[OE-core] [zeus 27/28] wic/engine: use 'linux-swap' for swap file system

[Armin Kuster]

From: Chee Yang Lee 

[YOCTO #13312]
see https://bugzilla.yoctoproject.org/show_bug.cgi?id=13312

wic/engine.Disk._get_part_image was looking at variable fstypes for
supported fstype which is 'swap' but image build with 'linux-swap'.
supported fstype should be 'linux-swap'.

Signed-off-by: Chee Yang Lee 
Signed-off-by: Richard Purdie 
(cherry picked from commit 7e6da22fe4faf841bcec02e55f376b4dae04d6a8)
Signed-off-by: Armin Kuster 
---
 scripts/lib/wic/engine.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/lib/wic/engine.py b/scripts/lib/wic/engine.py
index 61939ad1..18776fa 100644
--- a/scripts/lib/wic/engine.py
+++ b/scripts/lib/wic/engine.py
@@ -541,7 +541,7 @@ def wic_write(args, native_sysroot):
 """
 Write image to a target device.
 """
-disk = Disk(args.image, native_sysroot, ('fat', 'ext', 'swap'))
+disk = Disk(args.image, native_sysroot, ('fat', 'ext', 'linux-swap'))
 disk.write(args.target, args.expand)
 
 def find_canned(scripts_path, file_name):
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [zeus 22/28] libgcrypt: fix CVE-2019-12904

[Armin Kuster]

From: Yi Zhao 

In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a
flush-and-reload side-channel attack because physical addresses are
available to other processes. (The C implementation is used on platforms
where an assembly-language implementation is unavailable.)

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2019-12904

Patches from:
https://github.com/gpg/libgcrypt/commit/1374254c2904ab5b18ba4a890856824a102d4705
https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762
https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020

Signed-off-by: Yi Zhao 
Signed-off-by: Ross Burton 
(cherry picked from commit 37e390ff05b6a4509019db358ed496731d80cc51)
Signed-off-by: Armin Kuster 
---
 .../files/0001-Prefetch-GCM-look-up-tables.patch   |  90 ++
 ...ok-up-tables-to-.data-section-and-unshare.patch | 332 +
 ...ok-up-table-to-.data-section-and-unshare-.patch | 178 +++
 meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb  |   3 +
 4 files changed, 603 insertions(+)
 create mode 100644 
meta/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch
 create mode 100644 
meta/recipes-support/libgcrypt/files/0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch
 create mode 100644 
meta/recipes-support/libgcrypt/files/0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch

diff --git 
a/meta/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch 
b/meta/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch
new file mode 100644
index 000..4df96f0
--- /dev/null
+++ 
b/meta/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch
@@ -0,0 +1,90 @@
+From 1374254c2904ab5b18ba4a890856824a102d4705 Mon Sep 17 00:00:00 2001
+From: Jussi Kivilinna 
+Date: Sat, 27 Apr 2019 19:33:28 +0300
+Subject: [PATCH 1/3] Prefetch GCM look-up tables
+
+* cipher/cipher-gcm.c (prefetch_table, do_prefetch_tables)
+(prefetch_tables): New.
+(ghash_internal): Call prefetch_tables.
+--
+
+Signed-off-by: Jussi Kivilinna 
+
+Upstream-Status: Backport
+[https://github.com/gpg/libgcrypt/commit/1374254c2904ab5b18ba4a890856824a102d4705]
+
+CVE: CVE-2019-12904
+
+Signed-off-by: Yi Zhao 
+---
+ cipher/cipher-gcm.c | 33 +
+ 1 file changed, 33 insertions(+)
+
+diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c
+index c19f09f..11f119a 100644
+--- a/cipher/cipher-gcm.c
 b/cipher/cipher-gcm.c
+@@ -118,6 +118,34 @@ static const u16 gcmR[256] = {
+   0xbbf0, 0xba32, 0xb874, 0xb9b6, 0xbcf8, 0xbd3a, 0xbf7c, 0xbebe,
+ };
+ 
++static inline
++void prefetch_table(const void *tab, size_t len)
++{
++  const volatile byte *vtab = tab;
++  size_t i;
++
++  for (i = 0; i < len; i += 8 * 32)
++{
++  (void)vtab[i + 0 * 32];
++  (void)vtab[i + 1 * 32];
++  (void)vtab[i + 2 * 32];
++  (void)vtab[i + 3 * 32];
++  (void)vtab[i + 4 * 32];
++  (void)vtab[i + 5 * 32];
++  (void)vtab[i + 6 * 32];
++  (void)vtab[i + 7 * 32];
++}
++
++  (void)vtab[len - 1];
++}
++
++static inline void
++do_prefetch_tables (const void *gcmM, size_t gcmM_size)
++{
++  prefetch_table(gcmM, gcmM_size);
++  prefetch_table(gcmR, sizeof(gcmR));
++}
++
+ #ifdef GCM_TABLES_USE_U64
+ static void
+ bshift (u64 * b0, u64 * b1)
+@@ -365,6 +393,8 @@ do_ghash (unsigned char *result, const unsigned char *buf, 
const u32 *gcmM)
+ #define fillM(c) \
+   do_fillM (c->u_mode.gcm.u_ghash_key.key, c->u_mode.gcm.gcm_table)
+ #define GHASH(c, result, buf) do_ghash (result, buf, c->u_mode.gcm.gcm_table)
++#define prefetch_tables(c) \
++  do_prefetch_tables(c->u_mode.gcm.gcm_table, sizeof(c->u_mode.gcm.gcm_table))
+ 
+ #else
+ 
+@@ -430,6 +460,7 @@ do_ghash (unsigned char *hsub, unsigned char *result, 
const unsigned char *buf)
+ 
+ #define fillM(c) do { } while (0)
+ #define GHASH(c, result, buf) do_ghash (c->u_mode.gcm.u_ghash_key.key, 
result, buf)
++#define prefetch_tables(c) do {} while (0)
+ 
+ #endif /* !GCM_USE_TABLES */
+ 
+@@ -441,6 +472,8 @@ ghash_internal (gcry_cipher_hd_t c, byte *result, const 
byte *buf,
+   const unsigned int blocksize = GCRY_GCM_BLOCK_LEN;
+   unsigned int burn = 0;
+ 
++  prefetch_tables (c);
++
+   while (nblocks)
+ {
+   burn = GHASH (c, result, buf);
+-- 
+2.7.4
+
diff --git 
a/meta/recipes-support/libgcrypt/files/0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch
 
b/meta/recipes-support/libgcrypt/files/0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch
new file mode 100644
index 000..c82c5b5
--- /dev/null
+++ 
b/meta/recipes-support/libgcrypt/files/0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch
@@ -0,0 +1,332 @@
+From 119348dd9aa52ab229afb5e2d3342d2b76fe81bf Mon Sep 17 00:00:00 2001
+From: Jussi Kivilinna 
+Date: Fri, 31 May 2019 17:18:09 +0300
+Subject: [PATCH 2/3] AES: move look-up tables to .data section and unshare 
between
+ processes
+
+* cipher/rijndael-internal.h (ATTR_ALIG

[OE-core] [zeus 21/28] python: Fix CVE-2019-10160

[Armin Kuster]

From: Changqing Li 

Signed-off-by: Changqing Li 
Signed-off-by: Ross Burton 
(cherry picked from commit b4240b585d7fcac2fdbf33a8e72d48cb732eb696)
Signed-off-by: Armin Kuster 
---
 .../python/python/bpo-36742-cve-2019-10160.patch   | 81 ++
 meta/recipes-devtools/python/python_2.7.16.bb  |  1 +
 2 files changed, 82 insertions(+)
 create mode 100644 
meta/recipes-devtools/python/python/bpo-36742-cve-2019-10160.patch

diff --git a/meta/recipes-devtools/python/python/bpo-36742-cve-2019-10160.patch 
b/meta/recipes-devtools/python/python/bpo-36742-cve-2019-10160.patch
new file mode 100644
index 000..1b6cb8c
--- /dev/null
+++ b/meta/recipes-devtools/python/python/bpo-36742-cve-2019-10160.patch
@@ -0,0 +1,81 @@
+From 5a1033fe5be764a135adcfff2fdc14edc3e5f327 Mon Sep 17 00:00:00 2001
+From: Changqing Li 
+Date: Thu, 10 Oct 2019 16:32:19 +0800
+Subject: [PATCH] bpo-36742: Fixes handling of pre-normalization characters in
+ urlsplit() bpo-36742: Corrects fix to handle decomposition in usernames
+
+Upstream-Status: Backport
+
+https://github.com/python/cpython/commit/98a4dcefbbc3bce5ab07e7c0830a183157250259
+https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de#diff-b577545d73dd0cdb2c337a4c5f89e1d7
+
+CVE: CVE-2019-10160
+
+Signed-off-by: Changqing Li 
+---
+ Lib/test/test_urlparse.py | 19 +--
+ Lib/urlparse.py   | 14 +-
+ 2 files changed, 22 insertions(+), 11 deletions(-)
+
+diff --git a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py
+index 1830d0b..857ed96 100644
+--- a/Lib/test/test_urlparse.py
 b/Lib/test/test_urlparse.py
+@@ -641,13 +641,20 @@ class UrlParseTestCase(unittest.TestCase):
+ self.assertIn(u'\u2100', denorm_chars)
+ self.assertIn(u'\uFF03', denorm_chars)
+ 
++# bpo-36742: Verify port separators are ignored when they
++# existed prior to decomposition
++urlparse.urlsplit(u'http://\u30d5\u309a:80')
++with self.assertRaises(ValueError):
++urlparse.urlsplit(u'http://\u30d5\u309a\ufe1380')
++
+ for scheme in [u"http", u"https", u"ftp"]:
+-for c in denorm_chars:
+-url = u"{}://netloc{}false.netloc/path".format(scheme, c)
+-if test_support.verbose:
+-print "Checking %r" % url
+-with self.assertRaises(ValueError):
+-urlparse.urlsplit(url)
++for netloc in [u"netloc{}false.netloc", u"n{}user@netloc"]:
++for c in denorm_chars:
++url = u"{}://{}/path".format(scheme, netloc.format(c))
++if test_support.verbose:
++print "Checking %r" % url
++with self.assertRaises(ValueError):
++urlparse.urlsplit(url)
+ 
+ def test_main():
+ test_support.run_unittest(UrlParseTestCase)
+diff --git a/Lib/urlparse.py b/Lib/urlparse.py
+index 54eda08..e34b368 100644
+--- a/Lib/urlparse.py
 b/Lib/urlparse.py
+@@ -171,14 +171,18 @@ def _checknetloc(netloc):
+ # looking for characters like \u2100 that expand to 'a/c'
+ # IDNA uses NFKC equivalence, so normalize for this check
+ import unicodedata
+-netloc2 = unicodedata.normalize('NFKC', netloc)
+-if netloc == netloc2:
++n = netloc.replace(u'@', u'') # ignore characters already included
++n = n.replace(u':', u'')  # but not the surrounding text
++n = n.replace(u'#', u'')
++n = n.replace(u'?', u'')
++
++netloc2 = unicodedata.normalize('NFKC', n)
++if n == netloc2:
+ return
+-_, _, netloc = netloc.rpartition('@') # anything to the left of '@' is 
okay
+ for c in '/?#@:':
+ if c in netloc2:
+-raise ValueError("netloc '" + netloc2 + "' contains invalid " +
+- "characters under NFKC normalization")
++raise ValueError(u"netloc '" + netloc + u"' contains invalid " +
++ u"characters under NFKC normalization")
+ 
+ def urlsplit(url, scheme='', allow_fragments=True):
+ """Parse a URL into 5 components:
+-- 
+2.7.4
+
diff --git a/meta/recipes-devtools/python/python_2.7.16.bb 
b/meta/recipes-devtools/python/python_2.7.16.bb
index aec8778..ebb4824 100644
--- a/meta/recipes-devtools/python/python_2.7.16.bb
+++ b/meta/recipes-devtools/python/python_2.7.16.bb
@@ -31,6 +31,7 @@ SRC_URI += " \
file://float-endian.patch \

file://0001-python2-use-cc_basename-to-replace-CC-for-checking-c.patch \

file://0001-2.7-bpo-34155-Dont-parse-domains-containing-GH-13079.patch \
+   file://bpo-36742-cve-2019-10160.patch \
 "
 
 S = "${WORKDIR}/Python-${PV}"
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [zeus 28/28] connman: mark connman-wait-online as SYSTEMD_PACKAGE

[Armin Kuster]

From: André Draszik 

The connman-wait-online package currently isn't marked as
systemd-enabled package. This means it is impossible to
auto-enable the service during image creation or package
installation, as no preset files and no pkg_postinst()
snippet is being created.

This change should have been done as part of the
upgrade to v1.31

Note:
connman-wait-online is needed when connman is in use
in more complex network/interface setups for systemd's
network-online.target to report success.
systemd-networkd's systemd-networkd-wait-online.service
alone doesn't work in such scenarios and simply times
out, as it know nothing about the expected network/
interface configuration, meaning the target doesn't
boot successfully (systemctl list-units --failed),
and long delays are seen, caused by waiting for the
systemd-networkd-wait-online.service timeout.

Signed-off-by: André Draszik 
Signed-off-by: Richard Purdie 
(cherry picked from commit 1a8d186dc188d8becc778bfa933031490781)
Signed-off-by: Armin Kuster 
---
 meta/recipes-connectivity/connman/connman.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-connectivity/connman/connman.inc 
b/meta/recipes-connectivity/connman/connman.inc
index ee00479..fb38ab4 100644
--- a/meta/recipes-connectivity/connman/connman.inc
+++ b/meta/recipes-connectivity/connman/connman.inc
@@ -59,7 +59,7 @@ INITSCRIPT_NAME = "connman"
 INITSCRIPT_PARAMS = "start 05 5 2 3 . stop 22 0 1 6 ."
 
 python __anonymous () {
-systemd_packages = "${PN}"
+systemd_packages = "${PN} ${PN}-wait-online"
 pkgconfig = d.getVar('PACKAGECONFIG')
 if ('openvpn' or 'vpnc' or 'l2tp' or 'pptp') in pkgconfig.split():
 systemd_packages += " ${PN}-vpn"
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [zeus 23/28] dbus: update dbus-1.init to reflect new PID file

[Armin Kuster]

From: Tom Benn 

The PID file referenced in dbus-1.init script was out of date and no longer 
existed. This meant that dbus could not be restarted via init.d without force 
removing the old PID file.

Signed-off-by: fridgecow 
Signed-off-by: Ross Burton 
(cherry picked from commit 2ed6f06f30cb54b9c70f1a92d93c920ec4d01ffe)
Signed-off-by: Armin Kuster 
---
 meta/recipes-core/dbus/dbus/dbus-1.init | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-core/dbus/dbus/dbus-1.init 
b/meta/recipes-core/dbus/dbus/dbus-1.init
index 42c8629..90e167e 100644
--- a/meta/recipes-core/dbus/dbus/dbus-1.init
+++ b/meta/recipes-core/dbus/dbus/dbus-1.init
@@ -21,8 +21,8 @@
 
 DAEMON=@bindir@/dbus-daemon
 NAME=dbus
-DAEMONUSER=messagebus   # must match /etc/dbus-1/system.conf
-PIDFILE=/var/run/messagebus.pid # must match /etc/dbus-1/system.conf
+DAEMONUSER=messagebus   # must match /usr/share/dbus-1/system.conf
+PIDFILE=/var/run/dbus/pid # must match /usr/share/dbus-1/system.conf
 UUIDDIR=/var/lib/dbus
 DESC="system message bus"
 EVENTDIR=/etc/dbus-1/event.d
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [zeus 25/28] go: fix CVE-2019-16276

[Armin Kuster]

From: Chen Qi 

Signed-off-by: Chen Qi 
Signed-off-by: Richard Purdie 
(cherry picked from commit e31f87e289dfd3bbca961e927447a9c7ba816d3f)
Signed-off-by: Armin Kuster 
---
 meta/recipes-devtools/go/go-1.12.inc   |   1 +
 ...nch.go1.12-security-net-textproto-don-t-n.patch | 163 +
 2 files changed, 164 insertions(+)
 create mode 100644 
meta/recipes-devtools/go/go-1.12/0001-release-branch.go1.12-security-net-textproto-don-t-n.patch

diff --git a/meta/recipes-devtools/go/go-1.12.inc 
b/meta/recipes-devtools/go/go-1.12.inc
index 39157ff..ed14b17 100644
--- a/meta/recipes-devtools/go/go-1.12.inc
+++ b/meta/recipes-devtools/go/go-1.12.inc
@@ -16,6 +16,7 @@ SRC_URI += "\
 file://0006-cmd-dist-separate-host-and-target-builds.patch \
 file://0007-cmd-go-make-GOROOT-precious-by-default.patch \
 file://0008-use-GOBUILDMODE-to-set-buildmode.patch \
+file://0001-release-branch.go1.12-security-net-textproto-don-t-n.patch \
 "
 SRC_URI_append_libc-musl = " 
file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
 
diff --git 
a/meta/recipes-devtools/go/go-1.12/0001-release-branch.go1.12-security-net-textproto-don-t-n.patch
 
b/meta/recipes-devtools/go/go-1.12/0001-release-branch.go1.12-security-net-textproto-don-t-n.patch
new file mode 100644
index 000..7b39dbd
--- /dev/null
+++ 
b/meta/recipes-devtools/go/go-1.12/0001-release-branch.go1.12-security-net-textproto-don-t-n.patch
@@ -0,0 +1,163 @@
+From 265b691ac440bfb711d8de323346f7d72e620efe Mon Sep 17 00:00:00 2001
+From: Filippo Valsorda 
+Date: Thu, 12 Sep 2019 12:37:36 -0400
+Subject: [PATCH] [release-branch.go1.12-security] net/textproto: don't
+ normalize headers with spaces before the colon
+
+RFC 7230 is clear about headers with a space before the colon, like
+
+X-Answer : 42
+
+being invalid, but we've been accepting and normalizing them for compatibility
+purposes since CL 5690059 in 2012.
+
+On the client side, this is harmless and indeed most browsers behave the same
+to this day. On the server side, this becomes a security issue when the
+behavior doesn't match that of a reverse proxy sitting in front of the server.
+
+For example, if a WAF accepts them without normalizing them, it might be
+possible to bypass its filters, because the Go server would interpret the
+header differently. Worse, if the reverse proxy coalesces requests onto a
+single HTTP/1.1 connection to a Go server, the understanding of the request
+boundaries can get out of sync between them, allowing an attacker to tack an
+arbitrary method and path onto a request by other clients, including
+authentication headers unknown to the attacker.
+
+This was recently presented at multiple security conferences:
+https://portswigger.net/blog/http-desync-attacks-request-smuggling-reborn
+
+net/http servers already reject header keys with invalid characters.
+Simply stop normalizing extra spaces in net/textproto, let it return them
+unchanged like it does for other invalid headers, and let net/http enforce
+RFC 7230, which is HTTP specific. This loses us normalization on the client
+side, but there's no right answer on the client side anyway, and hiding the
+issue sounds worse than letting the application decide.
+
+Fixes CVE-2019-16276
+
+Change-Id: I6d272de827e0870da85d93df770d6a0e161bbcf1
+Reviewed-on: 
https://team-review.git.corp.google.com/c/golang/go-private/+/549719
+Reviewed-by: Brad Fitzpatrick 
+(cherry picked from commit 1280b868e82bf173ea3e988be3092d160ee66082)
+Reviewed-on: 
https://team-review.git.corp.google.com/c/golang/go-private/+/558776
+Reviewed-by: Dmitri Shuralyov 
+
+CVE: CVE-2019-16276
+
+Upstream-Status: Backport 
[https://github.com/golang/go/commit/6e6f4aaf70c8b1cc81e65a26332aa9409de03ad8]
+
+Signed-off-by: Chen Qi 
+---
+ src/net/http/serve_test.go   |  4 
+ src/net/http/transport_test.go   | 27 +++
+ src/net/textproto/reader.go  | 10 ++
+ src/net/textproto/reader_test.go | 13 ++---
+ 4 files changed, 39 insertions(+), 15 deletions(-)
+
+diff --git a/src/net/http/serve_test.go b/src/net/http/serve_test.go
+index 6eb0088a96..89bfdfbb82 100644
+--- a/src/net/http/serve_test.go
 b/src/net/http/serve_test.go
+@@ -4748,6 +4748,10 @@ func TestServerValidatesHeaders(t *testing.T) {
+   {"foo\xffbar: foo\r\n", 400}, // binary 
in header
+   {"foo\x00bar: foo\r\n", 400}, // binary 
in header
+   {"Foo: " + strings.Repeat("x", 1<<21) + "\r\n", 431}, // header 
too large
++  // Spaces between the header key and colon are not allowed.
++  // See RFC 7230, Section 3.2.4.
++  {"Foo : bar\r\n", 400},
++  {"Foo\t: bar\r\n", 400},
+ 
+   {"foo: foo foo\r\n", 200},// LWS space is okay
+   {"foo: foo\tfoo\r\n", 200},   // LWS tab is okay
+diff --git a/src/net/http/transport_test.go b/src/net/http/transport_test.go
+index 5c3

[OE-core] [zeus 24/28] sudo: fix CVE-2019-14287

[Armin Kuster]

From: Changqing Li 

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer
account can bypass certain policy blacklists and session PAM modules,
and can cause incorrect logging, by invoking sudo with a crafted user
ID. For example, this allows bypass of !root configuration, and USER=
logging, for a "sudo -u \#$((0x))" command.

Signed-off-by: Changqing Li 
Signed-off-by: Richard Purdie 
(cherry picked from commit 4e11cd561f2bdaa6807cf02ee7c9870881826308)
Signed-off-by: Armin Kuster 
---
 .../sudo/sudo/CVE-2019-14287-1.patch   | 178 +
 .../sudo/sudo/CVE-2019-14287-2.patch   | 112 +
 meta/recipes-extended/sudo/sudo_1.8.27.bb  |   2 +
 3 files changed, 292 insertions(+)
 create mode 100644 meta/recipes-extended/sudo/sudo/CVE-2019-14287-1.patch
 create mode 100644 meta/recipes-extended/sudo/sudo/CVE-2019-14287-2.patch

diff --git a/meta/recipes-extended/sudo/sudo/CVE-2019-14287-1.patch 
b/meta/recipes-extended/sudo/sudo/CVE-2019-14287-1.patch
new file mode 100644
index 000..2a11e3f
--- /dev/null
+++ b/meta/recipes-extended/sudo/sudo/CVE-2019-14287-1.patch
@@ -0,0 +1,178 @@
+From f752ae5cee163253730ff7cdf293e34a91aa5520 Mon Sep 17 00:00:00 2001
+From: "Todd C. Miller" 
+Date: Thu, 10 Oct 2019 10:04:13 -0600
+Subject: [PATCH] Treat an ID of -1 as invalid since that means "no change".
+ Fixes CVE-2019-14287. Found by Joe Vennix from Apple Information Security.
+
+Upstream-Status: Backport 
[https://github.com/sudo-project/sudo/commit/f752ae5cee163253730ff7cdf293e34a91aa5520]
+CVE: CVE-2019-14287
+
+Signed-off-by: Changqing Li 
+
+---
+ lib/util/strtoid.c | 100 -
+ 1 files changed, 53 insertions(+), 46 deletions(-)
+
+diff --git a/lib/util/strtoid.c b/lib/util/strtoid.c
+index 2dfce75..6b3916b 100644
+--- a/lib/util/strtoid.c
 b/lib/util/strtoid.c
+@@ -49,6 +49,27 @@
+ #include "sudo_util.h"
+ 
+ /*
++ * Make sure that the ID ends with a valid separator char.
++ */
++static bool
++valid_separator(const char *p, const char *ep, const char *sep)
++{
++bool valid = false;
++debug_decl(valid_separator, SUDO_DEBUG_UTIL)
++
++if (ep != p) {
++  /* check for valid separator (including '\0') */
++  if (sep == NULL)
++  sep = "";
++  do {
++  if (*ep == *sep)
++  valid = true;
++  } while (*sep++ != '\0');
++}
++debug_return_bool(valid);
++}
++
++/*
+  * Parse a uid/gid in string form.
+  * If sep is non-NULL, it contains valid separator characters (e.g. comma, 
space)
+  * If endp is non-NULL it is set to the next char after the ID.
+@@ -62,36 +83,33 @@ sudo_strtoid_v1(const char *p, const char *sep, char 
**endp, const char **errstr
+ char *ep;
+ id_t ret = 0;
+ long long llval;
+-bool valid = false;
+ debug_decl(sudo_strtoid, SUDO_DEBUG_UTIL)
+ 
+ /* skip leading space so we can pick up the sign, if any */
+ while (isspace((unsigned char)*p))
+   p++;
+-if (sep == NULL)
+-  sep = "";
++
++/* While id_t may be 64-bit signed, uid_t and gid_t are 32-bit unsigned. 
*/
+ errno = 0;
+ llval = strtoll(p, &ep, 10);
+-if (ep != p) {
+-  /* check for valid separator (including '\0') */
+-  do {
+-  if (*ep == *sep)
+-  valid = true;
+-  } while (*sep++ != '\0');
++if ((errno == ERANGE && llval == LLONG_MAX) || llval > (id_t)UINT_MAX) {
++  errno = ERANGE;
++  if (errstr != NULL)
++  *errstr = N_("value too large");
++  goto done;
+ }
+-if (!valid) {
++if ((errno == ERANGE && llval == LLONG_MIN) || llval < INT_MIN) {
++  errno = ERANGE;
+   if (errstr != NULL)
+-  *errstr = N_("invalid value");
+-  errno = EINVAL;
++  *errstr = N_("value too small");
+   goto done;
+ }
+-if (errno == ERANGE) {
+-  if (errstr != NULL) {
+-  if (llval == LLONG_MAX)
+-  *errstr = N_("value too large");
+-  else
+-  *errstr = N_("value too small");
+-  }
++
++/* Disallow id -1, which means "no change". */
++if (!valid_separator(p, ep, sep) || llval == -1 || llval == 
(id_t)UINT_MAX) {
++  if (errstr != NULL)
++  *errstr = N_("invalid value");
++  errno = EINVAL;
+   goto done;
+ }
+ ret = (id_t)llval;
+@@ -108,30 +126,15 @@ sudo_strtoid_v1(const char *p, const char *sep, char 
**endp, const char **errstr
+ {
+ char *ep;
+ id_t ret = 0;
+-bool valid = false;
+ debug_decl(sudo_strtoid, SUDO_DEBUG_UTIL)
+ 
+ /* skip leading space so we can pick up the sign, if any */
+ while (isspace((unsigned char)*p))
+   p++;
+-if (sep == NULL)
+-  sep = "";
++
+ errno = 0;
+ if (*p == '-') {
+   long lval = strtol(p, &ep, 10);
+-  if (ep != p) {
+-  /* check for valid separator (including '\0') */
+-  do {
+-  if (*ep == *sep)
+- 

[OE-core] [zeus 20/28] icecc: Export ICECC_CC and friends via wrapper-script

[Armin Kuster]

From: Douglas Royds via Openembedded-core 


By exporting ICECC_CC, ICECC_CXX, and ICECC_VERSION in a wrapper-script,
and putting this wrapper-script in the PATH, the Makefiles generated by CMake or
the autotools are able to function correctly outside of bitbake.
This provides a convenient developer workflow in which the
modify-compile-unittest cycle can happen directly in the ${B} directory.

The `rm -f $ICE_PATH/$compiler` line is transitional,
and can go at some later date (October 2020 or later, perhaps).

Signed-off-by: Douglas Royds 
Signed-off-by: Ross Burton 
(cherry picked from commit 40d74cb1d0ddce930267e49764cacb263b244091)
Signed-off-by: Armin Kuster 
---
 meta/classes/icecc.bbclass | 32 
 1 file changed, 20 insertions(+), 12 deletions(-)

diff --git a/meta/classes/icecc.bbclass b/meta/classes/icecc.bbclass
index 4376aa3..bc3d6f4 100644
--- a/meta/classes/icecc.bbclass
+++ b/meta/classes/icecc.bbclass
@@ -356,17 +356,6 @@ set_icecc_env() {
 return
 fi
 
-# Create symlinks to icecc in the recipe-sysroot directory
-mkdir -p ${ICE_PATH}
-if [ -n "${KERNEL_CC}" ]; then
-compilers="${@get_cross_kernel_cc(bb,d)}"
-else
-compilers="${HOST_PREFIX}gcc ${HOST_PREFIX}g++"
-fi
-for compiler in $compilers; do
-ln -sf ${ICECC_BIN} ${ICE_PATH}/$compiler
-done
-
 ICECC_CC="${@icecc_get_and_check_tool(bb, d, "gcc")}"
 ICECC_CXX="${@icecc_get_and_check_tool(bb, d, "g++")}"
 # cannot use icecc_get_and_check_tool here because it assumes as without 
target_sys prefix
@@ -385,6 +374,26 @@ set_icecc_env() {
 return
 fi
 
+# Create symlinks to icecc and wrapper-scripts in the recipe-sysroot 
directory
+mkdir -p $ICE_PATH/symlinks
+if [ -n "${KERNEL_CC}" ]; then
+compilers="${@get_cross_kernel_cc(bb,d)}"
+else
+compilers="${HOST_PREFIX}gcc ${HOST_PREFIX}g++"
+fi
+for compiler in $compilers; do
+ln -sf $ICECC_BIN $ICE_PATH/symlinks/$compiler
+rm -f $ICE_PATH/$compiler
+cat <<-__EOF__ > $ICE_PATH/$compiler
+   #!/bin/sh -e
+   export ICECC_VERSION=$ICECC_VERSION
+   export ICECC_CC=$ICECC_CC
+   export ICECC_CXX=$ICECC_CXX
+   $ICE_PATH/symlinks/$compiler "\$@"
+   __EOF__
+chmod 775 $ICE_PATH/$compiler
+done
+
 ICECC_AS="`${ICECC_CC} -print-prog-name=as`"
 # for target recipes should return something like:
 # 
/OE/tmp-eglibc/sysroots/x86_64-linux/usr/libexec/arm920tt-oe-linux-gnueabi/gcc/arm-oe-linux-gnueabi/4.8.2/as
@@ -417,7 +426,6 @@ set_icecc_env() {
 export CCACHE_PATH="$PATH"
 export CCACHE_DISABLE="1"
 
-export ICECC_VERSION ICECC_CC ICECC_CXX
 export PATH="$ICE_PATH:$PATH"
 
 bbnote "Using icecc path: $ICE_PATH"
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [zeus 26/28] util-linux: fix PKNAME name is NULL when use lsblk [LIN1019-2963]

[Armin Kuster]

From: Liwei Song 

PKNAME is NULL when run "lsblk -o+PKNAME /dev/sda1"
backport an upstream patch to fix it.

Signed-off-by: Liwei Song 
Signed-off-by: Richard Purdie 
(cherry picked from commit a5a987ff5e5e333e28be44a12e729907272ea3cb)
Signed-off-by: Armin Kuster 
---
 ...lsblk-force-to-print-PKNAME-for-partition.patch | 36 ++
 meta/recipes-core/util-linux/util-linux_2.34.bb|  1 +
 2 files changed, 37 insertions(+)
 create mode 100644 
meta/recipes-core/util-linux/util-linux/0001-lsblk-force-to-print-PKNAME-for-partition.patch

diff --git 
a/meta/recipes-core/util-linux/util-linux/0001-lsblk-force-to-print-PKNAME-for-partition.patch
 
b/meta/recipes-core/util-linux/util-linux/0001-lsblk-force-to-print-PKNAME-for-partition.patch
new file mode 100644
index 000..5d4c148
--- /dev/null
+++ 
b/meta/recipes-core/util-linux/util-linux/0001-lsblk-force-to-print-PKNAME-for-partition.patch
@@ -0,0 +1,36 @@
+From e3bb9bfb76c17b1d05814436ced62c05c4011f48 Mon Sep 17 00:00:00 2001
+From: Karel Zak 
+Date: Thu, 27 Jun 2019 09:22:18 +0200
+Subject: [PATCH] lsblk: force to print PKNAME for partition
+
+PKNAME (parent kernel device name) is based on printed tree according
+to parent -> child relationship. The tree is optional and not printed
+if partition specified (.e.g "lsblk -o+PKNAME /dev/sda1"), but old
+versions print the PKNAME also in this case.
+
+Upstream-Status: Backport 
[https://github.com/karelzak/util-linux/commit/e3bb9bfb76c17b1d05814436ced62c05c4011f48]
+
+Addresses: https://github.com/karelzak/util-linux/issues/813
+Signed-off-by: Karel Zak 
+Signed-off-by: Liwei Song 
+---
+ misc-utils/lsblk.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/misc-utils/lsblk.c b/misc-utils/lsblk.c
+index e95af7af0256..3ce6da730264 100644
+--- a/misc-utils/lsblk.c
 b/misc-utils/lsblk.c
+@@ -1019,6 +1019,9 @@ static void device_to_scols(
+   DBG(DEV, ul_debugobj(dev, "add '%s' to scols", dev->name));
+   ON_DBG(DEV, if (ul_path_isopen_dirfd(dev->sysfs)) ul_debugobj(dev, " %s 
---> is open!", dev->name));
+ 
++  if (!parent && dev->wholedisk)
++  parent = dev->wholedisk;
++
+   /* Do not print device more than one in --list mode */
+   if (!(lsblk->flags & LSBLK_TREE) && dev->is_printed)
+   return;
+-- 
+2.17.1
+
diff --git a/meta/recipes-core/util-linux/util-linux_2.34.bb 
b/meta/recipes-core/util-linux/util-linux_2.34.bb
index 262f4ba..e9c2d80 100644
--- a/meta/recipes-core/util-linux/util-linux_2.34.bb
+++ b/meta/recipes-core/util-linux/util-linux_2.34.bb
@@ -7,6 +7,7 @@ SRC_URI += "file://configure-sbindir.patch \
 file://run-ptest \
 file://display_testname_for_subtest.patch \
 file://avoid_parallel_tests.patch \
+file://0001-lsblk-force-to-print-PKNAME-for-partition.patch \
 "
 SRC_URI[md5sum] = "a78cbeaed9c39094b96a48ba8f891d50"
 SRC_URI[sha256sum] = 
"743f9d0c7252b6db246b659c1e1ce0bd45d8d4508b4dfa427bbb4a3e9b9f62b5"
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [zeus 16/28] python3: -dev should depend on distutils

[Armin Kuster]

From: Ross Burton 

python3-config uses distutils:

Traceback (most recent call last):
  File "/usr/bin/python3-config", line 9, in 
from distutils import sysconfig
ModuleNotFoundError: No module named 'distutils'

Add the dependency so that distutils is always present.

[ YOCTO #13592 ]

Signed-off-by: Ross Burton 
Signed-off-by: Richard Purdie 
(cherry picked from commit 04136dbac48986dce5b2b872b2c0b46c673c44f2)
Signed-off-by: Armin Kuster 
---
 meta/recipes-devtools/python/python3/python3-manifest.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/python/python3/python3-manifest.json 
b/meta/recipes-devtools/python/python3/python3-manifest.json
index 1ad85a9..1eddda9 100644
--- a/meta/recipes-devtools/python/python3/python3-manifest.json
+++ b/meta/recipes-devtools/python/python3/python3-manifest.json
@@ -498,7 +498,8 @@
 "${libdir}/pkgconfig"
 ],
 "rdepends": [
-"core"
+"core",
+"distutils"
 ],
 "summary": "Python development package"
 },
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [zeus 18/28] cmake.bbclass: add HOSTTOOLS_DIR to CMAKE_FIND_ROOT_PATH

[Armin Kuster]

From: Michael Ho 

The find_program command will fail if it is used on a tool that is listed in
ASSUME_PROVIDED. This is because these tools are in the hosttools directory
which is not listed in CMAKE_FIND_ROOT_PATH so cmake will not find them.

Adding the directory HOSTTOOLS_DIR to the CMAKE_FIND_ROOT_PATH variable fixes
the initial issue of needing to search for tools in ASSUME_PROVIDED.

Note that this change alone does not fix the issue because find_program will
by default only look into the subdirectories bin and usr/bin under the paths
in CMAKE_FIND_ROOT_PATH to find the programs and the hosttools directory has
instead the symlinks directly present without these subdirectories.

Set CMAKE_PROGRAM_PATH to by default include the root directory so
find_program can search the hosttools directory without needing the prefix
directories.

