]) + } + } + +- TIFFClose(out); ++if (out != NULL) ++{ ++TIFFClose(out); ++} + + return (0); + } /* end main */ +-- +2.25.1 + diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-3618-1.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-3618-1.patch new file mode 100644 index 00..35ed852519 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2023-3618-1.patch @@ -0,0 +1,34 @@ +From 881a070194783561fd209b7c789a4e75566f7f37 Mon Sep 17 00:00:00 2001 +From: zhailiangliang +Date: Tue, 7 Mar 2023 15:02:08 +0800 +Subject: [PATCH] Fix memory leak in tiffcrop.c + +Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/881a070194783561fd209b7c789a4e75566f7f37] +CVE: CVE-
[OE-core][dunfell 07/22] tiff: fix multiple CVEs
From: Hitendra Prajapati Backport fixes for: * CVE-2023-25433 - Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/9c22495e5eeeae9e00a1596720c969656bb8d678 && https://gitlab.com/libtiff/libtiff/-/commit/688012dca2c39033aa2dc7bcea9796787cfd1b44 * CVE-2023-25434 & CVE-2023-25435 - Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/69818e2f2d246e6631ac2a2da692c3706b849c38 * CVE-2023-26965 & CVE-2023-26966 - Upstream-Status: Backport from import from debian http://security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.1.0+git191117-2~deb10u8.debian.tar.xz] Signed-off-by: Hitendra Prajapati Signed-off-by: Steve Sakoman --- .../libtiff/files/CVE-2023-25433.patch| 173 ++ .../files/CVE-2023-25434-CVE-2023-25435.patch | 94 ++ .../libtiff/files/CVE-2023-26965.patch| 90 + .../libtiff/files/CVE-2023-26966.patch| 35 meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | 4 + 5 files changed, 396 insertions(+) create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-25433.patch create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-25434-CVE-2023-25435.patch create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-26965.patch create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-26966.patch diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-25433.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-25433.patch new file mode 100644 index 00..7d6d40f25a --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2023-25433.patch @@ -0,0 +1,173 @@ +From 9c22495e5eeeae9e00a1596720c969656bb8d678 Mon Sep 17 00:00:00 2001 +From: Su_Laus +Date: Fri, 3 Feb 2023 15:31:31 +0100 +Subject: [PATCH] tiffcrop correctly update buffersize after rotateImage() + fix#520 rotateImage() set up a new buffer and calculates its size + individually. Therefore, seg_buffs[] size needs to be updated accordingly. + Before this fix, the seg_buffs buffer size was calculated with a different + formula than within rotateImage(). + +Closes #520. + +Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/9c22495e5eeeae9e00a1596720c969656bb8d678 && https://gitlab.com/libtiff/libtiff/-/commit/688012dca2c39033aa2dc7bcea9796787cfd1b44] +CVE: CVE-2023-25433 +Signed-off-by: Hitendra Prajapati +--- + tools/tiffcrop.c | 69 +++- + 1 file changed, 56 insertions(+), 13 deletions(-) + +diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c +index 742615a..aab0ec6 100644 +--- a/tools/tiffcrop.c b/tools/tiffcrop.c +@@ -531,7 +531,7 @@ static int rotateContigSamples24bits(uint16, uint16, uint16, uint32, + static int rotateContigSamples32bits(uint16, uint16, uint16, uint32, + uint32, uint32, uint8 *, uint8 *); + static int rotateImage(uint16, struct image_data *, uint32 *, uint32 *, +- unsigned char **, int); ++ unsigned char **, size_t *); + static int mirrorImage(uint16, uint16, uint16, uint32, uint32, + unsigned char *); + static int invertImage(uint16, uint16, uint16, uint32, uint32, +@@ -6384,7 +6384,7 @@ static int correct_orientation(struct image_data *image, unsigned char **work_b +* but switch xres, yres there. */ + uint32_t width = image->width; + uint32_t length = image->length; +- if (rotateImage(rotation, image, &width, &length, work_buff_ptr, TRUE)) ++ if (rotateImage(rotation, image, &width, &length, work_buff_ptr, NULL)) + { + TIFFError ("correct_orientation", "Unable to rotate image"); + return (-1); +@@ -7607,8 +7607,12 @@ processCropSelections(struct image_data *image, struct crop_mask *crop, + + if (crop->crop_mode & CROP_ROTATE) /* rotate should be last as it can reallocate the buffer */ + { ++ /* rotateImage() set up a new buffer and calculates its size ++ * individually. Therefore, seg_buffs size needs to be updated ++ * accordingly. */ ++ size_t rot_buf_size = 0; + if (rotateImage(crop->rotation, image, &crop->combined_width, +- &crop->combined_length, &crop_buff, FALSE)) ++ &crop->combined_length, &crop_buff, &rot_buf_size)) + { + TIFFError("processCropSelections", + "Failed to rotate composite regions by %d degrees", crop->rotation); +@@ -7713,8 +7717,13 @@ processCropSelections(struct image_data *image, struct crop_mask *crop, + + if (crop->crop_mode & CROP_ROTATE) /* rotate should be last as it can reallocate the buffer */ + { +- if (rotateImage(crop->rotation, image, &crop->regionlist[i].width, +- &crop->regionlist[i].length, &crop_buff, FALSE)) ++/* Furthermore, rotateImage() set up a new buffer and calculates ++ * its size individually. Therefore, s
[OE-core][dunfell 06/22] libpcre2: patch CVE-2022-41409
From: Peter Marko Backport commit mentioned in NVD DB links. https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- .../libpcre/libpcre2/CVE-2022-41409.patch | 74 +++ .../recipes-support/libpcre/libpcre2_10.34.bb | 1 + 2 files changed, 75 insertions(+) create mode 100644 meta/recipes-support/libpcre/libpcre2/CVE-2022-41409.patch diff --git a/meta/recipes-support/libpcre/libpcre2/CVE-2022-41409.patch b/meta/recipes-support/libpcre/libpcre2/CVE-2022-41409.patch new file mode 100644 index 00..882277ae73 --- /dev/null +++ b/meta/recipes-support/libpcre/libpcre2/CVE-2022-41409.patch @@ -0,0 +1,74 @@ +From 94e1c001761373b7d9450768aa15d04c25547a35 Mon Sep 17 00:00:00 2001 +From: Philip Hazel +Date: Tue, 16 Aug 2022 17:00:45 +0100 +Subject: [PATCH] Diagnose negative repeat value in pcre2test subject line + +CVE: CVE-2022-41409 +Upstream-Status: Backport [https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35] + +Signed-off-by: Peter Marko + +--- + ChangeLog| 3 +++ + src/pcre2test.c | 4 ++-- + testdata/testinput2 | 3 +++ + testdata/testoutput2 | 4 + 4 files changed, 12 insertions(+), 2 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index eab50eb7..276eb57a 100644 +--- a/ChangeLog b/ChangeLog +@@ -7,6 +7,9 @@ fully read in caseless matching. + 24. Fixed an issue affecting recursions in JIT caused by duplicated data + transfers. + ++20. A negative repeat value in a pcre2test subject line was not being ++diagnosed, leading to infinite looping. ++ + + Version 10.34 21-November-2019 + -- +diff --git a/src/pcre2test.c b/src/pcre2test.c +index 08f86096..f6f5d66c 100644 +--- a/src/pcre2test.c b/src/pcre2test.c +@@ -6700,9 +6700,9 @@ while ((c = *p++) != 0) + } + + i = (int32_t)li; +-if (i-- == 0) ++if (i-- <= 0) + { +- fprintf(outfile, "** Zero repeat not allowed\n"); ++ fprintf(outfile, "** Zero or negative repeat not allowed\n"); + return PR_OK; + } + +diff --git a/testdata/testinput2 b/testdata/testinput2 +index 655e519..14e00ed 100644 +--- a/testdata/testinput2 b/testdata/testinput2 +@@ -5772,4 +5772,7 @@ a)"xI + /(a)?a/I + manm + ++-- ++\[X]{-10} ++ + # End of testinput2 +diff --git a/testdata/testoutput2 b/testdata/testoutput2 +index c733c12..958f246 100644 +--- a/testdata/testoutput2 b/testdata/testoutput2 +@@ -17435,6 +17435,10 @@ Subject length lower bound = 1 + manm + 0: a + ++-- ++\[X]{-10} ++** Zero or negative repeat not allowed ++ + # End of testinput2 + Error -70: PCRE2_ERROR_BADDATA (unknown error number) + Error -62: bad serialized data diff --git a/meta/recipes-support/libpcre/libpcre2_10.34.bb b/meta/recipes-support/libpcre/libpcre2_10.34.bb index 254badf6f6..3e1b001c32 100644 --- a/meta/recipes-support/libpcre/libpcre2_10.34.bb +++ b/meta/recipes-support/libpcre/libpcre2_10.34.bb @@ -14,6 +14,7 @@ SRC_URI = "http://downloads.yoctoproject.org/mirror/sources/pcre2-${PV}.tar.bz2 file://pcre-cross.patch \ file://CVE-2022-1586.patch \ file://CVE-2022-1587.patch \ + file://CVE-2022-41409.patch \ " SRC_URI[md5sum] = "d280b62ded13f9ccf2fac16ee5286366" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185897): https://lists.openembedded.org/g/openembedded-core/message/185897 Mute This Topic: https://lists.openembedded.org/mt/100725533/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 05/22] libarchive: ignore CVE-2023-30571
From: Peter Marko This issue was reported and discusses under [1] which is linked in NVD CVE report. It was already documented that some parts or libarchive are thread safe and some not. [2] was now merged to document that also reported function is not thread safe. So this CVE *now* reports thread race condition for non-thread-safe function. And as such the CVE report is now invalid. The issue is still not closed for 2 reasons: * better document what is and what is not thread safe * request to public if someone could make these functions thread safe This should however not invalidate above statment about ignoring this CVE. [1] https://github.com/libarchive/libarchive/issues/1876 [2] https://github.com/libarchive/libarchive/pull/1875 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- meta/recipes-extended/libarchive/libarchive_3.4.2.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-extended/libarchive/libarchive_3.4.2.bb b/meta/recipes-extended/libarchive/libarchive_3.4.2.bb index 582787d3f3..728eedc401 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.4.2.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.4.2.bb @@ -46,6 +46,9 @@ SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \ SRC_URI[md5sum] = "d953ed6b47694dadf0e6042f8f9ff451" SRC_URI[sha256sum] = "b60d58d12632ecf1e8fad7316dc82c6b9738a35625746b47ecdcaf4aed176176" +# upstream-wontfix: upstream has documented that reported function is not thread-safe +CVE_CHECK_WHITELIST += "CVE-2023-30571" + inherit autotools update-alternatives pkgconfig CPPFLAGS += "-I${WORKDIR}/extra-includes" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185896): https://lists.openembedded.org/g/openembedded-core/message/185896 Mute This Topic: https://lists.openembedded.org/mt/100725531/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 04/22] go: fix CVE-2023-29406 net/http: insufficient sanitization of Host header
From: Vivek Kumbhar Signed-off-by: Vivek Kumbhar Signed-off-by: Steve Sakoman --- meta/recipes-devtools/go/go-1.14.inc | 1 + .../go/go-1.14/CVE-2023-29406.patch | 212 ++ 2 files changed, 213 insertions(+) create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-29406.patch diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc index 33b53b1a34..b2cf805d2d 100644 --- a/meta/recipes-devtools/go/go-1.14.inc +++ b/meta/recipes-devtools/go/go-1.14.inc @@ -68,6 +68,7 @@ SRC_URI += "\ file://CVE-2023-29402.patch \ file://CVE-2023-29404.patch \ file://CVE-2023-29400.patch \ +file://CVE-2023-29406.patch \ " SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2023-29406.patch b/meta/recipes-devtools/go/go-1.14/CVE-2023-29406.patch new file mode 100644 index 00..080def4682 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2023-29406.patch @@ -0,0 +1,212 @@ +From 5fa6923b1ea891400153d04ddf1545e23b40041b Mon Sep 17 00:00:00 2001 +From: Damien Neil +Date: Wed, 28 Jun 2023 13:20:08 -0700 +Subject: [PATCH] [release-branch.go1.19] net/http: validate Host header before + sending + +Verify that the Host header we send is valid. +Avoids surprising behavior such as a Host of "go.dev\r\nX-Evil:oops" +adding an X-Evil header to HTTP/1 requests. + +Add a test, skip the test for HTTP/2. HTTP/2 is not vulnerable to +header injection in the way HTTP/1 is, but x/net/http2 doesn't validate +the header and will go into a retry loop when the server rejects it. +CL 506995 adds the necessary validation to x/net/http2. + +Updates #60374 +Fixes #61075 +For CVE-2023-29406 + +Change-Id: I05cb6866a9bead043101954dfded199258c6dd04 +Reviewed-on: https://go-review.googlesource.com/c/go/+/506996 +Reviewed-by: Tatiana Bradley +TryBot-Result: Gopher Robot +Run-TryBot: Damien Neil +(cherry picked from commit 499458f7ca04087958987a33c2703c3ef03e27e2) +Reviewed-on: https://go-review.googlesource.com/c/go/+/507358 +Run-TryBot: Tatiana Bradley +Reviewed-by: Roland Shoemaker + +Upstream-Status: Backport [https://github.com/golang/go/commit/5fa6923b1ea891400153d04ddf1545e23b40041b] +CVE: CVE-2023-29406 +Signed-off-by: Vivek Kumbhar +--- + src/net/http/http_test.go | 29 - + src/net/http/request.go| 47 -- + src/net/http/request_test.go | 11 ++-- + src/net/http/transport_test.go | 18 + + 4 files changed, 31 insertions(+), 74 deletions(-) + +diff --git a/src/net/http/http_test.go b/src/net/http/http_test.go +index f4ea52d..ea38cb4 100644 +--- a/src/net/http/http_test.go b/src/net/http/http_test.go +@@ -49,35 +49,6 @@ func TestForeachHeaderElement(t *testing.T) { + } + } + +-func TestCleanHost(t *testing.T) { +- tests := []struct { +- in, want string +- }{ +- {"www.google.com", "www.google.com"}, +- {"www.google.com foo", "www.google.com"}, +- {"www.google.com/foo", "www.google.com"}, +- {" first character is a space", ""}, +- {"[1::6]:8080", "[1::6]:8080"}, +- +- // Punycode: +- {"гофер.рф/foo", "xn--c1ae0ajs.xn--p1ai"}, +- {"bücher.de", "xn--bcher-kva.de"}, +- {"bücher.de:8080", "xn--bcher-kva.de:8080"}, +- // Verify we convert to lowercase before punycode: +- {"BÜCHER.de", "xn--bcher-kva.de"}, +- {"BÜCHER.de:8080", "xn--bcher-kva.de:8080"}, +- // Verify we normalize to NFC before punycode: +- {"gophér.nfc", "xn--gophr-esa.nfc"},// NFC input; no work needed +- {"goph\u0065\u0301r.nfd", "xn--gophr-esa.nfd"}, // NFD input +- } +- for _, tt := range tests { +- got := cleanHost(tt.in) +- if tt.want != got { +- t.Errorf("cleanHost(%q) = %q, want %q", tt.in, got, tt.want) +- } +- } +-} +- + // Test that cmd/go doesn't link in the HTTP server. + // + // This catches accidental dependencies between the HTTP transport and +diff --git a/src/net/http/request.go b/src/net/http/request.go +index cb2edd2..2706300 100644 +--- a/src/net/http/request.go b/src/net/http/request.go +@@ -18,7 +18,6 @@ import ( + "io/ioutil" + "mime" + "mime/multipart" +- "net" + "net/http/httptrace" + "net/textproto" + "net/url" +@@ -26,7 +25,8 @@ import ( + "strconv" + "strings" + "sync" +- ++ ++ "golang.org/x/net/http/httpguts" + "golang.org/x/net/idna" + ) + +@@ -557,12 +557,19 @@ func (r *Request) write(w io.Writer, usingProxy bool, extraHeaders Header, waitF + // is not given, use the host from the request URL. + // + // Clean the host, in case it arrives with unexpected stuff in it. +-