Signed-off-by: Ross Burton 
(cherry picked from commit 7847f431cd8db59fce8c9401a603c4b0678ee16d)
Signed-off-by: Armin Kuster 
---
 meta/classes/cmake.bbclass | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta/classes/cmake.bbclass b/meta/classes/cmake.bbclass
index 2b317c8..291f1e8 100644
--- a/meta/classes/cmake.bbclass
+++ b/meta/classes/cmake.bbclass
@@ -106,11 +106,12 @@ set( CMAKE_CXX_LINK_FLAGS "${OECMAKE_CXX_LINK_FLAGS}" 
CACHE STRING "LDFLAGS" )
 
 # only search in the paths provided so cmake doesnt pick
 # up libraries and tools from the native build machine
-set( CMAKE_FIND_ROOT_PATH ${STAGING_DIR_HOST} ${STAGING_DIR_NATIVE} 
${CROSS_DIR} ${OECMAKE_PERLNATIVE_DIR} ${OECMAKE_EXTRA_ROOT_PATH} 
${EXTERNAL_TOOLCHAIN})
+set( CMAKE_FIND_ROOT_PATH ${STAGING_DIR_HOST} ${STAGING_DIR_NATIVE} 
${CROSS_DIR} ${OECMAKE_PERLNATIVE_DIR} ${OECMAKE_EXTRA_ROOT_PATH} 
${EXTERNAL_TOOLCHAIN} ${HOSTTOOLS_DIR})
 set( CMAKE_FIND_ROOT_PATH_MODE_PACKAGE ONLY )
 set( CMAKE_FIND_ROOT_PATH_MODE_PROGRAM ${OECMAKE_FIND_ROOT_PATH_MODE_PROGRAM} )
 set( CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY )
 set( CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY )
+set( CMAKE_PROGRAM_PATH "/" )
 
 # Use qt.conf settings
 set( ENV{QT_CONF_PATH} ${WORKDIR}/qt.conf )
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [zeus 12/28] openssh: fix CVE-2019-16905

[Armin Kuster]

From: Hongxu Jia 

Backport a patch from upstream to fix CVE-2019-16905
https://github.com/openssh/openssh-portable/commit/a546b17bbaeb12beac4c9aeed56f74a42b18a93a

Signed-off-by: Hongxu Jia 
Signed-off-by: Richard Purdie 
(cherry picked from commit 8bd4b87071c073a0e4d265bc00df34684a355eff)
Signed-off-by: Armin Kuster 
---
 ...x-integer-overflow-in-XMSS-private-key-pa.patch | 40 ++
 meta/recipes-connectivity/openssh/openssh_8.0p1.bb |  1 +
 2 files changed, 41 insertions(+)
 create mode 100644 
meta/recipes-connectivity/openssh/openssh/0001-upstream-fix-integer-overflow-in-XMSS-private-key-pa.patch

diff --git 
a/meta/recipes-connectivity/openssh/openssh/0001-upstream-fix-integer-overflow-in-XMSS-private-key-pa.patch
 
b/meta/recipes-connectivity/openssh/openssh/0001-upstream-fix-integer-overflow-in-XMSS-private-key-pa.patch
new file mode 100644
index 000..3265be3
--- /dev/null
+++ 
b/meta/recipes-connectivity/openssh/openssh/0001-upstream-fix-integer-overflow-in-XMSS-private-key-pa.patch
@@ -0,0 +1,40 @@
+From 2014fad3d28090b59d2f8a0971166c06e5fa6da6 Mon Sep 17 00:00:00 2001
+From: Hongxu Jia 
+Date: Fri, 18 Oct 2019 14:56:58 +0800
+Subject: [PATCH] upstream: fix integer overflow in XMSS private key parsing.
+
+Reported by Adam Zabrocki via SecuriTeam's SSH program.
+
+Note that this code is experimental and not compiled by default.
+
+ok markus@
+
+OpenBSD-Commit-ID: cd0361896d15e8a1bac495ac583ff065ffca2be1
+
+Signed-off-by: "d...@openbsd.org" 
+
+Upstream-Status: Backport 
[https://github.com/openssh/openssh-portable/commit/a546b17bbaeb12beac4c9aeed56f74a42b18a93a]
+CVE: CVE-2019-16905
+
+Signed-off-by: Hongxu Jia 
+---
+ sshkey-xmss.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/sshkey-xmss.c b/sshkey-xmss.c
+index aaae702..c57681a 100644
+--- a/sshkey-xmss.c
 b/sshkey-xmss.c
+@@ -977,7 +977,8 @@ sshkey_xmss_decrypt_state(const struct sshkey *k, struct 
sshbuf *encoded,
+   goto out;
+   }
+   /* check that an appropriate amount of auth data is present */
+-  if (sshbuf_len(encoded) < encrypted_len + authlen) {
++  if (sshbuf_len(encoded) < authlen ||
++  sshbuf_len(encoded) - authlen < encrypted_len) {
+   r = SSH_ERR_INVALID_FORMAT;
+   goto out;
+   }
+-- 
+2.7.4
+
diff --git a/meta/recipes-connectivity/openssh/openssh_8.0p1.bb 
b/meta/recipes-connectivity/openssh/openssh_8.0p1.bb
index 01eaecd..2ffbc9a 100644
--- a/meta/recipes-connectivity/openssh/openssh_8.0p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_8.0p1.bb
@@ -24,6 +24,7 @@ SRC_URI = 
"http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
file://sshd_check_keys \
file://add-test-support-for-busybox.patch \
+   
file://0001-upstream-fix-integer-overflow-in-XMSS-private-key-pa.patch \
"
 SRC_URI[md5sum] = "bf050f002fe510e1daecd39044e1122d"
 SRC_URI[sha256sum] = 
"bd943879e69498e8031eb6b7f44d08cdc37d59a7ab689aa0b437320c3481fd68"
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [zeus 15/28] i2c-tools: Add missing RDEPEND

[Armin Kuster]

From: Ricardo Ribalda Delgado 

Fixes:
 # decode-dimms
Can't locate Carp.pm in @INC (you may need to install the Carp module) (@INC 
contains: /usr/lib/perl5/site_perl/5.28.1/x86_64-linux 
/usr/lib/perl5/site_perl/5.28.1 /usr/lib/perl5/vendor_perl/5.28.1/x86_64-linux 
/usr/lib/perl5/vendor_perl/5.28.1 /usr/lib/perl5/5.28.1/x86_64-linux 
/usr/lib/perl5/5.28.1 .) at /usr/lib/perl5/5.28.1/Tie/Hash.pm line 190.
BEGIN failed--compilation aborted at /usr/lib/perl5/5.28.1/Tie/Hash.pm line 190.
Compilation failed in require at /usr/lib/perl5/5.28.1/x86_64-linux/POSIX.pm 
line 505.
Compilation failed in require at /usr/bin/decode-dimms line 41.
BEGIN failed--compilation aborted at /usr/bin/decode-dimms line 41.
root@qt5222:~# apt-get install perl-module-carp

Signed-off-by: Ricardo Ribalda Delgado 
Signed-off-by: Richard Purdie 
(cherry picked from commit c73d2a2c0ecc99f0d6d7e6a1861ecce7a2312a57)
Signed-off-by: Armin Kuster 
---
 meta/recipes-devtools/i2c-tools/i2c-tools_4.1.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-devtools/i2c-tools/i2c-tools_4.1.bb 
b/meta/recipes-devtools/i2c-tools/i2c-tools_4.1.bb
index dcbd05a..c576117 100644
--- a/meta/recipes-devtools/i2c-tools/i2c-tools_4.1.bb
+++ b/meta/recipes-devtools/i2c-tools/i2c-tools_4.1.bb
@@ -31,6 +31,7 @@ FILES_${PN}-misc = "${sbindir}/i2c-stub-from-dump \
 RDEPENDS_${PN}-misc = "${PN} perl perl-module-posix \
perl-module-constant perl-module-file-basename \
perl-module-fcntl perl-module-strict perl-module-vars \
+  perl-module-carp \
   "
 
 ALTERNATIVE_PRIORITY = "100"
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [zeus 17/28] qemu: Fix CVE-2019-12068

[Armin Kuster]

From: Changqing Li 

Signed-off-by: Changqing Li 
Signed-off-by: Richard Purdie 
(cherry picked from commit 81b375ac7851088a671317468a8e2eed69d4a827)
Signed-off-by: Armin Kuster 
---
 meta/recipes-devtools/qemu/qemu.inc|   1 +
 .../qemu/qemu/CVE-2019-12068.patch | 108 +
 2 files changed, 109 insertions(+)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2019-12068.patch

diff --git a/meta/recipes-devtools/qemu/qemu.inc 
b/meta/recipes-devtools/qemu/qemu.inc
index 88ae68a..bb444b6 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -28,6 +28,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://0009-Fix-webkitgtk-builds.patch \
file://0010-configure-Add-pkg-config-handling-for-libgcrypt.patch \
file://CVE-2019-15890.patch \
+   file://CVE-2019-12068.patch \
"
 UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar"
 
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2019-12068.patch 
b/meta/recipes-devtools/qemu/qemu/CVE-2019-12068.patch
new file mode 100644
index 000..f1655e4
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2019-12068.patch
@@ -0,0 +1,108 @@
+From de594e47659029316bbf9391efb79da0a1a08e08 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini 
+Date: Wed, 14 Aug 2019 17:35:21 +0530
+Subject: [PATCH] scsi: lsi: exit infinite loop while executing script
+ (CVE-2019-12068)
+
+When executing script in lsi_execute_script(), the LSI scsi adapter
+emulator advances 's->dsp' index to read next opcode. This can lead
+to an infinite loop if the next opcode is empty. Move the existing
+loop exit after 10k iterations so that it covers no-op opcodes as
+well.
+
+Upstream-Status: Backport 
[https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08]
+CVE: CVE-2019-12068
+
+Reported-by: Bugs SysSec 
+Signed-off-by: Paolo Bonzini 
+Signed-off-by: Prasad J Pandit 
+Signed-off-by: Paolo Bonzini 
+
+Signed-off-by: Changqing Li 
+---
+ hw/scsi/lsi53c895a.c | 41 +++--
+ 1 file changed, 27 insertions(+), 14 deletions(-)
+
+diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
+index 222a286..ec53b14 100644
+--- a/hw/scsi/lsi53c895a.c
 b/hw/scsi/lsi53c895a.c
+@@ -186,6 +186,9 @@ static const char *names[] = {
+ /* Flag set if this is a tagged command.  */
+ #define LSI_TAG_VALID (1 << 16)
+ 
++/* Maximum instructions to process. */
++#define LSI_MAX_INSN1
++
+ typedef struct lsi_request {
+ SCSIRequest *req;
+ uint32_t tag;
+@@ -1133,7 +1136,21 @@ static void lsi_execute_script(LSIState *s)
+ 
+ s->istat1 |= LSI_ISTAT1_SRUN;
+ again:
+-insn_processed++;
++if (++insn_processed > LSI_MAX_INSN) {
++/* Some windows drivers make the device spin waiting for a memory
++   location to change.  If we have been executed a lot of code then
++   assume this is the case and force an unexpected device disconnect.
++   This is apparently sufficient to beat the drivers into submission.
++ */
++if (!(s->sien0 & LSI_SIST0_UDC)) {
++qemu_log_mask(LOG_GUEST_ERROR,
++  "lsi_scsi: inf. loop with UDC masked");
++}
++lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0);
++lsi_disconnect(s);
++trace_lsi_execute_script_stop();
++return;
++}
+ insn = read_dword(s, s->dsp);
+ if (!insn) {
+ /* If we receive an empty opcode increment the DSP by 4 bytes
+@@ -1570,19 +1587,7 @@ again:
+ }
+ }
+ }
+-if (insn_processed > 1 && s->waiting == LSI_NOWAIT) {
+-/* Some windows drivers make the device spin waiting for a memory
+-   location to change.  If we have been executed a lot of code then
+-   assume this is the case and force an unexpected device disconnect.
+-   This is apparently sufficient to beat the drivers into submission.
+- */
+-if (!(s->sien0 & LSI_SIST0_UDC)) {
+-qemu_log_mask(LOG_GUEST_ERROR,
+-  "lsi_scsi: inf. loop with UDC masked");
+-}
+-lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0);
+-lsi_disconnect(s);
+-} else if (s->istat1 & LSI_ISTAT1_SRUN && s->waiting == LSI_NOWAIT) {
++if (s->istat1 & LSI_ISTAT1_SRUN && s->waiting == LSI_NOWAIT) {
+ if (s->dcntl & LSI_DCNTL_SSM) {
+ lsi_script_dma_interrupt(s, LSI_DSTAT_SSI);
+ } else {
+@@ -1970,6 +1975,10 @@ static void lsi_reg_writeb(LSIState *s, int offset, 
uint8_t val)
+ case 0x2f: /* DSP[24:31] */
+ s->dsp &= 0x00ff;
+ s->dsp |= val << 24;
++/*
++ * FIXME: if s->waiting != LSI_NOWAIT, this will only execute one
++ * instruction.  Is this correct?
++ */
+ if ((s->dmode & LSI_DMODE_MAN) == 0
+ && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
+ 

[OE-core] [zeus 19/28] openssl: make OPENSSL_ENGINES match install path

[Armin Kuster]

From: George McCollister 

Set OPENSSL_ENGINES to the path where engines are actually installed.

Signed-off-by: George McCollister 
Signed-off-by: Ross Burton 
(cherry picked from commit 59565fec0b3f3e24eb01c03b671913599cd3134d)
Signed-off-by: Armin Kuster 
---
 meta/recipes-connectivity/openssl/openssl_1.1.1d.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb 
b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
index 072f727..8819e19 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
@@ -148,7 +148,7 @@ do_install_append_class-native () {
OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \
SSL_CERT_DIR=${libdir}/ssl-1.1/certs \
SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \
-   OPENSSL_ENGINES=${libdir}/ssl-1.1/engines
+   OPENSSL_ENGINES=${libdir}/engines-1.1
 }
 
 do_install_append_class-nativesdk () {
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [zeus 14/28] file: explicitly disable seccomp

[Armin Kuster]

From: Ross Burton 

file will automatically enable seccomp if the seccomp headers are available, but
the build will fail on Opensuse Tumbleweed because the include paths are wrong.

Enabling seccomp is a bad idea because it interacts badly with pseudo (causing
build failures), so explicitly and globally disable seccomp.

Signed-off-by: Ross Burton 
Signed-off-by: Richard Purdie 
(cherry picked from commit a752faa152df031df5acaa40491299ac115109a4)
Signed-off-by: Armin Kuster 
---
 meta/recipes-devtools/file/file_5.37.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-devtools/file/file_5.37.bb 
b/meta/recipes-devtools/file/file_5.37.bb
index 803aa9a..6547d12 100644
--- a/meta/recipes-devtools/file/file_5.37.bb
+++ b/meta/recipes-devtools/file/file_5.37.bb
@@ -21,6 +21,8 @@ S = "${WORKDIR}/git"
 
 inherit autotools update-alternatives
 
+EXTRA_OECONF += "--disable-libseccomp"
+
 ALTERNATIVE_${PN} = "file"
 ALTERNATIVE_LINK_NAME[file] = "${bindir}/file"
 
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [zeus 13/28] wic/rawcopy: Support files in sub-directories

[Armin Kuster]

From: Eugene Smirnov 

If the source file is located in a subdirectory of DEPLOY_DIR
rawcopy will currently fail in sparse_copy function on
open(dst_fname, 'wb'), as the parent directory for destination
file does not exist.

This patch helps to avoid that by recursively creating
parent directories.

Signed-off-by: Eugene Smirnov 
Signed-off-by: Richard Purdie 
(cherry picked from commit 073c435644091c2801e45c6d02afa917de575082)
Signed-off-by: Armin Kuster 
---
 scripts/lib/wic/plugins/source/rawcopy.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/scripts/lib/wic/plugins/source/rawcopy.py 
b/scripts/lib/wic/plugins/source/rawcopy.py
index df86d67..82970ce 100644
--- a/scripts/lib/wic/plugins/source/rawcopy.py
+++ b/scripts/lib/wic/plugins/source/rawcopy.py
@@ -59,6 +59,9 @@ class RawCopyPlugin(SourcePlugin):
 src = os.path.join(kernel_dir, source_params['file'])
 dst = os.path.join(cr_workdir, "%s.%s" % (source_params['file'], 
part.lineno))
 
+if not os.path.exists(os.path.dirname(dst)):
+os.makedirs(os.path.dirname(dst))
+
 if 'skip' in source_params:
 sparse_copy(src, dst, skip=int(source_params['skip']))
 else:
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [zeus 06/28] runqemu: Remove disabling of high resolution timer

[Armin Kuster]

From: Joerg Vehlow 

The option 'highres=off' sneaked itself into the runqemu script for all
configurations, where the root filesystem type is not 'cpio' or 'cpio.gz'.
See: https://bugzilla.yoctoproject.org/show_bug.cgi?id=13590

Signed-off-by: Joerg Vehlow 
Signed-off-by: Richard Purdie 
Signed-off-by: Armin Kuster 
---
 scripts/runqemu | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/runqemu b/scripts/runqemu
index 46087b8..a05facd 100755
--- a/scripts/runqemu
+++ b/scripts/runqemu
@@ -1198,12 +1198,12 @@ class BaseConfig(object):
 
 # All branches above set vm_drive.
 self.rootfs_options = '%s -no-reboot' % vm_drive
-self.kernel_cmdline = 'root=%s rw highres=off' % 
(self.get('QB_KERNEL_ROOT'))
+self.kernel_cmdline = 'root=%s rw' % (self.get('QB_KERNEL_ROOT'))
 
 if self.fstype == 'nfs':
 self.rootfs_options = ''
 k_root = '/dev/nfs nfsroot=%s:%s,%s' % (self.nfs_server, 
os.path.abspath(self.rootfs), self.unfs_opts)
-self.kernel_cmdline = 'root=%s rw highres=off' % k_root
+self.kernel_cmdline = 'root=%s rw' % k_root
 
 if self.fstype == 'none':
 self.rootfs_options = ''
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [zeus 07/28] ncurses: fix CVE-2019-17594, CVE-2019-17595

[Armin Kuster]

From: Trevor Gamblin 

Backport changes to tinfo/comp_hash.c, tinfo/parse_entry.c,
and progs/dump_entry.c from upstream to fix CVEs.

Signed-off-by: Trevor Gamblin 
Signed-off-by: Armin Kuster 
---
 ...rses-selective-backport-of-20191012-patch.patch | 169 +
 meta/recipes-core/ncurses/ncurses_6.1+20190803.bb  |   1 +
 2 files changed, 170 insertions(+)
 create mode 100644 
meta/recipes-core/ncurses/files/0001-ncurses-selective-backport-of-20191012-patch.patch

diff --git 
a/meta/recipes-core/ncurses/files/0001-ncurses-selective-backport-of-20191012-patch.patch
 
b/meta/recipes-core/ncurses/files/0001-ncurses-selective-backport-of-20191012-patch.patch
new file mode 100644
index 000..7870c4b
--- /dev/null
+++ 
b/meta/recipes-core/ncurses/files/0001-ncurses-selective-backport-of-20191012-patch.patch
@@ -0,0 +1,169 @@
+From 064b77f173337aa790f1cec0d741bfbc61a33d31 Mon Sep 17 00:00:00 2001
+From: Trevor Gamblin 
+Date: Fri, 18 Oct 2019 09:57:43 -0400
+Subject: [PATCH] ncurses: selective backport of 20191012 patch
+
+Upstream-Status: Backport 
[https://salsa.debian.org/debian/ncurses/commit/243908b1e3d81]
+
+Contents of the upstream patch that are not applied to comp_hash.c, 
+parse_entry.c, or dump_entry.c have been omitted.
+
+CVE: CVE-2019-17594
+CVE: CVE-2019-17595
+
+Signed-off-by: Trevor Gamblin  
+
+---
+ ncurses/tinfo/comp_hash.c   | 14 ++
+ ncurses/tinfo/parse_entry.c | 32 
+ progs/dump_entry.c  |  7 ---
+ 3 files changed, 30 insertions(+), 23 deletions(-)
+
+diff --git a/ncurses/tinfo/comp_hash.c b/ncurses/tinfo/comp_hash.c
+index 21f165ca..a62d38f9 100644
+--- a/ncurses/tinfo/comp_hash.c
 b/ncurses/tinfo/comp_hash.c
+@@ -44,7 +44,7 @@
+ #include 
+ #include 
+ 
+-MODULE_ID("$Id: comp_hash.c,v 1.49 2019/03/10 00:06:48 tom Exp $")
++MODULE_ID("$Id: comp_hash.c,v 1.51 2019/10/12 16:32:13 tom Exp $")
+ 
+ /*
+  * Finds the entry for the given string in the hash table if present.
+@@ -63,7 +63,9 @@ _nc_find_entry(const char *string,
+ 
+ hashvalue = data->hash_of(string);
+ 
+-if (data->table_data[hashvalue] >= 0) {
++if (hashvalue >= 0
++  && (unsigned) hashvalue < data->table_size
++  && data->table_data[hashvalue] >= 0) {
+ 
+   real_table = _nc_get_table(termcap);
+   ptr = real_table + data->table_data[hashvalue];
+@@ -96,7 +98,9 @@ _nc_find_type_entry(const char *string,
+ const HashData *data = _nc_get_hash_info(termcap);
+ int hashvalue = data->hash_of(string);
+ 
+-if (data->table_data[hashvalue] >= 0) {
++if (hashvalue >= 0
++  && (unsigned) hashvalue < data->table_size
++  && data->table_data[hashvalue] >= 0) {
+   const struct name_table_entry *const table = _nc_get_table(termcap);
+ 
+   ptr = table + data->table_data[hashvalue];
+@@ -124,7 +128,9 @@ _nc_find_user_entry(const char *string)
+ 
+ hashvalue = data->hash_of(string);
+ 
+-if (data->table_data[hashvalue] >= 0) {
++if (hashvalue >= 0
++  && (unsigned) hashvalue < data->table_size
++  && data->table_data[hashvalue] >= 0) {
+ 
+   real_table = _nc_get_userdefs_table();
+   ptr = real_table + data->table_data[hashvalue];
+diff --git a/ncurses/tinfo/parse_entry.c b/ncurses/tinfo/parse_entry.c
+index f8cca8b5..064376c5 100644
+--- a/ncurses/tinfo/parse_entry.c
 b/ncurses/tinfo/parse_entry.c
+@@ -47,7 +47,7 @@
+ #include 
+ #include 
+ 
+-MODULE_ID("$Id: parse_entry.c,v 1.97 2019/08/03 23:10:38 tom Exp $")
++MODULE_ID("$Id: parse_entry.c,v 1.98 2019/10/12 00:50:31 tom Exp $")
+ 
+ #ifdef LINT
+ static short const parametrized[] =
+@@ -654,12 +654,12 @@ _nc_capcmp(const char *s, const char *t)
+ }
+ 
+ static void
+-append_acs0(string_desc * dst, int code, int src)
++append_acs0(string_desc * dst, int code, char *src, size_t off)
+ {
+-if (src != 0) {
++if (src != 0 && off < strlen(src)) {
+   char temp[3];
+   temp[0] = (char) code;
+-  temp[1] = (char) src;
++  temp[1] = src[off];
+   temp[2] = 0;
+   _nc_safe_strcat(dst, temp);
+ }
+@@ -669,7 +669,7 @@ static void
+ append_acs(string_desc * dst, int code, char *src)
+ {
+ if (VALID_STRING(src) && strlen(src) == 1) {
+-  append_acs0(dst, code, *src);
++  append_acs0(dst, code, src, 0);
+ }
+ }
+ 
+@@ -1038,17 +1038,17 @@ postprocess_terminfo(TERMTYPE2 *tp)
+   _nc_str_init(&result, buf2, sizeof(buf2));
+   _nc_safe_strcat(&result, acs_chars);
+ 
+-  append_acs0(&result, 'l', box_chars_1[0]);  /* ACS_ULCORNER */
+-  append_acs0(&result, 'q', box_chars_1[1]);  /* ACS_HLINE */
+-  append_acs0(&result, 'k', box_chars_1[2]);  /* ACS_URCORNER */
+-  append_acs0(&result, 'x', box_chars_1[3]);  /* ACS_VLINE */
+-  append_acs0(&result, 'j', box_chars_1[4]);  /* ACS_LRCORNER */
+-  append_acs0(&result, 'm', box_chars_1[5]);  /* ACS_LLCORNER */
+-  append_acs0(&result, 'w', box_chars_1[6]);  /* ACS_TTEE */
+- 

[OE-core] [zeus 05/28] runqemu: unset another environment variable for 'egl-headless'

[Armin Kuster]

From: Alexander Kanavin 

Some host distributions (opensuse for example) are using 'pkgconf',
which, unlike the original pkg-config, appends PKG_CONFIG_SYSROOT_DIR
to every directory from the .pc file.

Signed-off-by: Alexander Kanavin 
Signed-off-by: Richard Purdie 
Signed-off-by: Armin Kuster 
---
 scripts/runqemu | 1 +
 1 file changed, 1 insertion(+)

diff --git a/scripts/runqemu b/scripts/runqemu
index 1a5aca9..46087b8 100755
--- a/scripts/runqemu
+++ b/scripts/runqemu
@@ -457,6 +457,7 @@ class BaseConfig(object):
 del os.environ['PKG_CONFIG_PATH']
 del os.environ['PKG_CONFIG_DIR']
 del os.environ['PKG_CONFIG_LIBDIR']
+del os.environ['PKG_CONFIG_SYSROOT_DIR']
 except KeyError:
 pass
 try:
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [zeus 11/28] uninative: check .done file instead of tarball

[Armin Kuster]

From: Stefan Agner 

In case multiple builds share UNINATIVE_DLDIR's location, one build
might be in the process of downloading the tarball while another is
just checking whether the tarball exists. Check for the done file
instead and rely on the fetchers lockfile mechanism in case two
builds are running.

Signed-off-by: Stefan Agner 
Signed-off-by: Richard Purdie 
(cherry picked from commit a1c95580549cb4f77601e62c7f026b19c752d853)
Signed-off-by: Armin Kuster 
---
 meta/classes/uninative.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/uninative.bbclass b/meta/classes/uninative.bbclass
index 3326c0d..9f8645a 100644
--- a/meta/classes/uninative.bbclass
+++ b/meta/classes/uninative.bbclass
@@ -45,7 +45,7 @@ python uninative_event_fetchloader() {
 tarballdir = os.path.join(d.getVar("UNINATIVE_DLDIR"), chksum)
 tarballpath = os.path.join(tarballdir, tarball)
 
-if not os.path.exists(tarballpath):
+if not os.path.exists(tarballpath + ".done"):
 bb.utils.mkdirhier(tarballdir)
 if d.getVar("UNINATIVE_URL") == "unset":
 bb.fatal("Uninative selected but not configured, please set 
UNINATIVE_URL")
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [zeus 08/28] sysstat: fix CVE-2019-16167

[Armin Kuster]

From: Wenlin Kang 

This commit is another part of CVE-2019-16167, please see
https://github.com/sysstat/sysstat/issues/232.

Signed-off-by: Wenlin Kang 
Signed-off-by: Richard Purdie 
(cherry picked from commit 586c045eb81b79200b46bf743f5d3fdb5f68c12d)
Signed-off-by: Armin Kuster 
---
 ...ory-corruption-bug-due-to-Integer-Overflo.patch | 46 ++
 meta/recipes-extended/sysstat/sysstat_12.1.6.bb|  4 +-
 2 files changed, 49 insertions(+), 1 deletion(-)
 create mode 100644 
meta/recipes-extended/sysstat/sysstat/0001-Fix-232-Memory-corruption-bug-due-to-Integer-Overflo.patch

diff --git 
a/meta/recipes-extended/sysstat/sysstat/0001-Fix-232-Memory-corruption-bug-due-to-Integer-Overflo.patch
 
b/meta/recipes-extended/sysstat/sysstat/0001-Fix-232-Memory-corruption-bug-due-to-Integer-Overflo.patch
new file mode 100644
index 000..46b1118
--- /dev/null
+++ 
b/meta/recipes-extended/sysstat/sysstat/0001-Fix-232-Memory-corruption-bug-due-to-Integer-Overflo.patch
@@ -0,0 +1,46 @@
+From 603ae4ed8cd65abf0776ef7f68354a5c24a3411c Mon Sep 17 00:00:00 2001
+From: Sebastien GODARD 
+Date: Tue, 15 Oct 2019 14:39:33 +0800
+Subject: [PATCH] Fix #232: Memory corruption bug due to Integer Overflow in
+ remap_struct()
+
+Try to avoid integer overflow when reading a corrupted binary datafile
+with sadf.
+
+Upstream-Status: Backport 
[https://github.com/sysstat/sysstat/commit/83fad9c895d1ac13f76af5883b7451b3302beef5]
+CVE: CVE-2019-16167
+
+Signed-off-by: Sebastien GODARD 
+Signed-off-by: Wenlin Kang 
+---
+ sa_common.c | 7 +--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/sa_common.c b/sa_common.c
+index 395c11c..cfa9007 100644
+--- a/sa_common.c
 b/sa_common.c
+@@ -1336,7 +1336,8 @@ int remap_struct(unsigned int gtypes_nr[], unsigned int 
ftypes_nr[],
+   /* Remap [unsigned] int fields */
+   d = gtypes_nr[1] - ftypes_nr[1];
+   if (d) {
+-  if (ftypes_nr[1] * UL_ALIGNMENT_WIDTH < ftypes_nr[1])
++  if (gtypes_nr[0] * ULL_ALIGNMENT_WIDTH +
++  ftypes_nr[1] * UL_ALIGNMENT_WIDTH < ftypes_nr[1])
+   /* Overflow */
+   return -1;
+ 
+@@ -1365,7 +1366,9 @@ int remap_struct(unsigned int gtypes_nr[], unsigned int 
ftypes_nr[],
+   /* Remap possible fields (like strings of chars) following int fields */
+   d = gtypes_nr[2] - ftypes_nr[2];
+   if (d) {
+-  if (ftypes_nr[2] * U_ALIGNMENT_WIDTH < ftypes_nr[2])
++  if (gtypes_nr[0] * ULL_ALIGNMENT_WIDTH +
++  gtypes_nr[1] * UL_ALIGNMENT_WIDTH +
++  ftypes_nr[2] * U_ALIGNMENT_WIDTH < ftypes_nr[2])
+   /* Overflow */
+   return -1;
+ 
+-- 
+1.9.1
+
diff --git a/meta/recipes-extended/sysstat/sysstat_12.1.6.bb 
b/meta/recipes-extended/sysstat/sysstat_12.1.6.bb
index 8cf8c36..362888d 100644
--- a/meta/recipes-extended/sysstat/sysstat_12.1.6.bb
+++ b/meta/recipes-extended/sysstat/sysstat_12.1.6.bb
@@ -2,7 +2,9 @@ require sysstat.inc
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=a23a74b3f4caf9616230789d94217acb"
 
-SRC_URI += "file://0001-Include-needed-headers-explicitly.patch"
+SRC_URI += "file://0001-Include-needed-headers-explicitly.patch \
+   
file://0001-Fix-232-Memory-corruption-bug-due-to-Integer-Overflo.patch \
+"
 
 SRC_URI[md5sum] = "d8e3bbb9c873dd370f6d33664e326570"
 SRC_URI[sha256sum] = 
"f752f3c406153a6fc446496f1102872505ace3f0931d975c1d664c81ec09f129"
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [zeus 09/28] libsdl2: fix CVE-2019-13616

[Armin Kuster]

From: Yi Zhao 

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2019-13616

Patch from:
https://hg.libsdl.org/SDL/rev/e7ba650a643a

Signed-off-by: Yi Zhao 
Signed-off-by: Richard Purdie 
(cherry picked from commit 70b9cdf86b9c5ed14937500619387a890a57ef20)
Signed-off-by: Armin Kuster 
---
 ...538-validate-image-size-when-loading-BMP-.patch | 34 ++
 meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb|  1 +
 2 files changed, 35 insertions(+)
 create mode 100644 
meta/recipes-graphics/libsdl2/libsdl2/0001-Fixed-bug-4538-validate-image-size-when-loading-BMP-.patch

diff --git 
a/meta/recipes-graphics/libsdl2/libsdl2/0001-Fixed-bug-4538-validate-image-size-when-loading-BMP-.patch
 
b/meta/recipes-graphics/libsdl2/libsdl2/0001-Fixed-bug-4538-validate-image-size-when-loading-BMP-.patch
new file mode 100644
index 000..674decc
--- /dev/null
+++ 
b/meta/recipes-graphics/libsdl2/libsdl2/0001-Fixed-bug-4538-validate-image-size-when-loading-BMP-.patch
@@ -0,0 +1,34 @@
+From 85138c1ec673e05263ae666baf61f79384daf7e0 Mon Sep 17 00:00:00 2001
+From: Sam Lantinga 
+Date: Tue, 30 Jul 2019 11:00:00 -0700
+Subject: [PATCH] Fixed bug 4538 - validate image size when loading BMP files
+
+Upstream-Status: Backport
+[https://hg.libsdl.org/SDL/rev/e7ba650a643a]
+
+CVE: CVE-2019-13616
+
+Signed-off-by: Yi Zhao 
+---
+ src/video/SDL_bmp.c | 5 +
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/video/SDL_bmp.c b/src/video/SDL_bmp.c
+index 0b68918..a06b0c9 100644
+--- a/src/video/SDL_bmp.c
 b/src/video/SDL_bmp.c
+@@ -226,6 +226,11 @@ SDL_LoadBMP_RW(SDL_RWops * src, int freesrc)
+ SDL_RWseek(src, (biSize - headerSize), RW_SEEK_CUR);
+ }
+ }
++if (biWidth <= 0 || biHeight == 0) {
++SDL_SetError("BMP file with bad dimensions (%dx%d)", biWidth, 
biHeight);
++was_error = SDL_TRUE;
++goto done;
++}
+ if (biHeight < 0) {
+ topDown = SDL_TRUE;
+ biHeight = -biHeight;
+-- 
+2.7.4
+
diff --git a/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb 
b/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb
index 3a0654b..cdc8650 100644
--- a/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb
+++ b/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb
@@ -14,6 +14,7 @@ PROVIDES = "virtual/libsdl2"
 
 SRC_URI = "http://www.libsdl.org/release/SDL2-${PV}.tar.gz \
file://more-gen-depends.patch \
+   
file://0001-Fixed-bug-4538-validate-image-size-when-loading-BMP-.patch \
 "
 
 S = "${WORKDIR}/SDL2-${PV}"
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [zeus 10/28] sanity: check the format of SDK_VENDOR

[Armin Kuster]

From: Ross Burton 

If SDK_VENDOR isn't formatted as -foosdk and is instead for example -foo-sdk
then the triple that are constructed are not in fact triples, which results in
mysterious compile errors.

Check in sanity.bbclass so this failure is detected early.