[OE-core][dunfell 03/22] libjpeg-turbo: patch CVE-2023-2804
From: Peter Marko Relevant links: * linked fronm NVD: * https://github.com/libjpeg-turbo/libjpeg-turbo/issues/668#issuecomment-1492586118 * follow-up analysis: * https://github.com/libjpeg-turbo/libjpeg-turbo/issues/668#issuecomment-1496473989 * picked commits fix all issues mentioned in this analysis Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- .../jpeg/files/CVE-2023-2804-1.patch | 97 +++ .../jpeg/files/CVE-2023-2804-2.patch | 75 ++ .../jpeg/libjpeg-turbo_2.0.4.bb | 2 + 3 files changed, 174 insertions(+) create mode 100644 meta/recipes-graphics/jpeg/files/CVE-2023-2804-1.patch create mode 100644 meta/recipes-graphics/jpeg/files/CVE-2023-2804-2.patch diff --git a/meta/recipes-graphics/jpeg/files/CVE-2023-2804-1.patch b/meta/recipes-graphics/jpeg/files/CVE-2023-2804-1.patch new file mode 100644 index 00..6668f6e41d --- /dev/null +++ b/meta/recipes-graphics/jpeg/files/CVE-2023-2804-1.patch @@ -0,0 +1,97 @@ +From 9679473547874c472569d54fecce32b463999a9d Mon Sep 17 00:00:00 2001 +From: DRC +Date: Tue, 4 Apr 2023 19:06:20 -0500 +Subject: [PATCH] Decomp: Don't enable 2-pass color quant w/ RGB565 + +The 2-pass color quantization algorithm assumes 3-sample pixels. RGB565 +is the only 3-component colorspace that doesn't have 3-sample pixels, so +we need to treat it as a special case when determining whether to enable +2-pass color quantization. Otherwise, attempting to initialize 2-pass +color quantization with an RGB565 output buffer could cause +prescan_quantize() to read from uninitialized memory and subsequently +underflow/overflow the histogram array. + +djpeg is supposed to fail gracefully if both -rgb565 and -colors are +specified, because none of its destination managers (image writers) +support color quantization with RGB565. However, prescan_quantize() was +called before that could occur. It is possible but very unlikely that +these issues could have been reproduced in applications other than +djpeg. The issues involve the use of two features (12-bit precision and +RGB565) that are incompatible, and they also involve the use of two +rarely-used legacy features (RGB565 and color quantization) that don't +make much sense when combined. + +Fixes #668 +Fixes #671 +Fixes #680 + +CVE: CVE-2023-2804 +Upstream-Status: Backport [https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9679473547874c472569d54fecce32b463999a9d] + +Signed-off-by: Peter Marko +--- + ChangeLog.md | 6 ++ + jdmaster.c | 5 +++-- + jquant2.c| 5 +++-- + 3 files changed, 12 insertions(+), 4 deletions(-) + +diff --git a/ChangeLog.md b/ChangeLog.md +index e605abe73..de0c4d0dd 100644 +--- a/ChangeLog.md b/ChangeLog.md +@@ -1,3 +1,9 @@ quality values. ++9. Fixed an oversight in 1.4 beta1[8] that caused various segfaults and buffer ++overruns when attempting to decompress various specially-crafted malformed ++12-bit-per-component JPEG images using a 12-bit-per-component build of djpeg ++(`-DWITH_12BIT=1`) with both color quantization and RGB565 color conversion ++enabled. ++ + 2.0.4 + = + +diff --git a/jdmaster.c b/jdmaster.c +index b20906438..8d8ef9956 100644 +--- a/jdmaster.c b/jdmaster.c +@@ -5,7 +5,7 @@ + * Copyright (C) 1991-1997, Thomas G. Lane. + * Modified 2002-2009 by Guido Vollbeding. + * libjpeg-turbo Modifications: +- * Copyright (C) 2009-2011, 2016, D. R. Commander. ++ * Copyright (C) 2009-2011, 2016, 2023, D. R. Commander. + * Copyright (C) 2013, Linaro Limited. + * Copyright (C) 2015, Google, Inc. + * For conditions of distribution and use, see the accompanying README.ijg +@@ -492,7 +492,8 @@ master_selection(j_decompress_ptr cinfo) + if (cinfo->raw_data_out) + ERREXIT(cinfo, JERR_NOTIMPL); + /* 2-pass quantizer only works in 3-component color space. */ +-if (cinfo->out_color_components != 3) { ++if (cinfo->out_color_components != 3 || ++cinfo->out_color_space == JCS_RGB565) { + cinfo->enable_1pass_quant = TRUE; + cinfo->enable_external_quant = FALSE; + cinfo->enable_2pass_quant = FALSE; +diff --git a/jquant2.c b/jquant2.c +index 6570613bb..c760380fb 100644 +--- a/jquant2.c b/jquant2.c +@@ -4,7 +4,7 @@ + * This file was part of the Independent JPEG Group's software: + * Copyright (C) 1991-1996, Thomas G. Lane. + * libjpeg-turbo Modifications: +- * Copyright (C) 2009, 2014-2015, D. R. Commander. ++ * Copyright (C) 2009, 2014-2015, 2020, 2023, D. R. Commander. + * For conditions of distribution and use, see the accompanying README.ijg + * file. + * +@@ -1230,7 +1230,8 @@ jinit_2pass_quantizer(j_decompress_ptr cinfo) + cquantize->error_limiter = NULL; + + /* Make sure jdmaster didn't give me a case I can't handle */ +- if (cinfo->out_color_components != 3) ++ if (cinfo->out_color_components != 3 || ++ cinfo->out_color_space == JCS_RGB565) + ERREXIT(cinfo, JERR_NOTIMPL); + + /* Allocate the histogram/inverse colormap st
[OE-core][dunfell 02/22] python3: ignore CVE-2023-36632
From: Peter Marko This CVE shouldn't have been filed as the "exploit" is described in the documentation as how the library behaves. Signed-off-by: Ross Burton Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit c652f094d86c4efb7ff99accba63b8169493ab18) Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- meta/recipes-devtools/python/python3_3.8.17.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-devtools/python/python3_3.8.17.bb b/meta/recipes-devtools/python/python3_3.8.17.bb index 8c00d65794..00c4ff497a 100644 --- a/meta/recipes-devtools/python/python3_3.8.17.bb +++ b/meta/recipes-devtools/python/python3_3.8.17.bb @@ -61,6 +61,8 @@ CVE_CHECK_WHITELIST += "CVE-2020-15523 CVE-2022-26488" # The mailcap module is insecure by design, so this can't be fixed in a meaningful way. # The module will be removed in the future and flaws documented. CVE_CHECK_WHITELIST += "CVE-2015-20107" +# Not an issue, in fact expected behaviour +CVE_CHECK_WHITELIST += "CVE-2023-36632" PYTHON_MAJMIN = "3.8" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185893): https://lists.openembedded.org/g/openembedded-core/message/185893 Mute This Topic: https://lists.openembedded.org/mt/100725527/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell 01/22] ruby/cgi-gem: CVE-2021-33621 HTTP response splitting in CGI
From: Hitendra Prajapati Upstream-Status: Backport from https://github.com/ruby/cgi/commit/64c5045c0a6b84fdb938a8465a0890e5f7162708 Signed-off-by: Hitendra Prajapati Signed-off-by: Steve Sakoman --- .../ruby/ruby/CVE-2021-33621.patch| 139 ++ meta/recipes-devtools/ruby/ruby_2.7.6.bb | 1 + 2 files changed, 140 insertions(+) create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2021-33621.patch diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2021-33621.patch b/meta/recipes-devtools/ruby/ruby/CVE-2021-33621.patch new file mode 100644 index 00..cc2f9853db --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/CVE-2021-33621.patch @@ -0,0 +1,139 @@ +From 64c5045c0a6b84fdb938a8465a0890e5f7162708 Mon Sep 17 00:00:00 2001 +From: Yusuke Endoh +Date: Tue, 22 Nov 2022 10:49:27 +0900 +Subject: [PATCH] Prevent CRLF injection + +Throw a RuntimeError if the HTTP response header contains CR or LF to +prevent HTTP response splitting. + +https://hackerone.com/reports/1204695 + +Upstream-Status: Backport [https://github.com/ruby/cgi/commit/64c5045c0a6b84fdb938a8465a0890e5f7162708] +CVE: CVE-2021-33621 +Signed-off-by: Hitendra Prajapati +--- + lib/cgi/core.rb | 45 +++-- + test/cgi/test_cgi_header.rb | 8 +++ + 2 files changed, 36 insertions(+), 17 deletions(-) + +diff --git a/lib/cgi/core.rb b/lib/cgi/core.rb +index bec76e0..62e6068 100644 +--- a/lib/cgi/core.rb b/lib/cgi/core.rb +@@ -188,17 +188,28 @@ class CGI + # Using #header with the HTML5 tag maker will create a element. + alias :header :http_header + ++ def _no_crlf_check(str) ++if str ++ str = str.to_s ++ raise "A HTTP status or header field must not include CR and LF" if str =~ /[\r\n]/ ++ str ++else ++ nil ++end ++ end ++ private :_no_crlf_check ++ + def _header_for_string(content_type) #:nodoc: + buf = ''.dup + if nph?() +- buf << "#{$CGI_ENV['SERVER_PROTOCOL'] || 'HTTP/1.0'} 200 OK#{EOL}" ++ buf << "#{_no_crlf_check($CGI_ENV['SERVER_PROTOCOL']) || 'HTTP/1.0'} 200 OK#{EOL}" + buf << "Date: #{CGI.rfc1123_date(Time.now)}#{EOL}" +- buf << "Server: #{$CGI_ENV['SERVER_SOFTWARE']}#{EOL}" ++ buf << "Server: #{_no_crlf_check($CGI_ENV['SERVER_SOFTWARE'])}#{EOL}" + buf << "Connection: close#{EOL}" + end +-buf << "Content-Type: #{content_type}#{EOL}" ++buf << "Content-Type: #{_no_crlf_check(content_type)}#{EOL}" + if @output_cookies +- @output_cookies.each {|cookie| buf << "Set-Cookie: #{cookie}#{EOL}" } ++ @output_cookies.each {|cookie| buf << "Set-Cookie: #{_no_crlf_check(cookie)}#{EOL}" } + end + return buf + end # _header_for_string +@@ -213,9 +224,9 @@ class CGI + ## NPH + options.delete('nph') if defined?(MOD_RUBY) + if options.delete('nph') || nph?() +- protocol = $CGI_ENV['SERVER_PROTOCOL'] || 'HTTP/1.0' ++ protocol = _no_crlf_check($CGI_ENV['SERVER_PROTOCOL']) || 'HTTP/1.0' + status = options.delete('status') +- status = HTTP_STATUS[status] || status || '200 OK' ++ status = HTTP_STATUS[status] || _no_crlf_check(status) || '200 OK' + buf << "#{protocol} #{status}#{EOL}" + buf << "Date: #{CGI.rfc1123_date(Time.now)}#{EOL}" + options['server'] ||= $CGI_ENV['SERVER_SOFTWARE'] || '' +@@ -223,38 +234,38 @@ class CGI + end + ## common headers + status = options.delete('status') +-buf << "Status: #{HTTP_STATUS[status] || status}#{EOL}" if status ++buf << "Status: #{HTTP_STATUS[status] || _no_crlf_check(status)}#{EOL}" if status + server = options.delete('server') +-buf << "Server: #{server}#{EOL}" if server ++buf << "Server: #{_no_crlf_check(server)}#{EOL}" if server + connection = options.delete('connection') +-buf << "Connection: #{connection}#{EOL}" if connection ++buf << "Connection: #{_no_crlf_check(connection)}#{EOL}" if connection + type = options.delete('type') +-buf << "Content-Type: #{type}#{EOL}" #if type ++buf << "Content-Type: #{_no_crlf_check(type)}#{EOL}" #if type + length = options.delete('length') +-buf << "Content-Length: #{length}#{EOL}" if length ++buf << "Content-Length: #{_no_crlf_check(length)}#{EOL}" if length + language = options.delete('language') +-buf << "Content-Language: #{language}#{EOL}" if language ++buf << "Content-Language: #{_no_crlf_check(language)}#{EOL}" if language + expires = options.delete('expires') + buf << "Expires: #{CGI.rfc1123_date(expires)}#{EOL}" if expires + ## cookie + if cookie = options.delete('cookie') + case cookie + when String, Cookie +-buf << "Set-Cookie: #{cookie}#{EOL}" ++buf << "Set-Cookie: #{_no_crlf_check(cookie)}#{EOL}" + when Array + arr = cookie +-arr.each {|c| buf << "Set-Cookie: #{c}#{EOL}" } ++arr.each {|c| buf << "Set-Cookie: #{_no_crlf_check(c)}#{EOL}" } + when Has
[OE-core][dunfell 00/22] Patch review