[ YOCTO #13573 ]

Signed-off-by: Ross Burton 
Signed-off-by: Richard Purdie 
(cherry picked from commit b0efd8d4d0dbc30e6505b42f5603f18fa764d732)
Signed-off-by: Armin Kuster 
---
 meta/classes/sanity.bbclass | 5 +
 1 file changed, 5 insertions(+)

diff --git a/meta/classes/sanity.bbclass b/meta/classes/sanity.bbclass
index 2d3f49e..705062b 100644
--- a/meta/classes/sanity.bbclass
+++ b/meta/classes/sanity.bbclass
@@ -798,6 +798,11 @@ def check_sanity_everybuild(status, d):
 elif d.getVar('SDK_ARCH', False) == "${BUILD_ARCH}":
 status.addresult('SDKMACHINE is set, but SDK_ARCH has not been 
changed as a result - SDKMACHINE may have been set too late (e.g. in the distro 
configuration)\n')
 
+# If SDK_VENDOR looks like "-my-sdk" then the triples are badly formed so 
fail early
+sdkvendor = d.getVar("SDK_VENDOR")
+if not (sdkvendor.startswith("-") and sdkvendor.count("-") == 1):
+status.addresult("SDK_VENDOR should be of the form '-foosdk' with a 
single dash\n")
+
 check_supported_distro(d)
 
 omask = os.umask(0o022)
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [zeus 04/28] python3: CVE-2019-16056

[Armin Kuster]

From: Chen Qi 

Signed-off-by: Chen Qi 
Signed-off-by: Richard Purdie 
Signed-off-by: Armin Kuster 
---
 ...55-Dont-parse-domains-containing-GH-13079.patch | 132 +
 meta/recipes-devtools/python/python3_3.7.4.bb  |   1 +
 2 files changed, 133 insertions(+)
 create mode 100644 
meta/recipes-devtools/python/python3/0001-bpo-34155-Dont-parse-domains-containing-GH-13079.patch

diff --git 
a/meta/recipes-devtools/python/python3/0001-bpo-34155-Dont-parse-domains-containing-GH-13079.patch
 
b/meta/recipes-devtools/python/python3/0001-bpo-34155-Dont-parse-domains-containing-GH-13079.patch
new file mode 100644
index 000..319e7ed
--- /dev/null
+++ 
b/meta/recipes-devtools/python/python3/0001-bpo-34155-Dont-parse-domains-containing-GH-13079.patch
@@ -0,0 +1,132 @@
+From 90d56127ae15b1e452755e62c77dc475dedf7161 Mon Sep 17 00:00:00 2001
+From: jpic 
+Date: Wed, 17 Jul 2019 23:54:25 +0200
+Subject: [PATCH] bpo-34155: Dont parse domains containing @ (GH-13079)
+
+Before:
+
+>>> email.message_from_string('From: 
a...@malicious.org@important.com', 
policy=email.policy.default)['from'].addresses
+(Address(display_name='', username='a', domain='malicious.org'),)
+
+>>> parseaddr('a...@malicious.org@important.com')
+('', 'a...@malicious.org')
+
+After:
+
+>>> email.message_from_string('From: 
a...@malicious.org@important.com', 
policy=email.policy.default)['from'].addresses
+(Address(display_name='', username='', domain=''),)
+
+>>> parseaddr('a...@malicious.org@important.com')
+('', 'a@')
+
+https://bugs.python.org/issue34155
+
+Upstream-Status: Backport 
[https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9]
+
+CVE: CVE-2019-16056
+
+Signed-off-by: Chen Qi 
+---
+ Lib/email/_header_value_parser.py  |  2 ++
+ Lib/email/_parseaddr.py| 11 ++-
+ Lib/test/test_email/test__header_value_parser.py   | 10 ++
+ Lib/test/test_email/test_email.py  | 14 ++
+ .../2019-05-04-13-33-37.bpo-34155.MJll68.rst   |  1 +
+ 5 files changed, 37 insertions(+), 1 deletion(-)
+ create mode 100644 
Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst
+
+diff --git a/Lib/email/_header_value_parser.py 
b/Lib/email/_header_value_parser.py
+index fc00b4a098..bbc026ec71 100644
+--- a/Lib/email/_header_value_parser.py
 b/Lib/email/_header_value_parser.py
+@@ -1582,6 +1582,8 @@ def get_domain(value):
+ token, value = get_dot_atom(value)
+ except errors.HeaderParseError:
+ token, value = get_atom(value)
++if value and value[0] == '@':
++raise errors.HeaderParseError('Invalid Domain')
+ if leader is not None:
+ token[:0] = [leader]
+ domain.append(token)
+diff --git a/Lib/email/_parseaddr.py b/Lib/email/_parseaddr.py
+index cdfa3729ad..41ff6f8c00 100644
+--- a/Lib/email/_parseaddr.py
 b/Lib/email/_parseaddr.py
+@@ -379,7 +379,12 @@ class AddrlistClass:
+ aslist.append('@')
+ self.pos += 1
+ self.gotonext()
+-return EMPTYSTRING.join(aslist) + self.getdomain()
++domain = self.getdomain()
++if not domain:
++# Invalid domain, return an empty address instead of returning a
++# local part to denote failed parsing.
++return EMPTYSTRING
++return EMPTYSTRING.join(aslist) + domain
+ 
+ def getdomain(self):
+ """Get the complete domain name from an address."""
+@@ -394,6 +399,10 @@ class AddrlistClass:
+ elif self.field[self.pos] == '.':
+ self.pos += 1
+ sdlist.append('.')
++elif self.field[self.pos] == '@':
++# bpo-34155: Don't parse domains with two `@` like
++# `a...@malicious.org@important.com`.
++return EMPTYSTRING
+ elif self.field[self.pos] in self.atomends:
+ break
+ else:
+diff --git a/Lib/test/test_email/test__header_value_parser.py 
b/Lib/test/test_email/test__header_value_parser.py
+index 693487bc96..7dc4de1b7b 100644
+--- a/Lib/test/test_email/test__header_value_parser.py
 b/Lib/test/test_email/test__header_value_parser.py
+@@ -1438,6 +1438,16 @@ class TestParser(TestParserMixin, TestEmailBase):
+ self.assertEqual(addr_spec.domain, 'example.com')
+ self.assertEqual(addr_spec.addr_spec, 'star.a.s...@example.com')
+ 
++def test_get_addr_spec_multiple_domains(self):
++with self.assertRaises(errors.HeaderParseError):
++parser.get_addr_spec('s...@a.star@example.com')
++
++with self.assertRaises(errors.HeaderParseError):
++parser.get_addr_spec('star@a...@example.com')
++
++with self.assertRaises(errors.HeaderParseError):
++parser.get_addr_spec('star@172.17@example.com')
++
+ # get_obs_route
+ 
+ def test_get_obs_route_simple(self):
+diff --git a/

[OE-core] [zeus 03/28] python: CVE-2019-16056

[Armin Kuster]

From: Chen Qi 

Signed-off-by: Chen Qi 
Signed-off-by: Richard Purdie 
Signed-off-by: Armin Kuster 
---
 ...55-Dont-parse-domains-containing-GH-13079.patch | 90 ++
 meta/recipes-devtools/python/python_2.7.16.bb  |  1 +
 2 files changed, 91 insertions(+)
 create mode 100644 
meta/recipes-devtools/python/python/0001-2.7-bpo-34155-Dont-parse-domains-containing-GH-13079.patch

diff --git 
a/meta/recipes-devtools/python/python/0001-2.7-bpo-34155-Dont-parse-domains-containing-GH-13079.patch
 
b/meta/recipes-devtools/python/python/0001-2.7-bpo-34155-Dont-parse-domains-containing-GH-13079.patch
new file mode 100644
index 000..5415472
--- /dev/null
+++ 
b/meta/recipes-devtools/python/python/0001-2.7-bpo-34155-Dont-parse-domains-containing-GH-13079.patch
@@ -0,0 +1,90 @@
+From 532ed09c5454bb789a301bb6f1339a0818255610 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Roberto=20C=2E=20S=C3=A1nchez?= 
+Date: Sat, 14 Sep 2019 13:26:38 -0400
+Subject: [PATCH] [2.7] bpo-34155: Dont parse domains containing @ (GH-13079)
+ (GH-16006)
+
+This change skips parsing of email addresses where domains include a "@" 
character, which can be maliciously used since the local part is returned as a 
complete address.
+
+(cherry picked from commit 8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9)
+
+Excludes changes to Lib/email/_header_value_parser.py, which did not
+exist in 2.7.
+
+Co-authored-by: jpic 
+
+https://bugs.python.org/issue34155
+
+Upstream-Status: Backport 
[https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9]
+
+CVE: CVE-2019-16056
+
+Signed-off-by: Chen Qi 
+---
+ Lib/email/_parseaddr.py| 11 ++-
+ Lib/email/test/test_email.py   | 14 ++
+ .../2019-05-04-13-33-37.bpo-34155.MJll68.rst   |  1 +
+ 3 files changed, 25 insertions(+), 1 deletion(-)
+ create mode 100644 
Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst
+
+diff --git a/Lib/email/_parseaddr.py b/Lib/email/_parseaddr.py
+index 690db2c22d..dc49d2e45a 100644
+--- a/Lib/email/_parseaddr.py
 b/Lib/email/_parseaddr.py
+@@ -336,7 +336,12 @@ class AddrlistClass:
+ aslist.append('@')
+ self.pos += 1
+ self.gotonext()
+-return EMPTYSTRING.join(aslist) + self.getdomain()
++domain = self.getdomain()
++if not domain:
++# Invalid domain, return an empty address instead of returning a
++# local part to denote failed parsing.
++return EMPTYSTRING
++return EMPTYSTRING.join(aslist) + domain
+ 
+ def getdomain(self):
+ """Get the complete domain name from an address."""
+@@ -351,6 +356,10 @@ class AddrlistClass:
+ elif self.field[self.pos] == '.':
+ self.pos += 1
+ sdlist.append('.')
++elif self.field[self.pos] == '@':
++# bpo-34155: Don't parse domains with two `@` like
++# `a...@malicious.org@important.com`.
++return EMPTYSTRING
+ elif self.field[self.pos] in self.atomends:
+ break
+ else:
+diff --git a/Lib/email/test/test_email.py b/Lib/email/test/test_email.py
+index 4b4dee3d34..2efe44ac5a 100644
+--- a/Lib/email/test/test_email.py
 b/Lib/email/test/test_email.py
+@@ -2306,6 +2306,20 @@ class TestMiscellaneous(TestEmailBase):
+ self.assertEqual(Utils.parseaddr('<>'), ('', ''))
+ self.assertEqual(Utils.formataddr(Utils.parseaddr('<>')), '')
+ 
++def test_parseaddr_multiple_domains(self):
++self.assertEqual(
++Utils.parseaddr('a@b@c'),
++('', '')
++)
++self.assertEqual(
++Utils.parseaddr('a@b.c@c'),
++('', '')
++)
++self.assertEqual(
++Utils.parseaddr('a@172.17.0.1@c'),
++('', '')
++)
++
+ def test_noquote_dump(self):
+ self.assertEqual(
+ Utils.formataddr(('A Silly Person', 'per...@dom.ain')),
+diff --git 
a/Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst 
b/Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst
+new file mode 100644
+index 00..50292e29ed
+--- /dev/null
 b/Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst
+@@ -0,0 +1 @@
++Fix parsing of invalid email addresses with more than one ``@`` (e.g. 
a@b...@c.com.) to not return the part before 2nd ``@`` as valid email address. 
Patch by maxking & jpic.
diff --git a/meta/recipes-devtools/python/python_2.7.16.bb 
b/meta/recipes-devtools/python/python_2.7.16.bb
index 5b856a5..aec8778 100644
--- a/meta/recipes-devtools/python/python_2.7.16.bb
+++ b/meta/recipes-devtools/python/python_2.7.16.bb
@@ -30,6 +30,7 @@ SRC_URI += " \
file://support_SOURCE_DATE_EPOCH_in_py_compile_2.7.patch \
file://float-endian.patch \

file://0001-python2-use-cc_basename-to-replace-CC-for-checking-c.patch \
+   

[OE-core] [zeus 02/28] aspell: fix CVE-2019-17544

[Armin Kuster]

From: Trevor Gamblin 

Backport CVE-2019-17544 fix to zeus.

Signed-off-by: Trevor Gamblin 
Signed-off-by: Armin Kuster 
---
 .../0001-Fix-various-bugs-found-by-OSS-Fuze.patch  | 56 ++
 meta/recipes-support/aspell/aspell_0.60.7.bb   |  4 +-
 2 files changed, 59 insertions(+), 1 deletion(-)
 create mode 100644 
meta/recipes-support/aspell/aspell/0001-Fix-various-bugs-found-by-OSS-Fuze.patch

diff --git 
a/meta/recipes-support/aspell/aspell/0001-Fix-various-bugs-found-by-OSS-Fuze.patch
 
b/meta/recipes-support/aspell/aspell/0001-Fix-various-bugs-found-by-OSS-Fuze.patch
new file mode 100644
index 000..259075b
--- /dev/null
+++ 
b/meta/recipes-support/aspell/aspell/0001-Fix-various-bugs-found-by-OSS-Fuze.patch
@@ -0,0 +1,56 @@
+From 80fa26c74279fced8d778351cff19d1d8f44fe4e Mon Sep 17 00:00:00 2001
+From: Kevin Atkinson 
+Date: Sun, 4 Aug 2019 04:20:29 -0400
+Subject: [PATCH] Fix various bugs found by OSS-Fuze.
+
+---
+ common/config.cpp| 2 +-
+ common/file_util.cpp | 1 +
+ common/getdata.cpp   | 2 +-
+ 3 files changed, 3 insertions(+), 2 deletions(-)
+
+Upstream-Status: Backport 
[https://github.com/GNUAspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e]
+CVE: CVE-2019-17544
+Signed-off-by: Trevor Gamblin 
+
+diff --git a/common/config.cpp b/common/config.cpp
+index 017e741..e117d3c 100644
+--- a/common/config.cpp
 b/common/config.cpp
+@@ -763,7 +763,7 @@ namespace acommon {
+   }
+   res.append(':');
+ }
+-if (res.back() == ':') res.pop_back();
++if (!res.empty() && res.back() == ':') res.pop_back();
+   }
+ 
+   struct ListAddHelper : public AddableContainer 
+diff --git a/common/file_util.cpp b/common/file_util.cpp
+index 8515832..56ea501 100644
+--- a/common/file_util.cpp
 b/common/file_util.cpp
+@@ -181,6 +181,7 @@ namespace acommon {
+ while ( (dir = els.next()) != 0 ) 
+ {
+   path = dir;
++  if (path.empty()) continue;
+   if (path.back() != '/') path += '/';
+   unsigned dir_len = path.size();
+   path += filename;
+diff --git a/common/getdata.cpp b/common/getdata.cpp
+index 7e822c9..1b04823 100644
+--- a/common/getdata.cpp
 b/common/getdata.cpp
+@@ -64,7 +64,7 @@ namespace acommon {
+   char * unescape(char * dest, const char * src)
+   {
+ while (*src) {
+-  if (*src == '\\') {
++  if (*src == '\\' && src[1]) {
+   ++src;
+   switch (*src) {
+   case 'n': *dest = '\n'; break;
+-- 
+2.17.1
+
diff --git a/meta/recipes-support/aspell/aspell_0.60.7.bb 
b/meta/recipes-support/aspell/aspell_0.60.7.bb
index da99d12..b565cb3 100644
--- a/meta/recipes-support/aspell/aspell_0.60.7.bb
+++ b/meta/recipes-support/aspell/aspell_0.60.7.bb
@@ -6,7 +6,9 @@ LIC_FILES_CHKSUM = 
"file://COPYING;md5=7fbc338309ac38fefcd64b04bb903e34"
 
 PR = "r1"
 
-SRC_URI = "${GNU_MIRROR}/aspell/aspell-${PV}.tar.gz"
+SRC_URI = "${GNU_MIRROR}/aspell/aspell-${PV}.tar.gz \
+   file://0001-Fix-various-bugs-found-by-OSS-Fuze.patch \
+  "
 SRC_URI[md5sum] = "8ef2252609c511cd2bb26f3a3932ef28"
 SRC_URI[sha256sum] = 
"5ca8fc8cb0370cc6c9eb5b64c6d1bc5d57b3750dbf17887726c3407d833b70e4"
 
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [zeus 01/28] sqlite3: fix CVE-2019-16168

[Armin Kuster]

From: "qi.c...@windriver.com" 

Signed-off-by: Chen Qi 
Signed-off-by: Armin Kuster 
---
 .../sqlite/files/0001-Fix-CVE-2019-16168.patch | 40 ++
 meta/recipes-support/sqlite/sqlite3_3.29.0.bb  |  3 +-
 2 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 
meta/recipes-support/sqlite/files/0001-Fix-CVE-2019-16168.patch

diff --git a/meta/recipes-support/sqlite/files/0001-Fix-CVE-2019-16168.patch 
b/meta/recipes-support/sqlite/files/0001-Fix-CVE-2019-16168.patch
new file mode 100644
index 000..7c4a65b
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/0001-Fix-CVE-2019-16168.patch
@@ -0,0 +1,40 @@
+From fcf06b0b426e6c243d6ca2d6c6a02830717ab6a3 Mon Sep 17 00:00:00 2001
+From: Chen Qi 
+Date: Tue, 15 Oct 2019 13:22:52 +0800
+Subject: [PATCH] Fix CVE-2019-16168
+
+CVE: CVE-2019-16168
+
+Upstream-Status: Backport 
[https://www.sqlite.org/src/vpatch?from=4f5b2d938194fab7&to=98357d8c1263920b]
+
+Signed-off-by: Chen Qi 
+---
+ sqlite3.c | 5 -
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/sqlite3.c b/sqlite3.c
+index 61bfdeb..b3e6ae2 100644
+--- a/sqlite3.c
 b/sqlite3.c
+@@ -105933,7 +105933,9 @@ static void decodeIntArray(
+   if( sqlite3_strglob("unordered*", z)==0 ){
+ pIndex->bUnordered = 1;
+   }else if( sqlite3_strglob("sz=[0-9]*", z)==0 ){
+-pIndex->szIdxRow = sqlite3LogEst(sqlite3Atoi(z+3));
++int sz = sqlite3Atoi(z+3);
++if( sz<2 ) sz = 2;
++pIndex->szIdxRow = sqlite3LogEst(sz);
+   }else if( sqlite3_strglob("noskipscan*", z)==0 ){
+ pIndex->noSkipScan = 1;
+   }
+@@ -143260,6 +143262,7 @@ static int whereLoopAddBtreeIndex(
+ ** it to pNew->rRun, which is currently set to the cost of the index
+ ** seek only. Then, if this is a non-covering index, add the cost of
+ ** visiting the rows in the main table.  */
++assert( pSrc->pTab->szTabRow>0 );
+ rCostIdx = pNew->nOut + 1 + (15*pProbe->szIdxRow)/pSrc->pTab->szTabRow;
+ pNew->rRun = sqlite3LogEstAdd(rLogSize, rCostIdx);
+ if( (pNew->wsFlags & (WHERE_IDX_ONLY|WHERE_IPK))==0 ){
+-- 
+2.17.1
+
diff --git a/meta/recipes-support/sqlite/sqlite3_3.29.0.bb 
b/meta/recipes-support/sqlite/sqlite3_3.29.0.bb
index 07e36be..34066fb 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.29.0.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.29.0.bb
@@ -3,6 +3,7 @@ require sqlite3.inc
 LICENSE = "PD"
 LIC_FILES_CHKSUM = 
"file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66"
 
-SRC_URI = "http://www.sqlite.org/2019/sqlite-autoconf-${SQLITE_PV}.tar.gz";
+SRC_URI = "http://www.sqlite.org/2019/sqlite-autoconf-${SQLITE_PV}.tar.gz \
+   file://0001-Fix-CVE-2019-16168.patch"
 SRC_URI[md5sum] = "8f3dfe83387e62ecb91c7c5c09c688dc"
 SRC_URI[sha256sum] = 
"8e7c1e2950b5b04c5944a981cb31fffbf9d2ddda939d536838ebc854481afd5b"
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [zeus 00/28] Patch review

[Armin Kuster]

This is what has been backported from master or patches.

Comments by Monday.

The following changes since commit 59938780e7e776d87146002ea939b185f8704408:

  build-appliance-image: Update to master head revision (2019-10-09 22:28:44 
+0100)

are available in the git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/zeus-next
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/zeus-next

Alexander Kanavin (1):
  runqemu: unset another environment variable for 'egl-headless'

André Draszik (1):
  connman: mark connman-wait-online as SYSTEMD_PACKAGE

Changqing Li (3):
  qemu: Fix CVE-2019-12068
  python: Fix CVE-2019-10160
  sudo: fix CVE-2019-14287

Chee Yang Lee (1):
  wic/engine: use 'linux-swap' for swap file system

Chen Qi (3):
  python: CVE-2019-16056
  python3: CVE-2019-16056
  go: fix CVE-2019-16276

Douglas Royds via Openembedded-core (1):
  icecc: Export ICECC_CC and friends via wrapper-script

Eugene Smirnov (1):
  wic/rawcopy: Support files in sub-directories

George McCollister (1):
  openssl: make OPENSSL_ENGINES match install path

Hongxu Jia (1):
  openssh: fix CVE-2019-16905

Joerg Vehlow (1):
  runqemu: Remove disabling of high resolution timer

Liwei Song (1):
  util-linux: fix PKNAME name is NULL when use lsblk [LIN1019-2963]

Michael Ho (1):
  cmake.bbclass: add HOSTTOOLS_DIR to CMAKE_FIND_ROOT_PATH

qi.c...@windriver.com (1):
  sqlite3: fix CVE-2019-16168

Ricardo Ribalda Delgado (1):
  i2c-tools: Add missing RDEPEND

Ross Burton (3):
  sanity: check the format of SDK_VENDOR
  file: explicitly disable seccomp
  python3: -dev should depend on distutils

Stefan Agner (1):
  uninative: check .done file instead of tarball

Tom Benn (1):
  dbus: update dbus-1.init to reflect new PID file

Trevor Gamblin (2):
  aspell: fix CVE-2019-17544
  ncurses: fix CVE-2019-17594, CVE-2019-17595

Wenlin Kang (1):
  sysstat: fix CVE-2019-16167

Yi Zhao (2):
  libsdl2: fix CVE-2019-13616
  libgcrypt: fix CVE-2019-12904

 meta/classes/cmake.bbclass |   3 +-
 meta/classes/icecc.bbclass |  32 +-
 meta/classes/sanity.bbclass|   5 +
 meta/classes/uninative.bbclass |   2 +-
 meta/recipes-connectivity/connman/connman.inc  |   2 +-
 ...x-integer-overflow-in-XMSS-private-key-pa.patch |  40 +++
 meta/recipes-connectivity/openssh/openssh_8.0p1.bb |   1 +
 .../recipes-connectivity/openssl/openssl_1.1.1d.bb |   2 +-
 meta/recipes-core/dbus/dbus/dbus-1.init|   4 +-
 ...rses-selective-backport-of-20191012-patch.patch | 169 +++
 meta/recipes-core/ncurses/ncurses_6.1+20190803.bb  |   1 +
 ...lsblk-force-to-print-PKNAME-for-partition.patch |  36 +++
 meta/recipes-core/util-linux/util-linux_2.34.bb|   1 +
 meta/recipes-devtools/file/file_5.37.bb|   2 +
 meta/recipes-devtools/go/go-1.12.inc   |   1 +
 ...nch.go1.12-security-net-textproto-don-t-n.patch | 163 ++
 meta/recipes-devtools/i2c-tools/i2c-tools_4.1.bb   |   1 +
 ...55-Dont-parse-domains-containing-GH-13079.patch |  90 ++
 .../python/python/bpo-36742-cve-2019-10160.patch   |  81 +
 ...55-Dont-parse-domains-containing-GH-13079.patch | 132 
 .../python/python3/python3-manifest.json   |   3 +-
 meta/recipes-devtools/python/python3_3.7.4.bb  |   1 +
 meta/recipes-devtools/python/python_2.7.16.bb  |   2 +
 meta/recipes-devtools/qemu/qemu.inc|   1 +
 .../qemu/qemu/CVE-2019-12068.patch | 108 +++
 .../sudo/sudo/CVE-2019-14287-1.patch   | 178 +++
 .../sudo/sudo/CVE-2019-14287-2.patch   | 112 +++
 meta/recipes-extended/sudo/sudo_1.8.27.bb  |   2 +
 ...ory-corruption-bug-due-to-Integer-Overflo.patch |  46 +++
 meta/recipes-extended/sysstat/sysstat_12.1.6.bb|   4 +-
 ...538-validate-image-size-when-loading-BMP-.patch |  34 +++
 meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb|   1 +
 .../0001-Fix-various-bugs-found-by-OSS-Fuze.patch  |  56 
 meta/recipes-support/aspell/aspell_0.60.7.bb   |   4 +-
 .../files/0001-Prefetch-GCM-look-up-tables.patch   |  90 ++
 ...ok-up-tables-to-.data-section-and-unshare.patch | 332 +
 ...ok-up-table-to-.data-section-and-unshare-.patch | 178 +++
 meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb  |   3 +
 .../sqlite/files/0001-Fix-CVE-2019-16168.patch |  40 +++
 meta/recipes-support/sqlite/sqlite3_3.29.0.bb  |   3 +-
 scripts/lib/wic/engine.py  |   2 +-
 scripts/lib/wic/plugins/source/rawcopy.py  |   3 +
 scripts/runqemu|   5 +-
 43 files changed, 1951 insertions(+), 25 deletions(-)
 create mode 100644 
meta/recipes-connectivity/openssh/openssh/0001-upstream-fix-integer-overflow-in-XMSS-private-key-pa.patch
 create mode 100644 
meta/recipes-core/ncurses/files/0001-ncurses-selective-backport-of-20191012-patch.patch
 create mo

Re: [OE-core] [PATCH] mesa: Upgrade 19.1.6 -> 19.2.1

[Martin Jansa]

It's not part of this mesa upgrade, but as you're maintaining it and I'll
possibly forget to mention it next time (or if someone is using newest mesa
for whatever reason like pinephone does now)...

In latest mesa MESA_EGL_NO_X11_HEADERS was renamed to EGL_NO_X11 in:
https://github.com/mesa3d/mesa/commit/6202a13b71e18dc31ba7e2f4ea915b67eacc1ddb

which will require do_install_append update in mesa recipe, libepoxy
upgrade or patch and possibly few other fixes like I just did for pinephone
here:
https://github.com/webOS-ports/meta-pine64-luneos/commit/a65667ab835647869c2e24cd6ad6a6cec61f

Regards,

On Fri, Oct 11, 2019 at 10:20 PM Fabio Berton 
wrote:

>   - Update patches with devtool finish --force-patch-refresh
>
>   - Update license checksum due to commit d5e273aad2
> docs: remove pointless line-break
>
>   This upgrade include the following changes:
>
> - Mesa 19.2.1 This is a bug fix release.
>   Full log: https://mesa3d.org/relnotes/19.2.1.html
>
> - Mesa 19.2.0 This is a new development release.
>   Full log: https://mesa3d.org/relnotes/19.2.0.html
>
> - Mesa 19.1.7 is released.
>   Full log: https://mesa3d.org/relnotes/19.1.7.html
>
> - Mesa 19.1.6 is released. This is a bug-fix release.
>   Full log: https://mesa3d.org/relnotes/19.1.6.html
>
> Signed-off-by: Fabio Berton 
> ---
>  ...k-for-all-linux-host_os-combinations.patch |  9 
>  ...on.build-make-TLS-GLX-optional-again.patch | 22 +--
>  ...Allow-enable-DRI-without-DRI-drivers.patch |  9 
>  .../{mesa-gl_19.1.6.bb => mesa-gl_19.2.1.bb}  |  0
>  meta/recipes-graphics/mesa/mesa.inc   |  2 +-
>  .../mesa/{mesa_19.1.6.bb => mesa_19.2.1.bb}   |  4 ++--
>  6 files changed, 24 insertions(+), 22 deletions(-)
>  rename meta/recipes-graphics/mesa/{mesa-gl_19.1.6.bb => mesa-gl_19.2.1.bb}
> (100%)
>  rename meta/recipes-graphics/mesa/{mesa_19.1.6.bb => mesa_19.2.1.bb}
> (85%)
>
> diff --git
> a/meta/recipes-graphics/mesa/files/0001-meson.build-check-for-all-linux-host_os-combinations.patch
> b/meta/recipes-graphics/mesa/files/0001-meson.build-check-for-all-linux-host_os-combinations.patch
> index 9fba5da4b2..461fc83345 100644
> ---
> a/meta/recipes-graphics/mesa/files/0001-meson.build-check-for-all-linux-host_os-combinations.patch
> +++
> b/meta/recipes-graphics/mesa/files/0001-meson.build-check-for-all-linux-host_os-combinations.patch
> @@ -1,4 +1,4 @@
> -From ea966884e39aae9571c038fab55f3c1663d17850 Mon Sep 17 00:00:00 2001
> +From 7ed5b340f4077e616287b6124dfd46cf6a2cab50 Mon Sep 17 00:00:00 2001
>  From: Fabio Berton 
>  Date: Wed, 12 Jun 2019 13:40:20 -0300
>  Subject: [PATCH] meson.build: check for all linux host_os combinations
> @@ -14,15 +14,16 @@ Upstream-Status: Pending
>  Signed-off-by: Anuj Mittal 
>  Signed-off-by: Fabio Berton 
>  Signed-off-by: Otavio Salvador 
> +
>  ---
>   meson.build | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
>
>  diff --git a/meson.build b/meson.build
> -index 567a81afd6f..b33b430aed4 100644
> +index db94f85..6f7b0ed 100644
>  --- a/meson.build
>  +++ b/meson.build
> -@@ -107,7 +107,7 @@ with_any_opengl = with_opengl or with_gles1 or
> with_gles2
> +@@ -117,7 +117,7 @@ with_any_opengl = with_opengl or with_gles1 or
> with_gles2
>   # Only build shared_glapi if at least one OpenGL API is enabled
>   with_shared_glapi = get_option('shared-glapi') and with_any_opengl
>
> @@ -31,7 +32,7 @@ index 567a81afd6f..b33b430aed4 100644
>
>   dri_drivers = get_option('dri-drivers')
>   if dri_drivers.contains('auto')
> -@@ -845,7 +845,7 @@ if cc.compiles('int foo(void)
> __attribute__((__noreturn__));',
> +@@ -856,7 +856,7 @@ if cc.compiles('__uint128_t foo(void) { return 0; }',
>   endif
>
>   # TODO: this is very incomplete
> diff --git
> a/meta/recipes-graphics/mesa/files/0002-meson.build-make-TLS-GLX-optional-again.patch
> b/meta/recipes-graphics/mesa/files/0002-meson.build-make-TLS-GLX-optional-again.patch
> index 641bacf1d9..dc232285f0 100644
> ---
> a/meta/recipes-graphics/mesa/files/0002-meson.build-make-TLS-GLX-optional-again.patch
> +++
> b/meta/recipes-graphics/mesa/files/0002-meson.build-make-TLS-GLX-optional-again.patch
> @@ -1,4 +1,4 @@
> -From cee8e48c5344124e5d84307cb0c48ee0c9b3e684 Mon Sep 17 00:00:00 2001
> +From 78efbf1e2e733097d22ae7c558b8acf866104bec Mon Sep 17 00:00:00 2001
>  From: Fabio Berton 
>  Date: Wed, 12 Jun 2019 14:15:57 -0300
>  Subject: [PATCH] meson.build: make TLS GLX optional again
> @@ -12,31 +12,32 @@ Upstream-Status: Pending
>  Signed-off-by: Alexander Kanavin 
>  Signed-off-by: Fabio Berton 
>  Signed-off-by: Otavio Salvador 
> +
>  ---
> - meson.build   | 4 +++-
> - meson_options.txt | 7 +++
> - 2 files changed, 10 insertions(+), 1 deletion(-)
> + meson.build   | 4 
> + meson_options.txt | 6 ++
> + 2 files changed, 10 insertions(+)
>
>  diff --git a/meson.build b/meson.build
> -index b33b430aed4..0e50bb26c0a 100644
> +index 6f7b0ed..d961748 100644
>  --- a/meson.build
>  +++ b

[OE-core] [thud][PATCH v2] libgcrypt: CVE-2019-12904 fix

[shuagr97]

From: Shubham Agrawal 

---
 .../libgcrypt/files/CVE-2019-12904.patch   | 501 +
 meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb  |   1 +
 2 files changed, 502 insertions(+)
 create mode 100644 meta/recipes-support/libgcrypt/files/CVE-2019-12904.patch

diff --git a/meta/recipes-support/libgcrypt/files/CVE-2019-12904.patch 
b/meta/recipes-support/libgcrypt/files/CVE-2019-12904.patch
new file mode 100644
index 000..f19be16
--- /dev/null
+++ b/meta/recipes-support/libgcrypt/files/CVE-2019-12904.patch
@@ -0,0 +1,501 @@
+From e9b045c443308e8c37255de9927b251efb38e48f Mon Sep 17 00:00:00 2001
+From: Jussi Kivilinna 
+Date: Fri, 31 May 2019 17:18:09 +0300
+Subject: [PATCH 1/2] AES: move look-up tables to .data section and unshare
+ between processes
+Reply-To: shu...@microsoft.com
+
+* cipher/rijndael-internal.h (ATTR_ALIGNED_64): New.
+* cipher/rijndael-tables.h (encT): Move to 'enc_tables' structure.
+(enc_tables): New structure for encryption table with counters before
+and after.
+(encT): New macro.
+(dec_tables): Add counters before and after encryption table; Move
+from .rodata to .data section.
+(do_encrypt): Change 'encT' to 'enc_tables.T'.
+(do_decrypt): Change '&dec_tables' to 'dec_tables.T'.
+* cipher/cipher-gcm.c (prefetch_table): Make inline; Handle input
+with length not multiple of 256.
+(prefetch_enc, prefetch_dec): Modify pre- and post-table counters
+to unshare look-up table pages between processes.
+--
+
+GnuPG-bug-id: 4541
+Signed-off-by: Jussi Kivilinna 
+---
+ cipher/rijndael-internal.h |   4 +-
+ cipher/rijndael-tables.h   | 155 +
+ cipher/rijndael.c  |  35 --
+ 3 files changed, 118 insertions(+), 76 deletions(-)
+
+diff --git a/cipher/rijndael-internal.h b/cipher/rijndael-internal.h
+index 160fb8c..a62d4b7 100644
+--- a/cipher/rijndael-internal.h
 b/cipher/rijndael-internal.h
+@@ -29,11 +29,13 @@
+ #define BLOCKSIZE   (128/8)
+ 
+ 
+-/* Helper macro to force alignment to 16 bytes.  */
++/* Helper macro to force alignment to 16 or 64 bytes.  */
+ #ifdef HAVE_GCC_ATTRIBUTE_ALIGNED
+ # define ATTR_ALIGNED_16  __attribute__ ((aligned (16)))
++# define ATTR_ALIGNED_64  __attribute__ ((aligned (64)))
+ #else
+ # define ATTR_ALIGNED_16
++# define ATTR_ALIGNED_64
+ #endif
+ 
+ 
+diff --git a/cipher/rijndael-tables.h b/cipher/rijndael-tables.h
+index 8359470..b54d959 100644
+--- a/cipher/rijndael-tables.h
 b/cipher/rijndael-tables.h
+@@ -21,80 +21,98 @@
+ /* To keep the actual implementation at a readable size we use this
+include file to define the tables.  */
+ 
+-static const u32 encT[256] =
++static struct
++{
++  volatile u32 counter_head;
++  u32 cacheline_align[64 / 4 - 1];
++  u32 T[256];
++  volatile u32 counter_tail;
++} enc_tables ATTR_ALIGNED_64 =
+   {
+-0xa56363c6, 0x847c7cf8, 0x99ee, 0x8d7b7bf6,
+-0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591,
+-0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56,
+-0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec,
+-0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa,
+-0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb,
+-0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45,
+-0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b,
+-0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c,
+-0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4f83,
+-0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9,
+-0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a,
+-0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d,
+-0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f,
+-0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df,
+-0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea,
+-0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34,
+-0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b,
+-0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d,
+-0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413,
+-0xf55353a6, 0x68d1d1b9, 0x, 0x2cededc1,
+-0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6,
+-0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972,
+-0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85,
+-0x6bd0d0bb, 0x2aefefc5, 0xe54f, 0x16fbfbed,
+-0xc5434386, 0xd74d4d9a, 0x5566, 0x94858511,
+-0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe,
+-0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b,
+-0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05,
+-0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1,
+-0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142,
+-0x30101020, 0x1ae5, 0x0ef3f3fd, 0x6dd2d2bf,
+-0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3,
+-0xe15f5fbe, 0xa2979735, 0xcc88, 0x3917172e,
+-0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a,
+-0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6,
+-0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3,
+-0x6644, 0x7e2a2a54, 0xab90903b, 0x830b,
+-0xca46468c, 0x29c7, 0xd3b8b86b, 0x3c141428,
+-0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad,

[OE-core] [PATCH v5 1/2] libsdl2: Fix build failure when using mesa 19.2.1

[Alistair Francis]

Signed-off-by: Alistair Francis 
---
v5:
 - Backport upstream fix

 ...DL-fails-to-compile-with-Mesa-Master.patch | 41 +++
 .../libsdl2/libsdl2_2.0.10.bb |  1 +
 2 files changed, 42 insertions(+)
 create mode 100644 
meta/recipes-graphics/libsdl2/libsdl2/0002-Fixed-bug-4797-SDL-fails-to-compile-with-Mesa-Master.patch

diff --git 
a/meta/recipes-graphics/libsdl2/libsdl2/0002-Fixed-bug-4797-SDL-fails-to-compile-with-Mesa-Master.patch
 
b/meta/recipes-graphics/libsdl2/libsdl2/0002-Fixed-bug-4797-SDL-fails-to-compile-with-Mesa-Master.patch
new file mode 100644
index 00..8f5b6a0cef
--- /dev/null
+++ 
b/meta/recipes-graphics/libsdl2/libsdl2/0002-Fixed-bug-4797-SDL-fails-to-compile-with-Mesa-Master.patch
@@ -0,0 +1,41 @@
+# HG changeset patch
+# User Sylvain Becker 
+# Date 1570898876 -7200
+#  Sat Oct 12 18:47:56 2019 +0200
+# Node ID 369b01006eb2f6fd563f7c315d29ae3fe503c432
+# Parent  4cbaffd0083b8cd17070dbd9d4ab1ce0fa9fca2d
+Fixed bug 4797 - SDL fails to compile with Mesa Master (thanks Michael 
Olbrich!)
+
+fix building with Mesa 19.2
+
+With Mesa 19.2 building fails with:
+
+/include/GLES/gl.h:63:25: error: conflicting types for 'GLsizeiptr'
+
+The same type is defined in include/SDL_opengl.h for OpenGL and the two
+headers should not be included at the same time.
+This was just never noticed because the same header guard '__gl_h_' was
+used. This was changed in Mesa. The result is this error.
+
+Fix this the same way GLES2 already handles this: Don't include the GLES
+header when the OpenGL header was already included.
+(https://hg.libsdl.org/SDL/rev/a60b3c292f0f)
+
+Upstream-Status: Backport [https://hg.libsdl.org/SDL/rev/369b01006eb2]
+Signed-off-by: Alistair Francis 
+
+diff --git a/src/video/SDL_video.c b/src/video/SDL_video.c
+--- a/src/video/SDL_video.c
 b/src/video/SDL_video.c
+@@ -37,9 +37,9 @@
+ #include "SDL_opengl.h"
+ #endif /* SDL_VIDEO_OPENGL */
+ 
+-#if SDL_VIDEO_OPENGL_ES
++#if SDL_VIDEO_OPENGL_ES && !SDL_VIDEO_OPENGL
+ #include "SDL_opengles.h"
+-#endif /* SDL_VIDEO_OPENGL_ES */
++#endif /* SDL_VIDEO_OPENGL_ES && !SDL_VIDEO_OPENGL */
+ 
+ /* GL and GLES2 headers conflict on Linux 32 bits */
+ #if SDL_VIDEO_OPENGL_ES2 && !SDL_VIDEO_OPENGL
diff --git a/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb 
b/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb
index cdc8650e17..862abe1d54 100644
--- a/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb
+++ b/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb
@@ -15,6 +15,7 @@ PROVIDES = "virtual/libsdl2"
 SRC_URI = "http://www.libsdl.org/release/SDL2-${PV}.tar.gz \
file://more-gen-depends.patch \

file://0001-Fixed-bug-4538-validate-image-size-when-loading-BMP-.patch \
+   
file://0002-Fixed-bug-4797-SDL-fails-to-compile-with-Mesa-Master.patch \
 "
 
 S = "${WORKDIR}/SDL2-${PV}"
-- 
2.23.0

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH] libcap-ng: undefined reference to `pthread_atfork'

[Trevor Woerner]

Some hosts need -lpthread in order to link properly (e.g. openSUSE 15.1).

Signed-off-by: Trevor Woerner 
---
 meta/recipes-support/libcap-ng/libcap-ng_0.7.10.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-support/libcap-ng/libcap-ng_0.7.10.bb 
b/meta/recipes-support/libcap-ng/libcap-ng_0.7.10.bb
index 6e6de45494..01ea9a1490 100644
--- a/meta/recipes-support/libcap-ng/libcap-ng_0.7.10.bb
+++ b/meta/recipes-support/libcap-ng/libcap-ng_0.7.10.bb
@@ -3,6 +3,7 @@ require libcap-ng.inc
 inherit lib_package autotools
 
 EXTRA_OECONF += "--without-python --without-python3"
+LDFLAGS_append_class-native = " -lpthread"
 
 BBCLASSEXTEND = "native nativesdk"
 
-- 
2.23.0.37.g745f681289

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] ✗ patchtest: failure for libgcrypt: CVE-2019-12904 fix

[Patchwork]

== Series Details ==

Series: libgcrypt: CVE-2019-12904 fix
Revision: 1
URL   : https://patchwork.openembedded.org/series/20686/
State : failure

== Summary ==


Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been executed on the proposed
series by patchtest resulting in the following failures:



* Patch[thud,v2] libgcrypt: CVE-2019-12904 fix
 Issue Patch is missing Signed-off-by [test_signed_off_by_presence] 
  Suggested fixSign off the patch (either manually or with "git commit 
--amend -s")

* Patch[thud,v2] libgcrypt: CVE-2019-12904 fix
 Issue Missing or incorrectly formatted CVE tag in included patch 
file [test_cve_tag_format] 
  Suggested fixCorrect or include the CVE tag on cve patch with format: 
"CVE: CVE--"

* Issue Added patch file is missing Upstream-Status in the header 
[test_upstream_status_presence_format] 
  Suggested fixAdd Upstream-Status:  to the header of 
meta/recipes-support/libgcrypt/files/CVE-2019-12904.patch
  Standard format  Upstream-Status: 
  Valid status Pending, Accepted, Backport, Denied, Inappropriate [reason], 
Submitted [where]



If you believe any of these test results are incorrect, please reply to the
mailing list (openembedded-core@lists.openembedded.org) raising your concerns.
Otherwise we would appreciate you correcting the issues and submitting a new
version of the patchset if applicable. Please ensure you add/increment the
version number when sending the new version (i.e. [PATCH] -> [PATCH v2] ->
[PATCH v3] -> ...).

---
Guidelines: 
https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH v5 2/2] mesa: Upgrade to 19.2.1

[Alistair Francis]

From: Alistair Francis 

Upgrade mesa and mesa-gl to 19.2.1.

The license hash change was a trivial new line removal.

The glx-tls option was removed as it isn't included in the meson.build
file. It has been replaced with 'use-elf-tls' instead.

The -Dasm=false was removed as it also is no longer included.

Signed-off-by: Alistair Francis 
Signed-off-by: Alistair Francis 
Acked-by: Otavio Salvador 
---
v4:
 - Add a patch (first patch in the series) to fix libsdl2 build
v3:
 - Fix missing Upstream-Status
v2:
 - Add back "make TLS ELF optional" patch

 ...02-meson.build-make-TLS-ELF-optional.patch | 48 +
 ...on.build-make-TLS-GLX-optional-again.patch | 52 ---
 .../{mesa-gl_19.1.6.bb => mesa-gl_19.2.1.bb}  |  0
 meta/recipes-graphics/mesa/mesa.inc   | 15 +++---
 .../mesa/{mesa_19.1.6.bb => mesa_19.2.1.bb}   |  6 +--
 5 files changed, 57 insertions(+), 64 deletions(-)
 create mode 100644 
meta/recipes-graphics/mesa/files/0002-meson.build-make-TLS-ELF-optional.patch
 delete mode 100644 
meta/recipes-graphics/mesa/files/0002-meson.build-make-TLS-GLX-optional-again.patch
 rename meta/recipes-graphics/mesa/{mesa-gl_19.1.6.bb => mesa-gl_19.2.1.bb} 
(100%)
 rename meta/recipes-graphics/mesa/{mesa_19.1.6.bb => mesa_19.2.1.bb} (77%)

diff --git 
a/meta/recipes-graphics/mesa/files/0002-meson.build-make-TLS-ELF-optional.patch 
b/meta/recipes-graphics/mesa/files/0002-meson.build-make-TLS-ELF-optional.patch
new file mode 100644
index 00..c3b5e14cd6
--- /dev/null
+++ 
b/meta/recipes-graphics/mesa/files/0002-meson.build-make-TLS-ELF-optional.patch
@@ -0,0 +1,48 @@
+From edd03b8ea66ccf81b0c1d27868756d06e2d177ab Mon Sep 17 00:00:00 2001
+From: Alistair Francis 
+Date: Wed, 23 Oct 2019 09:46:28 -0700
+Subject: [PATCH] meson.build: make TLS ELF optional
+
+USE_ELF_TLS has replaced GLX_USE_TLS so this patch is the original "make
+TLS GLX optional again" patch updated to the latest mesa.
+
+Upstream-Status: Inappropriate [configuration]
+Signed-off-by: Alistair Francis 
+---
+ meson.build   | 2 +-
+ meson_options.txt | 6 ++
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/meson.build b/meson.build
+index 7992734..06653fe 100644
+--- a/meson.build
 b/meson.build
+@@ -378,7 +378,7 @@ if with_egl and not (with_platform_drm or 
with_platform_surfaceless or with_plat
+ endif
+ 
+ # Android uses emutls for versions <= P/28. For USE_ELF_TLS we need ELF TLS.
+-if not with_platform_android or get_option('platform-sdk-version') >= 29
++if (not with_platform_android or get_option('platform-sdk-version') >= 29) 
and get_option('elf-tls')
+   pre_args += '-DUSE_ELF_TLS'
+ endif
+ 
+diff --git a/meson_options.txt b/meson_options.txt
+index 188e132..ddd47b7 100644
+--- a/meson_options.txt
 b/meson_options.txt
+@@ -339,6 +339,12 @@ option(
+   value : true,
+   description : 'Enable direct rendering in GLX and EGL for DRI',
+ )
++option(
++  'elf-tls',
++  type : 'boolean',
++  value : true,
++  description : 'Enable TLS support in ELF',
++)
+ option(
+   'I-love-half-baked-turnips',
+   type : 'boolean',
+-- 
+2.23.0
+
diff --git 
a/meta/recipes-graphics/mesa/files/0002-meson.build-make-TLS-GLX-optional-again.patch
 
b/meta/recipes-graphics/mesa/files/0002-meson.build-make-TLS-GLX-optional-again.patch
deleted file mode 100644
index 641bacf1d9..00
--- 
a/meta/recipes-graphics/mesa/files/0002-meson.build-make-TLS-GLX-optional-again.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From cee8e48c5344124e5d84307cb0c48ee0c9b3e684 Mon Sep 17 00:00:00 2001
-From: Fabio Berton 
-Date: Wed, 12 Jun 2019 14:15:57 -0300
-Subject: [PATCH] meson.build: make TLS GLX optional again
-Organization: O.S. Systems Software LTDA.
-
-This was optional with autotools, and needs to be disabled
-when using musl C library, for instance.
-
-Upstream-Status: Pending
-
-Signed-off-by: Alexander Kanavin 
-Signed-off-by: Fabio Berton 
-Signed-off-by: Otavio Salvador 

- meson.build   | 4 +++-
- meson_options.txt | 7 +++
- 2 files changed, 10 insertions(+), 1 deletion(-)
-
-diff --git a/meson.build b/meson.build
-index b33b430aed4..0e50bb26c0a 100644
 a/meson.build
-+++ b/meson.build
-@@ -369,7 +369,9 @@ if with_egl and not (with_platform_drm or 
with_platform_surfaceless or with_plat
-   endif
- endif
- 
--pre_args += '-DGLX_USE_TLS'
-+if get_option('glx-tls')
-+  pre_args += '-DGLX_USE_TLS'
-+endif
- if with_glx != 'disabled'
-   if not (with_platform_x11 and with_any_opengl)
- error('Cannot build GLX support without X11 platform support and at least 
one OpenGL API')
-diff --git a/meson_options.txt b/meson_options.txt
-index 1f72faabee8..fcd49efea27 100644
 a/meson_options.txt
-+++ b/meson_options.txt
-@@ -339,6 +339,13 @@ option(
-   value : true,
-   description : 'Enable direct rendering in GLX and EGL for DRI',
- )
-+option(
-+  'glx-tls',
-+  type : 'boolean',
-+  value : true,
-+  description : 'Enable TLS support in GLX',
-+)
-+
- option(
-   'I-love-half-baked-turnips

[OE-core] [PATCH] sudo: Fix fetching sources

[Ferry Toth]

It looks like https://www.sudo.ws/download.html changed certificate
and directory structure. This breaks fetching sources.

Signed-off-by: Ferry Toth 
---
 meta/recipes-extended/sudo/sudo_1.8.23.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-extended/sudo/sudo_1.8.23.bb 
b/meta/recipes-extended/sudo/sudo_1.8.23.bb
index ce32bd187e..da184be058 100644
--- a/meta/recipes-extended/sudo/sudo_1.8.23.bb
+++ b/meta/recipes-extended/sudo/sudo_1.8.23.bb
@@ -1,6 +1,6 @@
 require sudo.inc
 
-SRC_URI = "http://ftp.sudo.ws/sudo/dist/sudo-${PV}.tar.gz \
+SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \
${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', 
'', d)} \
file://0001-Include-sys-types.h-for-id_t-definition.patch \
"
-- 
2.20.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH] libcap-ng:upgrade 0.7.9 -> 0.7.10

[Trevor Woerner]

On Fri 2019-10-25 @ 01:24:51 PM, Trevor Woerner wrote:
> On Fri 2019-10-25 @ 07:37:34 AM, akuster808 wrote:
> > is someone going to send a patch?
> 
> Yes, I'm working on that now. This looks like something that should be fixed
> upstream, so that's the approach I'm taking. Please bear with me :-)

I sent a "quickie" fix to the list so master builds can proceed:
https://patchwork.openembedded.org/patch/166245/

But I also opened an issue with the upstream project:
https://github.com/stevegrubb/libcap-ng/issues/9

And proposed a solution:
https://github.com/stevegrubb/libcap-ng/pull/10
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] Add recipes for Go v1.13

[Alexander Kube]

Done. The latest patchset removes go-1.12 and cleans up the rest of the
1.13 recipes.

On Fri, Oct 25, 2019 at 1:49 PM Khem Raj  wrote:

> 1.12 should be removed along with this
>
> On Thu, Oct 24, 2019 at 6:29 PM Alexander Kube 
> wrote:
>
>> This patch set adds various go-1.13 recipes and changes the
>> poky GOVERSION to 1.13%. It leaves the existing go-1.12
>> recipes untouched and available for existing users of
>> those recipes.
>>
>>
>> --
>> ___
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>>
>
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH 1/1] openssl: make OPENSSL_ENGINES match install path

[akuster808]

On 10/25/19 1:16 PM, George McCollister wrote:
> Can we get 59565fec0b3f3e24eb01c03b671913599cd3134d cherry-picked to
> warrior now that this has landed in master?
once it makes it into zeus mainline. Its staged @
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/zeus-nmut 
while Richard sorts out a maintainer.

- armin
> Thanks,
> George

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] ✗ patchtest: failure for sudo: Fix fetching sources

[Ferry Toth]

Op 25-10-2019 om 21:32 schreef Patchwork:

== Series Details ==

Series: sudo: Fix fetching sources
Revision: 1
URL   : https://patchwork.openembedded.org/series/20684/
State : failure

== Summary ==


Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been executed on the proposed
series by patchtest resulting in the following failures:



* Issue Series does not apply on top of target branch 
[test_series_merge_on_head]
   Suggested fixRebase your series on top of targeted branch
   Targeted branch  master (currently at 1a8d18)



If you believe any of these test results are incorrect, please reply to the
mailing list (openembedded-core@lists.openembedded.org) raising your concerns.
Otherwise we would appreciate you correcting the issues and submitting a new
version of the patchset if applicable. Please ensure you add/increment the
version number when sending the new version (i.e. [PATCH] -> [PATCH v2] ->
[PATCH v3] -> ...).


The patch applies to thud.


---
Guidelines: 
https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe




--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH 1/1] openssl: make OPENSSL_ENGINES match install path

[George McCollister]

Can we get 59565fec0b3f3e24eb01c03b671913599cd3134d cherry-picked to
warrior now that this has landed in master?

Thanks,
George
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] ✗ patchtest: failure for sudo: Fix fetching sources

[Patchwork]

== Series Details ==

Series: sudo: Fix fetching sources
Revision: 1
URL   : https://patchwork.openembedded.org/series/20684/
State : failure

== Summary ==


Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been executed on the proposed
series by patchtest resulting in the following failures:



* Issue Series does not apply on top of target branch 
[test_series_merge_on_head] 
  Suggested fixRebase your series on top of targeted branch
  Targeted branch  master (currently at 1a8d18)



If you believe any of these test results are incorrect, please reply to the
mailing list (openembedded-core@lists.openembedded.org) raising your concerns.
Otherwise we would appreciate you correcting the issues and submitting a new
version of the patchset if applicable. Please ensure you add/increment the
version number when sending the new version (i.e. [PATCH] -> [PATCH v2] ->
[PATCH v3] -> ...).

---
Guidelines: 
https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH v5 4/5] go: Remove go-1.12

[Alexander Kube]

From: Alex Kube 

Signed-off-by: Alex Kube 
---
 meta/recipes-devtools/go/go-1.12.inc  |  24 --
 ...ow-CC-and-CXX-to-have-multiple-words.patch |  31 --
 ...o1.12-security-net-textproto-don-t-n.patch | 163 --
 ...ent-based-hash-generation-less-pedan.patch | 218 --
 ...-to-be-overridden-in-the-environment.patch |  48 ---
 ...4-ld-add-soname-to-shareable-objects.patch |  45 ---
 ...de-CC-when-building-dist-and-go_boot.patch |  37 ---
 ...dist-separate-host-and-target-builds.patch | 282 --
 ...d-go-make-GOROOT-precious-by-default.patch | 106 ---
 ...008-use-GOBUILDMODE-to-set-buildmode.patch |  37 ---
 ...place-glibc-dynamic-linker-with-musl.patch | 112 ---
 .../go/go-cross-canadian_1.12.bb  |   2 -
 meta/recipes-devtools/go/go-cross_1.12.bb |   2 -
 meta/recipes-devtools/go/go-crosssdk_1.12.bb  |   2 -
 meta/recipes-devtools/go/go-native_1.12.bb|   2 -
 meta/recipes-devtools/go/go-runtime_1.12.bb   |   2 -
 meta/recipes-devtools/go/go_1.12.bb   |  14 -
 17 files changed, 1127 deletions(-)
 delete mode 100644 meta/recipes-devtools/go/go-1.12.inc
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0001-allow-CC-and-CXX-to-have-multiple-words.patch
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0001-release-branch.go1.12-security-net-textproto-don-t-n.patch
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0002-cmd-go-make-content-based-hash-generation-less-pedan.patch
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0003-allow-GOTOOLDIR-to-be-overridden-in-the-environment.patch
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0004-ld-add-soname-to-shareable-objects.patch
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0005-make.bash-override-CC-when-building-dist-and-go_boot.patch
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0006-cmd-dist-separate-host-and-target-builds.patch
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0007-cmd-go-make-GOROOT-precious-by-default.patch
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0008-use-GOBUILDMODE-to-set-buildmode.patch
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0009-ld-replace-glibc-dynamic-linker-with-musl.patch
 delete mode 100644 meta/recipes-devtools/go/go-cross-canadian_1.12.bb
 delete mode 100644 meta/recipes-devtools/go/go-cross_1.12.bb
 delete mode 100644 meta/recipes-devtools/go/go-crosssdk_1.12.bb
 delete mode 100644 meta/recipes-devtools/go/go-native_1.12.bb
 delete mode 100644 meta/recipes-devtools/go/go-runtime_1.12.bb
 delete mode 100644 meta/recipes-devtools/go/go_1.12.bb

diff --git a/meta/recipes-devtools/go/go-1.12.inc 
b/meta/recipes-devtools/go/go-1.12.inc
deleted file mode 100644
index ed14b175e6..00
--- a/meta/recipes-devtools/go/go-1.12.inc
+++ /dev/null
@@ -1,24 +0,0 @@
-require go-common.inc
-
-GO_BASEVERSION = "1.12"
-GO_MINOR = ".9"
-PV .= "${GO_MINOR}"
-FILESEXTRAPATHS_prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"
-
-LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707"
-
-SRC_URI += "\
-file://0001-allow-CC-and-CXX-to-have-multiple-words.patch \
-file://0002-cmd-go-make-content-based-hash-generation-less-pedan.patch \
-file://0003-allow-GOTOOLDIR-to-be-overridden-in-the-environment.patch \
-file://0004-ld-add-soname-to-shareable-objects.patch \
-file://0005-make.bash-override-CC-when-building-dist-and-go_boot.patch \
-file://0006-cmd-dist-separate-host-and-target-builds.patch \
-file://0007-cmd-go-make-GOROOT-precious-by-default.patch \
-file://0008-use-GOBUILDMODE-to-set-buildmode.patch \
-file://0001-release-branch.go1.12-security-net-textproto-don-t-n.patch \
-"
-SRC_URI_append_libc-musl = " 
file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
-
-SRC_URI[main.md5sum] = "6132109d4050da349eadc9f7b0304ef4"
-SRC_URI[main.sha256sum] = 
"ab0e56ed9c4732a653ed22e232652709afbf573e710f56a07f7fdeca578d62fc"
diff --git 
a/meta/recipes-devtools/go/go-1.12/0001-allow-CC-and-CXX-to-have-multiple-words.patch
 
b/meta/recipes-devtools/go/go-1.12/0001-allow-CC-and-CXX-to-have-multiple-words.patch
deleted file mode 100644
index 4442858c83..00
--- 
a/meta/recipes-devtools/go/go-1.12/0001-allow-CC-and-CXX-to-have-multiple-words.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 7cc519aa5f84cf8fc7ac8c10fc69aa8040330ea0 Mon Sep 17 00:00:00 2001
-From: Matt Madison 
-Date: Mon, 19 Feb 2018 08:49:33 -0800
-Subject: [PATCH] allow CC and CXX to have multiple words
-
-Upstream-Status: Inappropriate [OE specific]
-
-Signed-off-by: Matt Madison 
-

- src/cmd/go/internal/envcmd/env.go | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/cmd/go/internal/envcmd/env.go 
b/src/cmd/go/internal/envcmd/env.go
-index afadbad..cedbfbf 100644
 a/src/cmd/go/internal/envcmd/env.go
-+++ b/src/cmd/go/internal/envcmd/env.go
-@@ -85,11 +85,11 @@ func MkEnv() []cfg.EnvVar {
- 
-   cc := cfg.DefaultCC(cfg.Goos, cfg.Goarch)
-   if

[OE-core] [PATCH v5 5/5] go: Extract common environment setup.

[Alexander Kube]

From: Alex Kube 

Add default values for go environment variables to go-common.inc.
Override where appropriate in other go*.inc files, and use
host/target tuples from goarch for setting CC flags.

Signed-off-by: Alex Kube 
---
 meta/recipes-devtools/go/go-common.inc | 10 ++
 meta/recipes-devtools/go/go-cross-canadian.inc |  8 ++--
 meta/recipes-devtools/go/go-cross.inc  | 13 ++---
 meta/recipes-devtools/go/go-crosssdk.inc   | 11 ++-
 meta/recipes-devtools/go/go-runtime.inc| 15 +++
 meta/recipes-devtools/go/go-target.inc |  9 -
 6 files changed, 19 insertions(+), 47 deletions(-)

diff --git a/meta/recipes-devtools/go/go-common.inc 
b/meta/recipes-devtools/go/go-common.inc
index 93a3d3b5fb..f18d928c70 100644
--- a/meta/recipes-devtools/go/go-common.inc
+++ b/meta/recipes-devtools/go/go-common.inc
@@ -27,6 +27,16 @@ export GOTMPDIR ?= "${WORKDIR}/go-tmp"
 GOTMPDIR[vardepvalue] = ""
 export CGO_ENABLED = "1"
 
+export GOHOSTOS ?= "${BUILD_GOOS}"
+export GOHOSTARCH ?= "${BUILD_GOARCH}"
+export GOROOT_BOOTSTRAP ?= "${STAGING_LIBDIR_NATIVE}/go"
+export GOOS ?= "${TARGET_GOOS}"
+export GOARCH ?= "${TARGET_GOARCH}"
+export GOARM ?= "${TARGET_GOARM}"
+export GO386 ?= "${TARGET_GO386}"
+export GOMIPS ?= "${TARGET_GOMIPS}"
+export GOROOT_FINAL ?= "${libdir}/go"
+
 do_compile_prepend() {
BUILD_CC=${BUILD_CC}
 }
diff --git a/meta/recipes-devtools/go/go-cross-canadian.inc 
b/meta/recipes-devtools/go/go-cross-canadian.inc
index 945d0f9d10..d49250a8e2 100644
--- a/meta/recipes-devtools/go/go-cross-canadian.inc
+++ b/meta/recipes-devtools/go/go-cross-canadian.inc
@@ -13,11 +13,7 @@ DEBUG_PREFIX_MAP = 
"-fdebug-prefix-map=${WORKDIR}=/usr/src/debug/${PN}/${EXTENDP
 -fdebug-prefix-map=${STAGING_DIR_NATIVE}= \
 "
 
-export GOHOSTOS = "${BUILD_GOOS}"
-export GOHOSTARCH = "${BUILD_GOARCH}"
-export GOROOT_BOOTSTRAP = "${STAGING_LIBDIR_NATIVE}/go"
 export GOTOOLDIR_BOOTSTRAP = 
"${STAGING_LIBDIR_NATIVE}/${HOST_SYS}/go/pkg/tool/${BUILD_GOTUPLE}"
-export GOROOT_FINAL = "${libdir}/go"
 export CGO_CFLAGS = "${CFLAGS}"
 export CGO_LDFLAGS = "${LDFLAGS}"
 export GO_LDFLAGS = '-linkmode external -extld ${HOST_PREFIX}gcc -extldflags 
"--sysroot=${STAGING_DIR_HOST} ${SECURITY_NOPIE_CFLAGS} ${HOST_CC_ARCH} 
${LDFLAGS}"'
@@ -25,8 +21,8 @@ export GO_LDFLAGS = '-linkmode external -extld 
${HOST_PREFIX}gcc -extldflags "--
 do_configure[noexec] = "1"
 
 do_compile() {
-   export CC_FOR_${HOST_GOOS}_${HOST_GOARCH}="${HOST_PREFIX}gcc 
--sysroot=${STAGING_DIR_HOST}${SDKPATHNATIVE} ${SECURITY_NOPIE_CFLAGS}"
-   export CXX_FOR_${HOST_GOOS}_${HOST_GOARCH}="${HOST_PREFIX}gxx 
--sysroot=${STAGING_DIR_HOST}${SDKPATHNATIVE} ${SECURITY_NOPIE_CFLAGS}"
+   export CC_FOR_${HOST_GOTUPLE}="${HOST_PREFIX}gcc 
--sysroot=${STAGING_DIR_HOST}${SDKPATHNATIVE} ${SECURITY_NOPIE_CFLAGS}"
+   export CXX_FOR_${HOST_GOTUPLE}="${HOST_PREFIX}gxx 
--sysroot=${STAGING_DIR_HOST}${SDKPATHNATIVE} ${SECURITY_NOPIE_CFLAGS}"
cd src
./make.bash --host-only --no-banner
cd ${B}
diff --git a/meta/recipes-devtools/go/go-cross.inc 
b/meta/recipes-devtools/go/go-cross.inc
index 3d344a74d3..3d5803bf07 100644
--- a/meta/recipes-devtools/go/go-cross.inc
+++ b/meta/recipes-devtools/go/go-cross.inc
@@ -5,23 +5,14 @@ DEPENDS = "go-native"
 
 PN = "go-cross-${TUNE_PKGARCH}"
 
-export GOHOSTOS = "${BUILD_GOOS}"
-export GOHOSTARCH = "${BUILD_GOARCH}"
-export GOOS = "${TARGET_GOOS}"
-export GOARCH = "${TARGET_GOARCH}"
-export GOARM = "${TARGET_GOARM}"
-export GO386 = "${TARGET_GO386}"
-export GOMIPS = "${TARGET_GOMIPS}"
-export GOROOT_BOOTSTRAP = "${STAGING_LIBDIR_NATIVE}/go"
-export GOROOT_FINAL = "${libdir}/go"
 export GOCACHE = "${B}/.cache"
 CC = "${@d.getVar('BUILD_CC').strip()}"
 
 do_configure[noexec] = "1"
 
 do_compile() {
-   export CC_FOR_${GOOS}_${GOARCH}="${TARGET_PREFIX}gcc ${TARGET_CC_ARCH} 
--sysroot=${STAGING_DIR_TARGET}"
-   export CXX_FOR_${GOOS}_${GOARCh}="${TARGET_PREFIX}g++ ${TARGET_CC_ARCH} 
--sysroot=${STAGING_DIR_TARGET}"
+   export CC_FOR_${TARGET_GOTUPLE}="${TARGET_PREFIX}gcc ${TARGET_CC_ARCH} 
--sysroot=${STAGING_DIR_TARGET}"
+   export CXX_FOR_${TARGET_GOTUPLE}="${TARGET_PREFIX}g++ ${TARGET_CC_ARCH} 
--sysroot=${STAGING_DIR_TARGET}"
cd src
./make.bash --host-only --no-banner
cd ${B}
diff --git a/meta/recipes-devtools/go/go-crosssdk.inc 
b/meta/recipes-devtools/go/go-crosssdk.inc
index 94f6fb8eb7..f0bec79719 100644
--- a/meta/recipes-devtools/go/go-crosssdk.inc
+++ b/meta/recipes-devtools/go/go-crosssdk.inc
@@ -4,18 +4,11 @@ DEPENDS = "go-native virtual/${TARGET_PREFIX}gcc-crosssdk 
virtual/nativesdk-${TA
 PN = "go-crosssdk-${SDK_SYS}"
 PROVIDES = "virtual/${TARGET_PREFIX}go-crosssdk"
 
-export GOHOSTOS = "${BUILD_GOOS}"
-export GOHOSTARCH = "${BUILD_GOARCH}"
-export GOOS = "${TARGET_GOOS}"
-export GOARCH = "${TARGET_GOARCH}"
-export GOROOT_BOOTSTRAP = "${STAGING_L

[OE-core] [PATCH v5 2/5] go: Add go1.13 recipes

[Alexander Kube]

From: Alex Kube 

Signed-off-by: Alex Kube 
---
 meta/recipes-devtools/go/go-1.13.inc  | 24 +++
 .../go/go-cross-canadian_1.13.bb  |  2 ++
 meta/recipes-devtools/go/go-cross_1.13.bb |  2 ++
 meta/recipes-devtools/go/go-crosssdk_1.13.bb  |  2 ++
 meta/recipes-devtools/go/go-native_1.13.bb|  2 ++
 meta/recipes-devtools/go/go-runtime_1.13.bb   |  2 ++
 meta/recipes-devtools/go/go_1.13.bb   | 14 +++
 7 files changed, 48 insertions(+)
 create mode 100644 meta/recipes-devtools/go/go-1.13.inc
 create mode 100644 meta/recipes-devtools/go/go-cross-canadian_1.13.bb
 create mode 100644 meta/recipes-devtools/go/go-cross_1.13.bb
 create mode 100644 meta/recipes-devtools/go/go-crosssdk_1.13.bb
 create mode 100644 meta/recipes-devtools/go/go-native_1.13.bb
 create mode 100644 meta/recipes-devtools/go/go-runtime_1.13.bb
 create mode 100644 meta/recipes-devtools/go/go_1.13.bb

diff --git a/meta/recipes-devtools/go/go-1.13.inc 
b/meta/recipes-devtools/go/go-1.13.inc
new file mode 100644
index 00..2afe8b69cd
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.13.inc
@@ -0,0 +1,24 @@
+require go-common.inc
+
+GO_BASEVERSION = "1.13"
+GO_MINOR = ".3"
+PV .= "${GO_MINOR}"
+FILESEXTRAPATHS_prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"
+
+LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707"
+
+SRC_URI += "\
+file://0001-allow-CC-and-CXX-to-have-multiple-words.patch \
+file://0002-cmd-go-make-content-based-hash-generation-less-pedan.patch \
+file://0003-allow-GOTOOLDIR-to-be-overridden-in-the-environment.patch \
+file://0004-ld-add-soname-to-shareable-objects.patch \
+file://0005-make.bash-override-CC-when-building-dist-and-go_boot.patch \
+file://0006-cmd-dist-separate-host-and-target-builds.patch \
+file://0007-cmd-go-make-GOROOT-precious-by-default.patch \
+file://0008-use-GOBUILDMODE-to-set-buildmode.patch \
+"
+SRC_URI_append_libc-musl = " 
file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
+
+SRC_URI[main.md5sum] = "94ae8bf6a4fe623e34cb8b0db2a71ec0"
+SRC_URI[main.sha256sum] = 
"4f7123044375d5c404280737fbd2d0b17064b66182a65919ffe20ffe8620e3df"
+
diff --git a/meta/recipes-devtools/go/go-cross-canadian_1.13.bb 
b/meta/recipes-devtools/go/go-cross-canadian_1.13.bb
new file mode 100644
index 00..7ac9449e47
--- /dev/null
+++ b/meta/recipes-devtools/go/go-cross-canadian_1.13.bb
@@ -0,0 +1,2 @@
+require go-cross-canadian.inc
+require go-${PV}.inc
diff --git a/meta/recipes-devtools/go/go-cross_1.13.bb 
b/meta/recipes-devtools/go/go-cross_1.13.bb
new file mode 100644
index 00..80b5a03f6c
--- /dev/null
+++ b/meta/recipes-devtools/go/go-cross_1.13.bb
@@ -0,0 +1,2 @@
+require go-cross.inc
+require go-${PV}.inc
diff --git a/meta/recipes-devtools/go/go-crosssdk_1.13.bb 
b/meta/recipes-devtools/go/go-crosssdk_1.13.bb
new file mode 100644
index 00..1857c8a577
--- /dev/null
+++ b/meta/recipes-devtools/go/go-crosssdk_1.13.bb
@@ -0,0 +1,2 @@
+require go-crosssdk.inc
+require go-${PV}.inc
diff --git a/meta/recipes-devtools/go/go-native_1.13.bb 
b/meta/recipes-devtools/go/go-native_1.13.bb
new file mode 100644
index 00..bbf3c0dd73
--- /dev/null
+++ b/meta/recipes-devtools/go/go-native_1.13.bb
@@ -0,0 +1,2 @@
+require ${PN}.inc
+require go-${PV}.inc
diff --git a/meta/recipes-devtools/go/go-runtime_1.13.bb 
b/meta/recipes-devtools/go/go-runtime_1.13.bb
new file mode 100644
index 00..43b68b4e46
--- /dev/null
+++ b/meta/recipes-devtools/go/go-runtime_1.13.bb
@@ -0,0 +1,2 @@
+require go-${PV}.inc
+require go-runtime.inc
diff --git a/meta/recipes-devtools/go/go_1.13.bb 
b/meta/recipes-devtools/go/go_1.13.bb
new file mode 100644
index 00..483e2e2cb7
--- /dev/null
+++ b/meta/recipes-devtools/go/go_1.13.bb
@@ -0,0 +1,14 @@
+require go-${PV}.inc
+require go-target.inc
+
+export GOBUILDMODE=""
+
+# Add pie to GOBUILDMODE to satisfy "textrel" QA checking, but mips
+# doesn't support -buildmode=pie, so skip the QA checking for mips and its
+# variants.
+python() {
+if 'mips' in d.getVar('TARGET_ARCH',True):
+d.appendVar('INSANE_SKIP_%s' % d.getVar('PN',True), " textrel")
+else:
+d.setVar('GOBUILDMODE', 'pie')
+}
-- 
2.17.1 (Apple Git-112)

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH v5 1/5] go: Refactor patches for 1.13.3

[Alexander Kube]

From: Alex Kube 

Signed-off-by: Alex Kube 
---
 ...ow-CC-and-CXX-to-have-multiple-words.patch |  38 +++
 ...ent-based-hash-generation-less-pedan.patch | 226 ++
 ...-to-be-overridden-in-the-environment.patch |  54 
 ...4-ld-add-soname-to-shareable-objects.patch |  50 
 ...de-CC-when-building-dist-and-go_boot.patch |  44 +++
 ...dist-separate-host-and-target-builds.patch | 279 ++
 ...d-go-make-GOROOT-precious-by-default.patch | 113 +++
 ...008-use-GOBUILDMODE-to-set-buildmode.patch |  47 +++
 ...place-glibc-dynamic-linker-with-musl.patch | 134 +
 9 files changed, 985 insertions(+)
 create mode 100644 
meta/recipes-devtools/go/go-1.13/0001-allow-CC-and-CXX-to-have-multiple-words.patch
 create mode 100644 
meta/recipes-devtools/go/go-1.13/0002-cmd-go-make-content-based-hash-generation-less-pedan.patch
 create mode 100644 
meta/recipes-devtools/go/go-1.13/0003-allow-GOTOOLDIR-to-be-overridden-in-the-environment.patch
 create mode 100644 
meta/recipes-devtools/go/go-1.13/0004-ld-add-soname-to-shareable-objects.patch
 create mode 100644 
meta/recipes-devtools/go/go-1.13/0005-make.bash-override-CC-when-building-dist-and-go_boot.patch
 create mode 100644 
meta/recipes-devtools/go/go-1.13/0006-cmd-dist-separate-host-and-target-builds.patch
 create mode 100644 
meta/recipes-devtools/go/go-1.13/0007-cmd-go-make-GOROOT-precious-by-default.patch
 create mode 100644 
meta/recipes-devtools/go/go-1.13/0008-use-GOBUILDMODE-to-set-buildmode.patch
 create mode 100644 
meta/recipes-devtools/go/go-1.13/0009-ld-replace-glibc-dynamic-linker-with-musl.patch

diff --git 
a/meta/recipes-devtools/go/go-1.13/0001-allow-CC-and-CXX-to-have-multiple-words.patch
 
b/meta/recipes-devtools/go/go-1.13/0001-allow-CC-and-CXX-to-have-multiple-words.patch
new file mode 100644
index 00..ddfd5e41d1
--- /dev/null
+++ 
b/meta/recipes-devtools/go/go-1.13/0001-allow-CC-and-CXX-to-have-multiple-words.patch
@@ -0,0 +1,38 @@
+From 9e3dc44cdfa58d96504d0a789dc82617dd5bef55 Mon Sep 17 00:00:00 2001
+From: Alex Kube 
+Date: Wed, 23 Oct 2019 21:01:13 +0430
+Subject: [PATCH 1/9] cmd/go: Allow CC and CXX to have multiple words
+
+Upstream-Status: Inappropriate [OE specific]
+
+Adapted to Go 1.13 from patches originally submitted to
+the meta/recipes-devtools/go tree by
+Matt Madison .
+
+Signed-off-by: Alexander J Kube 
+
+---
+ src/cmd/go/internal/envcmd/env.go | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/cmd/go/internal/envcmd/env.go 
b/src/cmd/go/internal/envcmd/env.go
+index 17852de..7b5ec5e 100644
+--- a/src/cmd/go/internal/envcmd/env.go
 b/src/cmd/go/internal/envcmd/env.go
+@@ -100,11 +100,11 @@ func MkEnv() []cfg.EnvVar {
+ 
+   cc := cfg.DefaultCC(cfg.Goos, cfg.Goarch)
+   if env := strings.Fields(cfg.Getenv("CC")); len(env) > 0 {
+-  cc = env[0]
++  cc = strings.Join(env, " ")
+   }
+   cxx := cfg.DefaultCXX(cfg.Goos, cfg.Goarch)
+   if env := strings.Fields(cfg.Getenv("CXX")); len(env) > 0 {
+-  cxx = env[0]
++  cxx = strings.Join(env, " ")
+   }
+   env = append(env, cfg.EnvVar{Name: "AR", Value: envOr("AR", "ar")})
+   env = append(env, cfg.EnvVar{Name: "CC", Value: cc})
+-- 
+2.17.1 (Apple Git-112)
+
diff --git 
a/meta/recipes-devtools/go/go-1.13/0002-cmd-go-make-content-based-hash-generation-less-pedan.patch
 
b/meta/recipes-devtools/go/go-1.13/0002-cmd-go-make-content-based-hash-generation-less-pedan.patch
new file mode 100644
index 00..4eddd39809
--- /dev/null
+++ 
b/meta/recipes-devtools/go/go-1.13/0002-cmd-go-make-content-based-hash-generation-less-pedan.patch
@@ -0,0 +1,226 @@
+From a13ae484e41139094505d2834437e9262a5315f7 Mon Sep 17 00:00:00 2001
+From: Alex Kube 
+Date: Wed, 23 Oct 2019 21:14:22 +0430
+Subject: [PATCH 2/9] cmd/go: make content-based hash generation less pedantic
+
+Upstream-Status: Inappropriate [OE specific]
+
+Go 1.10's build tool now uses content-based hashes to
+determine when something should be built or re-built.
+This same mechanism is used to maintain a built-artifact
+cache for speeding up builds.
+
+However, the hashes it generates include information that
+doesn't work well with OE, nor with using a shared runtime
+library.
+
+First, it embeds path names to source files, unless
+building within GOROOT.  This prevents the building
+of a package in GOPATH for later staging into GOROOT.
+
+This patch adds support for the environment variable
+GOPATH_OMIT_IN_ACTIONID.  If present, path name
+embedding is disabled.
+
+Second, if cgo is enabled, the build ID for cgo-related
+packages will include the current value of the environment
+variables for invoking the compiler (CC, CXX, FC) and
+any CGO_xxFLAGS variables.  Only if the settings used
+during a compilation exactly match, character for character,
+the values used for compiling runtime/cgo or any other
+cgo-enabled package being imported, will the tool
+decide that the imported package

[OE-core] [PATCH v5 3/5] go: Change default GOVERSION to 1.13

[Alexander Kube]

From: Alex Kube 

Signed-off-by: Alex Kube 
---
 meta/conf/distro/include/tcmode-default.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/conf/distro/include/tcmode-default.inc 
b/meta/conf/distro/include/tcmode-default.inc
index 4a23c50631..c6c4cf7ce0 100644
--- a/meta/conf/distro/include/tcmode-default.inc
+++ b/meta/conf/distro/include/tcmode-default.inc
@@ -23,7 +23,7 @@ GDBVERSION ?= "8.3%"
 GLIBCVERSION ?= "2.30%"
 LINUXLIBCVERSION ?= "5.2%"
 QEMUVERSION ?= "4.1%"
-GOVERSION ?= "1.12%"
+GOVERSION ?= "1.13%"
 # This can not use wildcards like 8.0.% since it is also used in mesa to denote
 # llvm version being used, so always bump it with llvm recipe version bump
 LLVMVERSION ?= "9.0.0"
-- 
2.17.1 (Apple Git-112)

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH] libcap-ng:upgrade 0.7.9 -> 0.7.10

[Trevor Woerner]

On Fri 2019-10-25 @ 07:37:34 AM, akuster808 wrote:
> is someone going to send a patch?