Please review this set of changes for dunfell and have comments back by end of day Tuesday, August 15. Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5730 with the exception of qemuppc-alt, which failed due to out of disk space errors on the debian-11-ty-1 worker: https://autobuilder.yoctoproject.org/typhoon/#/builders/107/builds/4969 The qemuppc-alt build passed on subsequent re-test on a worker without disk space issues: https://autobuilder.yoctoproject.org/typhoon/#/builders/107/builds/4972 The following changes since commit 6dd64ca2d726d0b222a7608c65eb0a20454c3f99: build-appliance-image: Update to dunfell head revision (2023-08-04 05:41:08 -1000) are available in the Git repository at: https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut Abdellatif El Khlifi (1): kernel: skip installing fitImage when using Initramfs bundles Bruce Ashfield (3): linux-yocto/5.4: update to v5.4.249 linux-yocto/5.4: update to v5.4.250 linux-yocto/5.4: update to v5.4.251 Dhairya Nagodra (2): dmidecode 3.2: Fix CVE-2023-30630 harfbuzz: Resolve backported commit bug. Emily Vekariya (1): qemu: CVE-ID correction for CVE-2020-35505 Hitendra Prajapati (3): ruby/cgi-gem: CVE-2021-33621 HTTP response splitting in CGI tiff: fix multiple CVEs tiff: fix multiple CVEs Marek Vasut (1): linux-firmware: Fix mediatek mt7601u firmware path Peter Marko (6): python3: ignore CVE-2023-36632 libjpeg-turbo: patch CVE-2023-2804 libarchive: ignore CVE-2023-30571 libpcre2: patch CVE-2022-41409 procps: patch CVE-2023-4016 openssl: Upgrade 1.1.1t -> 1.1.1v Vijay Anusuri (1): ghostscript: backport fix for CVE-2023-38559 Vivek Kumbhar (2): go: fix CVE-2023-29406 net/http: insufficient sanitization of Host header qemu:fix CVE-2023-3354 VNC: improper I/O watch removal in TLS handshake can lead to remote unauthenticated denial of service Yuta Hayama (2): cve-update-nvd2-native: always pass str for json.loads() systemd-systemctl: fix errors in instance name expansion meta/classes/kernel.bbclass | 20 +- ...1-Configure-do-not-tweak-mips-cflags.patch | 37 +++ .../openssl/openssl/CVE-2023-0464.patch | 226 - .../openssl/openssl/CVE-2023-0465.patch | 60 - .../openssl/openssl/CVE-2023-0466.patch | 82 -- .../openssl/openssl/CVE-2023-2650.patch | 122 - .../{openssl_1.1.1t.bb => openssl_1.1.1v.bb} | 7 +- .../meta/cve-update-nvd2-native.bb| 2 +- .../systemd/systemd-systemctl/systemctl | 2 +- .../CVE-2023-30630-dependent_p1.patch | 236 ++ .../CVE-2023-30630-dependent_p2.patch | 198 +++ .../dmidecode/dmidecode/CVE-2023-30630.patch | 62 + .../dmidecode/dmidecode_3.2.bb| 3 + meta/recipes-devtools/go/go-1.14.inc | 1 + .../go/go-1.14/CVE-2023-29406.patch | 212 .../recipes-devtools/python/python3_3.8.17.bb | 2 + meta/recipes-devtools/qemu/qemu.inc | 1 + .../qemu/qemu/CVE-2020-35505.patch| 11 +- .../qemu/qemu/CVE-2023-3354.patch | 87 +++ .../ruby/ruby/CVE-2021-33621.patch| 139 +++ meta/recipes-devtools/ruby/ruby_2.7.6.bb | 1 + ...pcx-buffer-overrun-fix-from-devices-.patch | 31 +++ .../ghostscript/ghostscript_9.52.bb | 1 + .../libarchive/libarchive_3.4.2.bb| 3 + .../procps/procps/CVE-2023-4016.patch | 85 +++ meta/recipes-extended/procps/procps_3.3.16.bb | 1 + .../harfbuzz/harfbuzz/CVE-2023-25193.patch| 16 +- .../jpeg/files/CVE-2023-2804-1.patch | 97 +++ .../jpeg/files/CVE-2023-2804-2.patch | 75 ++ .../jpeg/libjpeg-turbo_2.0.4.bb | 2 + .../linux-firmware/linux-firmware_20230515.bb | 2 +- .../linux/linux-yocto-rt_5.4.bb | 6 +- .../linux/linux-yocto-tiny_5.4.bb | 8 +- meta/recipes-kernel/linux/linux-yocto_5.4.bb | 22 +- .../libtiff/files/CVE-2023-25433.patch| 173 + .../files/CVE-2023-25434-CVE-2023-25435.patch | 94 +++ .../libtiff/files/CVE-2023-26965.patch| 90 +++ .../libtiff/files/CVE-2023-26966.patch| 35 +++ .../libtiff/files/CVE-2023-2908.patch | 33 +++ .../libtiff/files/CVE-2023-3316.patch | 59 + .../libtiff/files/CVE-2023-3618-1.patch | 34 +++ .../libtiff/files/CVE-2023-3618-2.patch | 47 meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | 8 + .../libpcre/libpcre2/CVE-2022-41409.patch | 74 ++ .../recipes-support/libpcre/libpcre2_10.34.bb | 1 + 45 files changed, 1977 insertions(+), 531 deletions(-) create mode 100644 meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch del
Re: [OE-core] [RFC][PATCHV2 0/4] Introduction of cargo-c class and recipe
On Sun, 13 Aug 2023 at 17:05, Richard Purdie < richard.pur...@linuxfoundation.org> wrote: > On Sun, 2023-08-13 at 17:00 +0200, Frédéric Martinsons wrote: > > On Sun, 13 Aug 2023 at 16:53, Richard Purdie > > wrote: > > > > > > and a reproducibility failure: > > > > > > > https://autobuilder.yoctoproject.org/typhoon/#/builders/117/builds/3355/steps/13/logs/stdio > > > > > > which leads to: > > > > > > > http://autobuilder.yocto.io/pub/repro-fail/oe-reproducible-20230813-z_b2j3ha/packages/diff-html/ > > > > > > > > > Argh, this makes me remember > > of https://bugzilla.yoctoproject.org/show_bug.cgi?id=15090 > > Do you know if any of cargo based recipe is reproducible ? > > Should I add EXCLUDE_FROM_WORLD in cargo-c ? > > At some point we're going to have to dive in and fix the > reproducibility issues so I'm reluctant to take more patches with that > set... I understand, in the meantime, I issue a simple bibtake cargo-c and see these (along with the missing SUMMARY): WARNING: cargo-c-0.9.18-r0 do_package_qa: QA Issue: File /usr/bin/.debug/cargo-cinstall in package cargo-c-dbg contains reference to TMPDIR File /usr/bin/.debug/cargo-cbuild in package cargo-c-dbg contains reference to TMPDIR File /usr/bin/.debug/cargo-ctest in package cargo-c-dbg contains reference to TMPDIR File /usr/bin/.debug/cargo-capi in package cargo-c-dbg contains reference to TMPDIR [buildpaths] I guess this doesn't help to be reproducible, I'll look at those soon. Sadly, I didn't see any of these warnings during my tests, I just have to look sharply for the next time. > > Cheers, > > Richard > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185890): https://lists.openembedded.org/g/openembedded-core/message/185890 Mute This Topic: https://lists.openembedded.org/mt/100715215/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [RFC][PATCHV2 0/4] Introduction of cargo-c class and recipe
On Sun, 2023-08-13 at 17:00 +0200, Frédéric Martinsons wrote: > On Sun, 13 Aug 2023 at 16:53, Richard Purdie > wrote: > > > > and a reproducibility failure: > > > > https://autobuilder.yoctoproject.org/typhoon/#/builders/117/builds/3355/steps/13/logs/stdio > > > > which leads to: > > > > http://autobuilder.yocto.io/pub/repro-fail/oe-reproducible-20230813-z_b2j3ha/packages/diff-html/ > > > > > Argh, this makes me remember > of https://bugzilla.yoctoproject.org/show_bug.cgi?id=15090 > Do you know if any of cargo based recipe is reproducible ? > Should I add EXCLUDE_FROM_WORLD in cargo-c ? At some point we're going to have to dive in and fix the reproducibility issues so I'm reluctant to take more patches with that set... Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185889): https://lists.openembedded.org/g/openembedded-core/message/185889 Mute This Topic: https://lists.openembedded.org/mt/100715215/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [RFC][PATCHV2 0/4] Introduction of cargo-c class and recipe
in maintainers.inc: > > rust-c-lib-example > > rust-c-lib-example-bin > > > > > > and this: > > > > Traceback (most recent call last): > > File > "/home/pokybuild/yocto-worker/oe-selftest-centos/build/meta/lib/oeqa/core/decorator/__init__.py", > line 35, in wrapped_f > > return func(*args, **kwargs) > >^ > > File > "/home/pokybuild/yocto-worker/oe-selftest-centos/build/meta/lib/oeqa/core/decorator/__init__.py", > line 35, in wrapped_f > > return func(*args, **kwargs) > >^ > > File > "/home/pokybuild/yocto-worker/oe-selftest-centos/build/meta/lib/oeqa/runtime/cases/rust.py", > line 31, in test_rust_compile > > self.assertEqual(status, 0, msg=msg) > > AssertionError: 127 != 0 : rust compile failed, output: sh: rustc: not > found > > > > > > probably is are, so 2 of the 6 failures. The other 4 are "mine" :/. > > > > and a reproducibility failure: > > > https://autobuilder.yoctoproject.org/typhoon/#/builders/117/builds/3355/steps/13/logs/stdio > > which leads to: > > > http://autobuilder.yocto.io/pub/repro-fail/oe-reproducible-20230813-z_b2j3ha/packages/diff-html/ Argh, this makes me remember of https://bugzilla.yoctoproject.org/show_bug.cgi?id=15090 Do you know if any of cargo based recipe is reproducible ? Should I add EXCLUDE_FROM_WORLD in cargo-c ? > > > Cheers, > > Richard > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185888): https://lists.openembedded.org/g/openembedded-core/message/185888 Mute This Topic: https://lists.openembedded.org/mt/100715215/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [RFC][PATCHV2 0/4] Introduction of cargo-c class and recipe
On Sun, 13 Aug 2023 at 15:09, Richard Purdie < richard.pur...@linuxfoundation.org> wrote: > On Sun, 2023-08-13 at 12:22 +0100, Richard Purdie via > lists.openembedded.org wrote: > > On Sun, 2023-08-13 at 12:48 +0200, Frédéric Martinsons wrote: > > > > > > > > > Le dim. 13 août 2023, 12:23, Richard Purdie > > > a écrit : > > > > On Sun, 2023-08-13 at 10:23 +0200, Frederic Martinsons wrote: > > > > > From: Frederic Martinsons > > > > > > > > > > This is an RFC for introducing a new class and recipes that > > > > > help building C-ABI compatible header and library around > > > > > rust code. > > > > > > > > > > The third patch add examples and test to demonstrate > > > > > the usage and the good working of this use case. > > > > > > > > > > Test have been passed with the following in local.conf: > > > > > > > > > > CORE_IMAGE_EXTRA_INSTALL:append = " openssh-sshd openssh-scp > > > > > cargo rust rust-c-lib-example-bin" > > > > > IMAGE_CLASSES += "testimage" > > > > > TEST_SUITES = "ping ssh rust" > > > > > # To use slirp option in testimage.bbclass > > > > > TEST_RUNQEMUPARAMS = "slirp" > > > > > TEST_SERVER_IP = "127.0.0.1" > > > > > QEMU_USE_SLIRP = "1" > > > > > > > > In testing it showed: > > > > > > > > stdio: WARNING: cargo-c-0.9.18-r0 do_recipe_qa: QA Issue: Recipe > > > > cargo-c in /home/pokybuild/yocto-worker/a-full/build/meta/recipes- > > > > devtools/rust/cargo-c_0.9.18.bb does not contain a SUMMARY. Please > > > > add an entry. [missing-metadata] > > > > stdio: WARNING: cargo-c-native-0.9.18-r0 do_recipe_qa: QA Issue: > > > > Recipe cargo-c in /home/pokybuild/yocto-worker/a- > > > > full/build/meta/recipes-devtools/rust/cargo-c_0.9.18.bb does not > > > > contain a SUMMARY. Please add an entry. [missing-metadata] > > > > stdio: WARNING: nativesdk-cargo-c-0.9.18-r0 do_recipe_qa: QA Issue: > > > > Recipe cargo-c in /home/pokybuild/yocto-worker/a- > > > > full/build/meta/recipes-devtools/rust/cargo-c_0.9.18.bb does not > > > > contain a SUMMARY. Please add an entry. [missing-metadata] > > > > > > Thanks Richard, will take care of that soon. > > > > > > Can you tell me what commands do you run to have that sanity check? > > > It will avoid me to do the same mistake next time I'll add a recipe. > > > > It should just show up building the recipe (e.g. "bitbake cargo-c")? > > > > There are further build failures: > > > > > https://autobuilder.yoctoproject.org/typhoon/#/builders/101/builds/6361/steps/14/logs/stdio > > > https://autobuilder.yoctoproject.org/typhoon/#/builders/110/builds/6484/steps/14/logs/stdio > > > > and the build isn't finished yet so Is suspect there will be more. > > > https://autobuilder.yoctoproject.org/typhoon/#/builders/79/builds/5606/steps/15/logs/stdio > > not all of those failures are your patches but: > > 2023-08-13 12:38:57,894 - oe-selftest - INFO - > == > 2023-08-13 12:38:57,894 - oe-selftest - INFO - FAIL: > distrodata.Distrodata.test_maintainers (subunit.RemotedTestCase) > 2023-08-13 12:38:57,894 - oe-selftest - INFO - > -- > 2023-08-13 12:38:57,894 - oe-selftest - INFO - > testtools.testresult.real._StringException: Traceback (most recent call > last): > File > "/home/pokybuild/yocto-worker/oe-selftest-centos/build/meta/lib/oeqa/selftest/cases/distrodata.py", > line 115, in test_maintainers > self.fail(""" > File > "/home/pokybuild/yocto-worker/oe-selftest-centos/build/buildtools/sysroots/x86_64-pokysdk-linux/usr/lib/python3.11/unittest/case.py", > line 703, in fail > raise self.failureException(msg) > AssertionError: > Unable to find recipes for the following entries in maintainers.inc: > rust-c-lib-example > rust-c-lib-example-bin > I don't understand these, because rust-c-lib-example and rust-c-lib-example-bin have been added by PATCHV2 (3/4) in meta-selftest. ./meta-selftest/recipes-devtools/rust/rust-c-lib-example-bin_git.bb ./meta-selftest/recipes-devtools/rust/rust-c-lib-example_git.bb Is this because they are in meta-selftest ? Should I remove them from maintainers.inc ? > and this: > > Traceback (most recent call last): > File > "/home/pokybuild/yocto-worker/oe-selftest-centos/build/meta/lib/oeqa/core/decorator/__init__.py", > line 35, in wrapped_f > return func(*args, **kwargs) >^ > File > "/home/pokybuild/yocto-worker/oe-selftest-centos/build/meta/lib/oeqa/core/decorator/__init__.py", > line 35, in wrapped_f > return func(*args, **kwargs) >^ > File > "/home/pokybuild/yocto-worker/oe-selftest-centos/build/meta/lib/oeqa/runtime/cases/rust.py", > line 31, in test_rust_compile > self.assertEqual(status, 0, msg=msg) > AssertionError: 127 != 0 : rust compile failed, output: sh: rustc: not > found > > I don't understand this one either, I simply add openssh-scp in require package to run test_rust_compile since its setup function copy
Re: [OE-core] [RFC][PATCHV2 0/4] Introduction of cargo-c class and recipe
On Sun, 2023-08-13 at 14:09 +0100, Richard Purdie via lists.openembedded.org wrote: > On Sun, 2023-08-13 at 12:22 +0100, Richard Purdie via > lists.openembedded.org wrote: > > On Sun, 2023-08-13 at 12:48 +0200, Frédéric Martinsons wrote: > > > > > > > > > Le dim. 13 août 2023, 12:23, Richard Purdie > > > a écrit : > > > > On Sun, 2023-08-13 at 10:23 +0200, Frederic Martinsons wrote: > > > > > From: Frederic Martinsons > > > > > > > > > > This is an RFC for introducing a new class and recipes that > > > > > help building C-ABI compatible header and library around > > > > > rust code. > > > > > > > > > > The third patch add examples and test to demonstrate > > > > > the usage and the good working of this use case. > > > > > > > > > > Test have been passed with the following in local.conf: > > > > > > > > > > CORE_IMAGE_EXTRA_INSTALL:append = " openssh-sshd openssh-scp > > > > > cargo rust rust-c-lib-example-bin" > > > > > IMAGE_CLASSES += "testimage" > > > > > TEST_SUITES = "ping ssh rust" > > > > > # To use slirp option in testimage.bbclass > > > > > TEST_RUNQEMUPARAMS = "slirp" > > > > > TEST_SERVER_IP = "127.0.0.1" > > > > > QEMU_USE_SLIRP = "1" > > > > > > > > In testing it showed: > > > > > > > > stdio: WARNING: cargo-c-0.9.18-r0 do_recipe_qa: QA Issue: Recipe > > > > cargo-c in /home/pokybuild/yocto-worker/a-full/build/meta/recipes- > > > > devtools/rust/cargo-c_0.9.18.bb does not contain a SUMMARY. Please > > > > add an entry. [missing-metadata] > > > > stdio: WARNING: cargo-c-native-0.9.18-r0 do_recipe_qa: QA Issue: > > > > Recipe cargo-c in /home/pokybuild/yocto-worker/a- > > > > full/build/meta/recipes-devtools/rust/cargo-c_0.9.18.bb does not > > > > contain a SUMMARY. Please add an entry. [missing-metadata] > > > > stdio: WARNING: nativesdk-cargo-c-0.9.18-r0 do_recipe_qa: QA Issue: > > > > Recipe cargo-c in /home/pokybuild/yocto-worker/a- > > > > full/build/meta/recipes-devtools/rust/cargo-c_0.9.18.bb does not > > > > contain a SUMMARY. Please add an entry. [missing-metadata] > > > > > > Thanks Richard, will take care of that soon. > > > > > > Can you tell me what commands do you run to have that sanity check? > > > It will avoid me to do the same mistake next time I'll add a recipe. > > > > It should just show up building the recipe (e.g. "bitbake cargo-c")? > > > > There are further build failures: > > > > https://autobuilder.yoctoproject.org/typhoon/#/builders/101/builds/6361/steps/14/logs/stdio > > https://autobuilder.yoctoproject.org/typhoon/#/builders/110/builds/6484/steps/14/logs/stdio > > > > and the build isn't finished yet so Is suspect there will be more. > > https://autobuilder.yoctoproject.org/typhoon/#/builders/79/builds/5606/steps/15/logs/stdio > > not all of those failures are your patches but: > > 2023-08-13 12:38:57,894 - oe-selftest - INFO - > == > 2023-08-13 12:38:57,894 - oe-selftest - INFO - FAIL: > distrodata.Distrodata.test_maintainers (subunit.RemotedTestCase) > 2023-08-13 12:38:57,894 - oe-selftest - INFO - > -- > 2023-08-13 12:38:57,894 - oe-selftest - INFO - > testtools.testresult.real._StringException: Traceback (most recent call last): > File > "/home/pokybuild/yocto-worker/oe-selftest-centos/build/meta/lib/oeqa/selftest/cases/distrodata.py", > line 115, in test_maintainers > self.fail(""" > File > "/home/pokybuild/yocto-worker/oe-selftest-centos/build/buildtools/sysroots/x86_64-pokysdk-linux/usr/lib/python3.11/unittest/case.py", > line 703, in fail > raise self.failureException(msg) > AssertionError: > Unable to find recipes for the following entries in maintainers.inc: > rust-c-lib-example > rust-c-lib-example-bin > > > and this: > > Traceback (most recent call last): > File > "/home/pokybuild/yocto-worker/oe-selftest-centos/build/meta/lib/oeqa/core/decorator/__init__.py", > line 35, in wrapped_f > return func(*args, **kwargs) >^ > File > "/home/pokybuild/yocto-worker/oe-selft
[OE-core] OE-core CVE metrics for mickledore on Sun 13 Aug 2023 04:00:01 AM HST
Branch: mickledore New this week: 11 CVEs CVE-2015-8955 (CVSS3: 7.3 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8955 * CVE-2018-10878 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10878 * CVE-2021-28972 (CVSS3: 6.7 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28972 * CVE-2021-3640 (CVSS3: 7.0 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3640 * CVE-2023-29409 (CVSS3: 5.3 MEDIUM): go:go-binary-native:go-cross-core2-64:go-runtime https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29409 * CVE-2023-3180 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3180 * CVE-2023-3817 (CVSS3: 5.3 MEDIUM): openssl:openssl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3817 * CVE-2023-4016 (CVSS3: 5.5 MEDIUM): procps https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4016 * CVE-2023-4132 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4132 * CVE-2023-4133 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4133 * CVE-2023-4135 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4135 * Removed this week: 1 CVEs CVE-2023-28464 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28464 * Full list: Found 129 unpatched CVEs CVE-2015-8955 (CVSS3: 7.3 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8955 * CVE-2018-10878 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10878 * CVE-2020-11935 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11935 * CVE-2020-25668 (CVSS3: 7.0 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25668 * CVE-2020-2 (CVSS3: 6.7 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2 * CVE-2020-27815 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27815 * CVE-2021-28972 (CVSS3: 6.7 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28972 * CVE-2021-3640 (CVSS3: 7.0 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3640 * CVE-2021-3714 (CVSS3: 7.5 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 * CVE-2021-3864 (CVSS3: 7.0 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 * CVE-2021-4083 (CVSS3: 7.0 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4083 * CVE-2022-0400 (CVSS3: 7.5 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 * CVE-2022-1247 (CVSS3: 7.0 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 * CVE-2022-3202 (CVSS3: 7.1 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3202 * CVE-2022-3219 (CVSS3: 3.3 LOW): gnupg:gnupg-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 * CVE-2022-33065 (CVSS3: 7.8 HIGH): libsndfile1 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-33065 * CVE-2022-3533 (CVSS3: 5.7 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3533 * CVE-2022-3606 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3606 * CVE-2022-36402 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36402 * CVE-2022-38096 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 * CVE-2022-3964 (CVSS3: 8.1 HIGH): ffmpeg https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3964 * CVE-2022-3965 (CVSS3: 8.1 HIGH): ffmpeg https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3965 * CVE-2022-41858 (CVSS3: 7.1 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41858 * CVE-2022-4543 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 * CVE-2022-46456 (CVSS3: 6.1 MEDIUM): nasm:nasm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 * CVE-2022-48425 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48425 * CVE-2022-48502 (CVSS3: 7.1 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48502 * CVE-2023-0160 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0160 * CVE-2023-0615 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0615 * CVE-2023-1206 (CVSS3: 5.7 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1206 * CVE-2023-1386 (CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-
[OE-core] OE-core CVE metrics for kirkstone on Sun 13 Aug 2023 03:00:01 AM HST
Branch: kirkstone New this week: 3 CVEs CVE-2023-29409 (CVSS3: 5.3 MEDIUM): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29409 * CVE-2023-3180 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3180 * CVE-2023-4016 (CVSS3: 5.5 MEDIUM): procps https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4016 * Removed this week: 3 CVEs CVE-2022-41409 (CVSS3: 7.5 HIGH): libpcre2:libpcre2-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41409 * CVE-2023-24536 (CVSS3: 7.5 HIGH): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24536 * CVE-2023-2975 (CVSS3: 5.3 MEDIUM): openssl:openssl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2975 * Full list: Found 35 unpatched CVEs CVE-2021-35937 (CVSS3: 6.4 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35937 * CVE-2021-35938 (CVSS3: 6.7 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35938 * CVE-2021-35939 (CVSS3: 6.7 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35939 * CVE-2022-3219 (CVSS3: 3.3 LOW): gnupg:gnupg-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 * CVE-2022-33065 (CVSS3: 7.8 HIGH): libsndfile1 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-33065 * CVE-2022-3515 (CVSS3: 9.8 CRITICAL): gnupg:gnupg-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3515 * CVE-2022-3553 (CVSS3: 6.5 MEDIUM): xserver-xorg https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3553 * CVE-2022-3563 (CVSS3: 5.7 MEDIUM): bluez5 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3563 * CVE-2022-3637 (CVSS3: 5.5 MEDIUM): bluez5 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3637 * CVE-2022-3872 (CVSS3: 8.6 HIGH): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3872 * CVE-2022-3964 (CVSS3: 8.1 HIGH): ffmpeg https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3964 * CVE-2022-3965 (CVSS3: 8.1 HIGH): ffmpeg https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3965 * CVE-2022-4055 (CVSS3: 7.4 HIGH): xdg-utils https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4055 * CVE-2023-1386 (CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1386 * CVE-2023-1544 (CVSS3: 6.3 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1544 * CVE-2023-1916 (CVSS3: 6.1 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1916 * CVE-2023-24532 (CVSS3: 5.3 MEDIUM): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24532 * CVE-2023-27043 (CVSS3: 5.3 MEDIUM): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27043 * CVE-2023-2731 (CVSS3: 5.5 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2731 * CVE-2023-2829 (CVSS3: 7.5 HIGH): bind https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2829 * CVE-2023-2908 (CVSS3: 5.5 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2908 * CVE-2023-29403 (CVSS3: 7.8 HIGH): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29403 * CVE-2023-29409 (CVSS3: 5.3 MEDIUM): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29409 * CVE-2023-29491 (CVSS3: 7.8 HIGH): ncurses:ncurses-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29491 * CVE-2023-3019 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3019 * CVE-2023-3180 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3180 * CVE-2023-3316 (CVSS3: 6.5 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3316 * CVE-2023-3354 (CVSS3: 7.5 HIGH): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3354 * CVE-2023-3618 (CVSS3: 6.5 MEDIUM): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3618 * CVE-2023-37769 (CVSS3: 6.5 MEDIUM): pixman:pixman-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37769 * CVE-2023-38559 (CVSS3: 5.5 MEDIUM): ghostscript:ghostscript-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38559 * CVE-2023-38560 (CVSS3: 5.5 MEDIUM): ghostscript:ghostscript-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38560 * CVE-2023-38633 (CVSS3: 7.5 HIGH): librsvg:librsvg-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38633 * CVE-2023-4016 (CVSS3: 5.5 MEDIUM): procps https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4016 * CVE-2023-4135 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4135 * For further information see: https://autobuilder.yoct
Re: [OE-core] [RFC][PATCHV2 0/4] Introduction of cargo-c class and recipe