Yes, I'm working on that now. This looks like something that should be fixed
upstream, so that's the approach I'm taking. Please bear with me :-)
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH] libcap-ng:upgrade 0.7.9 -> 0.7.10

[Trevor Woerner]

On Fri 2019-10-25 @ 06:01:54 PM, Khem Raj wrote:
> On Fri, Oct 25, 2019 at 2:45 PM Trevor Woerner  wrote:
> > Yes, adding the following line fixes it:
> >
> > LDFLAGS_append_class-native = " -lpthread"
> >
> > (unless there's a distro-override way of doing it...?)
> >
>  There is no need to make it disto specific it should work always and I
> think it’s better to use -pthread so gcc driver can decide where to add the
> pthread library in link order

Excellent, thanks for your input! :-)
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH] libcap-ng:upgrade 0.7.9 -> 0.7.10

[Trevor Woerner]

On Fri 2019-10-25 @ 11:44:14 AM, Trevor Gamblin wrote:
> On 10/25/19 11:16 AM, Trevor Woerner wrote:
> > Does this break on hosts where it had previously worked?
> Doesn't affect my (successful) Fedora build. Would also be interested to
> know.

Okay, thanks for the report! :-)
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 2/2] binutils: fix CVE-2019-17451

[Trevor Gamblin]

Backport upstream fix. No upstream release version of
binutils it yet, so backport the fix independently.

Signed-off-by: Trevor Gamblin 
---
 .../binutils/binutils-2.32.inc|  1 +
 .../binutils/binutils/CVE-2019-17451.patch| 51 +++
 2 files changed, 52 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.32.inc 
b/meta/recipes-devtools/binutils/binutils-2.32.inc
index 1e96cf494d..349c3e1154 100644
--- a/meta/recipes-devtools/binutils/binutils-2.32.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.32.inc
@@ -50,6 +50,7 @@ SRC_URI = "\
  file://CVE-2019-14250.patch \
  file://CVE-2019-1.patch \
  file://CVE-2019-17450.patch \
+ file://CVE-2019-17451.patch \
 "
 S  = "${WORKDIR}/git"
 
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch 
b/meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch
new file mode 100644
index 00..b36a532668
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch
@@ -0,0 +1,51 @@
+From 0192438051a7e781585647d5581a2a6f62fda362 Mon Sep 17 00:00:00 2001
+From: Alan Modra 
+Date: Wed, 9 Oct 2019 10:47:13 +1030
+Subject: [PATCH] PR25070, SEGV in function _bfd_dwarf2_find_nearest_line
+
+Selectively backporting fix for bfd/dwarf2.c, but not the ChangeLog
+file. There are newer versions of binutils, but none of them contain the
+commit fixing CVE-2019-17451, so backport it to master and zeus.
+
+Upstream-Status: Backport
+[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=336bfbeb1848]
+CVE: CVE-2019-17451
+Signed-off-by: Trevor Gamblin 
+
+
+Evil testcase with two debug info sections, with sizes of 2bac4ec1
+and d453b140 result in a total size of 1.  Reading the first
+section of course overflows the buffer and tramples on other memory.
+
+   PR 25070
+   * dwarf2.c (_bfd_dwarf2_slurp_debug_info): Catch overflow of
+   total_size calculation.
+---
+ bfd/dwarf2.c | 11 ++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index 0b4e485582..a91597b1d0 100644
+--- a/bfd/dwarf2.c
 b/bfd/dwarf2.c
+@@ -4426,7 +4426,16 @@ _bfd_dwarf2_slurp_debug_info (bfd *abfd, bfd *debug_bfd,
+   for (total_size = 0;
+  msec;
+  msec = find_debug_info (debug_bfd, debug_sections, msec))
+-  total_size += msec->size;
++  {
++/* Catch PR25070 testcase overflowing size calculation here.  */
++if (total_size + msec->size < total_size
++|| total_size + msec->size < msec->size)
++  {
++bfd_set_error (bfd_error_no_memory);
++return FALSE;
++  }
++total_size += msec->size;
++  }
+ 
+   stash->info_ptr_memory = (bfd_byte *) bfd_malloc (total_size);
+   if (stash->info_ptr_memory == NULL)
+-- 
+2.23.0
+
-- 
2.23.0

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 1/2] binutils: fix CVE-2019-17450

[Trevor Gamblin]

Backport upstream fix. No upstream release version of
binutils it yet, so backport the fix independently.

Signed-off-by: Trevor Gamblin 
---
 .../binutils/binutils-2.32.inc|  1 +
 .../binutils/binutils/CVE-2019-17450.patch| 99 +++
 2 files changed, 100 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.32.inc 
b/meta/recipes-devtools/binutils/binutils-2.32.inc
index 19baf8a883..1e96cf494d 100644
--- a/meta/recipes-devtools/binutils/binutils-2.32.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.32.inc
@@ -49,6 +49,7 @@ SRC_URI = "\
  file://CVE-2019-12972.patch \
  file://CVE-2019-14250.patch \
  file://CVE-2019-1.patch \
+ file://CVE-2019-17450.patch \
 "
 S  = "${WORKDIR}/git"
 
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch 
b/meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch
new file mode 100644
index 00..a6ce0b9a8a
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch
@@ -0,0 +1,99 @@
+From 09dd135df9ebc7a4b640537e23e26a03a288a789 Mon Sep 17 00:00:00 2001
+From: Alan Modra 
+Date: Wed, 9 Oct 2019 00:07:29 +1030
+Subject: [PATCH] PR25078, stack overflow in function find_abstract_instance
+
+Selectively backporting fix for bfd/dwarf2.c, but not the ChangeLog
+file. There are newer versions of binutils, but none of them contain the
+commit fixing CVE-2019-17450, so backport it to master and zeus.
+
+Upstream-Status: Backport 
[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=063c511bd79]
+CVE: CVE-2019-17450
+Signed-off-by: Trevor Gamblin 
+
+   PR 25078
+   * dwarf2.c (find_abstract_instance): Delete orig_info_ptr, add
+   recur_count.  Error on recur_count reaching 100 rather than
+   info_ptr matching orig_info_ptr.  Adjust calls.
+
+---
+ bfd/dwarf2.c | 35 +--
+ 1 file changed, 17 insertions(+), 18 deletions(-)
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index 0b4e485582..20ec9e2e56 100644
+--- a/bfd/dwarf2.c
 b/bfd/dwarf2.c
+@@ -2803,13 +2803,13 @@ lookup_symbol_in_variable_table (struct comp_unit 
*unit,
+ }
+ 
+ static bfd_boolean
+-find_abstract_instance (struct comp_unit *   unit,
+-  bfd_byte *   orig_info_ptr,
+-  struct attribute *   attr_ptr,
+-  const char **pname,
+-  bfd_boolean *is_linkage,
+-  char **  filename_ptr,
+-  int *linenumber_ptr)
++find_abstract_instance (struct comp_unit *unit,
++  struct attribute *attr_ptr,
++  unsigned int recur_count,
++  const char **pname,
++  bfd_boolean *is_linkage,
++  char **filename_ptr,
++  int *linenumber_ptr)
+ {
+   bfd *abfd = unit->abfd;
+   bfd_byte *info_ptr;
+@@ -2820,6 +2820,14 @@ find_abstract_instance (struct comp_unit *   unit,
+   struct attribute attr;
+   const char *name = NULL;
+ 
++  if (recur_count == 100)
++{
++  _bfd_error_handler
++  (_("DWARF error: abstract instance recursion detected"));
++  bfd_set_error (bfd_error_bad_value);
++  return FALSE;
++}
++
+   /* DW_FORM_ref_addr can reference an entry in a different CU. It
+  is an offset from the .debug_info section, not the current CU.  */
+   if (attr_ptr->form == DW_FORM_ref_addr)
+@@ -2939,15 +2947,6 @@ find_abstract_instance (struct comp_unit *   unit,
+info_ptr, info_ptr_end);
+ if (info_ptr == NULL)
+   break;
+-/* It doesn't ever make sense for DW_AT_specification to
+-   refer to the same DIE.  Stop simple recursion.  */
+-if (info_ptr == orig_info_ptr)
+-  {
+-_bfd_error_handler
+-  (_("DWARF error: abstract instance recursion detected"));
+-bfd_set_error (bfd_error_bad_value);
+-return FALSE;
+-  }
+ switch (attr.name)
+   {
+   case DW_AT_name:
+@@ -2961,7 +2960,7 @@ find_abstract_instance (struct comp_unit *   unit,
+   }
+ break;
+   case DW_AT_specification:
+-if (!find_abstract_instance (unit, info_ptr, &attr,
++if (!find_abstract_instance (unit, &attr, recur_count + 1,
+  &name, is_linkage,
+  filename_ptr, linenumber_ptr))
+   return FALSE;
+@@ -3175,7 +3174,7 @@ scan_unit_for_symbols (struct comp_unit *unit)
+ 
+   case DW_AT_abstract_origin:
+   case DW_AT_specification:
+-if (!find_abstract_instance (unit, info_ptr

Re: [OE-core] [zeus][PATCH v3] binutils: fix CVE-2019-17450

[Khem Raj]

On Fri, Oct 25, 2019 at 4:05 PM Trevor Gamblin 
wrote:

> On 10/25/19 11:02 AM, akuster808 wrote:
>
> >
> > On 10/25/19 5:22 AM, Trevor Gamblin wrote:
> >> Backport upstream fix to zeus.
> >>
> >> Signed-off-by: Trevor Gamblin 
> > Does this affect Master?
> >
> > - armin
> >> ---
> >>   .../binutils/binutils-2.32.inc|  1 +
> >>   .../binutils/binutils/CVE-2019-17450.patch| 99 +++
> >>   2 files changed, 100 insertions(+)
> >>   create mode 100644
> meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch
> >>
> >> diff --git a/meta/recipes-devtools/binutils/binutils-2.32.inc
> b/meta/recipes-devtools/binutils/binutils-2.32.inc
> >> index 19baf8a883..1e96cf494d 100644
> >> --- a/meta/recipes-devtools/binutils/binutils-2.32.inc
> >> +++ b/meta/recipes-devtools/binutils/binutils-2.32.inc
> >> @@ -49,6 +49,7 @@ SRC_URI = "\
> >>file://CVE-2019-12972.patch \
> >>file://CVE-2019-14250.patch \
> >>file://CVE-2019-1.patch \
> >> + file://CVE-2019-17450.patch \
> >>   "
> >>   S  = "${WORKDIR}/git"
> >>
> >> diff --git
> a/meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch
> b/meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch
> >> new file mode 100644
> >> index 00..a6ce0b9a8a
> >> --- /dev/null
> >> +++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch
> >> @@ -0,0 +1,99 @@
> >> +From 09dd135df9ebc7a4b640537e23e26a03a288a789 Mon Sep 17 00:00:00 2001
> >> +From: Alan Modra 
> >> +Date: Wed, 9 Oct 2019 00:07:29 +1030
> >> +Subject: [PATCH] PR25078, stack overflow in function
> find_abstract_instance
> >> +
> >> +Selectively backporting fix for bfd/dwarf2.c, but not the ChangeLog
> >> +file. There are newer versions of binutils, but none of them contain
> the
> >> +commit fixing CVE-2019-17450, so backport it to master and zeus.
> >> +
> >> +Upstream-Status: Backport [
> https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=063c511bd79]
> >> +CVE: CVE-2019-17450
> >> +Signed-off-by: Trevor Gamblin 
> >> +
> >> +PR 25078
> >> +* dwarf2.c (find_abstract_instance): Delete orig_info_ptr, add
> >> +recur_count.  Error on recur_count reaching 100 rather than
> >> +info_ptr matching orig_info_ptr.  Adjust calls.
> >> +
> >> +---
> >> + bfd/dwarf2.c | 35 +--
> >> + 1 file changed, 17 insertions(+), 18 deletions(-)
> >> +
> >> +diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
> >> +index 0b4e485582..20ec9e2e56 100644
> >> +--- a/bfd/dwarf2.c
> >>  b/bfd/dwarf2.c
> >> +@@ -2803,13 +2803,13 @@ lookup_symbol_in_variable_table (struct
> comp_unit *unit,
> >> + }
> >> +
> >> + static bfd_boolean
> >> +-find_abstract_instance (struct comp_unit *   unit,
> >> +-   bfd_byte *   orig_info_ptr,
> >> +-   struct attribute *   attr_ptr,
> >> +-   const char **pname,
> >> +-   bfd_boolean *is_linkage,
> >> +-   char **  filename_ptr,
> >> +-   int *linenumber_ptr)
> >> ++find_abstract_instance (struct comp_unit *unit,
> >> ++   struct attribute *attr_ptr,
> >> ++   unsigned int recur_count,
> >> ++   const char **pname,
> >> ++   bfd_boolean *is_linkage,
> >> ++   char **filename_ptr,
> >> ++   int *linenumber_ptr)
> >> + {
> >> +   bfd *abfd = unit->abfd;
> >> +   bfd_byte *info_ptr;
> >> +@@ -2820,6 +2820,14 @@ find_abstract_instance (struct comp_unit *
>  unit,
> >> +   struct attribute attr;
> >> +   const char *name = NULL;
> >> +
> >> ++  if (recur_count == 100)
> >> ++{
> >> ++  _bfd_error_handler
> >> ++   (_("DWARF error: abstract instance recursion detected"));
> >> ++  bfd_set_error (bfd_error_bad_value);
> >> ++  return FALSE;
> >> ++}
> >> ++
> >> +   /* DW_FORM_ref_addr can reference an entry in a different CU. It
> >> +  is an offset from the .debug_info section, not the current CU.
> */
> >> +   if (attr_ptr->form == DW_FORM_ref_addr)
> >> +@@ -2939,15 +2947,6 @@ find_abstract_instance (struct comp_unit *
>  unit,
> >> + info_ptr, info_ptr_end);
> >> +  if (info_ptr == NULL)
> >> +break;
> >> +- /* It doesn't ever make sense for DW_AT_specification to
> >> +-refer to the same DIE.  Stop simple recursion.  */
> >> +- if (info_ptr == orig_info_ptr)
> >> +-   {
> >> +- _bfd_error_handler
> >> +-   (_("DWARF error: abstract instance recursion
> detected"));
> >> +- bfd_set_error (bfd_error_bad_value);
> >> +- return FALSE;
> >> +-   }
> >> +  switch (attr.name)
> >> +{
> >> +case DW_AT_name:
> >> +@@ -2961,7 +2960,7 @@ find_abstract_instance (struct comp_unit *
>  unit,
> >> +}
> >> +  break;
> >> +

Re: [OE-core] [PATCH] libcap-ng:upgrade 0.7.9 -> 0.7.10

[Khem Raj]

On Fri, Oct 25, 2019 at 2:45 PM Trevor Woerner  wrote:

> On Fri 2019-10-25 @ 09:22:04 AM, Trevor Woerner wrote:
> > On Thu 2019-10-24 @ 04:05:10 PM, Khem Raj wrote:
> > > perhaps you need to add -pthread to LDFLAGS
> >
> > I'll set up a test build.
>
> Yes, adding the following line fixes it:
>
> LDFLAGS_append_class-native = " -lpthread"
>
> (unless there's a distro-override way of doing it...?)
>
 There is no need to make it disto specific it should work always and I
think it’s better to use -pthread so gcc driver can decide where to add the
pthread library in link order
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [zeus][PATCH v3] binutils: fix CVE-2019-17450

[Randy MacLeod]

On 10/25/19 11:05 AM, Trevor Gamblin wrote:
It does, but I'm working on an upgrade for binutils to 2.33 for master 
that I'll then apply this (and another CVE patch) on top of.


You should probably send the CVE fix to master so it gets tested there
even if there's an upgrade coming in a few days. It might take a while
for the upgrade to get merged.

Khem has been doing binutils upgrades recently.
CC him in case there needs to be some co-ordination with glibc or
other recipe upgrades.



--
# Randy MacLeod
# Wind River Linux
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [zeus][PATCH v4 1/2] binutils: fix CVE-2019-17450

[Trevor Gamblin]

Backport upstream fix to zeus.

Signed-off-by: Trevor Gamblin 
---
 .../binutils/binutils-2.32.inc|  1 +
 .../binutils/binutils/CVE-2019-17450.patch| 99 +++
 2 files changed, 100 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.32.inc 
b/meta/recipes-devtools/binutils/binutils-2.32.inc
index 19baf8a883..1e96cf494d 100644
--- a/meta/recipes-devtools/binutils/binutils-2.32.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.32.inc
@@ -49,6 +49,7 @@ SRC_URI = "\
  file://CVE-2019-12972.patch \
  file://CVE-2019-14250.patch \
  file://CVE-2019-1.patch \
+ file://CVE-2019-17450.patch \
 "
 S  = "${WORKDIR}/git"
 
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch 
b/meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch
new file mode 100644
index 00..a6ce0b9a8a
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch
@@ -0,0 +1,99 @@
+From 09dd135df9ebc7a4b640537e23e26a03a288a789 Mon Sep 17 00:00:00 2001
+From: Alan Modra 
+Date: Wed, 9 Oct 2019 00:07:29 +1030
+Subject: [PATCH] PR25078, stack overflow in function find_abstract_instance
+
+Selectively backporting fix for bfd/dwarf2.c, but not the ChangeLog
+file. There are newer versions of binutils, but none of them contain the
+commit fixing CVE-2019-17450, so backport it to master and zeus.
+
+Upstream-Status: Backport 
[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=063c511bd79]
+CVE: CVE-2019-17450
+Signed-off-by: Trevor Gamblin 
+
+   PR 25078
+   * dwarf2.c (find_abstract_instance): Delete orig_info_ptr, add
+   recur_count.  Error on recur_count reaching 100 rather than
+   info_ptr matching orig_info_ptr.  Adjust calls.
+
+---
+ bfd/dwarf2.c | 35 +--
+ 1 file changed, 17 insertions(+), 18 deletions(-)
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index 0b4e485582..20ec9e2e56 100644
+--- a/bfd/dwarf2.c
 b/bfd/dwarf2.c
+@@ -2803,13 +2803,13 @@ lookup_symbol_in_variable_table (struct comp_unit 
*unit,
+ }
+ 
+ static bfd_boolean
+-find_abstract_instance (struct comp_unit *   unit,
+-  bfd_byte *   orig_info_ptr,
+-  struct attribute *   attr_ptr,
+-  const char **pname,
+-  bfd_boolean *is_linkage,
+-  char **  filename_ptr,
+-  int *linenumber_ptr)
++find_abstract_instance (struct comp_unit *unit,
++  struct attribute *attr_ptr,
++  unsigned int recur_count,
++  const char **pname,
++  bfd_boolean *is_linkage,
++  char **filename_ptr,
++  int *linenumber_ptr)
+ {
+   bfd *abfd = unit->abfd;
+   bfd_byte *info_ptr;
+@@ -2820,6 +2820,14 @@ find_abstract_instance (struct comp_unit *   unit,
+   struct attribute attr;
+   const char *name = NULL;
+ 
++  if (recur_count == 100)
++{
++  _bfd_error_handler
++  (_("DWARF error: abstract instance recursion detected"));
++  bfd_set_error (bfd_error_bad_value);
++  return FALSE;
++}
++
+   /* DW_FORM_ref_addr can reference an entry in a different CU. It
+  is an offset from the .debug_info section, not the current CU.  */
+   if (attr_ptr->form == DW_FORM_ref_addr)
+@@ -2939,15 +2947,6 @@ find_abstract_instance (struct comp_unit *   unit,
+info_ptr, info_ptr_end);
+ if (info_ptr == NULL)
+   break;
+-/* It doesn't ever make sense for DW_AT_specification to
+-   refer to the same DIE.  Stop simple recursion.  */
+-if (info_ptr == orig_info_ptr)
+-  {
+-_bfd_error_handler
+-  (_("DWARF error: abstract instance recursion detected"));
+-bfd_set_error (bfd_error_bad_value);
+-return FALSE;
+-  }
+ switch (attr.name)
+   {
+   case DW_AT_name:
+@@ -2961,7 +2960,7 @@ find_abstract_instance (struct comp_unit *   unit,
+   }
+ break;
+   case DW_AT_specification:
+-if (!find_abstract_instance (unit, info_ptr, &attr,
++if (!find_abstract_instance (unit, &attr, recur_count + 1,
+  &name, is_linkage,
+  filename_ptr, linenumber_ptr))
+   return FALSE;
+@@ -3175,7 +3174,7 @@ scan_unit_for_symbols (struct comp_unit *unit)
+ 
+   case DW_AT_abstract_origin:
+   case DW_AT_specification:
+-if (!find_abstract_instance (unit, info_ptr, &attr,
++if (!find_abstract_instance (unit, &attr, 0,
+  

[OE-core] [zeus][PATCH v4 2/2] binutils: fix CVE-2019-17451

[Trevor Gamblin]

Backport upstream fix to zeus.

Signed-off-by: Trevor Gamblin 
---
 .../binutils/binutils-2.32.inc|  1 +
 .../binutils/binutils/CVE-2019-17451.patch| 51 +++
 2 files changed, 52 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.32.inc 
b/meta/recipes-devtools/binutils/binutils-2.32.inc
index 1e96cf494d..349c3e1154 100644
--- a/meta/recipes-devtools/binutils/binutils-2.32.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.32.inc
@@ -50,6 +50,7 @@ SRC_URI = "\
  file://CVE-2019-14250.patch \
  file://CVE-2019-1.patch \
  file://CVE-2019-17450.patch \
+ file://CVE-2019-17451.patch \
 "
 S  = "${WORKDIR}/git"
 
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch 
b/meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch
new file mode 100644
index 00..b36a532668
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch
@@ -0,0 +1,51 @@
+From 0192438051a7e781585647d5581a2a6f62fda362 Mon Sep 17 00:00:00 2001
+From: Alan Modra 
+Date: Wed, 9 Oct 2019 10:47:13 +1030
+Subject: [PATCH] PR25070, SEGV in function _bfd_dwarf2_find_nearest_line
+
+Selectively backporting fix for bfd/dwarf2.c, but not the ChangeLog
+file. There are newer versions of binutils, but none of them contain the
+commit fixing CVE-2019-17451, so backport it to master and zeus.
+
+Upstream-Status: Backport
+[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=336bfbeb1848]
+CVE: CVE-2019-17451
+Signed-off-by: Trevor Gamblin 
+
+
+Evil testcase with two debug info sections, with sizes of 2bac4ec1
+and d453b140 result in a total size of 1.  Reading the first
+section of course overflows the buffer and tramples on other memory.
+
+   PR 25070
+   * dwarf2.c (_bfd_dwarf2_slurp_debug_info): Catch overflow of
+   total_size calculation.
+---
+ bfd/dwarf2.c | 11 ++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index 0b4e485582..a91597b1d0 100644
+--- a/bfd/dwarf2.c
 b/bfd/dwarf2.c
+@@ -4426,7 +4426,16 @@ _bfd_dwarf2_slurp_debug_info (bfd *abfd, bfd *debug_bfd,
+   for (total_size = 0;
+  msec;
+  msec = find_debug_info (debug_bfd, debug_sections, msec))
+-  total_size += msec->size;
++  {
++/* Catch PR25070 testcase overflowing size calculation here.  */
++if (total_size + msec->size < total_size
++|| total_size + msec->size < msec->size)
++  {
++bfd_set_error (bfd_error_no_memory);
++return FALSE;
++  }
++total_size += msec->size;
++  }
+ 
+   stash->info_ptr_memory = (bfd_byte *) bfd_malloc (total_size);
+   if (stash->info_ptr_memory == NULL)
+-- 
+2.23.0
+
-- 
2.23.0

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] ✗ patchtest: failure for binutils: fix CVE-2019-17450 (rev5)

[Patchwork]

== Series Details ==

Series: binutils: fix CVE-2019-17450 (rev5)
Revision: 5
URL   : https://patchwork.openembedded.org/series/20658/
State : failure

== Summary ==


Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been executed on the proposed
series by patchtest resulting in the following failures:



* Issue Series does not apply on top of target branch 
[test_series_merge_on_head] 
  Suggested fixRebase your series on top of targeted branch
  Targeted branch  zeus (currently at 59938780e7)



If you believe any of these test results are incorrect, please reply to the
mailing list (openembedded-core@lists.openembedded.org) raising your concerns.
Otherwise we would appreciate you correcting the issues and submitting a new
version of the patchset if applicable. Please ensure you add/increment the
version number when sending the new version (i.e. [PATCH] -> [PATCH v2] ->
[PATCH v3] -> ...).

---
Guidelines: 
https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] ✗ patchtest: failure for binutils: fix CVE-2019-17450 (rev4)

[Patchwork]

== Series Details ==

Series: binutils: fix CVE-2019-17450 (rev4)
Revision: 4
URL   : https://patchwork.openembedded.org/series/20658/
State : failure

== Summary ==


Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been executed on the proposed
series by patchtest resulting in the following failures:



* Issue Series does not apply on top of target branch 
[test_series_merge_on_head] 
  Suggested fixRebase your series on top of targeted branch
  Targeted branch  zeus (currently at 59938780e7)



If you believe any of these test results are incorrect, please reply to the
mailing list (openembedded-core@lists.openembedded.org) raising your concerns.
Otherwise we would appreciate you correcting the issues and submitting a new
version of the patchset if applicable. Please ensure you add/increment the
version number when sending the new version (i.e. [PATCH] -> [PATCH v2] ->
[PATCH v3] -> ...).

---
Guidelines: 
https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [thud][PATCH] systemd: Security fixes for CVE

[akuster808]

On 10/16/19 2:16 PM, Muminul Islam wrote:
> CVE: CVE-2019-3842 CVE-2019-3843 CVE-2019-3844
>
> Upstream-Status: Backport
Warrior needs these fixes before thud mainline can be fixed.

- armin
>
> Signed-off-by: Muminul Islam 
> ---
>  .../systemd/systemd/CVE-2019-3842.patch   |  59 +
>  .../systemd/systemd/CVE-2019-3843_p1.patch| 227 ++
>  .../systemd/systemd/CVE-2019-3843_p2.patch| 174 ++
>  .../systemd/systemd/CVE-2019-3843_p3.patch|  90 +++
>  .../systemd/systemd/CVE-2019-3843_p4.patch| 163 +
>  .../systemd/systemd/CVE-2019-3844.patch   |  96 
>  meta/recipes-core/systemd/systemd_239.bb  |   6 +
>  7 files changed, 815 insertions(+)
>  create mode 100644 meta/recipes-core/systemd/systemd/CVE-2019-3842.patch
>  create mode 100644 meta/recipes-core/systemd/systemd/CVE-2019-3843_p1.patch
>  create mode 100644 meta/recipes-core/systemd/systemd/CVE-2019-3843_p2.patch
>  create mode 100644 meta/recipes-core/systemd/systemd/CVE-2019-3843_p3.patch
>  create mode 100644 meta/recipes-core/systemd/systemd/CVE-2019-3843_p4.patch
>  create mode 100644 meta/recipes-core/systemd/systemd/CVE-2019-3844.patch
>
> diff --git a/meta/recipes-core/systemd/systemd/CVE-2019-3842.patch 
> b/meta/recipes-core/systemd/systemd/CVE-2019-3842.patch
> new file mode 100644
> index 00..c58914b5b3
> --- /dev/null
> +++ b/meta/recipes-core/systemd/systemd/CVE-2019-3842.patch
> @@ -0,0 +1,59 @@
> +From 7ee4ae8c15bd9cc3d6f9a4b684ea608cabc6 Mon Sep 17 00:00:00 2001
> +From: Lennart Poettering 
> +Date: Mon, 4 Feb 2019 10:23:43 +0100
> +Subject: [PATCH] pam-systemd: use secure_getenv() rather than getenv()
> +Reply-To: muis...@microsoft.com
> +
> +And explain why in a comment.
> +
> +Signed-off-by: Muminul Islam 
> +
> +CVE: CVE-2019-3842
> +
> +Upstream-Status: Backport
> +
> +Upstream commit: 
> https://github.com/systemd/systemd/commit/83d4ab55336ff8a0643c6aa627b31e351a24040a
> +---
> + src/login/pam_systemd.c | 10 +-
> + 1 file changed, 5 insertions(+), 5 deletions(-)
> +
> +diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c
> +index 1fbf6ba585..3ecb34425d 100644
> +--- a/src/login/pam_systemd.c
>  b/src/login/pam_systemd.c
> +@@ -354,27 +354,27 @@ _public_ PAM_EXTERN int pam_sm_open_session(
> + 
> + seat = pam_getenv(handle, "XDG_SEAT");
> + if (isempty(seat))
> +-seat = getenv("XDG_SEAT");
> ++seat = secure_getenv("XDG_SEAT");
> + 
> + cvtnr = pam_getenv(handle, "XDG_VTNR");
> + if (isempty(cvtnr))
> +-cvtnr = getenv("XDG_VTNR");
> ++cvtnr = secure_getenv("XDG_VTNR");
> + 
> + type = pam_getenv(handle, "XDG_SESSION_TYPE");
> + if (isempty(type))
> +-type = getenv("XDG_SESSION_TYPE");
> ++type = secure_getenv("XDG_SESSION_TYPE");
> + if (isempty(type))
> + type = type_pam;
> + 
> + class = pam_getenv(handle, "XDG_SESSION_CLASS");
> + if (isempty(class))
> +-class = getenv("XDG_SESSION_CLASS");
> ++class = secure_getenv("XDG_SESSION_CLASS");
> + if (isempty(class))
> + class = class_pam;
> + 
> + desktop = pam_getenv(handle, "XDG_SESSION_DESKTOP");
> + if (isempty(desktop))
> +-desktop = getenv("XDG_SESSION_DESKTOP");
> ++desktop = secure_getenv("XDG_SESSION_DESKTOP");
> + 
> + tty = strempty(tty);
> + 
> +-- 
> +2.23.0
> +
> diff --git a/meta/recipes-core/systemd/systemd/CVE-2019-3843_p1.patch 
> b/meta/recipes-core/systemd/systemd/CVE-2019-3843_p1.patch
> new file mode 100644
> index 00..a0646dd54e
> --- /dev/null
> +++ b/meta/recipes-core/systemd/systemd/CVE-2019-3843_p1.patch
> @@ -0,0 +1,227 @@
> +From 63788571a48adec4a0fed9d1d8993f867d1c1a1d Mon Sep 17 00:00:00 2001
> +From: Lennart Poettering 
> +Date: Wed, 20 Mar 2019 19:00:28 +0100
> +Subject: [PATCH] seccomp: introduce seccomp_restrict_suid_sgid() for blocking
> + chmod() for suid/sgid files
> +Reply-To: muis...@microsoft.com
> +
> +Signed-off-by: Muminul Islam 
> +
> +CVE: CVE-2019-3843
> +Upstream-Status: Backport
> +
> +Upstream commit: 
> https://github.com/systemd/systemd/commit/3c27973b13724ede05a06a5d346a569794cda433
> +---
> + src/shared/seccomp-util.c | 173 ++
> + src/shared/seccomp-util.h |   1 +
> + 2 files changed, 174 insertions(+)
> +
> +diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
> +index c433cb90dc..e9632d703e 100644
> +--- a/src/shared/seccomp-util.c
>  b/src/shared/seccomp-util.c
> +@@ -1,12 +1,14 @@
> + /* SPDX-License-Identifier: LGPL-2.1+ */
> + 
> + #include 
> ++#include 
> + #include 
> + #include 
> + #include 
> + #include 
> + #include 
> + #include 
> ++#include 
> + 
> + #include "af-list.h"
> + #include "alloc-util.h"
> +@@ -1742,3 +1744,174 @@ int seccomp_lock_persona

Re: [OE-core] [thud][PATCH] curl: Security fix for CVE-2019-5481

[akuster808]

On 10/16/19 2:10 PM, Muminul Islam wrote:
> CVE: CVE-2019-5481
>
> Upstream-Status: Backport

Warrior needs to be fixed before I can get this in mainline thud.