On Sun, 2023-08-13 at 12:22 +0100, Richard Purdie via lists.openembedded.org wrote: > On Sun, 2023-08-13 at 12:48 +0200, Frédéric Martinsons wrote: > > > > > > Le dim. 13 août 2023, 12:23, Richard Purdie > > a écrit : > > > On Sun, 2023-08-13 at 10:23 +0200, Frederic Martinsons wrote: > > > > From: Frederic Martinsons > > > > > > > > This is an RFC for introducing a new class and recipes that > > > > help building C-ABI compatible header and library around > > > > rust code. > > > > > > > > The third patch add examples and test to demonstrate > > > > the usage and the good working of this use case. > > > > > > > > Test have been passed with the following in local.conf: > > > > > > > > CORE_IMAGE_EXTRA_INSTALL:append = " openssh-sshd openssh-scp > > > > cargo rust rust-c-lib-example-bin" > > > > IMAGE_CLASSES += "testimage" > > > > TEST_SUITES = "ping ssh rust" > > > > # To use slirp option in testimage.bbclass > > > > TEST_RUNQEMUPARAMS = "slirp" > > > > TEST_SERVER_IP = "127.0.0.1" > > > > QEMU_USE_SLIRP = "1" > > > > > > In testing it showed: > > > > > > stdio: WARNING: cargo-c-0.9.18-r0 do_recipe_qa: QA Issue: Recipe > > > cargo-c in /home/pokybuild/yocto-worker/a-full/build/meta/recipes- > > > devtools/rust/cargo-c_0.9.18.bb does not contain a SUMMARY. Please > > > add an entry. [missing-metadata] > > > stdio: WARNING: cargo-c-native-0.9.18-r0 do_recipe_qa: QA Issue: > > > Recipe cargo-c in /home/pokybuild/yocto-worker/a- > > > full/build/meta/recipes-devtools/rust/cargo-c_0.9.18.bb does not > > > contain a SUMMARY. Please add an entry. [missing-metadata] > > > stdio: WARNING: nativesdk-cargo-c-0.9.18-r0 do_recipe_qa: QA Issue: > > > Recipe cargo-c in /home/pokybuild/yocto-worker/a- > > > full/build/meta/recipes-devtools/rust/cargo-c_0.9.18.bb does not > > > contain a SUMMARY. Please add an entry. [missing-metadata] > > > > Thanks Richard, will take care of that soon. > > > > Can you tell me what commands do you run to have that sanity check? > > It will avoid me to do the same mistake next time I'll add a recipe. > > It should just show up building the recipe (e.g. "bitbake cargo-c")? > > There are further build failures: > > https://autobuilder.yoctoproject.org/typhoon/#/builders/101/builds/6361/steps/14/logs/stdio > https://autobuilder.yoctoproject.org/typhoon/#/builders/110/builds/6484/steps/14/logs/stdio > > and the build isn't finished yet so Is suspect there will be more. https://autobuilder.yoctoproject.org/typhoon/#/builders/79/builds/5606/steps/15/logs/stdio not all of those failures are your patches but: 2023-08-13 12:38:57,894 - oe-selftest - INFO - == 2023-08-13 12:38:57,894 - oe-selftest - INFO - FAIL: distrodata.Distrodata.test_maintainers (subunit.RemotedTestCase) 2023-08-13 12:38:57,894 - oe-selftest - INFO - -- 2023-08-13 12:38:57,894 - oe-selftest - INFO - testtools.testresult.real._StringException: Traceback (most recent call last): File "/home/pokybuild/yocto-worker/oe-selftest-centos/build/meta/lib/oeqa/selftest/cases/distrodata.py", line 115, in test_maintainers self.fail(""" File "/home/pokybuild/yocto-worker/oe-selftest-centos/build/buildtools/sysroots/x86_64-pokysdk-linux/usr/lib/python3.11/unittest/case.py", line 703, in fail raise self.failureException(msg) AssertionError: Unable to find recipes for the following entries in maintainers.inc: rust-c-lib-example rust-c-lib-example-bin and this: Traceback (most recent call last): File "/home/pokybuild/yocto-worker/oe-selftest-centos/build/meta/lib/oeqa/core/decorator/__init__.py", line 35, in wrapped_f return func(*args, **kwargs) ^ File "/home/pokybuild/yocto-worker/oe-selftest-centos/build/meta/lib/oeqa/core/decorator/__init__.py", line 35, in wrapped_f return func(*args, **kwargs) ^ File "/home/pokybuild/yocto-worker/oe-selftest-centos/build/meta/lib/oeqa/runtime/cases/rust.py", line 31, in test_rust_compile self.assertEqual(status, 0, msg=msg) AssertionError: 127 != 0 : rust compile failed, output: sh: rustc: not found probably is are, so 2 of the 6 failures. The other 4 are "mine" :/. Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185883): https://lists.openembedded.org/g/openembedded-core/message/185883 Mute This Topic: https://lists.openembedded.org/mt/100715215/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [yocto-security] OE-core CVE metrics for dunfell on Sun 13 Aug 2023 02:00:01 AM HST
On Sun, 2023-08-13 at 02:28 -1000, Steve Sakoman wrote: > Branch: dunfell > > New this week: 5 CVEs > CVE-2023-29409 (CVSS3: 5.3 MEDIUM): go:go-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29409 * > CVE-2023-3180 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3180 * > CVE-2023-3817 (CVSS3: 5.3 MEDIUM): openssl:openssl-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3817 * > CVE-2023-4016 (CVSS3: 5.5 MEDIUM): procps > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4016 * > CVE-2023-4135 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4135 * > > Removed this week: 0 CVEs > > Full list: Found 110 unpatched CVEs Something doesn't add up since: https://autobuilder.yocto.io/pub/non-release/patchmetrics/ shows a fall? Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185882): https://lists.openembedded.org/g/openembedded-core/message/185882 Mute This Topic: https://lists.openembedded.org/mt/100717557/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] OE-core CVE metrics for dunfell on Sun 13 Aug 2023 02:00:01 AM HST
Branch: dunfell New this week: 5 CVEs CVE-2023-29409 (CVSS3: 5.3 MEDIUM): go:go-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29409 * CVE-2023-3180 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3180 * CVE-2023-3817 (CVSS3: 5.3 MEDIUM): openssl:openssl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3817 * CVE-2023-4016 (CVSS3: 5.5 MEDIUM): procps https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4016 * CVE-2023-4135 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4135 * Removed this week: 0 CVEs Full list: Found 110 unpatched CVEs CVE-2020-15705 (CVSS3: 6.4 MEDIUM): grub:grub-efi:grub-efi-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15705 * CVE-2020-25742 (CVSS3: 3.2 LOW): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25742 * CVE-2020-25743 (CVSS3: 3.2 LOW): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25743 * CVE-2020-27918 (CVSS3: 7.8 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27918 * CVE-2020-29623 (CVSS3: 3.3 LOW): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29623 * CVE-2020-35503 (CVSS3: 6.0 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35503 * CVE-2020-35506 (CVSS3: 6.7 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35506 * CVE-2020-9948 (CVSS3: 8.8 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9948 * CVE-2020-9951 (CVSS3: 8.8 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9951 * CVE-2020-9952 (CVSS3: 7.1 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9952 * CVE-2021-1765 (CVSS3: 6.5 MEDIUM): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1765 * CVE-2021-1789 (CVSS3: 8.8 HIGH): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1789 * CVE-2021-1799 (CVSS3: 6.5 MEDIUM): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1799 * CVE-2021-1801 (CVSS3: 6.5 MEDIUM): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1801 * CVE-2021-1870 (CVSS3: 9.8 CRITICAL): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1870 * CVE-2021-20269 (CVSS3: 5.5 MEDIUM): kexec-tools https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20269 * CVE-2021-20295 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20295 * CVE-2021-27097 (CVSS3: 7.8 HIGH): u-boot https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27097 * CVE-2021-27138 (CVSS3: 7.8 HIGH): u-boot https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27138 * CVE-2021-31879 (CVSS3: 6.1 MEDIUM): wget https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31879 * CVE-2021-33621 (CVSS3: 8.8 HIGH): ruby:ruby-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33621 * CVE-2021-3418 (CVSS3: 6.4 MEDIUM): grub:grub-efi:grub-efi-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3418 * CVE-2021-3445 (CVSS3: 7.5 HIGH): libdnf https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3445 * CVE-2021-35937 (CVSS3: 6.4 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35937 * CVE-2021-35938 (CVSS3: 6.7 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35938 * CVE-2021-35939 (CVSS3: 6.7 MEDIUM): rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35939 * CVE-2021-3611 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3611 * CVE-2021-3782 (CVSS3: 6.6 MEDIUM): wayland:wayland-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3782 * CVE-2021-3947 (CVSS3: 5.5 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3947 * CVE-2021-42762 (CVSS3: 5.3 MEDIUM): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42762 * CVE-2021-45085 (CVSS3: 6.1 MEDIUM): epiphany https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45085 * CVE-2021-45086 (CVSS3: 6.1 MEDIUM): epiphany https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45086 * CVE-2021-45087 (CVSS3: 6.1 MEDIUM): epiphany https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45087 * CVE-2021-45088 (CVSS3: 6.1 MEDIUM): epiphany https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45088 * CVE-2021-45481 (CVSS3: 6.5 MEDIUM): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45481 * CVE-2021-45482 (CVSS3: 6.5 MEDIUM): webkitgtk https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45482 * CVE-2021-45483
[OE-core] [PATCH 8/8] oeqa/runtime/parselogs: Exclude preempt-rt error for now
With the new 6.4 kernel we see this preempt-rt error. It is blocking changing to the new kernel and has sat on mailing lists unresolved for a long time. Ignore it in testing for now and allow upgrading until we can better understand the issues. Signed-off-by: Richard Purdie --- meta/lib/oeqa/runtime/cases/parselogs.py | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/lib/oeqa/runtime/cases/parselogs.py b/meta/lib/oeqa/runtime/cases/parselogs.py index e67d3750dad..e0a5ef5d08e 100644 --- a/meta/lib/oeqa/runtime/cases/parselogs.py +++ b/meta/lib/oeqa/runtime/cases/parselogs.py @@ -99,6 +99,7 @@ qemux86_common = [ "blk_update_request: I/O error, dev fd0, sector 0 op 0x0:(READ)", "floppy: error", 'failed to IDENTIFY (I/O error, err_mask=0x4)', +'NOHZ tick-stop error: local softirq work is pending, handler #80!!!' ] + common_errors ignore_errors = { -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185880): https://lists.openembedded.org/g/openembedded-core/message/185880 Mute This Topic: https://lists.openembedded.org/mt/100716739/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 6/8] arch-mips: Ensure TUNE_LDARGS is set correctly
Similarly to x86, ensure we have the flags to the linker operating correctly (it defaults to 32 bit). Normally it is driven by gcc so this hasn't shown up but it does lead to hundreds of binutils test failures. Signed-off-by: Richard Purdie --- meta/conf/machine/include/mips/arch-mips.inc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/conf/machine/include/mips/arch-mips.inc b/meta/conf/machine/include/mips/arch-mips.inc index e48ddd2d6b4..e39cdcab5dd 100644 --- a/meta/conf/machine/include/mips/arch-mips.inc +++ b/meta/conf/machine/include/mips/arch-mips.inc @@ -26,6 +26,8 @@ MACHINE_FEATURES_BACKFILL_CONSIDERED:append = " ${@bb.utils.contains('TUNE_FEATU TUNEVALID[n64] = "MIPS64 n64 ABI" TUNECONFLICTS[n64] = "o32 n32" TUNE_CCARGS .= "${@bb.utils.contains('TUNE_FEATURES', 'n64', ' -mabi=64', '', d)}" +LD64ARG = "${@bb.utils.contains('TUNE_FEATURES', 'bigendian', '-m elf64btsmip', '-m elf64ltsmip', d)}" +TUNE_LDARGS += "${@bb.utils.contains('TUNE_FEATURES', 'n64', '${LD64ARG}', '', d)}" # Floating point TUNEVALID[fpu-hard] = "Use hardware FPU" -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185878): https://lists.openembedded.org/g/openembedded-core/message/185878 Mute This Topic: https://lists.openembedded.org/mt/100716737/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 5/8] binutils-cross-testsuite: Pass TUNE_LDARGS to tests
In some cases we need to pass the linker arguments to the linker, particularly when the default in LD differs to that which gcc and our compiler flags are using (mips defaults to 32 bit). Ensure these are passed in. Signed-off-by: Richard Purdie --- meta/recipes-devtools/binutils/binutils-cross-testsuite_2.41.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-devtools/binutils/binutils-cross-testsuite_2.41.bb b/meta/recipes-devtools/binutils/binutils-cross-testsuite_2.41.bb index 14480785b4d..630815c7a3e 100644 --- a/meta/recipes-devtools/binutils/binutils-cross-testsuite_2.41.bb +++ b/meta/recipes-devtools/binutils/binutils-cross-testsuite_2.41.bb @@ -47,6 +47,8 @@ python check_prepare() { content.append(d.expand('set CC "${TARGET_PREFIX}gcc --sysroot=${STAGING_DIR_TARGET} ${TUNE_CCARGS}"')) content.append(d.expand('set CXX "${TARGET_PREFIX}g++ --sysroot=${STAGING_DIR_TARGET} ${TUNE_CCARGS}"')) content.append(d.expand('set CFLAGS_FOR_TARGET "--sysroot=${STAGING_DIR_TARGET} ${TUNE_CCARGS}"')) +content.append(d.expand('set LD "${TARGET_PREFIX}ld ${TUNE_LDARGS}"')) +content.append(d.expand('set LDFLAGS_FOR_TARGET "${TUNE_LDARGS}"')) if suite == "ld" and d.getVar("TUNE_ARCH") == "mips64": # oe patches binutils to have the default mips64 abi as 64bit, but -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185877): https://lists.openembedded.org/g/openembedded-core/message/185877 Mute This Topic: https://lists.openembedded.org/mt/100716736/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 7/8] gcc: Add patch to improve testsuite failures, particularly mips
Disable loongson-mmi runtine, qemu doesn't appear to fully support them even if some of the instruction decoding is there. Also disable MSA mips runtime extensions. For some reason qemu appears to accept the test code when it shouldn't. Our selected MIPS cpu for QEMU doesn't support them. MIPS is unusual in the gcc testsuite as it uses EFFECTIVE_TARGETS and loops multiple times through the vector testsuite. In the case of the two above, we can compile/link them but not run them. Even with the runtime disabled, if the code marks it as a runtime test, it will elevate itself to that. Setting the default target to compile therefore isn't enough. Therefore add code to downgrade runtime tests to link tests if the hardware support isn't there to run them. This avoids thousands of test failures. To do this we have to hook downgrade code into the main test runner. Enable that downgrading for other cases where hardware to run vector extensions is unavailable to remove test failures on other architectures too. Also, for gcc.target tests, add checks on wheter loongson or msa code can be run before trying that, allowing downgrading of tests there to work too. Parts of the patch may be able to be split off and acceptable to upstream with discussion. Need to investigate why qemu-user passes the 'bad' instructions'. For now, this should at least remove hundreds of test failures and improve test failures on non-mips too now a root cause of some was identified. Signed-off-by: Richard Purdie --- meta/recipes-devtools/gcc/gcc-13.2.inc| 1 + .../gcc/gcc/0025-gcc-testsuite-mips.patch | 225 ++ 2 files changed, 226 insertions(+) create mode 100644 meta/recipes-devtools/gcc/gcc/0025-gcc-testsuite-mips.patch diff --git a/meta/recipes-devtools/gcc/gcc-13.2.inc b/meta/recipes-devtools/gcc/gcc-13.2.inc index 7329562f657..7f97ecc3329 100644 --- a/meta/recipes-devtools/gcc/gcc-13.2.inc +++ b/meta/recipes-devtools/gcc/gcc-13.2.inc @@ -64,6 +64,7 @@ SRC_URI = "${BASEURI} \ file://0022-libatomic-Do-not-enforce-march-on-aarch64.patch \ file://0023-Fix-install-path-of-linux64.h.patch \ file://0024-Avoid-hardcoded-build-paths-into-ppc-libgcc.patch \ + file://0025-gcc-testsuite-mips.patch \ " SRC_URI[sha256sum] = "e275e76442a6067341a27f04c5c6b83d8613144004c0413528863dc6b5c743da" diff --git a/meta/recipes-devtools/gcc/gcc/0025-gcc-testsuite-mips.patch b/meta/recipes-devtools/gcc/gcc/0025-gcc-testsuite-mips.patch new file mode 100644 index 000..49eaece923c --- /dev/null +++ b/meta/recipes-devtools/gcc/gcc/0025-gcc-testsuite-mips.patch @@ -0,0 +1,225 @@ +gcc testsuite tweaks for mips/OE + +Disable loongson-mmi runtine, qemu doesn't appear to fully support them even if some +of the instruction decoding is there. + +Also disable MSA mips runtime extensions. For some reason qemu appears to accept the test +code when it shouldn't. Our selected MIPS cpu for QEMU doesn't support them. + +MIPS is unusual in the gcc testsuite as it uses EFFECTIVE_TARGETS and loops +multiple times through the vector testsuite. In the case of the two above, we can +compile/link them but not run them. Even with the runtime disabled, if the code +marks it as a runtime test, it will elevate itself to that. Setting the default +target to compile therefore isn't enough. + +Therefore add code to downgrade runtime tests to link tests if the hardware +support isn't there to run them. This avoids thousands of test failures. To do +this we have to hook downgrade code into the main test runner. + +Enable that downgrading for other cases where hardware to run vector extensions is +unavailable to remove test failures on other architectures too. + +Also, for gcc.target tests, add checks on wheter loongson or msa code can +be run before trying that, allowing downgrading of tests there to work too. + +Upstream-Status: Pending +[Parts of the patch may be able to be split off and acceptable to upstream with +discussion. Need to investigate why qemu-user passes the 'bad' instructions'] + +Signed-off-by: Richard Purdie + +Index: gcc-13.2.0/gcc/testsuite/lib/target-supports.exp +=== +--- gcc-13.2.0.orig/gcc/testsuite/lib/target-supports.exp gcc-13.2.0/gcc/testsuite/lib/target-supports.exp +@@ -2155,14 +2155,7 @@ proc check_mips_loongson_mmi_hw_availabl + if { !([istarget mips*-*-*]) } { + expr 0 + } else { +- check_runtime_nocache mips_loongson_mmi_hw_available { +-#include +-int main() +-{ +- asm volatile ("paddw $f2,$f4,$f6"); +- return 0; +-} +- } "-mloongson-mmi" ++ expr 0 + } + }] + } +@@ -2176,29 +2169,7 @@ proc check_mips_msa_hw_available { } { + if { !([istarget mips*-*-*]) } { + expr 0 + } else { +- check_runtime_nocache mips_msa_hw_available { +- #if
[OE-core] [PATCH 4/8] mips/tune-mips64r2: Set qemu cpu option correctly
Ensure the CPU enabled in QEMU is correct for this architecture. Signed-off-by: Richard Purdie --- meta/conf/machine/include/mips/tune-mips64r2.inc | 12 1 file changed, 12 insertions(+) diff --git a/meta/conf/machine/include/mips/tune-mips64r2.inc b/meta/conf/machine/include/mips/tune-mips64r2.inc index c644f409187..e9ca4201ffc 100644 --- a/meta/conf/machine/include/mips/tune-mips64r2.inc +++ b/meta/conf/machine/include/mips/tune-mips64r2.inc @@ -12,11 +12,13 @@ TUNE_FEATURES:tune-mips64r2 = "${TUNE_FEATURES:tune-mips64} mips64r2" BASE_LIB:tune-mips64r2 = "lib64" MIPSPKGSFX_VARIANT:tune-mips64r2 = "mips64r2" PACKAGE_EXTRA_ARCHS:tune-mips64r2 = "mips64 mips64r2" +QEMU_EXTRAOPTIONS_mips64r2 = " -cpu MIPS64R2-generic" TUNE_FEATURES:tune-mips64r2el = "${TUNE_FEATURES:tune-mips64el} mips64r2" BASE_LIB:tune-mips64r2el = "lib64" MIPSPKGSFX_VARIANT:tune-mips64r2el = "mips64r2el" PACKAGE_EXTRA_ARCHS:tune-mips64r2el = "mips64el mips64r2el" +QEMU_EXTRAOPTIONS_mips64r2el = " -cpu MIPS64R2-generic" # MIPS 64r2 Soft Float AVAILTUNES += "mips64r2-nf mips64r2el-nf" @@ -25,11 +27,13 @@ TUNE_FEATURES:tune-mips64r2-nf = "${TUNE_FEATURES:tune-mips64-nf} mips64r2" BASE_LIB:tune-mips64r2-nf = "lib64" MIPSPKGSFX_VARIANT:tune-mips64r2-nf = "${TUNE_ARCH}" PACKAGE_EXTRA_ARCHS:tune-mips64r2-nf = "mips64-nf mips64r2-nf" +QEMU_EXTRAOPTIONS_mips64r2-nf = " -cpu MIPS64R2-generic" TUNE_FEATURES:tune-mips64r2el-nf = "${TUNE_FEATURES:tune-mips64el-nf} mips64r2" BASE_LIB:tune-mips64r2el-nf = "lib64" MIPSPKGSFX_VARIANT:tune-mips64r2el-nf = "${TUNE_ARCH}" PACKAGE_EXTRA_ARCHS:tune-mips64r2el-nf = "mips64el-nf mips64r2el-nf" +QEMU_EXTRAOPTIONS_mips64r2el-nf = " -cpu MIPS64R2-generic" # MIPS 64r2 n32 AVAILTUNES += "mips64r2-n32 mips64r2el-n32" @@ -38,11 +42,13 @@ TUNE_FEATURES:tune-mips64r2-n32 = "${TUNE_FEATURES:tune-mips64-n32} mips64r2" BASE_LIB:tune-mips64r2-n32 = "lib32" MIPSPKGSFX_VARIANT:tune-mips64r2-n32 = "${TUNE_ARCH}" PACKAGE_EXTRA_ARCHS:tune-mips64r2-n32 = "mips64-n32 mips64r2-n32" +QEMU_EXTRAOPTIONS_mips64r2-n32 = " -cpu MIPS64R2-generic" TUNE_FEATURES:tune-mips64r2el-n32 = "${TUNE_FEATURES:tune-mips64el-n32} mips64r2" BASE_LIB:tune-mips64r2el-n32 = "lib32" MIPSPKGSFX_VARIANT:tune-mips64r2el-n32 = "${TUNE_ARCH}" PACKAGE_EXTRA_ARCHS:tune-mips64r2el-n32 = "mips64el-n32 mips64r2el-n32" +QEMU_EXTRAOPTIONS_mips64r2el-n32 = " -cpu MIPS64R2-generic" # MIPS 64r2 n32 and Soft Float AVAILTUNES += "mips64r2-nf-n32 mips64r2el-nf-n32" @@ -51,11 +57,13 @@ TUNE_FEATURES:tune-mips64r2-nf-n32 = "${TUNE_FEATURES:tune-mips64-nf-n32} mips64 BASE_LIB:tune-mips64r2-nf-n32 = "lib32" MIPSPKGSFX_VARIANT:tune-mips64r2-nf-n32 = "${TUNE_ARCH}" PACKAGE_EXTRA_ARCHS:tune-mips64r2-nf-n32 = "mips64-nf-n32 mips64r2-nf-n32" +QEMU_EXTRAOPTIONS_mips64r2-nf-n32 = " -cpu MIPS64R2-generic" TUNE_FEATURES:tune-mips64r2el-nf-n32 = "${TUNE_FEATURES:tune-mips64el-nf-n32} mips64r2" BASE_LIB:tune-mips64r2el-nf-n32 = "lib32" MIPSPKGSFX_VARIANT:tune-mips64r2el-nf-n32 = "${TUNE_ARCH}" PACKAGE_EXTRA_ARCHS:tune-mips64r2el-nf-n32 = "mips64el-nf-n32 mips64r2el-nf-n32" +QEMU_EXTRAOPTIONS_mips64r2el-nf-32 = " -cpu MIPS64R2-generic" # MIPS 64r2 o32 AVAILTUNES += "mips64r2-o32 mips64r2el-o32" @@ -64,11 +72,13 @@ TUNE_FEATURES:tune-mips64r2-o32 = "${TUNE_FEATURES:tune-mips64-o32} mips64r2" BASE_LIB:tune-mips64r2-o32 = "lib" MIPSPKGSFX_VARIANT:tune-mips64r2-o32 = "${TUNE_ARCH}" PACKAGE_EXTRA_ARCHS:tune-mips64r2-o32 = "mips mips64-o32 mips64r2-o32" +QEMU_EXTRAOPTIONS_mips64r2-o32 = " -cpu MIPS64R2-generic" TUNE_FEATURES:tune-mips64r2el-o32 = "${TUNE_FEATURES:tune-mips64el-o32} mips64r2" BASE_LIB:tune-mips64r2el-o32 = "lib" MIPSPKGSFX_VARIANT:tune-mips64r2el-o32 = "${TUNE_ARCH}" PACKAGE_EXTRA_ARCHS:tune-mips64r2el-o32 = "mipsel mips64el-o32 mips64r2el-o32" +QEMU_EXTRAOPTIONS_mips64r2el-o32 = " -cpu MIPS64R2-generic" # MIPS 64r2 o32 and Soft Float AVAILTUNES += "mips64r2-nf-o32 mips64r2el-nf-o32" @@ -77,8 +87,10 @@ TUNE_FEATURES:tune-mips64r2-nf-o32 = "${TUNE_FEATURES:tune-mips64-nf-o32} mips64 BASE_LIB:tune-mips64r2-nf-o32 = "lib" MIPSPKGSFX_VARIANT:tune-mips64r2-nf-o32 = "${TUNE_ARCH}" PACKAGE_EXTRA_ARCHS:tune-mips64r2-nf-o32 = "mips-nf mips64r2-nf-o32" +QEMU_EXTRAOPTIONS_mips64r2-nf-o32 = " -cpu MIPS64R2-generic" TUNE_FEATURES:tune-mips64r2el-nf-o32 = "${TUNE_FEATURES:tune-mips64el-nf-o32} mips64r2" BASE_LIB:tune-mips64r2el-nf-o32 = "lib" MIPSPKGSFX_VARIANT:tune-mips64r2el-nf-o32 = "${TUNE_ARCH}" PACKAGE_EXTRA_ARCHS:tune-mips64r2el-nf-o32 = "mipsel-nf mips64r2el-nf-o32" +QEMU_EXTRAOPTIONS_mips64r2el-nf-o32 = " -cpu MIPS64R2-generic" -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185876): https://lists.openembedded.org/g/openembedded-core/message/185876 Mute This Topic: https://lists.openembedded.org/mt/100716735/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/opene
[OE-core] [PATCH 3/8] gcc-testsuite: Set qemu options for mips correctly
MIPS sets QEMU CPU values similarly to ppc and doens't support 'max'. Allow this to filter through correctly to the toolchain testing. Signed-off-by: Richard Purdie --- meta/recipes-devtools/gcc/gcc-testsuite.inc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/meta/recipes-devtools/gcc/gcc-testsuite.inc b/meta/recipes-devtools/gcc/gcc-testsuite.inc index a8299fa7aeb..788a94ff5b6 100644 --- a/meta/recipes-devtools/gcc/gcc-testsuite.inc +++ b/meta/recipes-devtools/gcc/gcc-testsuite.inc @@ -53,8 +53,10 @@ python check_prepare() { # - valid for x86*, powerpc, arm, arm64 if qemu_binary.endswith(("x86_64", "i386", "arm", "aarch64")): args += ["-cpu", "max"] -elif qemu_binary.endswith(("ppc")): +elif qemu_binary.endswith(("ppc", "mips", "mips64")): args += d.getVar("QEMU_EXTRAOPTIONS_%s" % d.getVar('PACKAGE_ARCH')).split() +# For mips64 we could set a maximal CPU (e.g. Loongson-3A4000) however they either have MSA +# or Loongson-MMI vector extensions, not both and qemu lacks complete support for MMI sysroot = d.getVar("RECIPE_SYSROOT") args += ["-L", sysroot] # lib paths are static here instead of using $libdir since this is used by a -cross recipe -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185875): https://lists.openembedded.org/g/openembedded-core/message/185875 Mute This Topic: https://lists.openembedded.org/mt/100716734/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 2/8] gcc-testsuite: Fix qemu binary filtering code logic error
This code doesn't do what it first might appear to, it would for example remove 'm' characters from the left side of qemu-mips leaving 'ips'. Fix it to stop anyone else being confused by the subtle logic error. Signed-off-by: Richard Purdie --- meta/recipes-devtools/gcc/gcc-testsuite.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-devtools/gcc/gcc-testsuite.inc b/meta/recipes-devtools/gcc/gcc-testsuite.inc index 64f60c730fe..a8299fa7aeb 100644 --- a/meta/recipes-devtools/gcc/gcc-testsuite.inc +++ b/meta/recipes-devtools/gcc/gcc-testsuite.inc @@ -51,9 +51,9 @@ python check_prepare() { # enable all valid instructions, since the test suite itself does not # limit itself to the target cpu options. # - valid for x86*, powerpc, arm, arm64 -if qemu_binary.lstrip("qemu-") in ["x86_64", "i386", "arm", "aarch64"]: +if qemu_binary.endswith(("x86_64", "i386", "arm", "aarch64")): args += ["-cpu", "max"] -elif qemu_binary.lstrip("qemu-") in ["ppc"]: +elif qemu_binary.endswith(("ppc")): args += d.getVar("QEMU_EXTRAOPTIONS_%s" % d.getVar('PACKAGE_ARCH')).split() sysroot = d.getVar("RECIPE_SYSROOT") args += ["-L", sysroot] -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185874): https://lists.openembedded.org/g/openembedded-core/message/185874 Mute This Topic: https://lists.openembedded.org/mt/100716733/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH 1/8] resulttool/report: Avoid divide by zero
Avoid a divide by zero traceback if unfortunate test counts are encountered. Signed-off-by: Richard Purdie --- scripts/lib/resulttool/report.py | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scripts/lib/resulttool/report.py b/scripts/lib/resulttool/report.py index f0ca50ebe24..a349510ab85 100644 --- a/scripts/lib/resulttool/report.py +++ b/scripts/lib/resulttool/report.py @@ -176,7 +176,10 @@ class ResultsTextReport(object): vals['sort'] = line['testseries'] + "_" + line['result_id'] vals['failed_testcases'] = line['failed_testcases'] for k in cols: -vals[k] = "%d (%s%%)" % (line[k], format(line[k] / total_tested * 100, '.0f')) +if total_tested: +vals[k] = "%d (%s%%)" % (line[k], format(line[k] / total_tested * 100, '.0f')) +else: +vals[k] = "0 (0%)" for k in maxlen: if k in vals and len(vals[k]) > maxlen[k]: maxlen[k] = len(vals[k]) -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185873): https://lists.openembedded.org/g/openembedded-core/message/185873 Mute This Topic: https://lists.openembedded.org/mt/100716732/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [RFC][PATCHV2 0/4] Introduction of cargo-c class and recipe