- Armin
>
> Signed-off-by: Muminul Islam 
> ---
>  .../curl/curl/CVE-2019-5481.patch | 52 +++
>  meta/recipes-support/curl/curl_7.61.0.bb  |  1 +
>  2 files changed, 53 insertions(+)
>  create mode 100644 meta/recipes-support/curl/curl/CVE-2019-5481.patch
>
> diff --git a/meta/recipes-support/curl/curl/CVE-2019-5481.patch 
> b/meta/recipes-support/curl/curl/CVE-2019-5481.patch
> new file mode 100644
> index 00..a97a95a268
> --- /dev/null
> +++ b/meta/recipes-support/curl/curl/CVE-2019-5481.patch
> @@ -0,0 +1,52 @@
> +From f6fa4dffb2b973f3c7f2e8c2b6a7dc94c016f455 Mon Sep 17 00:00:00 2001
> +From: Daniel Stenberg 
> +Date: Tue, 3 Sep 2019 22:59:32 +0200
> +Subject: [PATCH] security:read_data fix bad realloc()
> +Reply-To: muis...@microsoft.com
> +
> +... that could end up a double-free
> +
> +CVE-2019-5481
> +Bug: https://curl.haxx.se/docs/CVE-2019-5481.html
> +
> +Signed-off-by: Muminul Islam 
> +
> +CVE: CVE-2019-5481
> +
> +Upstream-Status: Backport
> +
> +Upstream commit: 
> https://github.com/curl/curl/commit/9069838b30fb3b48af0123e39f664cea683254a5
> +---
> + lib/security.c | 6 ++
> + 1 file changed, 2 insertions(+), 4 deletions(-)
> +
> +diff --git a/lib/security.c b/lib/security.c
> +index abf242c38..52cce97d0 100644
> +--- a/lib/security.c
>  b/lib/security.c
> +@@ -191,7 +191,6 @@ static CURLcode read_data(struct connectdata *conn,
> +   struct krb5buffer *buf)
> + {
> +   int len;
> +-  void *tmp = NULL;
> +   CURLcode result;
> + 
> +   result = socket_read(fd, &len, sizeof(len));
> +@@ -201,12 +200,11 @@ static CURLcode read_data(struct connectdata *conn,
> +   if(len) {
> + /* only realloc if there was a length */
> + len = ntohl(len);
> +-tmp = Curl_saferealloc(buf->data, len);
> ++buf->data = Curl_saferealloc(buf->data, len);
> +   }
> +-  if(tmp == NULL)
> ++  if(!len || !buf->data)
> + return CURLE_OUT_OF_MEMORY;
> + 
> +-  buf->data = tmp;
> +   result = socket_read(fd, buf->data, len);
> +   if(result)
> + return result;
> +-- 
> +2.23.0
> +
> diff --git a/meta/recipes-support/curl/curl_7.61.0.bb 
> b/meta/recipes-support/curl/curl_7.61.0.bb
> index 3b54774b9d..29aaff20a1 100644
> --- a/meta/recipes-support/curl/curl_7.61.0.bb
> +++ b/meta/recipes-support/curl/curl_7.61.0.bb
> @@ -14,6 +14,7 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
> file://CVE-2019-5435.patch \
> file://CVE-2019-5436.patch \
> file://CVE-2019-5482.patch \
> +   file://CVE-2019-5481.patch \
>  "
>  
>  SRC_URI[md5sum] = "31d0a9f48dc796a7db351898a1e5058a"

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [zeus][PATCH v2] binutils: fix CVE-2019-17451

[Trevor Gamblin]

Backport upstream fix to zeus.

Signed-off-by: Trevor Gamblin 
---
 .../binutils/binutils-2.32.inc|  1 +
 .../binutils/binutils/CVE-2019-17451.patch| 51 +++
 2 files changed, 52 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.32.inc 
b/meta/recipes-devtools/binutils/binutils-2.32.inc
index 1e96cf494d..349c3e1154 100644
--- a/meta/recipes-devtools/binutils/binutils-2.32.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.32.inc
@@ -50,6 +50,7 @@ SRC_URI = "\
  file://CVE-2019-14250.patch \
  file://CVE-2019-1.patch \
  file://CVE-2019-17450.patch \
+ file://CVE-2019-17451.patch \
 "
 S  = "${WORKDIR}/git"
 
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch 
b/meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch
new file mode 100644
index 00..b36a532668
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch
@@ -0,0 +1,51 @@
+From 0192438051a7e781585647d5581a2a6f62fda362 Mon Sep 17 00:00:00 2001
+From: Alan Modra 
+Date: Wed, 9 Oct 2019 10:47:13 +1030
+Subject: [PATCH] PR25070, SEGV in function _bfd_dwarf2_find_nearest_line
+
+Selectively backporting fix for bfd/dwarf2.c, but not the ChangeLog
+file. There are newer versions of binutils, but none of them contain the
+commit fixing CVE-2019-17451, so backport it to master and zeus.
+
+Upstream-Status: Backport
+[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=336bfbeb1848]
+CVE: CVE-2019-17451
+Signed-off-by: Trevor Gamblin 
+
+
+Evil testcase with two debug info sections, with sizes of 2bac4ec1
+and d453b140 result in a total size of 1.  Reading the first
+section of course overflows the buffer and tramples on other memory.
+
+   PR 25070
+   * dwarf2.c (_bfd_dwarf2_slurp_debug_info): Catch overflow of
+   total_size calculation.
+---
+ bfd/dwarf2.c | 11 ++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index 0b4e485582..a91597b1d0 100644
+--- a/bfd/dwarf2.c
 b/bfd/dwarf2.c
+@@ -4426,7 +4426,16 @@ _bfd_dwarf2_slurp_debug_info (bfd *abfd, bfd *debug_bfd,
+   for (total_size = 0;
+  msec;
+  msec = find_debug_info (debug_bfd, debug_sections, msec))
+-  total_size += msec->size;
++  {
++/* Catch PR25070 testcase overflowing size calculation here.  */
++if (total_size + msec->size < total_size
++|| total_size + msec->size < msec->size)
++  {
++bfd_set_error (bfd_error_no_memory);
++return FALSE;
++  }
++total_size += msec->size;
++  }
+ 
+   stash->info_ptr_memory = (bfd_byte *) bfd_malloc (total_size);
+   if (stash->info_ptr_memory == NULL)
+-- 
+2.23.0
+
-- 
2.23.0

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [zeus][PATCH] binutils: fix CVE-2019-17451

[Trevor Gamblin]

On 10/25/19 11:41 AM, Trevor Gamblin wrote:


Backport upstream fix to zeus.

Signed-off-by: Trevor Gamblin 
---
  .../binutils/binutils-2.32.inc|  1 +
  .../binutils/binutils/CVE-2019-17451.patch| 51 +++
  2 files changed, 52 insertions(+)
  create mode 100644 
meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.32.inc 
b/meta/recipes-devtools/binutils/binutils-2.32.inc
index 1e96cf494d..349c3e1154 100644
--- a/meta/recipes-devtools/binutils/binutils-2.32.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.32.inc
@@ -50,6 +50,7 @@ SRC_URI = "\
   file://CVE-2019-14250.patch \
   file://CVE-2019-1.patch \
   file://CVE-2019-17450.patch \
+ file://CVE-2019-17451.patch \
  "
  S  = "${WORKDIR}/git"
  
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch b/meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch

new file mode 100644
index 00..1ae50a8ef4
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch
@@ -0,0 +1,51 @@
+From 0192438051a7e781585647d5581a2a6f62fda362 Mon Sep 17 00:00:00 2001
+From: Alan Modra 
+Date: Wed, 9 Oct 2019 10:47:13 +1030
+Subject: [PATCH] PR25070, SEGV in function _bfd_dwarf2_find_nearest_line
+
+Selectively backporting fix for bfd/dwarf2.c, but not the ChangeLog
+file. There are newer versions of binutils, but none of them contain the
+commit fixing CVE-2019-17450, so backport it to master and zeus.
+
+Upstream-Status: Backport
+[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=336bfbeb1848]
+CVE: CVE-2019-17451
+Signed-off-by: Trevor Gamblin 
+
+
+Evil testcase with two debug info sections, with sizes of 2bac4ec1
+and d453b140 result in a total size of 1.  Reading the first
+section of course overflows the buffer and tramples on other memory.
+
+   PR 25070
+   * dwarf2.c (_bfd_dwarf2_slurp_debug_info): Catch overflow of
+   total_size calculation.
+---
+ bfd/dwarf2.c | 11 ++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index 0b4e485582..a91597b1d0 100644
+--- a/bfd/dwarf2.c
 b/bfd/dwarf2.c
+@@ -4426,7 +4426,16 @@ _bfd_dwarf2_slurp_debug_info (bfd *abfd, bfd *debug_bfd,
+   for (total_size = 0;
+  msec;
+  msec = find_debug_info (debug_bfd, debug_sections, msec))
+-  total_size += msec->size;
++  {
++/* Catch PR25070 testcase overflowing size calculation here.  */
++if (total_size + msec->size < total_size
++|| total_size + msec->size < msec->size)
++  {
++bfd_set_error (bfd_error_no_memory);
++return FALSE;
++  }
++total_size += msec->size;
++  }
+
+   stash->info_ptr_memory = (bfd_byte *) bfd_malloc (total_size);
+   if (stash->info_ptr_memory == NULL)
+--
+2.23.0
+

Patch file references the wrong CVE in the description. Sending a v2..
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH] libcap-ng:upgrade 0.7.9 -> 0.7.10

[Trevor Gamblin]

On 10/25/19 11:16 AM, Trevor Woerner wrote:

On Fri 2019-10-25 @ 07:37:34 AM, akuster808 wrote:


On 10/25/19 6:44 AM, Trevor Woerner wrote:

On Fri 2019-10-25 @ 09:22:04 AM, Trevor Woerner wrote:

On Thu 2019-10-24 @ 04:05:10 PM, Khem Raj wrote:

perhaps you need to add -pthread to LDFLAGS

I'll set up a test build.

Yes, adding the following line fixes it:

LDFLAGS_append_class-native = " -lpthread"

(unless there's a distro-override way of doing it...?)

is someone going to send a patch?

Does this break on hosts where it had previously worked?
Is there a better (host-specific) way of doing this?
Doesn't affect my (successful) Fedora build. Would also be interested to 
know.

--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [zeus][PATCH] binutils: fix CVE-2019-17451

[Trevor Gamblin]

Backport upstream fix to zeus.

Signed-off-by: Trevor Gamblin 
---
 .../binutils/binutils-2.32.inc|  1 +
 .../binutils/binutils/CVE-2019-17451.patch| 51 +++
 2 files changed, 52 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.32.inc 
b/meta/recipes-devtools/binutils/binutils-2.32.inc
index 1e96cf494d..349c3e1154 100644
--- a/meta/recipes-devtools/binutils/binutils-2.32.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.32.inc
@@ -50,6 +50,7 @@ SRC_URI = "\
  file://CVE-2019-14250.patch \
  file://CVE-2019-1.patch \
  file://CVE-2019-17450.patch \
+ file://CVE-2019-17451.patch \
 "
 S  = "${WORKDIR}/git"
 
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch 
b/meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch
new file mode 100644
index 00..1ae50a8ef4
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch
@@ -0,0 +1,51 @@
+From 0192438051a7e781585647d5581a2a6f62fda362 Mon Sep 17 00:00:00 2001
+From: Alan Modra 
+Date: Wed, 9 Oct 2019 10:47:13 +1030
+Subject: [PATCH] PR25070, SEGV in function _bfd_dwarf2_find_nearest_line
+
+Selectively backporting fix for bfd/dwarf2.c, but not the ChangeLog
+file. There are newer versions of binutils, but none of them contain the
+commit fixing CVE-2019-17450, so backport it to master and zeus.
+
+Upstream-Status: Backport
+[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=336bfbeb1848]
+CVE: CVE-2019-17451
+Signed-off-by: Trevor Gamblin 
+
+
+Evil testcase with two debug info sections, with sizes of 2bac4ec1
+and d453b140 result in a total size of 1.  Reading the first
+section of course overflows the buffer and tramples on other memory.
+
+   PR 25070
+   * dwarf2.c (_bfd_dwarf2_slurp_debug_info): Catch overflow of
+   total_size calculation.
+---
+ bfd/dwarf2.c | 11 ++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index 0b4e485582..a91597b1d0 100644
+--- a/bfd/dwarf2.c
 b/bfd/dwarf2.c
+@@ -4426,7 +4426,16 @@ _bfd_dwarf2_slurp_debug_info (bfd *abfd, bfd *debug_bfd,
+   for (total_size = 0;
+  msec;
+  msec = find_debug_info (debug_bfd, debug_sections, msec))
+-  total_size += msec->size;
++  {
++/* Catch PR25070 testcase overflowing size calculation here.  */
++if (total_size + msec->size < total_size
++|| total_size + msec->size < msec->size)
++  {
++bfd_set_error (bfd_error_no_memory);
++return FALSE;
++  }
++total_size += msec->size;
++  }
+ 
+   stash->info_ptr_memory = (bfd_byte *) bfd_malloc (total_size);
+   if (stash->info_ptr_memory == NULL)
+-- 
+2.23.0
+
-- 
2.23.0

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [opkg-devel] [yocto][PATCH][opkg] bug 13528 add SPDX id to opkg

[Alejandro Del Castillo]

merged

thanks again for doing this, its been on the wish-list for a while!

--
Cheers,

Alejandro

On 10/25/19 2:50 AM, Yann CARDAILLAC wrote:
> Hi Alejandro,
> 
> Here's patch v2
> 
> Thanks for your sharpened eyes !
> 
> Regards,
> 
> On Thu, Oct 24, 2019 at 9:39 PM Alejandro Del Castillo 
> mailto:alejandro.delcasti...@ni.com>> wrote:
> 
> Hi Yann,
> 
> Thanks again for adding the headers. Your patch looks good, except for
> one line that has a duplicated header:
> 
> /core/26_prefer_arch_to_version.py
> index 0a0d66b..82934c1 100755
> --- a/tests/core/26_prefer_arch_to_version.py
> +++ b/tests/core/26_prefer_arch_to_version.py
> @@ -1,4 +1,5 @@
> -#! /usr/bin/env python3
> +#! /usr/bin/env python3# SPDX-License-Identifier: GPL-2.0-only
> +# SPDX-License-Identifier: GPL-2.0-only
>    #
> 
> could you send a v2? regarding m4 files, I looked around a bit and
> didn't find project adding SPDX identifiers to them
> 
> Cheers,
> 
> Alejandro
> 
> On 10/22/19 9:55 AM, Yann CARDAILLAC wrote:
>  > Hi,
>  >
>  > I'm working on bug :
>  > https://bugzilla.yoctoproject.org/show_bug.cgi?id=13528
> 
> 
> 
>  >
> 
> 
>  >
>  >  I've a first patch proposal. Note that I didn't knew what to do with
>  >  m4/gpgme.m4 the license header seems pretty weird to me...
>  >
>  > Regards,
>  >
>  > -- SMILE
>  >
> 
> 
>  >
>  >  20 rue des Jardins 92600 Asnières-sur-Seine
>  >
>  >  *Yann CARDAILLAC* Ingénieur Systèmes Embarqués
>  >
>  > email yann.cardail...@smile.fr 
> > url
>  > http://www.smile.eu
> 
> 
> 
>  >
> 
> 
>  >
>  >
>  >
>  > Twitter
>  >
> 
> 
>  >  Facebook
>  >
> 
> 
>  >  LinkedIn
>  >
> 
> 
>  >  Github
>  >
> 
> 
>  >
>  >
>  >
>  >
>  >
>  > eco Pour la planète, n'imprimez ce mail que si c'est nécessaire
>  >
>  > -- You received this message because you are subscribed to the Google
>  >  Groups "opkg-devel" group. To unsubscribe from this group and stop
>  > receiving emails from it, send an email to
>  > opkg-devel+unsubscr...@googlegroups.com
> 
>  >  >. To view this
>  > discussion on the web visit
>  >
> 
> https://groups.google.com/d/msgid/opkg-devel/CAA984JWqcX5oDhumXYBom%2BZyxD%2Bbo7oGmTzLx_tXejvPaR1UKQ%40mail.gmail.com
> 
> 
>  >
>  >
> 
> .
> 
> --
>  >
> Cheers,
> 
> Alejandro
> 
> 
> 
> -- 
> SMILE 
> 
> 
> 20 rue des Jardins
> 92600 Asnières-sur-Seine
> 
>   
> *Yann CARDAILLAC*
> Ingénieur Systèmes Embarqués
> 
> email yann.cardail...@smile.fr 

Re: [OE-core] [PATCH] libcap-ng:upgrade 0.7.9 -> 0.7.10

[Trevor Woerner]

On Fri 2019-10-25 @ 07:37:34 AM, akuster808 wrote:
> 
> 
> On 10/25/19 6:44 AM, Trevor Woerner wrote:
> > On Fri 2019-10-25 @ 09:22:04 AM, Trevor Woerner wrote:
> >> On Thu 2019-10-24 @ 04:05:10 PM, Khem Raj wrote:
> >>> perhaps you need to add -pthread to LDFLAGS
> >> I'll set up a test build.
> > Yes, adding the following line fixes it:
> >
> > LDFLAGS_append_class-native = " -lpthread"
> >
> > (unless there's a distro-override way of doing it...?)
> 
> is someone going to send a patch?

Does this break on hosts where it had previously worked?
Is there a better (host-specific) way of doing this?
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [zeus][PATCH v3] binutils: fix CVE-2019-17450

[Trevor Gamblin]

On 10/25/19 11:02 AM, akuster808 wrote:



On 10/25/19 5:22 AM, Trevor Gamblin wrote:

Backport upstream fix to zeus.

Signed-off-by: Trevor Gamblin 

Does this affect Master?

- armin

---
  .../binutils/binutils-2.32.inc|  1 +
  .../binutils/binutils/CVE-2019-17450.patch| 99 +++
  2 files changed, 100 insertions(+)
  create mode 100644 
meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.32.inc 
b/meta/recipes-devtools/binutils/binutils-2.32.inc
index 19baf8a883..1e96cf494d 100644
--- a/meta/recipes-devtools/binutils/binutils-2.32.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.32.inc
@@ -49,6 +49,7 @@ SRC_URI = "\
   file://CVE-2019-12972.patch \
   file://CVE-2019-14250.patch \
   file://CVE-2019-1.patch \
+ file://CVE-2019-17450.patch \
  "
  S  = "${WORKDIR}/git"
  
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch b/meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch

new file mode 100644
index 00..a6ce0b9a8a
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch
@@ -0,0 +1,99 @@
+From 09dd135df9ebc7a4b640537e23e26a03a288a789 Mon Sep 17 00:00:00 2001
+From: Alan Modra 
+Date: Wed, 9 Oct 2019 00:07:29 +1030
+Subject: [PATCH] PR25078, stack overflow in function find_abstract_instance
+
+Selectively backporting fix for bfd/dwarf2.c, but not the ChangeLog
+file. There are newer versions of binutils, but none of them contain the
+commit fixing CVE-2019-17450, so backport it to master and zeus.
+
+Upstream-Status: Backport 
[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=063c511bd79]
+CVE: CVE-2019-17450
+Signed-off-by: Trevor Gamblin 
+
+   PR 25078
+   * dwarf2.c (find_abstract_instance): Delete orig_info_ptr, add
+   recur_count.  Error on recur_count reaching 100 rather than
+   info_ptr matching orig_info_ptr.  Adjust calls.
+
+---
+ bfd/dwarf2.c | 35 +--
+ 1 file changed, 17 insertions(+), 18 deletions(-)
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index 0b4e485582..20ec9e2e56 100644
+--- a/bfd/dwarf2.c
 b/bfd/dwarf2.c
+@@ -2803,13 +2803,13 @@ lookup_symbol_in_variable_table (struct comp_unit 
*unit,
+ }
+
+ static bfd_boolean
+-find_abstract_instance (struct comp_unit *   unit,
+-  bfd_byte *   orig_info_ptr,
+-  struct attribute *   attr_ptr,
+-  const char **pname,
+-  bfd_boolean *is_linkage,
+-  char **  filename_ptr,
+-  int *linenumber_ptr)
++find_abstract_instance (struct comp_unit *unit,
++  struct attribute *attr_ptr,
++  unsigned int recur_count,
++  const char **pname,
++  bfd_boolean *is_linkage,
++  char **filename_ptr,
++  int *linenumber_ptr)
+ {
+   bfd *abfd = unit->abfd;
+   bfd_byte *info_ptr;
+@@ -2820,6 +2820,14 @@ find_abstract_instance (struct comp_unit *   unit,
+   struct attribute attr;
+   const char *name = NULL;
+
++  if (recur_count == 100)
++{
++  _bfd_error_handler
++  (_("DWARF error: abstract instance recursion detected"));
++  bfd_set_error (bfd_error_bad_value);
++  return FALSE;
++}
++
+   /* DW_FORM_ref_addr can reference an entry in a different CU. It
+  is an offset from the .debug_info section, not the current CU.  */
+   if (attr_ptr->form == DW_FORM_ref_addr)
+@@ -2939,15 +2947,6 @@ find_abstract_instance (struct comp_unit *   unit,
+info_ptr, info_ptr_end);
+ if (info_ptr == NULL)
+   break;
+-/* It doesn't ever make sense for DW_AT_specification to
+-   refer to the same DIE.  Stop simple recursion.  */
+-if (info_ptr == orig_info_ptr)
+-  {
+-_bfd_error_handler
+-  (_("DWARF error: abstract instance recursion detected"));
+-bfd_set_error (bfd_error_bad_value);
+-return FALSE;
+-  }
+ switch (attr.name)
+   {
+   case DW_AT_name:
+@@ -2961,7 +2960,7 @@ find_abstract_instance (struct comp_unit *   unit,
+   }
+ break;
+   case DW_AT_specification:
+-if (!find_abstract_instance (unit, info_ptr, &attr,
++if (!find_abstract_instance (unit, &attr, recur_count + 1,
+  &name, is_linkage,
+  filename_ptr, linenumber_ptr))
+   return FALSE;
+@@ -3175,7 +3174,7 @@ scan_unit_for_symbols (struct comp_unit *unit)
+
+   case DW_AT_abstract_origin:
+   case DW_AT_specification:
+-  

Re: [OE-core] [zeus][PATCH v3] binutils: fix CVE-2019-17450

[akuster808]

On 10/25/19 5:22 AM, Trevor Gamblin wrote:
> Backport upstream fix to zeus.
>
> Signed-off-by: Trevor Gamblin 
Does this affect Master?

- armin
> ---
>  .../binutils/binutils-2.32.inc|  1 +
>  .../binutils/binutils/CVE-2019-17450.patch| 99 +++
>  2 files changed, 100 insertions(+)
>  create mode 100644 
> meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch
>
> diff --git a/meta/recipes-devtools/binutils/binutils-2.32.inc 
> b/meta/recipes-devtools/binutils/binutils-2.32.inc
> index 19baf8a883..1e96cf494d 100644
> --- a/meta/recipes-devtools/binutils/binutils-2.32.inc
> +++ b/meta/recipes-devtools/binutils/binutils-2.32.inc
> @@ -49,6 +49,7 @@ SRC_URI = "\
>   file://CVE-2019-12972.patch \
>   file://CVE-2019-14250.patch \
>   file://CVE-2019-1.patch \
> + file://CVE-2019-17450.patch \
>  "
>  S  = "${WORKDIR}/git"
>  
> diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch 
> b/meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch
> new file mode 100644
> index 00..a6ce0b9a8a
> --- /dev/null
> +++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch
> @@ -0,0 +1,99 @@
> +From 09dd135df9ebc7a4b640537e23e26a03a288a789 Mon Sep 17 00:00:00 2001
> +From: Alan Modra 
> +Date: Wed, 9 Oct 2019 00:07:29 +1030
> +Subject: [PATCH] PR25078, stack overflow in function find_abstract_instance
> +
> +Selectively backporting fix for bfd/dwarf2.c, but not the ChangeLog
> +file. There are newer versions of binutils, but none of them contain the
> +commit fixing CVE-2019-17450, so backport it to master and zeus.
> +
> +Upstream-Status: Backport 
> [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=063c511bd79]
> +CVE: CVE-2019-17450
> +Signed-off-by: Trevor Gamblin 
> +
> + PR 25078
> + * dwarf2.c (find_abstract_instance): Delete orig_info_ptr, add
> + recur_count.  Error on recur_count reaching 100 rather than
> + info_ptr matching orig_info_ptr.  Adjust calls.
> +
> +---
> + bfd/dwarf2.c | 35 +--
> + 1 file changed, 17 insertions(+), 18 deletions(-)
> +
> +diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
> +index 0b4e485582..20ec9e2e56 100644
> +--- a/bfd/dwarf2.c
>  b/bfd/dwarf2.c
> +@@ -2803,13 +2803,13 @@ lookup_symbol_in_variable_table (struct comp_unit 
> *unit,
> + }
> + 
> + static bfd_boolean
> +-find_abstract_instance (struct comp_unit *   unit,
> +-bfd_byte *   orig_info_ptr,
> +-struct attribute *   attr_ptr,
> +-const char **pname,
> +-bfd_boolean *is_linkage,
> +-char **  filename_ptr,
> +-int *linenumber_ptr)
> ++find_abstract_instance (struct comp_unit *unit,
> ++struct attribute *attr_ptr,
> ++unsigned int recur_count,
> ++const char **pname,
> ++bfd_boolean *is_linkage,
> ++char **filename_ptr,
> ++int *linenumber_ptr)
> + {
> +   bfd *abfd = unit->abfd;
> +   bfd_byte *info_ptr;
> +@@ -2820,6 +2820,14 @@ find_abstract_instance (struct comp_unit *   unit,
> +   struct attribute attr;
> +   const char *name = NULL;
> + 
> ++  if (recur_count == 100)
> ++{
> ++  _bfd_error_handler
> ++(_("DWARF error: abstract instance recursion detected"));
> ++  bfd_set_error (bfd_error_bad_value);
> ++  return FALSE;
> ++}
> ++
> +   /* DW_FORM_ref_addr can reference an entry in a different CU. It
> +  is an offset from the .debug_info section, not the current CU.  */
> +   if (attr_ptr->form == DW_FORM_ref_addr)
> +@@ -2939,15 +2947,6 @@ find_abstract_instance (struct comp_unit *   unit,
> +  info_ptr, info_ptr_end);
> +   if (info_ptr == NULL)
> + break;
> +-  /* It doesn't ever make sense for DW_AT_specification to
> +- refer to the same DIE.  Stop simple recursion.  */
> +-  if (info_ptr == orig_info_ptr)
> +-{
> +-  _bfd_error_handler
> +-(_("DWARF error: abstract instance recursion detected"));
> +-  bfd_set_error (bfd_error_bad_value);
> +-  return FALSE;
> +-}
> +   switch (attr.name)
> + {
> + case DW_AT_name:
> +@@ -2961,7 +2960,7 @@ find_abstract_instance (struct comp_unit *   unit,
> + }
> +   break;
> + case DW_AT_specification:
> +-  if (!find_abstract_instance (unit, info_ptr, &attr,
> ++  if (!find_abstract_instance (unit, &attr, recur_count + 1,
> +&name, is_linkage,
> +filename_ptr, linenumber_ptr))
> + return FALSE;
> +@@ -3175,7 +3174,7 @@ scan_unit_for_symbols (struct com

Re: [OE-core] [PATCH] libcap-ng:upgrade 0.7.9 -> 0.7.10

[akuster808]

On 10/25/19 6:44 AM, Trevor Woerner wrote:
> On Fri 2019-10-25 @ 09:22:04 AM, Trevor Woerner wrote:
>> On Thu 2019-10-24 @ 04:05:10 PM, Khem Raj wrote:
>>> perhaps you need to add -pthread to LDFLAGS
>> I'll set up a test build.
> Yes, adding the following line fixes it:
>
>   LDFLAGS_append_class-native = " -lpthread"
>
> (unless there's a distro-override way of doing it...?)

is someone going to send a patch?

- armin

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] ✗ patchtest: failure for "[v5] go: Refactor patches for ..." and 3 more

[Patchwork]

== Series Details ==

Series: "[v5] go: Refactor patches for ..." and 3 more
Revision: 1
URL   : https://patchwork.openembedded.org/series/20677/
State : failure

== Summary ==


Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been executed on the proposed
series by patchtest resulting in the following failures:



* Patch[v4,4/4] Remove go-1.12
 Issue Shortlog does not follow expected format 
[test_shortlog_format] 
  Suggested fixCommit shortlog (first line of commit message) should follow 
the format ": "



If you believe any of these test results are incorrect, please reply to the
mailing list (openembedded-core@lists.openembedded.org) raising your concerns.
Otherwise we would appreciate you correcting the issues and submitting a new
version of the patchset if applicable. Please ensure you add/increment the
version number when sending the new version (i.e. [PATCH] -> [PATCH v2] ->
[PATCH v3] -> ...).

---
Guidelines: 
https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH v5 4/4] go: Remove go-1.12

[Alexander Kube]

From: Alex Kube 

Signed-off-by: Alex Kube 
---
 meta/recipes-devtools/go/go-1.12.inc  |  24 --
 ...ow-CC-and-CXX-to-have-multiple-words.patch |  31 --
 ...o1.12-security-net-textproto-don-t-n.patch | 163 --
 ...ent-based-hash-generation-less-pedan.patch | 218 --
 ...-to-be-overridden-in-the-environment.patch |  48 ---
 ...4-ld-add-soname-to-shareable-objects.patch |  45 ---
 ...de-CC-when-building-dist-and-go_boot.patch |  37 ---
 ...dist-separate-host-and-target-builds.patch | 282 --
 ...d-go-make-GOROOT-precious-by-default.patch | 106 ---
 ...008-use-GOBUILDMODE-to-set-buildmode.patch |  37 ---
 ...place-glibc-dynamic-linker-with-musl.patch | 112 ---
 .../go/go-cross-canadian_1.12.bb  |   2 -
 meta/recipes-devtools/go/go-cross_1.12.bb |   2 -
 meta/recipes-devtools/go/go-crosssdk_1.12.bb  |   2 -
 meta/recipes-devtools/go/go-native_1.12.bb|   2 -
 meta/recipes-devtools/go/go-runtime_1.12.bb   |   2 -
 meta/recipes-devtools/go/go_1.12.bb   |  14 -
 17 files changed, 1127 deletions(-)
 delete mode 100644 meta/recipes-devtools/go/go-1.12.inc
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0001-allow-CC-and-CXX-to-have-multiple-words.patch
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0001-release-branch.go1.12-security-net-textproto-don-t-n.patch
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0002-cmd-go-make-content-based-hash-generation-less-pedan.patch
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0003-allow-GOTOOLDIR-to-be-overridden-in-the-environment.patch
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0004-ld-add-soname-to-shareable-objects.patch
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0005-make.bash-override-CC-when-building-dist-and-go_boot.patch
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0006-cmd-dist-separate-host-and-target-builds.patch
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0007-cmd-go-make-GOROOT-precious-by-default.patch
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0008-use-GOBUILDMODE-to-set-buildmode.patch
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0009-ld-replace-glibc-dynamic-linker-with-musl.patch
 delete mode 100644 meta/recipes-devtools/go/go-cross-canadian_1.12.bb
 delete mode 100644 meta/recipes-devtools/go/go-cross_1.12.bb
 delete mode 100644 meta/recipes-devtools/go/go-crosssdk_1.12.bb
 delete mode 100644 meta/recipes-devtools/go/go-native_1.12.bb
 delete mode 100644 meta/recipes-devtools/go/go-runtime_1.12.bb
 delete mode 100644 meta/recipes-devtools/go/go_1.12.bb

diff --git a/meta/recipes-devtools/go/go-1.12.inc 
b/meta/recipes-devtools/go/go-1.12.inc
deleted file mode 100644
index ed14b175e6..00
--- a/meta/recipes-devtools/go/go-1.12.inc
+++ /dev/null
@@ -1,24 +0,0 @@
-require go-common.inc
-
-GO_BASEVERSION = "1.12"
-GO_MINOR = ".9"
-PV .= "${GO_MINOR}"
-FILESEXTRAPATHS_prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"
-
-LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707"
-
-SRC_URI += "\
-file://0001-allow-CC-and-CXX-to-have-multiple-words.patch \
-file://0002-cmd-go-make-content-based-hash-generation-less-pedan.patch \
-file://0003-allow-GOTOOLDIR-to-be-overridden-in-the-environment.patch \
-file://0004-ld-add-soname-to-shareable-objects.patch \
-file://0005-make.bash-override-CC-when-building-dist-and-go_boot.patch \
-file://0006-cmd-dist-separate-host-and-target-builds.patch \
-file://0007-cmd-go-make-GOROOT-precious-by-default.patch \
-file://0008-use-GOBUILDMODE-to-set-buildmode.patch \
-file://0001-release-branch.go1.12-security-net-textproto-don-t-n.patch \
-"
-SRC_URI_append_libc-musl = " 
file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
-
-SRC_URI[main.md5sum] = "6132109d4050da349eadc9f7b0304ef4"
-SRC_URI[main.sha256sum] = 
"ab0e56ed9c4732a653ed22e232652709afbf573e710f56a07f7fdeca578d62fc"
diff --git 
a/meta/recipes-devtools/go/go-1.12/0001-allow-CC-and-CXX-to-have-multiple-words.patch
 
b/meta/recipes-devtools/go/go-1.12/0001-allow-CC-and-CXX-to-have-multiple-words.patch
deleted file mode 100644
index 4442858c83..00
--- 
a/meta/recipes-devtools/go/go-1.12/0001-allow-CC-and-CXX-to-have-multiple-words.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 7cc519aa5f84cf8fc7ac8c10fc69aa8040330ea0 Mon Sep 17 00:00:00 2001
-From: Matt Madison 
-Date: Mon, 19 Feb 2018 08:49:33 -0800
-Subject: [PATCH] allow CC and CXX to have multiple words
-
-Upstream-Status: Inappropriate [OE specific]
-
-Signed-off-by: Matt Madison 
-

- src/cmd/go/internal/envcmd/env.go | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/cmd/go/internal/envcmd/env.go 
b/src/cmd/go/internal/envcmd/env.go
-index afadbad..cedbfbf 100644
 a/src/cmd/go/internal/envcmd/env.go
-+++ b/src/cmd/go/internal/envcmd/env.go
-@@ -85,11 +85,11 @@ func MkEnv() []cfg.EnvVar {
- 
-   cc := cfg.DefaultCC(cfg.Goos, cfg.Goarch)
-   if

[OE-core] [PATCH v4 4/4] Remove go-1.12

[Alexander Kube]

From: Alex Kube 

Signed-off-by: Alex Kube 
---
 meta/recipes-devtools/go/go-1.12.inc  |  24 --
 ...ow-CC-and-CXX-to-have-multiple-words.patch |  31 --
 ...o1.12-security-net-textproto-don-t-n.patch | 163 --
 ...ent-based-hash-generation-less-pedan.patch | 218 --
 ...-to-be-overridden-in-the-environment.patch |  48 ---
 ...4-ld-add-soname-to-shareable-objects.patch |  45 ---
 ...de-CC-when-building-dist-and-go_boot.patch |  37 ---
 ...dist-separate-host-and-target-builds.patch | 282 --
 ...d-go-make-GOROOT-precious-by-default.patch | 106 ---
 ...008-use-GOBUILDMODE-to-set-buildmode.patch |  37 ---
 ...place-glibc-dynamic-linker-with-musl.patch | 112 ---
 .../go/go-cross-canadian_1.12.bb  |   2 -
 meta/recipes-devtools/go/go-cross_1.12.bb |   2 -
 meta/recipes-devtools/go/go-crosssdk_1.12.bb  |   2 -
 meta/recipes-devtools/go/go-native_1.12.bb|   2 -
 meta/recipes-devtools/go/go-runtime_1.12.bb   |   2 -
 meta/recipes-devtools/go/go_1.12.bb   |  14 -
 17 files changed, 1127 deletions(-)
 delete mode 100644 meta/recipes-devtools/go/go-1.12.inc
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0001-allow-CC-and-CXX-to-have-multiple-words.patch
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0001-release-branch.go1.12-security-net-textproto-don-t-n.patch
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0002-cmd-go-make-content-based-hash-generation-less-pedan.patch
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0003-allow-GOTOOLDIR-to-be-overridden-in-the-environment.patch
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0004-ld-add-soname-to-shareable-objects.patch
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0005-make.bash-override-CC-when-building-dist-and-go_boot.patch
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0006-cmd-dist-separate-host-and-target-builds.patch
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0007-cmd-go-make-GOROOT-precious-by-default.patch
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0008-use-GOBUILDMODE-to-set-buildmode.patch
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0009-ld-replace-glibc-dynamic-linker-with-musl.patch
 delete mode 100644 meta/recipes-devtools/go/go-cross-canadian_1.12.bb
 delete mode 100644 meta/recipes-devtools/go/go-cross_1.12.bb
 delete mode 100644 meta/recipes-devtools/go/go-crosssdk_1.12.bb
 delete mode 100644 meta/recipes-devtools/go/go-native_1.12.bb
 delete mode 100644 meta/recipes-devtools/go/go-runtime_1.12.bb
 delete mode 100644 meta/recipes-devtools/go/go_1.12.bb

diff --git a/meta/recipes-devtools/go/go-1.12.inc 
b/meta/recipes-devtools/go/go-1.12.inc
deleted file mode 100644
index ed14b175e6..00
--- a/meta/recipes-devtools/go/go-1.12.inc
+++ /dev/null
@@ -1,24 +0,0 @@
-require go-common.inc
-
-GO_BASEVERSION = "1.12"
-GO_MINOR = ".9"
-PV .= "${GO_MINOR}"
-FILESEXTRAPATHS_prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"
-
-LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707"
-
-SRC_URI += "\
-file://0001-allow-CC-and-CXX-to-have-multiple-words.patch \
-file://0002-cmd-go-make-content-based-hash-generation-less-pedan.patch \
-file://0003-allow-GOTOOLDIR-to-be-overridden-in-the-environment.patch \
-file://0004-ld-add-soname-to-shareable-objects.patch \
-file://0005-make.bash-override-CC-when-building-dist-and-go_boot.patch \
-file://0006-cmd-dist-separate-host-and-target-builds.patch \
-file://0007-cmd-go-make-GOROOT-precious-by-default.patch \
-file://0008-use-GOBUILDMODE-to-set-buildmode.patch \
-file://0001-release-branch.go1.12-security-net-textproto-don-t-n.patch \
-"
-SRC_URI_append_libc-musl = " 
file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
-
-SRC_URI[main.md5sum] = "6132109d4050da349eadc9f7b0304ef4"
-SRC_URI[main.sha256sum] = 
"ab0e56ed9c4732a653ed22e232652709afbf573e710f56a07f7fdeca578d62fc"
diff --git 
a/meta/recipes-devtools/go/go-1.12/0001-allow-CC-and-CXX-to-have-multiple-words.patch
 
b/meta/recipes-devtools/go/go-1.12/0001-allow-CC-and-CXX-to-have-multiple-words.patch
deleted file mode 100644
index 4442858c83..00
--- 
a/meta/recipes-devtools/go/go-1.12/0001-allow-CC-and-CXX-to-have-multiple-words.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 7cc519aa5f84cf8fc7ac8c10fc69aa8040330ea0 Mon Sep 17 00:00:00 2001
-From: Matt Madison 
-Date: Mon, 19 Feb 2018 08:49:33 -0800
-Subject: [PATCH] allow CC and CXX to have multiple words
-
-Upstream-Status: Inappropriate [OE specific]
-
-Signed-off-by: Matt Madison 
-

- src/cmd/go/internal/envcmd/env.go | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/cmd/go/internal/envcmd/env.go 
b/src/cmd/go/internal/envcmd/env.go
-index afadbad..cedbfbf 100644
 a/src/cmd/go/internal/envcmd/env.go
-+++ b/src/cmd/go/internal/envcmd/env.go
-@@ -85,11 +85,11 @@ func MkEnv() []cfg.EnvVar {
- 
-   cc := cfg.DefaultCC(cfg.Goos, cfg.Goarch)
-   if

[OE-core] [PATCH v5 3/4] go: Change default GOVERSION to 1.13

[Alexander Kube]

From: Alex Kube 

Signed-off-by: Alex Kube 
---
 meta/conf/distro/include/tcmode-default.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/conf/distro/include/tcmode-default.inc 
b/meta/conf/distro/include/tcmode-default.inc
index 4a23c50631..c6c4cf7ce0 100644
--- a/meta/conf/distro/include/tcmode-default.inc
+++ b/meta/conf/distro/include/tcmode-default.inc
@@ -23,7 +23,7 @@ GDBVERSION ?= "8.3%"
 GLIBCVERSION ?= "2.30%"
 LINUXLIBCVERSION ?= "5.2%"
 QEMUVERSION ?= "4.1%"
-GOVERSION ?= "1.12%"
+GOVERSION ?= "1.13%"
 # This can not use wildcards like 8.0.% since it is also used in mesa to denote
 # llvm version being used, so always bump it with llvm recipe version bump
 LLVMVERSION ?= "9.0.0"
-- 
2.17.1 (Apple Git-112)

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH v5 2/4] go: Add go1.13 recipes

[Alexander Kube]

From: Alex Kube 

Signed-off-by: Alex Kube 
---
 meta/recipes-devtools/go/go-1.13.inc  | 24 +++
 .../go/go-cross-canadian_1.13.bb  |  2 ++
 meta/recipes-devtools/go/go-cross_1.13.bb |  2 ++
 meta/recipes-devtools/go/go-crosssdk_1.13.bb  |  2 ++
 meta/recipes-devtools/go/go-native_1.13.bb|  2 ++
 meta/recipes-devtools/go/go-runtime_1.13.bb   |  2 ++
 meta/recipes-devtools/go/go_1.13.bb   | 14 +++
 7 files changed, 48 insertions(+)
 create mode 100644 meta/recipes-devtools/go/go-1.13.inc
 create mode 100644 meta/recipes-devtools/go/go-cross-canadian_1.13.bb
 create mode 100644 meta/recipes-devtools/go/go-cross_1.13.bb
 create mode 100644 meta/recipes-devtools/go/go-crosssdk_1.13.bb
 create mode 100644 meta/recipes-devtools/go/go-native_1.13.bb
 create mode 100644 meta/recipes-devtools/go/go-runtime_1.13.bb
 create mode 100644 meta/recipes-devtools/go/go_1.13.bb

diff --git a/meta/recipes-devtools/go/go-1.13.inc 
b/meta/recipes-devtools/go/go-1.13.inc
new file mode 100644
index 00..2afe8b69cd
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.13.inc
@@ -0,0 +1,24 @@
+require go-common.inc
+
+GO_BASEVERSION = "1.13"
+GO_MINOR = ".3"
+PV .= "${GO_MINOR}"
+FILESEXTRAPATHS_prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"
+
+LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707"
+
+SRC_URI += "\
+file://0001-allow-CC-and-CXX-to-have-multiple-words.patch \
+file://0002-cmd-go-make-content-based-hash-generation-less-pedan.patch \
+file://0003-allow-GOTOOLDIR-to-be-overridden-in-the-environment.patch \
+file://0004-ld-add-soname-to-shareable-objects.patch \
+file://0005-make.bash-override-CC-when-building-dist-and-go_boot.patch \
+file://0006-cmd-dist-separate-host-and-target-builds.patch \
+file://0007-cmd-go-make-GOROOT-precious-by-default.patch \
+file://0008-use-GOBUILDMODE-to-set-buildmode.patch \
+"
+SRC_URI_append_libc-musl = " 
file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
+
+SRC_URI[main.md5sum] = "94ae8bf6a4fe623e34cb8b0db2a71ec0"
+SRC_URI[main.sha256sum] = 
"4f7123044375d5c404280737fbd2d0b17064b66182a65919ffe20ffe8620e3df"
+
diff --git a/meta/recipes-devtools/go/go-cross-canadian_1.13.bb 
b/meta/recipes-devtools/go/go-cross-canadian_1.13.bb
new file mode 100644
index 00..7ac9449e47
--- /dev/null
+++ b/meta/recipes-devtools/go/go-cross-canadian_1.13.bb
@@ -0,0 +1,2 @@
+require go-cross-canadian.inc
+require go-${PV}.inc
diff --git a/meta/recipes-devtools/go/go-cross_1.13.bb 
b/meta/recipes-devtools/go/go-cross_1.13.bb
new file mode 100644
index 00..80b5a03f6c
--- /dev/null
+++ b/meta/recipes-devtools/go/go-cross_1.13.bb
@@ -0,0 +1,2 @@
+require go-cross.inc
+require go-${PV}.inc
diff --git a/meta/recipes-devtools/go/go-crosssdk_1.13.bb 
b/meta/recipes-devtools/go/go-crosssdk_1.13.bb
new file mode 100644
index 00..1857c8a577
--- /dev/null
+++ b/meta/recipes-devtools/go/go-crosssdk_1.13.bb
@@ -0,0 +1,2 @@
+require go-crosssdk.inc
+require go-${PV}.inc
diff --git a/meta/recipes-devtools/go/go-native_1.13.bb 
b/meta/recipes-devtools/go/go-native_1.13.bb
new file mode 100644
index 00..bbf3c0dd73
--- /dev/null
+++ b/meta/recipes-devtools/go/go-native_1.13.bb
@@ -0,0 +1,2 @@
+require ${PN}.inc
+require go-${PV}.inc
diff --git a/meta/recipes-devtools/go/go-runtime_1.13.bb 
b/meta/recipes-devtools/go/go-runtime_1.13.bb
new file mode 100644
index 00..43b68b4e46
--- /dev/null
+++ b/meta/recipes-devtools/go/go-runtime_1.13.bb
@@ -0,0 +1,2 @@
+require go-${PV}.inc
+require go-runtime.inc
diff --git a/meta/recipes-devtools/go/go_1.13.bb 
b/meta/recipes-devtools/go/go_1.13.bb
new file mode 100644
index 00..483e2e2cb7
--- /dev/null
+++ b/meta/recipes-devtools/go/go_1.13.bb
@@ -0,0 +1,14 @@
+require go-${PV}.inc
+require go-target.inc
+
+export GOBUILDMODE=""
+
+# Add pie to GOBUILDMODE to satisfy "textrel" QA checking, but mips
+# doesn't support -buildmode=pie, so skip the QA checking for mips and its
+# variants.
+python() {
+if 'mips' in d.getVar('TARGET_ARCH',True):
+d.appendVar('INSANE_SKIP_%s' % d.getVar('PN',True), " textrel")
+else:
+d.setVar('GOBUILDMODE', 'pie')
+}
-- 
2.17.1 (Apple Git-112)

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH v5 1/4] go: Refactor patches for 1.13.3

[Alexander Kube]

From: Alex Kube 

Signed-off-by: Alex Kube 
---
 ...ow-CC-and-CXX-to-have-multiple-words.patch |  38 +++
 ...ent-based-hash-generation-less-pedan.patch | 226 ++
 ...-to-be-overridden-in-the-environment.patch |  54 
 ...4-ld-add-soname-to-shareable-objects.patch |  50 
 ...de-CC-when-building-dist-and-go_boot.patch |  44 +++
 ...dist-separate-host-and-target-builds.patch | 279 ++
 ...d-go-make-GOROOT-precious-by-default.patch | 113 +++
 ...008-use-GOBUILDMODE-to-set-buildmode.patch |  47 +++
 ...place-glibc-dynamic-linker-with-musl.patch | 134 +
 9 files changed, 985 insertions(+)
 create mode 100644 
meta/recipes-devtools/go/go-1.13/0001-allow-CC-and-CXX-to-have-multiple-words.patch
 create mode 100644 
meta/recipes-devtools/go/go-1.13/0002-cmd-go-make-content-based-hash-generation-less-pedan.patch
 create mode 100644 
meta/recipes-devtools/go/go-1.13/0003-allow-GOTOOLDIR-to-be-overridden-in-the-environment.patch
 create mode 100644 
meta/recipes-devtools/go/go-1.13/0004-ld-add-soname-to-shareable-objects.patch
 create mode 100644 
meta/recipes-devtools/go/go-1.13/0005-make.bash-override-CC-when-building-dist-and-go_boot.patch
 create mode 100644 
meta/recipes-devtools/go/go-1.13/0006-cmd-dist-separate-host-and-target-builds.patch
 create mode 100644 
meta/recipes-devtools/go/go-1.13/0007-cmd-go-make-GOROOT-precious-by-default.patch
 create mode 100644 
meta/recipes-devtools/go/go-1.13/0008-use-GOBUILDMODE-to-set-buildmode.patch
 create mode 100644 
meta/recipes-devtools/go/go-1.13/0009-ld-replace-glibc-dynamic-linker-with-musl.patch

diff --git 
a/meta/recipes-devtools/go/go-1.13/0001-allow-CC-and-CXX-to-have-multiple-words.patch
 
b/meta/recipes-devtools/go/go-1.13/0001-allow-CC-and-CXX-to-have-multiple-words.patch
new file mode 100644
index 00..ddfd5e41d1
--- /dev/null
+++ 
b/meta/recipes-devtools/go/go-1.13/0001-allow-CC-and-CXX-to-have-multiple-words.patch
@@ -0,0 +1,38 @@
+From 9e3dc44cdfa58d96504d0a789dc82617dd5bef55 Mon Sep 17 00:00:00 2001
+From: Alex Kube 
+Date: Wed, 23 Oct 2019 21:01:13 +0430
+Subject: [PATCH 1/9] cmd/go: Allow CC and CXX to have multiple words
+
+Upstream-Status: Inappropriate [OE specific]
+
+Adapted to Go 1.13 from patches originally submitted to
+the meta/recipes-devtools/go tree by
+Matt Madison .
+
+Signed-off-by: Alexander J Kube 
+
+---
+ src/cmd/go/internal/envcmd/env.go | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/cmd/go/internal/envcmd/env.go 
b/src/cmd/go/internal/envcmd/env.go
+index 17852de..7b5ec5e 100644
+--- a/src/cmd/go/internal/envcmd/env.go
 b/src/cmd/go/internal/envcmd/env.go
+@@ -100,11 +100,11 @@ func MkEnv() []cfg.EnvVar {
+ 
+   cc := cfg.DefaultCC(cfg.Goos, cfg.Goarch)
+   if env := strings.Fields(cfg.Getenv("CC")); len(env) > 0 {
+-  cc = env[0]
++  cc = strings.Join(env, " ")
+   }
+   cxx := cfg.DefaultCXX(cfg.Goos, cfg.Goarch)
+   if env := strings.Fields(cfg.Getenv("CXX")); len(env) > 0 {
+-  cxx = env[0]
++  cxx = strings.Join(env, " ")
+   }
+   env = append(env, cfg.EnvVar{Name: "AR", Value: envOr("AR", "ar")})
+   env = append(env, cfg.EnvVar{Name: "CC", Value: cc})
+-- 
+2.17.1 (Apple Git-112)
+
diff --git 
a/meta/recipes-devtools/go/go-1.13/0002-cmd-go-make-content-based-hash-generation-less-pedan.patch
 
b/meta/recipes-devtools/go/go-1.13/0002-cmd-go-make-content-based-hash-generation-less-pedan.patch
new file mode 100644
index 00..4eddd39809
--- /dev/null
+++ 
b/meta/recipes-devtools/go/go-1.13/0002-cmd-go-make-content-based-hash-generation-less-pedan.patch
@@ -0,0 +1,226 @@
+From a13ae484e41139094505d2834437e9262a5315f7 Mon Sep 17 00:00:00 2001
+From: Alex Kube 
+Date: Wed, 23 Oct 2019 21:14:22 +0430
+Subject: [PATCH 2/9] cmd/go: make content-based hash generation less pedantic
+
+Upstream-Status: Inappropriate [OE specific]
+
+Go 1.10's build tool now uses content-based hashes to
+determine when something should be built or re-built.
+This same mechanism is used to maintain a built-artifact
+cache for speeding up builds.
+
+However, the hashes it generates include information that
+doesn't work well with OE, nor with using a shared runtime
+library.
+
+First, it embeds path names to source files, unless
+building within GOROOT.  This prevents the building
+of a package in GOPATH for later staging into GOROOT.
+
+This patch adds support for the environment variable
+GOPATH_OMIT_IN_ACTIONID.  If present, path name
+embedding is disabled.
+
+Second, if cgo is enabled, the build ID for cgo-related
+packages will include the current value of the environment
+variables for invoking the compiler (CC, CXX, FC) and
+any CGO_xxFLAGS variables.  Only if the settings used
+during a compilation exactly match, character for character,
+the values used for compiling runtime/cgo or any other
+cgo-enabled package being imported, will the tool
+decide that the imported package

[OE-core] [PATCH v2] systemtap: support usrmerge

[Alessio Igor Bogani]

Signed-off-by: Alessio Igor Bogani 
---
 meta/recipes-kernel/systemtap/systemtap_git.bb | 11 +++
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/meta/recipes-kernel/systemtap/systemtap_git.bb 
b/meta/recipes-kernel/systemtap/systemtap_git.bb
index 6ee3e1c0f7..1c9f2aed16 100644
--- a/meta/recipes-kernel/systemtap/systemtap_git.bb
+++ b/meta/recipes-kernel/systemtap/systemtap_git.bb
@@ -51,10 +51,13 @@ do_install_append () {
   rm ${D}${libexecdir}/${PN}/stap-env
fi
 
-   # Fix makefile hardcoded path assumptions for systemd (assumes $prefix)
-   install -d `dirname ${D}${systemd_unitdir}`
-   mv ${D}${prefix}/lib/systemd `dirname ${D}${systemd_unitdir}`
-   rmdir ${D}${prefix}/lib --ignore-fail-on-non-empty
+   if [ ${D}${prefix}/lib != `dirname ${D}${systemd_unitdir}` ]; then
+  # Fix makefile hardcoded path assumptions for systemd (assumes $prefix)
+  # without usrmerge distro feature enabled
+  install -d `dirname ${D}${systemd_unitdir}`
+  mv ${D}${prefix}/lib/systemd `dirname ${D}${systemd_unitdir}`
+  rmdir ${D}${prefix}/lib --ignore-fail-on-non-empty
+   fi
 
# Ensure correct ownership for files copied in
chown root:root ${D}${sysconfdir}/stap-exporter/* -R
-- 
2.17.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] ✗ patchtest: failure for "[v4] go: Refactor patches for ..." and 3 more

[Patchwork]

== Series Details ==

Series: "[v4] go: Refactor patches for ..." and 3 more
Revision: 1
URL   : https://patchwork.openembedded.org/series/20676/
State : failure

== Summary ==


Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been executed on the proposed
series by patchtest resulting in the following failures:



* Patch[v4,4/4] Remove go-1.12
 Issue Shortlog does not follow expected format 
[test_shortlog_format] 
  Suggested fixCommit shortlog (first line of commit message) should follow 
the format ": "



If you believe any of these test results are incorrect, please reply to the
mailing list (openembedded-core@lists.openembedded.org) raising your concerns.
Otherwise we would appreciate you correcting the issues and submitting a new
version of the patchset if applicable. Please ensure you add/increment the
version number when sending the new version (i.e. [PATCH] -> [PATCH v2] ->
[PATCH v3] -> ...).

---
Guidelines: 
https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH v4 1/4] go: Refactor patches for 1.13.3

[Alexander Kube]

From: Alex Kube 

Signed-off-by: Alex Kube 
---
 ...ow-CC-and-CXX-to-have-multiple-words.patch |  38 +++
 ...ent-based-hash-generation-less-pedan.patch | 226 ++
 ...-to-be-overridden-in-the-environment.patch |  54 
 ...4-ld-add-soname-to-shareable-objects.patch |  50 
 ...de-CC-when-building-dist-and-go_boot.patch |  44 +++
 ...dist-separate-host-and-target-builds.patch | 279 ++
 ...d-go-make-GOROOT-precious-by-default.patch | 113 +++
 ...008-use-GOBUILDMODE-to-set-buildmode.patch |  47 +++
 ...place-glibc-dynamic-linker-with-musl.patch | 134 +
 9 files changed, 985 insertions(+)
 create mode 100644 
meta/recipes-devtools/go/go-1.13/0001-allow-CC-and-CXX-to-have-multiple-words.patch
 create mode 100644 
meta/recipes-devtools/go/go-1.13/0002-cmd-go-make-content-based-hash-generation-less-pedan.patch
 create mode 100644 
meta/recipes-devtools/go/go-1.13/0003-allow-GOTOOLDIR-to-be-overridden-in-the-environment.patch
 create mode 100644 
meta/recipes-devtools/go/go-1.13/0004-ld-add-soname-to-shareable-objects.patch
 create mode 100644 
meta/recipes-devtools/go/go-1.13/0005-make.bash-override-CC-when-building-dist-and-go_boot.patch
 create mode 100644 
meta/recipes-devtools/go/go-1.13/0006-cmd-dist-separate-host-and-target-builds.patch
 create mode 100644 
meta/recipes-devtools/go/go-1.13/0007-cmd-go-make-GOROOT-precious-by-default.patch
 create mode 100644 
meta/recipes-devtools/go/go-1.13/0008-use-GOBUILDMODE-to-set-buildmode.patch
 create mode 100644 
meta/recipes-devtools/go/go-1.13/0009-ld-replace-glibc-dynamic-linker-with-musl.patch

diff --git 
a/meta/recipes-devtools/go/go-1.13/0001-allow-CC-and-CXX-to-have-multiple-words.patch
 
b/meta/recipes-devtools/go/go-1.13/0001-allow-CC-and-CXX-to-have-multiple-words.patch
new file mode 100644
index 00..ddfd5e41d1
--- /dev/null
+++ 
b/meta/recipes-devtools/go/go-1.13/0001-allow-CC-and-CXX-to-have-multiple-words.patch
@@ -0,0 +1,38 @@
+From 9e3dc44cdfa58d96504d0a789dc82617dd5bef55 Mon Sep 17 00:00:00 2001
+From: Alex Kube 
+Date: Wed, 23 Oct 2019 21:01:13 +0430
+Subject: [PATCH 1/9] cmd/go: Allow CC and CXX to have multiple words
+
+Upstream-Status: Inappropriate [OE specific]
+
+Adapted to Go 1.13 from patches originally submitted to
+the meta/recipes-devtools/go tree by
+Matt Madison .
+
+Signed-off-by: Alexander J Kube 
+
+---
+ src/cmd/go/internal/envcmd/env.go | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/cmd/go/internal/envcmd/env.go 
b/src/cmd/go/internal/envcmd/env.go
+index 17852de..7b5ec5e 100644
+--- a/src/cmd/go/internal/envcmd/env.go
 b/src/cmd/go/internal/envcmd/env.go
+@@ -100,11 +100,11 @@ func MkEnv() []cfg.EnvVar {
+ 
+   cc := cfg.DefaultCC(cfg.Goos, cfg.Goarch)
+   if env := strings.Fields(cfg.Getenv("CC")); len(env) > 0 {
+-  cc = env[0]
++  cc = strings.Join(env, " ")
+   }
+   cxx := cfg.DefaultCXX(cfg.Goos, cfg.Goarch)
+   if env := strings.Fields(cfg.Getenv("CXX")); len(env) > 0 {
+-  cxx = env[0]
++  cxx = strings.Join(env, " ")
+   }
+   env = append(env, cfg.EnvVar{Name: "AR", Value: envOr("AR", "ar")})
+   env = append(env, cfg.EnvVar{Name: "CC", Value: cc})
+-- 
+2.17.1 (Apple Git-112)
+
diff --git 
a/meta/recipes-devtools/go/go-1.13/0002-cmd-go-make-content-based-hash-generation-less-pedan.patch
 
b/meta/recipes-devtools/go/go-1.13/0002-cmd-go-make-content-based-hash-generation-less-pedan.patch
new file mode 100644
index 00..4eddd39809
--- /dev/null
+++ 
b/meta/recipes-devtools/go/go-1.13/0002-cmd-go-make-content-based-hash-generation-less-pedan.patch
@@ -0,0 +1,226 @@
+From a13ae484e41139094505d2834437e9262a5315f7 Mon Sep 17 00:00:00 2001
+From: Alex Kube 
+Date: Wed, 23 Oct 2019 21:14:22 +0430
+Subject: [PATCH 2/9] cmd/go: make content-based hash generation less pedantic
+
+Upstream-Status: Inappropriate [OE specific]
+
+Go 1.10's build tool now uses content-based hashes to
+determine when something should be built or re-built.
+This same mechanism is used to maintain a built-artifact
+cache for speeding up builds.
+
+However, the hashes it generates include information that
+doesn't work well with OE, nor with using a shared runtime
+library.
+
+First, it embeds path names to source files, unless
+building within GOROOT.  This prevents the building
+of a package in GOPATH for later staging into GOROOT.
+
+This patch adds support for the environment variable
+GOPATH_OMIT_IN_ACTIONID.  If present, path name
+embedding is disabled.
+
+Second, if cgo is enabled, the build ID for cgo-related
+packages will include the current value of the environment
+variables for invoking the compiler (CC, CXX, FC) and
+any CGO_xxFLAGS variables.  Only if the settings used
+during a compilation exactly match, character for character,
+the values used for compiling runtime/cgo or any other
+cgo-enabled package being imported, will the tool
+decide that the imported package

[OE-core] [PATCH v4 1/4] go: Refactor patches for 1.13.3

[Alexander Kube]

From: Alex Kube 

Signed-off-by: Alex Kube 
---
 ...ow-CC-and-CXX-to-have-multiple-words.patch |  38 +++
 ...ent-based-hash-generation-less-pedan.patch | 226 ++
 ...-to-be-overridden-in-the-environment.patch |  54 
 ...4-ld-add-soname-to-shareable-objects.patch |  50 
 ...de-CC-when-building-dist-and-go_boot.patch |  44 +++
 ...dist-separate-host-and-target-builds.patch | 279 ++
 ...d-go-make-GOROOT-precious-by-default.patch | 113 +++
 ...008-use-GOBUILDMODE-to-set-buildmode.patch |  47 +++
 ...place-glibc-dynamic-linker-with-musl.patch | 134 +
 9 files changed, 985 insertions(+)
 create mode 100644 
meta/recipes-devtools/go/go-1.13/0001-allow-CC-and-CXX-to-have-multiple-words.patch
 create mode 100644 
meta/recipes-devtools/go/go-1.13/0002-cmd-go-make-content-based-hash-generation-less-pedan.patch
 create mode 100644 
meta/recipes-devtools/go/go-1.13/0003-allow-GOTOOLDIR-to-be-overridden-in-the-environment.patch
 create mode 100644 
meta/recipes-devtools/go/go-1.13/0004-ld-add-soname-to-shareable-objects.patch
 create mode 100644 
meta/recipes-devtools/go/go-1.13/0005-make.bash-override-CC-when-building-dist-and-go_boot.patch
 create mode 100644 
meta/recipes-devtools/go/go-1.13/0006-cmd-dist-separate-host-and-target-builds.patch
 create mode 100644 
meta/recipes-devtools/go/go-1.13/0007-cmd-go-make-GOROOT-precious-by-default.patch
 create mode 100644 
meta/recipes-devtools/go/go-1.13/0008-use-GOBUILDMODE-to-set-buildmode.patch
 create mode 100644 
meta/recipes-devtools/go/go-1.13/0009-ld-replace-glibc-dynamic-linker-with-musl.patch

diff --git 
a/meta/recipes-devtools/go/go-1.13/0001-allow-CC-and-CXX-to-have-multiple-words.patch
 
b/meta/recipes-devtools/go/go-1.13/0001-allow-CC-and-CXX-to-have-multiple-words.patch
new file mode 100644
index 00..ddfd5e41d1
--- /dev/null
+++ 
b/meta/recipes-devtools/go/go-1.13/0001-allow-CC-and-CXX-to-have-multiple-words.patch
@@ -0,0 +1,38 @@
+From 9e3dc44cdfa58d96504d0a789dc82617dd5bef55 Mon Sep 17 00:00:00 2001
+From: Alex Kube 
+Date: Wed, 23 Oct 2019 21:01:13 +0430
+Subject: [PATCH 1/9] cmd/go: Allow CC and CXX to have multiple words
+
+Upstream-Status: Inappropriate [OE specific]
+
+Adapted to Go 1.13 from patches originally submitted to
+the meta/recipes-devtools/go tree by
+Matt Madison .
+
+Signed-off-by: Alexander J Kube 
+
+---
+ src/cmd/go/internal/envcmd/env.go | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/cmd/go/internal/envcmd/env.go 
b/src/cmd/go/internal/envcmd/env.go
+index 17852de..7b5ec5e 100644
+--- a/src/cmd/go/internal/envcmd/env.go
 b/src/cmd/go/internal/envcmd/env.go
+@@ -100,11 +100,11 @@ func MkEnv() []cfg.EnvVar {
+ 
+   cc := cfg.DefaultCC(cfg.Goos, cfg.Goarch)
+   if env := strings.Fields(cfg.Getenv("CC")); len(env) > 0 {
+-  cc = env[0]
++  cc = strings.Join(env, " ")
+   }
+   cxx := cfg.DefaultCXX(cfg.Goos, cfg.Goarch)
+   if env := strings.Fields(cfg.Getenv("CXX")); len(env) > 0 {
+-  cxx = env[0]
++  cxx = strings.Join(env, " ")
+   }
+   env = append(env, cfg.EnvVar{Name: "AR", Value: envOr("AR", "ar")})
+   env = append(env, cfg.EnvVar{Name: "CC", Value: cc})
+-- 
+2.17.1 (Apple Git-112)
+
diff --git 
a/meta/recipes-devtools/go/go-1.13/0002-cmd-go-make-content-based-hash-generation-less-pedan.patch
 
b/meta/recipes-devtools/go/go-1.13/0002-cmd-go-make-content-based-hash-generation-less-pedan.patch
new file mode 100644
index 00..4eddd39809
--- /dev/null
+++ 
b/meta/recipes-devtools/go/go-1.13/0002-cmd-go-make-content-based-hash-generation-less-pedan.patch
@@ -0,0 +1,226 @@
+From a13ae484e41139094505d2834437e9262a5315f7 Mon Sep 17 00:00:00 2001
+From: Alex Kube 
+Date: Wed, 23 Oct 2019 21:14:22 +0430
+Subject: [PATCH 2/9] cmd/go: make content-based hash generation less pedantic
+
+Upstream-Status: Inappropriate [OE specific]
+
+Go 1.10's build tool now uses content-based hashes to
+determine when something should be built or re-built.
+This same mechanism is used to maintain a built-artifact
+cache for speeding up builds.
+
+However, the hashes it generates include information that
+doesn't work well with OE, nor with using a shared runtime
+library.
+
+First, it embeds path names to source files, unless
+building within GOROOT.  This prevents the building
+of a package in GOPATH for later staging into GOROOT.
+
+This patch adds support for the environment variable
+GOPATH_OMIT_IN_ACTIONID.  If present, path name
+embedding is disabled.
+
+Second, if cgo is enabled, the build ID for cgo-related
+packages will include the current value of the environment
+variables for invoking the compiler (CC, CXX, FC) and
+any CGO_xxFLAGS variables.  Only if the settings used
+during a compilation exactly match, character for character,
+the values used for compiling runtime/cgo or any other
+cgo-enabled package being imported, will the tool
+decide that the imported package

[OE-core] [PATCH v4 4/4] Remove go-1.12

[Alexander Kube]

From: Alex Kube 

Signed-off-by: Alex Kube 
---
 meta/recipes-devtools/go/go-1.12.inc  |  24 --
 ...ow-CC-and-CXX-to-have-multiple-words.patch |  31 --
 ...o1.12-security-net-textproto-don-t-n.patch | 163 --
 ...ent-based-hash-generation-less-pedan.patch | 218 --
 ...-to-be-overridden-in-the-environment.patch |  48 ---
 ...4-ld-add-soname-to-shareable-objects.patch |  45 ---
 ...de-CC-when-building-dist-and-go_boot.patch |  37 ---
 ...dist-separate-host-and-target-builds.patch | 282 --
 ...d-go-make-GOROOT-precious-by-default.patch | 106 ---
 ...008-use-GOBUILDMODE-to-set-buildmode.patch |  37 ---
 ...place-glibc-dynamic-linker-with-musl.patch | 112 ---
 .../go/go-cross-canadian_1.12.bb  |   2 -
 meta/recipes-devtools/go/go-cross_1.12.bb |   2 -
 meta/recipes-devtools/go/go-crosssdk_1.12.bb  |   2 -
 meta/recipes-devtools/go/go-native_1.12.bb|   2 -
 meta/recipes-devtools/go/go-runtime_1.12.bb   |   2 -
 meta/recipes-devtools/go/go_1.12.bb   |  14 -
 17 files changed, 1127 deletions(-)
 delete mode 100644 meta/recipes-devtools/go/go-1.12.inc
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0001-allow-CC-and-CXX-to-have-multiple-words.patch
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0001-release-branch.go1.12-security-net-textproto-don-t-n.patch
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0002-cmd-go-make-content-based-hash-generation-less-pedan.patch
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0003-allow-GOTOOLDIR-to-be-overridden-in-the-environment.patch
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0004-ld-add-soname-to-shareable-objects.patch
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0005-make.bash-override-CC-when-building-dist-and-go_boot.patch
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0006-cmd-dist-separate-host-and-target-builds.patch
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0007-cmd-go-make-GOROOT-precious-by-default.patch
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0008-use-GOBUILDMODE-to-set-buildmode.patch
 delete mode 100644 
meta/recipes-devtools/go/go-1.12/0009-ld-replace-glibc-dynamic-linker-with-musl.patch
 delete mode 100644 meta/recipes-devtools/go/go-cross-canadian_1.12.bb
 delete mode 100644 meta/recipes-devtools/go/go-cross_1.12.bb
 delete mode 100644 meta/recipes-devtools/go/go-crosssdk_1.12.bb
 delete mode 100644 meta/recipes-devtools/go/go-native_1.12.bb
 delete mode 100644 meta/recipes-devtools/go/go-runtime_1.12.bb
 delete mode 100644 meta/recipes-devtools/go/go_1.12.bb

diff --git a/meta/recipes-devtools/go/go-1.12.inc 
b/meta/recipes-devtools/go/go-1.12.inc
deleted file mode 100644
index ed14b175e6..00
--- a/meta/recipes-devtools/go/go-1.12.inc
+++ /dev/null
@@ -1,24 +0,0 @@
-require go-common.inc
-
-GO_BASEVERSION = "1.12"
-GO_MINOR = ".9"
-PV .= "${GO_MINOR}"
-FILESEXTRAPATHS_prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"
-
-LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707"
-
-SRC_URI += "\
-file://0001-allow-CC-and-CXX-to-have-multiple-words.patch \
-file://0002-cmd-go-make-content-based-hash-generation-less-pedan.patch \
-file://0003-allow-GOTOOLDIR-to-be-overridden-in-the-environment.patch \
-file://0004-ld-add-soname-to-shareable-objects.patch \
-file://0005-make.bash-override-CC-when-building-dist-and-go_boot.patch \
-file://0006-cmd-dist-separate-host-and-target-builds.patch \
-file://0007-cmd-go-make-GOROOT-precious-by-default.patch \
-file://0008-use-GOBUILDMODE-to-set-buildmode.patch \
-file://0001-release-branch.go1.12-security-net-textproto-don-t-n.patch \
-"
-SRC_URI_append_libc-musl = " 
file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
-
-SRC_URI[main.md5sum] = "6132109d4050da349eadc9f7b0304ef4"
-SRC_URI[main.sha256sum] = 
"ab0e56ed9c4732a653ed22e232652709afbf573e710f56a07f7fdeca578d62fc"
diff --git 
a/meta/recipes-devtools/go/go-1.12/0001-allow-CC-and-CXX-to-have-multiple-words.patch
 
b/meta/recipes-devtools/go/go-1.12/0001-allow-CC-and-CXX-to-have-multiple-words.patch
deleted file mode 100644
index 4442858c83..00
--- 
a/meta/recipes-devtools/go/go-1.12/0001-allow-CC-and-CXX-to-have-multiple-words.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 7cc519aa5f84cf8fc7ac8c10fc69aa8040330ea0 Mon Sep 17 00:00:00 2001
-From: Matt Madison 
-Date: Mon, 19 Feb 2018 08:49:33 -0800
-Subject: [PATCH] allow CC and CXX to have multiple words
-
-Upstream-Status: Inappropriate [OE specific]
-
-Signed-off-by: Matt Madison 
-

- src/cmd/go/internal/envcmd/env.go | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/cmd/go/internal/envcmd/env.go 
b/src/cmd/go/internal/envcmd/env.go
-index afadbad..cedbfbf 100644
 a/src/cmd/go/internal/envcmd/env.go
-+++ b/src/cmd/go/internal/envcmd/env.go
-@@ -85,11 +85,11 @@ func MkEnv() []cfg.EnvVar {
- 
-   cc := cfg.DefaultCC(cfg.Goos, cfg.Goarch)
-   if

[OE-core] [PATCH v4 3/4] go: Change default GOVERSION to 1.13

[Alexander Kube]

From: Alex Kube 

Signed-off-by: Alex Kube 
---
 meta/conf/distro/include/tcmode-default.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/conf/distro/include/tcmode-default.inc 
b/meta/conf/distro/include/tcmode-default.inc
index 4a23c50631..c6c4cf7ce0 100644
--- a/meta/conf/distro/include/tcmode-default.inc
+++ b/meta/conf/distro/include/tcmode-default.inc
@@ -23,7 +23,7 @@ GDBVERSION ?= "8.3%"
 GLIBCVERSION ?= "2.30%"
 LINUXLIBCVERSION ?= "5.2%"
 QEMUVERSION ?= "4.1%"
-GOVERSION ?= "1.12%"
+GOVERSION ?= "1.13%"
 # This can not use wildcards like 8.0.% since it is also used in mesa to denote
 # llvm version being used, so always bump it with llvm recipe version bump
 LLVMVERSION ?= "9.0.0"
-- 
2.17.1 (Apple Git-112)

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH v4 2/4] go: Add go1.13 recipes

[Alexander Kube]

From: Alex Kube 

Signed-off-by: Alex Kube 
---
 meta/recipes-devtools/go/go-1.13.inc  | 24 +++
 .../go/go-cross-canadian_1.13.bb  |  2 ++
 meta/recipes-devtools/go/go-cross_1.13.bb |  2 ++
 meta/recipes-devtools/go/go-crosssdk_1.13.bb  |  2 ++
 meta/recipes-devtools/go/go-native_1.13.bb|  2 ++
 meta/recipes-devtools/go/go-runtime_1.13.bb   |  2 ++
 meta/recipes-devtools/go/go_1.13.bb   | 14 +++
 7 files changed, 48 insertions(+)
 create mode 100644 meta/recipes-devtools/go/go-1.13.inc
 create mode 100644 meta/recipes-devtools/go/go-cross-canadian_1.13.bb
 create mode 100644 meta/recipes-devtools/go/go-cross_1.13.bb
 create mode 100644 meta/recipes-devtools/go/go-crosssdk_1.13.bb
 create mode 100644 meta/recipes-devtools/go/go-native_1.13.bb
 create mode 100644 meta/recipes-devtools/go/go-runtime_1.13.bb
 create mode 100644 meta/recipes-devtools/go/go_1.13.bb

diff --git a/meta/recipes-devtools/go/go-1.13.inc 
b/meta/recipes-devtools/go/go-1.13.inc
new file mode 100644
index 00..2afe8b69cd
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.13.inc
@@ -0,0 +1,24 @@
+require go-common.inc
+
+GO_BASEVERSION = "1.13"
+GO_MINOR = ".3"
+PV .= "${GO_MINOR}"
+FILESEXTRAPATHS_prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"
+
+LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707"
+
+SRC_URI += "\
+file://0001-allow-CC-and-CXX-to-have-multiple-words.patch \
+file://0002-cmd-go-make-content-based-hash-generation-less-pedan.patch \
+file://0003-allow-GOTOOLDIR-to-be-overridden-in-the-environment.patch \
+file://0004-ld-add-soname-to-shareable-objects.patch \
+file://0005-make.bash-override-CC-when-building-dist-and-go_boot.patch \
+file://0006-cmd-dist-separate-host-and-target-builds.patch \
+file://0007-cmd-go-make-GOROOT-precious-by-default.patch \
+file://0008-use-GOBUILDMODE-to-set-buildmode.patch \
+"
+SRC_URI_append_libc-musl = " 
file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
+
+SRC_URI[main.md5sum] = "94ae8bf6a4fe623e34cb8b0db2a71ec0"
+SRC_URI[main.sha256sum] = 
"4f7123044375d5c404280737fbd2d0b17064b66182a65919ffe20ffe8620e3df"
+
diff --git a/meta/recipes-devtools/go/go-cross-canadian_1.13.bb 
b/meta/recipes-devtools/go/go-cross-canadian_1.13.bb
new file mode 100644
index 00..7ac9449e47
--- /dev/null
+++ b/meta/recipes-devtools/go/go-cross-canadian_1.13.bb
@@ -0,0 +1,2 @@
+require go-cross-canadian.inc
+require go-${PV}.inc
diff --git a/meta/recipes-devtools/go/go-cross_1.13.bb 
b/meta/recipes-devtools/go/go-cross_1.13.bb
new file mode 100644
index 00..80b5a03f6c
--- /dev/null
+++ b/meta/recipes-devtools/go/go-cross_1.13.bb
@@ -0,0 +1,2 @@
+require go-cross.inc
+require go-${PV}.inc
diff --git a/meta/recipes-devtools/go/go-crosssdk_1.13.bb 
b/meta/recipes-devtools/go/go-crosssdk_1.13.bb
new file mode 100644
index 00..1857c8a577
--- /dev/null
+++ b/meta/recipes-devtools/go/go-crosssdk_1.13.bb
@@ -0,0 +1,2 @@
+require go-crosssdk.inc
+require go-${PV}.inc
diff --git a/meta/recipes-devtools/go/go-native_1.13.bb 
b/meta/recipes-devtools/go/go-native_1.13.bb
new file mode 100644
index 00..bbf3c0dd73
--- /dev/null
+++ b/meta/recipes-devtools/go/go-native_1.13.bb
@@ -0,0 +1,2 @@
+require ${PN}.inc
+require go-${PV}.inc
diff --git a/meta/recipes-devtools/go/go-runtime_1.13.bb 
b/meta/recipes-devtools/go/go-runtime_1.13.bb
new file mode 100644
index 00..43b68b4e46
--- /dev/null
+++ b/meta/recipes-devtools/go/go-runtime_1.13.bb
@@ -0,0 +1,2 @@
+require go-${PV}.inc
+require go-runtime.inc
diff --git a/meta/recipes-devtools/go/go_1.13.bb 
b/meta/recipes-devtools/go/go_1.13.bb
new file mode 100644
index 00..483e2e2cb7
--- /dev/null
+++ b/meta/recipes-devtools/go/go_1.13.bb
@@ -0,0 +1,14 @@
+require go-${PV}.inc
+require go-target.inc
+
+export GOBUILDMODE=""
+
+# Add pie to GOBUILDMODE to satisfy "textrel" QA checking, but mips
+# doesn't support -buildmode=pie, so skip the QA checking for mips and its
+# variants.
+python() {
+if 'mips' in d.getVar('TARGET_ARCH',True):
+d.appendVar('INSANE_SKIP_%s' % d.getVar('PN',True), " textrel")
+else:
+d.setVar('GOBUILDMODE', 'pie')
+}
-- 
2.17.1 (Apple Git-112)

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH] libcap-ng:upgrade 0.7.9 -> 0.7.10

[Trevor Woerner]

On Fri 2019-10-25 @ 09:22:04 AM, Trevor Woerner wrote:
> On Thu 2019-10-24 @ 04:05:10 PM, Khem Raj wrote:
> > perhaps you need to add -pthread to LDFLAGS
> 
> I'll set up a test build.