On Sun, 2023-08-13 at 12:48 +0200, Frédéric Martinsons wrote: > > > Le dim. 13 août 2023, 12:23, Richard Purdie > a écrit : > > On Sun, 2023-08-13 at 10:23 +0200, Frederic Martinsons wrote: > > > From: Frederic Martinsons > > > > > > This is an RFC for introducing a new class and recipes that > > > help building C-ABI compatible header and library around > > > rust code. > > > > > > The third patch add examples and test to demonstrate > > > the usage and the good working of this use case. > > > > > > Test have been passed with the following in local.conf: > > > > > > CORE_IMAGE_EXTRA_INSTALL:append = " openssh-sshd openssh-scp > > > cargo rust rust-c-lib-example-bin" > > > IMAGE_CLASSES += "testimage" > > > TEST_SUITES = "ping ssh rust" > > > # To use slirp option in testimage.bbclass > > > TEST_RUNQEMUPARAMS = "slirp" > > > TEST_SERVER_IP = "127.0.0.1" > > > QEMU_USE_SLIRP = "1" > > > > In testing it showed: > > > > stdio: WARNING: cargo-c-0.9.18-r0 do_recipe_qa: QA Issue: Recipe > > cargo-c in /home/pokybuild/yocto-worker/a-full/build/meta/recipes- > > devtools/rust/cargo-c_0.9.18.bb does not contain a SUMMARY. Please > > add an entry. [missing-metadata] > > stdio: WARNING: cargo-c-native-0.9.18-r0 do_recipe_qa: QA Issue: > > Recipe cargo-c in /home/pokybuild/yocto-worker/a- > > full/build/meta/recipes-devtools/rust/cargo-c_0.9.18.bb does not > > contain a SUMMARY. Please add an entry. [missing-metadata] > > stdio: WARNING: nativesdk-cargo-c-0.9.18-r0 do_recipe_qa: QA Issue: > > Recipe cargo-c in /home/pokybuild/yocto-worker/a- > > full/build/meta/recipes-devtools/rust/cargo-c_0.9.18.bb does not > > contain a SUMMARY. Please add an entry. [missing-metadata] > > Thanks Richard, will take care of that soon. > > Can you tell me what commands do you run to have that sanity check? > It will avoid me to do the same mistake next time I'll add a recipe. It should just show up building the recipe (e.g. "bitbake cargo-c")? There are further build failures: https://autobuilder.yoctoproject.org/typhoon/#/builders/101/builds/6361/steps/14/logs/stdio https://autobuilder.yoctoproject.org/typhoon/#/builders/110/builds/6484/steps/14/logs/stdio and the build isn't finished yet so Is suspect there will be more. Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185872): https://lists.openembedded.org/g/openembedded-core/message/185872 Mute This Topic: https://lists.openembedded.org/mt/100715215/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] OE-core CVE metrics for master on Sun 13 Aug 2023 01:00:01 AM HST
Branch: master New this week: 6 CVEs CVE-2023-3180 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3180 * CVE-2023-3817 (CVSS3: 5.3 MEDIUM): openssl:openssl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3817 * CVE-2023-4016 (CVSS3: 5.5 MEDIUM): procps https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4016 * CVE-2023-4132 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4132 * CVE-2023-4133 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4133 * CVE-2023-4135 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4135 * Removed this week: 36 CVEs CVE-2020-25668 (CVSS3: 7.0 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25668 * CVE-2020-2 (CVSS3: 6.7 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2 * CVE-2020-27815 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27815 * CVE-2021-4083 (CVSS3: 7.0 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4083 * CVE-2022-3202 (CVSS3: 7.1 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3202 * CVE-2022-41858 (CVSS3: 7.1 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41858 * CVE-2022-48502 (CVSS3: 7.1 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48502 * CVE-2023-2898 (CVSS3: 4.7 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2898 * CVE-2023-32247 (CVSS3: 7.5 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32247 * CVE-2023-32248 (CVSS3: 7.5 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32248 * CVE-2023-32250 (CVSS3: 8.1 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32250 * CVE-2023-32252 (CVSS3: 7.5 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32252 * CVE-2023-32254 (CVSS3: 8.1 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32254 * CVE-2023-32257 (CVSS3: 8.1 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32257 * CVE-2023-32258 (CVSS3: 8.1 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32258 * CVE-2023-3269 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3269 * CVE-2023-33951 (CVSS3: 5.3 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33951 * CVE-2023-33952 (CVSS3: 6.7 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33952 * CVE-2023-3567 (CVSS3: 7.1 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3567 * CVE-2023-3609 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3609 * CVE-2023-3610 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3610 * CVE-2023-3611 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3611 * CVE-2023-3776 (CVSS3: 7.8 HIGH): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3776 * CVE-2023-38408 (CVSS3: 9.8 CRITICAL): openssh https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38408 * CVE-2023-38409 (CVSS3: 5.5 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38409 * CVE-2023-38426 (CVSS3: 9.1 CRITICAL): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38426 * CVE-2023-38427 (CVSS3: 9.8 CRITICAL): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38427 * CVE-2023-38428 (CVSS3: 9.1 CRITICAL): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38428 * CVE-2023-38429 (CVSS3: 9.8 CRITICAL): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38429 * CVE-2023-38430 (CVSS3: 9.1 CRITICAL): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38430 * CVE-2023-38431 (CVSS3: 9.1 CRITICAL): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38431 * CVE-2023-38432 (CVSS3: 9.1 CRITICAL): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38432 * CVE-2023-38559 (CVSS3: 5.5 MEDIUM): ghostscript https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38559 * CVE-2023-38560 (CVSS3: 5.5 MEDIUM): ghostscript https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38560 * CVE-2023-38633 (CVSS3: 7.5 HIGH): librsvg:librsvg-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38633 * CVE-2023-3863 (CVSS3: 4.1 MEDIUM): linux-yocto https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3863 * Full list: Found 41 unpatched CVEs CVE-2019-14899 (CVSS3: 7.4 HIGH): linux-yocto https://web.nv
Re: [OE-core][master][mickledore][PATCH] openssl: Upgrade 3.1.1 -> 3.1.2
Gentle ping. Is there any problem with this patch? Peter -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185870): https://lists.openembedded.org/g/openembedded-core/message/185870 Mute This Topic: https://lists.openembedded.org/mt/100487930/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [RFC][PATCHV2 0/4] Introduction of cargo-c class and recipe
Le dim. 13 août 2023, 12:23, Richard Purdie < richard.pur...@linuxfoundation.org> a écrit : > On Sun, 2023-08-13 at 10:23 +0200, Frederic Martinsons wrote: > > From: Frederic Martinsons > > > > This is an RFC for introducing a new class and recipes that > > help building C-ABI compatible header and library around > > rust code. > > > > The third patch add examples and test to demonstrate > > the usage and the good working of this use case. > > > > Test have been passed with the following in local.conf: > > > > CORE_IMAGE_EXTRA_INSTALL:append = " openssh-sshd openssh-scp cargo rust > rust-c-lib-example-bin" > > IMAGE_CLASSES += "testimage" > > TEST_SUITES = "ping ssh rust" > > # To use slirp option in testimage.bbclass > > TEST_RUNQEMUPARAMS = "slirp" > > TEST_SERVER_IP = "127.0.0.1" > > QEMU_USE_SLIRP = "1" > > In testing it showed: > > stdio: WARNING: cargo-c-0.9.18-r0 do_recipe_qa: QA Issue: Recipe cargo-c > in /home/pokybuild/yocto-worker/a-full/build/meta/recipes-devtools/rust/ > cargo-c_0.9.18.bb does not contain a SUMMARY. Please add an entry. > [missing-metadata] > stdio: WARNING: cargo-c-native-0.9.18-r0 do_recipe_qa: QA Issue: Recipe > cargo-c in > /home/pokybuild/yocto-worker/a-full/build/meta/recipes-devtools/rust/ > cargo-c_0.9.18.bb does not contain a SUMMARY. Please add an entry. > [missing-metadata] > stdio: WARNING: nativesdk-cargo-c-0.9.18-r0 do_recipe_qa: QA Issue: Recipe > cargo-c in > /home/pokybuild/yocto-worker/a-full/build/meta/recipes-devtools/rust/ > cargo-c_0.9.18.bb does not contain a SUMMARY. Please add an entry. > [missing-metadata] > Thanks Richard, will take care of that soon. Can you tell me what commands do you run to have that sanity check? It will avoid me to do the same mistake next time I'll add a recipe. > Cheers, > > Richard > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185869): https://lists.openembedded.org/g/openembedded-core/message/185869 Mute This Topic: https://lists.openembedded.org/mt/100715215/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [RFC][PATCHV2 0/4] Introduction of cargo-c class and recipe
On Sun, 2023-08-13 at 10:23 +0200, Frederic Martinsons wrote: > From: Frederic Martinsons > > This is an RFC for introducing a new class and recipes that > help building C-ABI compatible header and library around > rust code. > > The third patch add examples and test to demonstrate > the usage and the good working of this use case. > > Test have been passed with the following in local.conf: > > CORE_IMAGE_EXTRA_INSTALL:append = " openssh-sshd openssh-scp cargo rust > rust-c-lib-example-bin" > IMAGE_CLASSES += "testimage" > TEST_SUITES = "ping ssh rust" > # To use slirp option in testimage.bbclass > TEST_RUNQEMUPARAMS = "slirp" > TEST_SERVER_IP = "127.0.0.1" > QEMU_USE_SLIRP = "1" In testing it showed: stdio: WARNING: cargo-c-0.9.18-r0 do_recipe_qa: QA Issue: Recipe cargo-c in /home/pokybuild/yocto-worker/a-full/build/meta/recipes-devtools/rust/cargo-c_0.9.18.bb does not contain a SUMMARY. Please add an entry. [missing-metadata] stdio: WARNING: cargo-c-native-0.9.18-r0 do_recipe_qa: QA Issue: Recipe cargo-c in /home/pokybuild/yocto-worker/a-full/build/meta/recipes-devtools/rust/cargo-c_0.9.18.bb does not contain a SUMMARY. Please add an entry. [missing-metadata] stdio: WARNING: nativesdk-cargo-c-0.9.18-r0 do_recipe_qa: QA Issue: Recipe cargo-c in /home/pokybuild/yocto-worker/a-full/build/meta/recipes-devtools/rust/cargo-c_0.9.18.bb does not contain a SUMMARY. Please add an entry. [missing-metadata] Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185868): https://lists.openembedded.org/g/openembedded-core/message/185868 Mute This Topic: https://lists.openembedded.org/mt/100715215/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCHV2 4/4] oeqa/runtime/rust: correct rust test
From: Frederic Martinsons Since setUp of RustCompileTest use cls.tc.copyTo, those tests needs the scp command: NOTE: == NOTE: FAIL: test_cargo_compile (rust.RustCompileTest) NOTE: -- NOTE: Traceback (most recent call last): File "/home/jenkins/yocto-poky-master/poky/meta/lib/oeqa/core/case.py", line 53, in _oeSetUp self.setUpMethod() File "/home/jenkins/yocto-poky-master/poky/meta/lib/oeqa/runtime/cases/rust.py", line 17, in setUp cls.tc.target.copyTo(src, dst) File "/home/jenkins/yocto-poky-master/poky/meta/lib/oeqa/core/target/ssh.py", line 132, in copyTo return self._run(scpCmd, ignore_status=False) File "/home/jenkins/yocto-poky-master/poky/meta/lib/oeqa/core/target/ssh.py", line 81, in _run raise AssertionError("Command '%s' returned non-zero exit " AssertionError: Command '['scp', '-o', 'ServerAliveCountMax=2', '-o', 'ServerAliveInterval=30', '-o', 'UserKnownHostsFile=/dev/null', '-o', 'StrictHostKeyChecking=no', '-o', 'LogLevel=ERROR', '-r', '-P', '', '/home/jenkins/yocto-poky-master/poky/meta/lib/oeqa/files/test.rs', 'root@127.0.0.1:/tmp/']' returned non-zero exit status 1: sh: scp: not found lost connection Signed-off-by: Frederic Martinsons --- meta/lib/oeqa/runtime/cases/rust.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/lib/oeqa/runtime/cases/rust.py b/meta/lib/oeqa/runtime/cases/rust.py index e709e4f8aa..fa6fe486e4 100644 --- a/meta/lib/oeqa/runtime/cases/rust.py +++ b/meta/lib/oeqa/runtime/cases/rust.py @@ -24,7 +24,7 @@ class RustCompileTest(OERuntimeTestCase): cls.tc.target.run('rm -r %s' % dirs) @OETestDepends(['ssh.SSHTest.test_ssh']) -@OEHasPackage(['rust']) +@OEHasPackage(['rust', 'openssh-scp']) def test_rust_compile(self): status, output = self.target.run('rustc /tmp/test.rs -o /tmp/test') msg = 'rust compile failed, output: %s' % output @@ -35,7 +35,7 @@ class RustCompileTest(OERuntimeTestCase): self.assertEqual(status, 0, msg=msg) @OETestDepends(['ssh.SSHTest.test_ssh']) -@OEHasPackage(['cargo']) +@OEHasPackage(['cargo', 'openssh-scp']) def test_cargo_compile(self): status, output = self.target.run('cargo new /tmp/hello') msg = 'cargo new failed, output: %s' % output -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185867): https://lists.openembedded.org/g/openembedded-core/message/185867 Mute This Topic: https://lists.openembedded.org/mt/100715221/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCHV2 3/4] rust: provide examples for C library generation in rust
From: Frederic Martinsons rust-c-lib-example is a little rust code which provide a single function to print a formatted date (via the chrono crate) from an input timestamp in millisecond. It has the necessary FFI annotation and inherit cargo_c class for the C ABI compatible library generation. rust-c-lib-example is meson project for the C code which will call the print_date function from rust-c-lib-example if no argument is provided, if any argument is provided it will print "Hello world in rust from C!" add a runtime test case to check if all went well. Signed-off-by: Frederic Martinsons --- .../rust/rust-c-lib-example-bin_git.bb| 16 .../rust/rust-c-lib-example-crates.inc| 79 +++ .../rust/rust-c-lib-example_git.bb| 15 meta/conf/distro/include/maintainers.inc | 2 + meta/lib/oeqa/runtime/cases/rust.py | 12 +++ 5 files changed, 124 insertions(+) create mode 100644 meta-selftest/recipes-devtools/rust/rust-c-lib-example-bin_git.bb create mode 100644 meta-selftest/recipes-devtools/rust/rust-c-lib-example-crates.inc create mode 100644 meta-selftest/recipes-devtools/rust/rust-c-lib-example_git.bb diff --git a/meta-selftest/recipes-devtools/rust/rust-c-lib-example-bin_git.bb b/meta-selftest/recipes-devtools/rust/rust-c-lib-example-bin_git.bb new file mode 100644 index 00..47d878597a --- /dev/null +++ b/meta-selftest/recipes-devtools/rust/rust-c-lib-example-bin_git.bb @@ -0,0 +1,16 @@ +DESCRIPTION = "A simple example for C wrapper around a rust library" +HOMEPAGE = "https://gitlab.com/fmartinsonsHome/rust-c-lib-example"; +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://LICENSE;md5=cb9c441273ed8a029701a086befbfc63" + +SRC_URI = " \ + git://gitlab.com/fmartinsonsHome/rust-c-lib-example.git;branch=main;protocol=https \ +" + +SRCREV = "fc53c457f69aa5221ec1f8619a007e8150db5e60" +S = "${WORKDIR}/git" + +DEPENDS = "rust-c-lib-example" + +inherit meson pkgconfig + diff --git a/meta-selftest/recipes-devtools/rust/rust-c-lib-example-crates.inc b/meta-selftest/recipes-devtools/rust/rust-c-lib-example-crates.inc new file mode 100644 index 00..05f5949203 --- /dev/null +++ b/meta-selftest/recipes-devtools/rust/rust-c-lib-example-crates.inc @@ -0,0 +1,79 @@ +SRC_URI += " \ +crate://crates.io/android-tzdata/0.1.1 \ +crate://crates.io/android_system_properties/0.1.5 \ +crate://crates.io/autocfg/1.1.0 \ +crate://crates.io/bumpalo/3.13.0 \ +crate://crates.io/cc/1.0.82 \ +crate://crates.io/cfg-if/1.0.0 \ +crate://crates.io/chrono/0.4.26 \ +crate://crates.io/core-foundation-sys/0.8.4 \ +crate://crates.io/iana-time-zone/0.1.57 \ +crate://crates.io/iana-time-zone-haiku/0.1.2 \ +crate://crates.io/js-sys/0.3.64 \ +crate://crates.io/libc/0.2.147 \ +crate://crates.io/log/0.4.19 \ +crate://crates.io/num-traits/0.2.16 \ +crate://crates.io/once_cell/1.18.0 \ +crate://crates.io/proc-macro2/1.0.66 \ +crate://crates.io/quote/1.0.32 \ +crate://crates.io/syn/2.0.28 \ +crate://crates.io/time/0.1.45 \ +crate://crates.io/unicode-ident/1.0.11 \ +crate://crates.io/wasi/0.10.0+wasi-snapshot-preview1 \ +crate://crates.io/wasm-bindgen/0.2.87 \ +crate://crates.io/wasm-bindgen-backend/0.2.87 \ +crate://crates.io/wasm-bindgen-macro/0.2.87 \ +crate://crates.io/wasm-bindgen-macro-support/0.2.87 \ +crate://crates.io/wasm-bindgen-shared/0.2.87 \ +crate://crates.io/winapi/0.3.9 \ +crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \ +crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \ +crate://crates.io/windows/0.48.0 \ +crate://crates.io/windows-targets/0.48.1 \ +crate://crates.io/windows_aarch64_gnullvm/0.48.0 \ +crate://crates.io/windows_aarch64_msvc/0.48.0 \ +crate://crates.io/windows_i686_gnu/0.48.0 \ +crate://crates.io/windows_i686_msvc/0.48.0 \ +crate://crates.io/windows_x86_64_gnu/0.48.0 \ +crate://crates.io/windows_x86_64_gnullvm/0.48.0 \ +crate://crates.io/windows_x86_64_msvc/0.48.0 \ +" + +SRC_URI[android-tzdata-0.1.1.sha256sum] = "e41b234f3131b00bc13c22d06e8c5ff726d1b6318ac7eb276997bbb4fef0" +SRC_URI[android_system_properties-0.1.5.sha256sum] = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311" +SRC_URI[autocfg-1.1.0.sha256sum] = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" +SRC_URI[bumpalo-3.13.0.sha256sum] = "a3e2c3daef883ecc1b5d58c15adae93470a91d425f3532ba1695849656af3fc1" +SRC_URI[cc-1.0.82.sha256sum] = "305fe645edc1442a0fa8b6726ba61d422798d37a52e12eaecf4b022ebbb88f01" +SRC_URI[cfg-if-1.0.0.sha256sum] = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" +SRC_URI[chrono-0.4.26.sha256sum] = "ec837a71355b28f6556dbd569b37b3f363091c0bd4b2e735674521b4c5fd9bc5" +SRC_URI[core-foundation-sys-0.8.4.sha256sum] = "e496a50fda8aa86d7529e2c1e0892dbd0f898a6b5645b5561b89c3210efa" +SRC_URI[iana-time-zone-0.1.57.sha256sum] = "2fad5b82584
[OE-core] [PATCHV2 1/4] rust: add cargo-c recipe
From: Frederic Martinsons This package make it easier to generate C/C++ ABI compatible header, library and also generate package config file. It is built around cbindgen (https://github.com/mozilla/cbindgen) for the header generation, it compiles the library (static or dynamic) through cargo and finally handle the generation of a custom package config file. Signed-off-by: Frederic Martinsons --- meta/conf/distro/include/maintainers.inc |1 + meta/recipes-devtools/rust/cargo-c-crates.inc | 453 meta/recipes-devtools/rust/cargo-c_0.9.18.bb | 22 + .../rust/files/0001-Add-Cargo.lock-file.patch | 2180 + 4 files changed, 2656 insertions(+) create mode 100644 meta/recipes-devtools/rust/cargo-c-crates.inc create mode 100644 meta/recipes-devtools/rust/cargo-c_0.9.18.bb create mode 100644 meta/recipes-devtools/rust/files/0001-Add-Cargo.lock-file.patch diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc index 202e5739a0..d56b7c1e0e 100644 --- a/meta/conf/distro/include/maintainers.inc +++ b/meta/conf/distro/include/maintainers.inc @@ -88,6 +88,7 @@ RECIPE_MAINTAINER:pn-bzip2 = "Denys Dmytriyenko " RECIPE_MAINTAINER:pn-ca-certificates = "Alexander Kanavin " RECIPE_MAINTAINER:pn-cairo = "Anuj Mittal " RECIPE_MAINTAINER:pn-cargo = "Randy MacLeod " +RECIPE_MAINTAINER:pn-cargo-c = "Frederic Martinsons " RECIPE_MAINTAINER:pn-cantarell-fonts = "Alexander Kanavin " RECIPE_MAINTAINER:pn-ccache = "Robert Yang " RECIPE_MAINTAINER:pn-cdrtools-native = "Yi Zhao " diff --git a/meta/recipes-devtools/rust/cargo-c-crates.inc b/meta/recipes-devtools/rust/cargo-c-crates.inc new file mode 100644 index 00..fc546c7899 --- /dev/null +++ b/meta/recipes-devtools/rust/cargo-c-crates.inc @@ -0,0 +1,453 @@ +SRC_URI += " \ +crate://crates.io/adler/1.0.2 \ +crate://crates.io/aho-corasick/1.0.3 \ +crate://crates.io/anstream/0.3.2 \ +crate://crates.io/anstyle/1.0.1 \ +crate://crates.io/anstyle-parse/0.2.1 \ +crate://crates.io/anstyle-query/1.0.0 \ +crate://crates.io/anstyle-wincon/1.0.2 \ +crate://crates.io/anyhow/1.0.72 \ +crate://crates.io/arrayvec/0.5.2 \ +crate://crates.io/atty/0.2.14 \ +crate://crates.io/autocfg/1.1.0 \ +crate://crates.io/base16ct/0.2.0 \ +crate://crates.io/base64/0.13.1 \ +crate://crates.io/base64ct/1.6.0 \ +crate://crates.io/bitflags/1.3.2 \ +crate://crates.io/bitflags/2.3.3 \ +crate://crates.io/bitmaps/2.1.0 \ +crate://crates.io/block-buffer/0.10.4 \ +crate://crates.io/bstr/1.6.0 \ +crate://crates.io/bumpalo/3.13.0 \ +crate://crates.io/bytes/1.4.0 \ +crate://crates.io/bytesize/1.2.0 \ +crate://crates.io/cargo/0.69.1 \ +crate://crates.io/cargo-platform/0.1.3 \ +crate://crates.io/cargo-util/0.2.4 \ +crate://crates.io/cbindgen/0.24.5 \ +crate://crates.io/cc/1.0.82 \ +crate://crates.io/cfg-if/1.0.0 \ +crate://crates.io/clap/3.2.25 \ +crate://crates.io/clap/4.3.21 \ +crate://crates.io/clap_builder/4.3.21 \ +crate://crates.io/clap_derive/4.3.12 \ +crate://crates.io/clap_lex/0.2.4 \ +crate://crates.io/clap_lex/0.5.0 \ +crate://crates.io/colorchoice/1.0.0 \ +crate://crates.io/combine/4.6.6 \ +crate://crates.io/const-oid/0.9.5 \ +crate://crates.io/core-foundation/0.9.3 \ +crate://crates.io/core-foundation-sys/0.8.4 \ +crate://crates.io/cpufeatures/0.2.9 \ +crate://crates.io/crates-io/0.35.1 \ +crate://crates.io/crc32fast/1.3.2 \ +crate://crates.io/crypto-bigint/0.5.2 \ +crate://crates.io/crypto-common/0.1.6 \ +crate://crates.io/ct-codecs/1.1.1 \ +crate://crates.io/curl/0.4.44 \ +crate://crates.io/curl-sys/0.4.65+curl-8.2.1 \ +crate://crates.io/der/0.7.8 \ +crate://crates.io/deranged/0.3.7 \ +crate://crates.io/digest/0.10.7 \ +crate://crates.io/ecdsa/0.16.8 \ +crate://crates.io/ed25519-compact/2.0.4 \ +crate://crates.io/either/1.9.0 \ +crate://crates.io/elliptic-curve/0.13.5 \ +crate://crates.io/env_logger/0.10.0 \ +crate://crates.io/equivalent/1.0.1 \ +crate://crates.io/errno/0.3.2 \ +crate://crates.io/errno-dragonfly/0.1.2 \ +crate://crates.io/fastrand/2.0.0 \ +crate://crates.io/ff/0.13.0 \ +crate://crates.io/fiat-crypto/0.1.20 \ +crate://crates.io/filetime/0.2.22 \ +crate://crates.io/flate2/1.0.26 \ +crate://crates.io/fnv/1.0.7 \ +crate://crates.io/foreign-types/0.3.2 \ +crate://crates.io/foreign-types-shared/0.1.1 \ +crate://crates.io/form_urlencoded/1.2.0 \ +crate://crates.io/fwdansi/1.1.0 \ +crate://crates.io/generic-array/0.14.7 \ +crate://crates.io/getrandom/0.2.10 \ +crate://crates.io/git2/0.16.0 \ +crate://crates.io/git2-curl/0.17.0 \ +crate://crates.io/glob/0.3.1 \ +crate://crates.io/globset/0.4.13 \ +crate://crates.io/group/0.13.0 \ +crate://crates.io/hashbrown/0.12.3 \ +crate://crates.io/hashbrown/0.14.0 \ +
[OE-core] [PATCHV2 2/4] classes-recipe: add cargo_c.bbclass
From: Frederic Martinsons This class can be used inside rust recipe to generate a rust library that can be called by C/C++ code. The rust recipe which uses this class has to only replace "inherit cargo" by "inherit cargo-c". Signed-off-by: Frederic Martinsons --- meta/classes-recipe/cargo_c.bbclass | 41 + 1 file changed, 41 insertions(+) create mode 100644 meta/classes-recipe/cargo_c.bbclass diff --git a/meta/classes-recipe/cargo_c.bbclass b/meta/classes-recipe/cargo_c.bbclass new file mode 100644 index 00..c083f69c08 --- /dev/null +++ b/meta/classes-recipe/cargo_c.bbclass @@ -0,0 +1,41 @@ +# +# Copyright OpenEmbedded Contributors +# +# SPDX-License-Identifier: MIT +# + +## +## Purpose: +## This class is used by any recipes that want to compile a C ABI compatible +## library with header and pkg config file + +inherit cargo pkgconfig + +# the binaries we will use +CARGO_C_BUILD = "cargo-cbuild" +CARGO_C_INSTALL = "cargo-cinstall" + +# We need cargo-c to compile for the target +BASEDEPENDS:append = " cargo-c-native" + +do_compile[progress] = "outof:\s+(\d+)/(\d+)" +cargo_c_do_compile() { +oe_cargo_fix_env +export RUSTFLAGS="${RUSTFLAGS}" +bbnote "Using rust targets from ${RUST_TARGET_PATH}" +bbnote "cargo-cbuild = $(which ${CARGO_C_BUILD})" +bbnote "${CARGO_C_BUILD} cbuild ${CARGO_BUILD_FLAGS}" +"${CARGO_C_BUILD}" cbuild ${CARGO_BUILD_FLAGS} +} + +cargo_c_do_install() { +oe_cargo_fix_env +export RUSTFLAGS="${RUSTFLAGS}" +bbnote "cargo-cinstall = $(which ${CARGO_C_INSTALL})" +"${CARGO_C_INSTALL}" cinstall ${CARGO_BUILD_FLAGS} \ +--destdir ${D} \ +--prefix /usr \ +--library-type cdylib +} + +EXPORT_FUNCTIONS do_compile do_install -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185865): https://lists.openembedded.org/g/openembedded-core/message/185865 Mute This Topic: https://lists.openembedded.org/mt/100715218/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [RFC][PATCHV2 0/4] Introduction of cargo-c class and recipe
From: Frederic Martinsons This is an RFC for introducing a new class and recipes that help building C-ABI compatible header and library around rust code. The third patch add examples and test to demonstrate the usage and the good working of this use case. Test have been passed with the following in local.conf: CORE_IMAGE_EXTRA_INSTALL:append = " openssh-sshd openssh-scp cargo rust rust-c-lib-example-bin" IMAGE_CLASSES += "testimage" TEST_SUITES = "ping ssh rust" # To use slirp option in testimage.bbclass TEST_RUNQEMUPARAMS = "slirp" TEST_SERVER_IP = "127.0.0.1" QEMU_USE_SLIRP = "1" The following changes since commit 05095c116602d1a8c388cc02afffcc36230138f7: qemuboot: Update hardcoded path to match new layout (2023-08-11 13:21:31 +0100) are available in the Git repository at: https://gitlab.com/fmartinsons/openembedded-core cargo-c-introduction Frederic Martinsons (4): rust: add cargo-c recipe classes-recipe: add cargo_c.bbclass rust: provide examples for C library generation in rust oeqa/runtime/rust: correct rust test .../rust/rust-c-lib-example-bin_git.bb| 16 + .../rust/rust-c-lib-example-crates.inc| 79 + .../rust/rust-c-lib-example_git.bb| 15 + meta/classes-recipe/cargo_c.bbclass | 41 + meta/conf/distro/include/maintainers.inc |2 + meta/lib/oeqa/runtime/cases/rust.py | 16 +- meta/recipes-devtools/rust/cargo-c-crates.inc | 453 meta/recipes-devtools/rust/cargo-c_0.9.18.bb | 22 + .../rust/files/0001-Add-Cargo.lock-file.patch | 2180 + 9 files changed, 2822 insertions(+), 2 deletions(-) create mode 100644 meta-selftest/recipes-devtools/rust/rust-c-lib-example-bin_git.bb create mode 100644 meta-selftest/recipes-devtools/rust/rust-c-lib-example-crates.inc create mode 100644 meta-selftest/recipes-devtools/rust/rust-c-lib-example_git.bb create mode 100644 meta/classes-recipe/cargo_c.bbclass create mode 100644 meta/recipes-devtools/rust/cargo-c-crates.inc create mode 100644 meta/recipes-devtools/rust/cargo-c_0.9.18.bb create mode 100644 meta/recipes-devtools/rust/files/0001-Add-Cargo.lock-file.patch -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185863): https://lists.openembedded.org/g/openembedded-core/message/185863 Mute This Topic: https://lists.openembedded.org/mt/100715215/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-