Yes, adding the following line fixes it:

LDFLAGS_append_class-native = " -lpthread"

(unless there's a distro-override way of doing it...?)
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH] libcap-ng:upgrade 0.7.9 -> 0.7.10

[Trevor Gamblin]

On 10/25/19 9:17 AM, Trevor Woerner wrote:


On Fri 2019-10-25 @ 01:30:32 PM, zangrc wrote:

hello！

We think this problem has something to do with the host environment. We
tried to reproduce the error on ubuntu16.04 and fedora29, but they all
compiled successfully. Can you tell us which distributions are having this
problem?

openSUSE 15.1
(which is the current "latest" openSUSE release)


I'm seeing it on Ubuntu 18.04.3 LTS. I've managed to get past the same 
attempted build (bitbake binutils) on Fedora 30 Server.


Out of curiosity I checked out the commit prior to the upgrade 
(a5a987ff5e5e) on Ubuntu 18.04.3 LTS and did bitbake libcap-ng-native,


and it succeeded. Going back to latest master (with the upgrade), the 
same bitbake fails as described at do_compile.


--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH] libcap-ng:upgrade 0.7.9 -> 0.7.10

[Trevor Woerner]

On Thu 2019-10-24 @ 04:05:10 PM, Khem Raj wrote:
> perhaps you need to add -pthread to LDFLAGS

That's what it feels like.
I'll set up a test build.

I'm pretty sure I've stumbled across this in the past, but it seems like
different distros package the crypto things differently, therefore building on
some distros require linking to one set of libraries, and building on other
distros require linking to a different set. Does that seem right?

Is there a mechanism for telling OE to tweak a parameter based on the distro
on which it is building? A distro override of some sort?
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH] libcap-ng:upgrade 0.7.9 -> 0.7.10

[Trevor Woerner]

On Fri 2019-10-25 @ 01:30:32 PM, zangrc wrote:
> hello！
> 
> We think this problem has something to do with the host environment. We
> tried to reproduce the error on ubuntu16.04 and fedora29, but they all
> compiled successfully. Can you tell us which distributions are having this
> problem?

openSUSE 15.1
(which is the current "latest" openSUSE release)
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [zeus][PATCH v2] binutils: fix CVE-2019-17450

[Trevor Gamblin]

On 10/25/19 8:20 AM, Trevor Gamblin wrote:


Backport upstream fix to zeus.

Signed-off-by: Trevor Gamblin 
---
  .../binutils/binutils-2.32.inc|  1 +
  .../binutils/binutils/CVE-2019-17450.patch| 99 +++
  2 files changed, 100 insertions(+)
  create mode 100644 
meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.32.inc 
b/meta/recipes-devtools/binutils/binutils-2.32.inc
index 19baf8a883..48940fd3e5 100644
--- a/meta/recipes-devtools/binutils/binutils-2.32.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.32.inc
@@ -49,6 +49,7 @@ SRC_URI = "\
   file://CVE-2019-12972.patch \
   file://CVE-2019-14250.patch \
   file://CVE-2019-1.patch \
+ file://0001-PR25078-stack-overflow-in-function-find_abstract_ins.patch \
  "
  S  = "${WORKDIR}/git"
  
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch b/meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch

new file mode 100644
index 00..a6ce0b9a8a
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch
@@ -0,0 +1,99 @@
+From 09dd135df9ebc7a4b640537e23e26a03a288a789 Mon Sep 17 00:00:00 2001
+From: Alan Modra 
+Date: Wed, 9 Oct 2019 00:07:29 +1030
+Subject: [PATCH] PR25078, stack overflow in function find_abstract_instance
+
+Selectively backporting fix for bfd/dwarf2.c, but not the ChangeLog
+file. There are newer versions of binutils, but none of them contain the
+commit fixing CVE-2019-17450, so backport it to master and zeus.
+
+Upstream-Status: Backport 
[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=063c511bd79]
+CVE: CVE-2019-17450
+Signed-off-by: Trevor Gamblin 
+
+   PR 25078
+   * dwarf2.c (find_abstract_instance): Delete orig_info_ptr, add
+   recur_count.  Error on recur_count reaching 100 rather than
+   info_ptr matching orig_info_ptr.  Adjust calls.
+
+---
+ bfd/dwarf2.c | 35 +--
+ 1 file changed, 17 insertions(+), 18 deletions(-)
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index 0b4e485582..20ec9e2e56 100644
+--- a/bfd/dwarf2.c
 b/bfd/dwarf2.c
+@@ -2803,13 +2803,13 @@ lookup_symbol_in_variable_table (struct comp_unit 
*unit,
+ }
+
+ static bfd_boolean
+-find_abstract_instance (struct comp_unit *   unit,
+-  bfd_byte *   orig_info_ptr,
+-  struct attribute *   attr_ptr,
+-  const char **pname,
+-  bfd_boolean *is_linkage,
+-  char **  filename_ptr,
+-  int *linenumber_ptr)
++find_abstract_instance (struct comp_unit *unit,
++  struct attribute *attr_ptr,
++  unsigned int recur_count,
++  const char **pname,
++  bfd_boolean *is_linkage,
++  char **filename_ptr,
++  int *linenumber_ptr)
+ {
+   bfd *abfd = unit->abfd;
+   bfd_byte *info_ptr;
+@@ -2820,6 +2820,14 @@ find_abstract_instance (struct comp_unit *   unit,
+   struct attribute attr;
+   const char *name = NULL;
+
++  if (recur_count == 100)
++{
++  _bfd_error_handler
++  (_("DWARF error: abstract instance recursion detected"));
++  bfd_set_error (bfd_error_bad_value);
++  return FALSE;
++}
++
+   /* DW_FORM_ref_addr can reference an entry in a different CU. It
+  is an offset from the .debug_info section, not the current CU.  */
+   if (attr_ptr->form == DW_FORM_ref_addr)
+@@ -2939,15 +2947,6 @@ find_abstract_instance (struct comp_unit *   unit,
+info_ptr, info_ptr_end);
+ if (info_ptr == NULL)
+   break;
+-/* It doesn't ever make sense for DW_AT_specification to
+-   refer to the same DIE.  Stop simple recursion.  */
+-if (info_ptr == orig_info_ptr)
+-  {
+-_bfd_error_handler
+-  (_("DWARF error: abstract instance recursion detected"));
+-bfd_set_error (bfd_error_bad_value);
+-return FALSE;
+-  }
+ switch (attr.name)
+   {
+   case DW_AT_name:
+@@ -2961,7 +2960,7 @@ find_abstract_instance (struct comp_unit *   unit,
+   }
+ break;
+   case DW_AT_specification:
+-if (!find_abstract_instance (unit, info_ptr, &attr,
++if (!find_abstract_instance (unit, &attr, recur_count + 1,
+  &name, is_linkage,
+  filename_ptr, linenumber_ptr))
+   return FALSE;
+@@ -3175,7 +3174,7 @@ scan_unit_for_symbols (struct comp_unit *unit)
+
+   case DW_AT_abstract_origin:
+   case DW_AT_specification:
+-if (!find_abstract_in

[OE-core] [zeus][PATCH v3] binutils: fix CVE-2019-17450

[Trevor Gamblin]

Backport upstream fix to zeus.

Signed-off-by: Trevor Gamblin 
---
 .../binutils/binutils-2.32.inc|  1 +
 .../binutils/binutils/CVE-2019-17450.patch| 99 +++
 2 files changed, 100 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.32.inc 
b/meta/recipes-devtools/binutils/binutils-2.32.inc
index 19baf8a883..1e96cf494d 100644
--- a/meta/recipes-devtools/binutils/binutils-2.32.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.32.inc
@@ -49,6 +49,7 @@ SRC_URI = "\
  file://CVE-2019-12972.patch \
  file://CVE-2019-14250.patch \
  file://CVE-2019-1.patch \
+ file://CVE-2019-17450.patch \
 "
 S  = "${WORKDIR}/git"
 
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch 
b/meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch
new file mode 100644
index 00..a6ce0b9a8a
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch
@@ -0,0 +1,99 @@
+From 09dd135df9ebc7a4b640537e23e26a03a288a789 Mon Sep 17 00:00:00 2001
+From: Alan Modra 
+Date: Wed, 9 Oct 2019 00:07:29 +1030
+Subject: [PATCH] PR25078, stack overflow in function find_abstract_instance
+
+Selectively backporting fix for bfd/dwarf2.c, but not the ChangeLog
+file. There are newer versions of binutils, but none of them contain the
+commit fixing CVE-2019-17450, so backport it to master and zeus.
+
+Upstream-Status: Backport 
[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=063c511bd79]
+CVE: CVE-2019-17450
+Signed-off-by: Trevor Gamblin 
+
+   PR 25078
+   * dwarf2.c (find_abstract_instance): Delete orig_info_ptr, add
+   recur_count.  Error on recur_count reaching 100 rather than
+   info_ptr matching orig_info_ptr.  Adjust calls.
+
+---
+ bfd/dwarf2.c | 35 +--
+ 1 file changed, 17 insertions(+), 18 deletions(-)
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index 0b4e485582..20ec9e2e56 100644
+--- a/bfd/dwarf2.c
 b/bfd/dwarf2.c
+@@ -2803,13 +2803,13 @@ lookup_symbol_in_variable_table (struct comp_unit 
*unit,
+ }
+ 
+ static bfd_boolean
+-find_abstract_instance (struct comp_unit *   unit,
+-  bfd_byte *   orig_info_ptr,
+-  struct attribute *   attr_ptr,
+-  const char **pname,
+-  bfd_boolean *is_linkage,
+-  char **  filename_ptr,
+-  int *linenumber_ptr)
++find_abstract_instance (struct comp_unit *unit,
++  struct attribute *attr_ptr,
++  unsigned int recur_count,
++  const char **pname,
++  bfd_boolean *is_linkage,
++  char **filename_ptr,
++  int *linenumber_ptr)
+ {
+   bfd *abfd = unit->abfd;
+   bfd_byte *info_ptr;
+@@ -2820,6 +2820,14 @@ find_abstract_instance (struct comp_unit *   unit,
+   struct attribute attr;
+   const char *name = NULL;
+ 
++  if (recur_count == 100)
++{
++  _bfd_error_handler
++  (_("DWARF error: abstract instance recursion detected"));
++  bfd_set_error (bfd_error_bad_value);
++  return FALSE;
++}
++
+   /* DW_FORM_ref_addr can reference an entry in a different CU. It
+  is an offset from the .debug_info section, not the current CU.  */
+   if (attr_ptr->form == DW_FORM_ref_addr)
+@@ -2939,15 +2947,6 @@ find_abstract_instance (struct comp_unit *   unit,
+info_ptr, info_ptr_end);
+ if (info_ptr == NULL)
+   break;
+-/* It doesn't ever make sense for DW_AT_specification to
+-   refer to the same DIE.  Stop simple recursion.  */
+-if (info_ptr == orig_info_ptr)
+-  {
+-_bfd_error_handler
+-  (_("DWARF error: abstract instance recursion detected"));
+-bfd_set_error (bfd_error_bad_value);
+-return FALSE;
+-  }
+ switch (attr.name)
+   {
+   case DW_AT_name:
+@@ -2961,7 +2960,7 @@ find_abstract_instance (struct comp_unit *   unit,
+   }
+ break;
+   case DW_AT_specification:
+-if (!find_abstract_instance (unit, info_ptr, &attr,
++if (!find_abstract_instance (unit, &attr, recur_count + 1,
+  &name, is_linkage,
+  filename_ptr, linenumber_ptr))
+   return FALSE;
+@@ -3175,7 +3174,7 @@ scan_unit_for_symbols (struct comp_unit *unit)
+ 
+   case DW_AT_abstract_origin:
+   case DW_AT_specification:
+-if (!find_abstract_instance (unit, info_ptr, &attr,
++if (!find_abstract_instance (unit, &attr, 0,
+  

[OE-core] [zeus][PATCH v2] binutils: fix CVE-2019-17450

[Trevor Gamblin]

Backport upstream fix to zeus.

Signed-off-by: Trevor Gamblin 
---
 .../binutils/binutils-2.32.inc|  1 +
 .../binutils/binutils/CVE-2019-17450.patch| 99 +++
 2 files changed, 100 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.32.inc 
b/meta/recipes-devtools/binutils/binutils-2.32.inc
index 19baf8a883..48940fd3e5 100644
--- a/meta/recipes-devtools/binutils/binutils-2.32.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.32.inc
@@ -49,6 +49,7 @@ SRC_URI = "\
  file://CVE-2019-12972.patch \
  file://CVE-2019-14250.patch \
  file://CVE-2019-1.patch \
+ file://0001-PR25078-stack-overflow-in-function-find_abstract_ins.patch \
 "
 S  = "${WORKDIR}/git"
 
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch 
b/meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch
new file mode 100644
index 00..a6ce0b9a8a
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch
@@ -0,0 +1,99 @@
+From 09dd135df9ebc7a4b640537e23e26a03a288a789 Mon Sep 17 00:00:00 2001
+From: Alan Modra 
+Date: Wed, 9 Oct 2019 00:07:29 +1030
+Subject: [PATCH] PR25078, stack overflow in function find_abstract_instance
+
+Selectively backporting fix for bfd/dwarf2.c, but not the ChangeLog
+file. There are newer versions of binutils, but none of them contain the
+commit fixing CVE-2019-17450, so backport it to master and zeus.
+
+Upstream-Status: Backport 
[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=063c511bd79]
+CVE: CVE-2019-17450
+Signed-off-by: Trevor Gamblin 
+
+   PR 25078
+   * dwarf2.c (find_abstract_instance): Delete orig_info_ptr, add
+   recur_count.  Error on recur_count reaching 100 rather than
+   info_ptr matching orig_info_ptr.  Adjust calls.
+
+---
+ bfd/dwarf2.c | 35 +--
+ 1 file changed, 17 insertions(+), 18 deletions(-)
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index 0b4e485582..20ec9e2e56 100644
+--- a/bfd/dwarf2.c
 b/bfd/dwarf2.c
+@@ -2803,13 +2803,13 @@ lookup_symbol_in_variable_table (struct comp_unit 
*unit,
+ }
+ 
+ static bfd_boolean
+-find_abstract_instance (struct comp_unit *   unit,
+-  bfd_byte *   orig_info_ptr,
+-  struct attribute *   attr_ptr,
+-  const char **pname,
+-  bfd_boolean *is_linkage,
+-  char **  filename_ptr,
+-  int *linenumber_ptr)
++find_abstract_instance (struct comp_unit *unit,
++  struct attribute *attr_ptr,
++  unsigned int recur_count,
++  const char **pname,
++  bfd_boolean *is_linkage,
++  char **filename_ptr,
++  int *linenumber_ptr)
+ {
+   bfd *abfd = unit->abfd;
+   bfd_byte *info_ptr;
+@@ -2820,6 +2820,14 @@ find_abstract_instance (struct comp_unit *   unit,
+   struct attribute attr;
+   const char *name = NULL;
+ 
++  if (recur_count == 100)
++{
++  _bfd_error_handler
++  (_("DWARF error: abstract instance recursion detected"));
++  bfd_set_error (bfd_error_bad_value);
++  return FALSE;
++}
++
+   /* DW_FORM_ref_addr can reference an entry in a different CU. It
+  is an offset from the .debug_info section, not the current CU.  */
+   if (attr_ptr->form == DW_FORM_ref_addr)
+@@ -2939,15 +2947,6 @@ find_abstract_instance (struct comp_unit *   unit,
+info_ptr, info_ptr_end);
+ if (info_ptr == NULL)
+   break;
+-/* It doesn't ever make sense for DW_AT_specification to
+-   refer to the same DIE.  Stop simple recursion.  */
+-if (info_ptr == orig_info_ptr)
+-  {
+-_bfd_error_handler
+-  (_("DWARF error: abstract instance recursion detected"));
+-bfd_set_error (bfd_error_bad_value);
+-return FALSE;
+-  }
+ switch (attr.name)
+   {
+   case DW_AT_name:
+@@ -2961,7 +2960,7 @@ find_abstract_instance (struct comp_unit *   unit,
+   }
+ break;
+   case DW_AT_specification:
+-if (!find_abstract_instance (unit, info_ptr, &attr,
++if (!find_abstract_instance (unit, &attr, recur_count + 1,
+  &name, is_linkage,
+  filename_ptr, linenumber_ptr))
+   return FALSE;
+@@ -3175,7 +3174,7 @@ scan_unit_for_symbols (struct comp_unit *unit)
+ 
+   case DW_AT_abstract_origin:
+   case DW_AT_specification:
+-if (!find_abstract_instance (unit, info_ptr, &attr,
++if (!

Re: [OE-core] [RFC][PATCH 0/6] NPM refactoring

[Adrian Bunk]

On Fri, Oct 25, 2019 at 10:35:20AM +0200, Stefan Herbrechtsmeier wrote:
> Am 24.10.19 um 17:59 schrieb Richard Purdie:
> > On Thu, 2019-10-24 at 18:37 +0300, Adrian Bunk wrote:
> > > On Thu, Oct 24, 2019 at 02:12:43PM +0200, Alexander Kanavin wrote:
> > > > On Thu, 24 Oct 2019 at 14:02, Stefan Herbrechtsmeier <
> > > > ste...@herbrechtsmeier.net> wrote:
> > > > 
> > > > > @Richard: What is your opinion about the per recipe dependency?
> > > > > Typically OE use one recipe per project. The NPM based solution
> > > > > handle a
> > > > > project and all dependencies via one recipe.
> > > > 
> > > > I don't think it's at all realistic to stick to the 'one recipe per
> > > > component' in node.js world. A typical 'npm install' can pull down
> > > > hundreds, or over a thousand dependencies, it's not feasible to
> > > > have a
> > > > recipe for each.
> > > 
> > > Debian has for the perl/python/node/go/rust/haskell ecosystems
> > > one recipe per component, with ~ 1k recipes each.
> > 
> > I think we'll have to end up having a smaller number of recipes which
> > generate multiple packages. That gives a reasonable parsing time at the
> > expense of having to pre-generate some of the recipe, a bit like the
> > core perl and python recipes work today. The exact split will depend on
> > the ecosystems and the "blocks" people tend to build in as its a
> > compromise between building too much and parsing time.
> 
> How should this work? Node.js consist of multiple independent packages and
> every package define its own dependencies. Thereby the dependencies is
> defined with a version range which often reference a single version.

Yes, it is a problem that backwards compatibility is frequently broken 
in Node.js packages and just using npm might result in 10 different
versions of the same package installed and used.

This is a huge mess that either has to be sorted out when packaging
(as is done in Debian), or you end up with security support basically 
impossible for something very exposed on the internet.

> Regards
>   Stefan

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [zeus][PATCH] binutils: fix CVE-2019-17450

[Khem Raj]

On Fri, Oct 25, 2019 at 2:02 AM Trevor Gamblin 
wrote:

> Backport upstream fix to zeus.
>
> Signed-off-by: Trevor Gamblin 
> ---
>  .../binutils/binutils-2.32.inc|  1 +
>  ...erflow-in-function-find_abstract_ins.patch | 99 +++
>  2 files changed, 100 insertions(+)
>  create mode 100644
> meta/recipes-devtools/binutils/binutils/0001-PR25078-stack-overflow-in-function-find_abstract_ins.patch
>
> diff --git a/meta/recipes-devtools/binutils/binutils-2.32.inc
> b/meta/recipes-devtools/binutils/binutils-2.32.inc
> index 19baf8a883..48940fd3e5 100644
> --- a/meta/recipes-devtools/binutils/binutils-2.32.inc
> +++ b/meta/recipes-devtools/binutils/binutils-2.32.inc
> @@ -49,6 +49,7 @@ SRC_URI = "\
>   file://CVE-2019-12972.patch \
>   file://CVE-2019-14250.patch \
>   file://CVE-2019-1.patch \
> +
>  file://0001-PR25078-stack-overflow-in-function-find_abstract_ins.patch \


Please retain the CVE patch naming convention


>  "
>  S  = "${WORKDIR}/git"
>
> diff --git
> a/meta/recipes-devtools/binutils/binutils/0001-PR25078-stack-overflow-in-function-find_abstract_ins.patch
> b/meta/recipes-devtools/binutils/binutils/0001-PR25078-stack-overflow-in-function-find_abstract_ins.patch
> new file mode 100644
> index 00..a6ce0b9a8a
> --- /dev/null
> +++
> b/meta/recipes-devtools/binutils/binutils/0001-PR25078-stack-overflow-in-function-find_abstract_ins.patch
> @@ -0,0 +1,99 @@
> +From 09dd135df9ebc7a4b640537e23e26a03a288a789 Mon Sep 17 00:00:00 2001
> +From: Alan Modra 
> +Date: Wed, 9 Oct 2019 00:07:29 +1030
> +Subject: [PATCH] PR25078, stack overflow in function
> find_abstract_instance
> +
> +Selectively backporting fix for bfd/dwarf2.c, but not the ChangeLog
> +file. There are newer versions of binutils, but none of them contain the
> +commit fixing CVE-2019-17450, so backport it to master and zeus.
> +
> +Upstream-Status: Backport [
> https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=063c511bd79]
> +CVE: CVE-2019-17450
> +Signed-off-by: Trevor Gamblin 
> +
> +   PR 25078
> +   * dwarf2.c (find_abstract_instance): Delete orig_info_ptr, add
> +   recur_count.  Error on recur_count reaching 100 rather than
> +   info_ptr matching orig_info_ptr.  Adjust calls.
> +
> +---
> + bfd/dwarf2.c | 35 +--
> + 1 file changed, 17 insertions(+), 18 deletions(-)
> +
> +diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
> +index 0b4e485582..20ec9e2e56 100644
> +--- a/bfd/dwarf2.c
>  b/bfd/dwarf2.c
> +@@ -2803,13 +2803,13 @@ lookup_symbol_in_variable_table (struct comp_unit
> *unit,
> + }
> +
> + static bfd_boolean
> +-find_abstract_instance (struct comp_unit *   unit,
> +-  bfd_byte *   orig_info_ptr,
> +-  struct attribute *   attr_ptr,
> +-  const char **pname,
> +-  bfd_boolean *is_linkage,
> +-  char **  filename_ptr,
> +-  int *linenumber_ptr)
> ++find_abstract_instance (struct comp_unit *unit,
> ++  struct attribute *attr_ptr,
> ++  unsigned int recur_count,
> ++  const char **pname,
> ++  bfd_boolean *is_linkage,
> ++  char **filename_ptr,
> ++  int *linenumber_ptr)
> + {
> +   bfd *abfd = unit->abfd;
> +   bfd_byte *info_ptr;
> +@@ -2820,6 +2820,14 @@ find_abstract_instance (struct comp_unit *   unit,
> +   struct attribute attr;
> +   const char *name = NULL;
> +
> ++  if (recur_count == 100)
> ++{
> ++  _bfd_error_handler
> ++  (_("DWARF error: abstract instance recursion detected"));
> ++  bfd_set_error (bfd_error_bad_value);
> ++  return FALSE;
> ++}
> ++
> +   /* DW_FORM_ref_addr can reference an entry in a different CU. It
> +  is an offset from the .debug_info section, not the current CU.  */
> +   if (attr_ptr->form == DW_FORM_ref_addr)
> +@@ -2939,15 +2947,6 @@ find_abstract_instance (struct comp_unit *   unit,
> +info_ptr, info_ptr_end);
> + if (info_ptr == NULL)
> +   break;
> +-/* It doesn't ever make sense for DW_AT_specification to
> +-   refer to the same DIE.  Stop simple recursion.  */
> +-if (info_ptr == orig_info_ptr)
> +-  {
> +-_bfd_error_handler
> +-  (_("DWARF error: abstract instance recursion
> detected"));
> +-bfd_set_error (bfd_error_bad_value);
> +-return FALSE;
> +-  }
> + switch (attr.name)
> +   {
> +   case DW_AT_name:
> +@@ -2961,7 +2960,7 @@ find_abstract_instance (struct comp_unit *   unit,
> +   }
> + break;
> +   case DW_AT_specification:
> +-if (!find_abstract_instance (unit, info_ptr, &attr,
>

Re: [OE-core] [PATCH v3 1/3] recipes-devtools/go: Refactor patches for go-1.13.3

[Khem Raj]

Looks good but please delete 1.12 along as well

On Thu, Oct 24, 2019 at 9:39 PM Alexander Kube 
wrote:

> From: Alex Kube 
>
> Signed-off-by: Alex Kube 
> ---
>  ...ow-CC-and-CXX-to-have-multiple-words.patch |  38 +++
>  ...ent-based-hash-generation-less-pedan.patch | 226 ++
>  ...-to-be-overridden-in-the-environment.patch |  54 
>  ...4-ld-add-soname-to-shareable-objects.patch |  50 
>  ...de-CC-when-building-dist-and-go_boot.patch |  44 +++
>  ...dist-separate-host-and-target-builds.patch | 279 ++
>  ...d-go-make-GOROOT-precious-by-default.patch | 113 +++
>  ...008-use-GOBUILDMODE-to-set-buildmode.patch |  47 +++
>  ...place-glibc-dynamic-linker-with-musl.patch | 134 +
>  9 files changed, 985 insertions(+)
>  create mode 100644
> meta/recipes-devtools/go/go-1.13/0001-allow-CC-and-CXX-to-have-multiple-words.patch
>  create mode 100644
> meta/recipes-devtools/go/go-1.13/0002-cmd-go-make-content-based-hash-generation-less-pedan.patch
>  create mode 100644
> meta/recipes-devtools/go/go-1.13/0003-allow-GOTOOLDIR-to-be-overridden-in-the-environment.patch
>  create mode 100644
> meta/recipes-devtools/go/go-1.13/0004-ld-add-soname-to-shareable-objects.patch
>  create mode 100644
> meta/recipes-devtools/go/go-1.13/0005-make.bash-override-CC-when-building-dist-and-go_boot.patch
>  create mode 100644
> meta/recipes-devtools/go/go-1.13/0006-cmd-dist-separate-host-and-target-builds.patch
>  create mode 100644
> meta/recipes-devtools/go/go-1.13/0007-cmd-go-make-GOROOT-precious-by-default.patch
>  create mode 100644
> meta/recipes-devtools/go/go-1.13/0008-use-GOBUILDMODE-to-set-buildmode.patch
>  create mode 100644
> meta/recipes-devtools/go/go-1.13/0009-ld-replace-glibc-dynamic-linker-with-musl.patch
>
> diff --git
> a/meta/recipes-devtools/go/go-1.13/0001-allow-CC-and-CXX-to-have-multiple-words.patch
> b/meta/recipes-devtools/go/go-1.13/0001-allow-CC-and-CXX-to-have-multiple-words.patch
> new file mode 100644
> index 00..ddfd5e41d1
> --- /dev/null
> +++
> b/meta/recipes-devtools/go/go-1.13/0001-allow-CC-and-CXX-to-have-multiple-words.patch
> @@ -0,0 +1,38 @@
> +From 9e3dc44cdfa58d96504d0a789dc82617dd5bef55 Mon Sep 17 00:00:00 2001
> +From: Alex Kube 
> +Date: Wed, 23 Oct 2019 21:01:13 +0430
> +Subject: [PATCH 1/9] cmd/go: Allow CC and CXX to have multiple words
> +
> +Upstream-Status: Inappropriate [OE specific]
> +
> +Adapted to Go 1.13 from patches originally submitted to
> +the meta/recipes-devtools/go tree by
> +Matt Madison .
> +
> +Signed-off-by: Alexander J Kube 
> +
> +---
> + src/cmd/go/internal/envcmd/env.go | 4 ++--
> + 1 file changed, 2 insertions(+), 2 deletions(-)
> +
> +diff --git a/src/cmd/go/internal/envcmd/env.go
> b/src/cmd/go/internal/envcmd/env.go
> +index 17852de..7b5ec5e 100644
> +--- a/src/cmd/go/internal/envcmd/env.go
>  b/src/cmd/go/internal/envcmd/env.go
> +@@ -100,11 +100,11 @@ func MkEnv() []cfg.EnvVar {
> +
> +   cc := cfg.DefaultCC(cfg.Goos, cfg.Goarch)
> +   if env := strings.Fields(cfg.Getenv("CC")); len(env) > 0 {
> +-  cc = env[0]
> ++  cc = strings.Join(env, " ")
> +   }
> +   cxx := cfg.DefaultCXX(cfg.Goos, cfg.Goarch)
> +   if env := strings.Fields(cfg.Getenv("CXX")); len(env) > 0 {
> +-  cxx = env[0]
> ++  cxx = strings.Join(env, " ")
> +   }
> +   env = append(env, cfg.EnvVar{Name: "AR", Value: envOr("AR", "ar")})
> +   env = append(env, cfg.EnvVar{Name: "CC", Value: cc})
> +--
> +2.17.1 (Apple Git-112)
> +
> diff --git
> a/meta/recipes-devtools/go/go-1.13/0002-cmd-go-make-content-based-hash-generation-less-pedan.patch
> b/meta/recipes-devtools/go/go-1.13/0002-cmd-go-make-content-based-hash-generation-less-pedan.patch
> new file mode 100644
> index 00..4eddd39809
> --- /dev/null
> +++
> b/meta/recipes-devtools/go/go-1.13/0002-cmd-go-make-content-based-hash-generation-less-pedan.patch
> @@ -0,0 +1,226 @@
> +From a13ae484e41139094505d2834437e9262a5315f7 Mon Sep 17 00:00:00 2001
> +From: Alex Kube 
> +Date: Wed, 23 Oct 2019 21:14:22 +0430
> +Subject: [PATCH 2/9] cmd/go: make content-based hash generation less
> pedantic
> +
> +Upstream-Status: Inappropriate [OE specific]
> +
> +Go 1.10's build tool now uses content-based hashes to
> +determine when something should be built or re-built.
> +This same mechanism is used to maintain a built-artifact
> +cache for speeding up builds.
> +
> +However, the hashes it generates include information that
> +doesn't work well with OE, nor with using a shared runtime
> +library.
> +
> +First, it embeds path names to source files, unless
> +building within GOROOT.  This prevents the building
> +of a package in GOPATH for later staging into GOROOT.
> +
> +This patch adds support for the environment variable
> +GOPATH_OMIT_IN_ACTIONID.  If present, path name
> +embedding is disabled.
> +
> +Second, if cgo is enabled, the build ID for cgo-related
> +packages will include the current value of the environ

Re: [OE-core] Add recipes for Go v1.13

[Khem Raj]

1.12 should be removed along with this

On Thu, Oct 24, 2019 at 6:29 PM Alexander Kube 
wrote:

> This patch set adds various go-1.13 recipes and changes the
> poky GOVERSION to 1.13%. It leaves the existing go-1.12
> recipes untouched and available for existing users of
> those recipes.
>
>
> --
> ___
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [RFC][PATCH 0/6] NPM refactoring

[Stefan Herbrechtsmeier]

Hi Andre,

Am 25.10.19 um 10:01 schrieb André Draszik:

Hi,

This has been an interesting discussion so far.

I'd like to throw in something else...

A couple years back I wrote a little python script to automatically
generate all the required dependency recipes given an npm project's
package.json


This is similar to my prototype but I try to reuse the recipetool and 
this makes the recipe creation very slow.


Do you reuse code from OE to generate the license information?


The generated recipes worked very well, including cross-compilation using
node-gyp.


Do you use any bbclass? I have create multiple bbclasses to minimize the 
code inside the recipes.



At least at the time this was all reasonably straight forward, avoided *any* use
of npm, gave me all the benefits of reproducibility, yocto caching, license
management, correct cross-compilation for native code, etc. Also, the
generated yocto packages contained none of the test- or other items that
npm packages usually contain and don't need to be copied onto the target
for image builds. All this by simply inspecting the package.json


This is the reason I go this way too.


This approach also minimised maintenance cost, as all recipes were 
auto-generated.

The only downside was that bitbake became a bit slow, as the number of
tasks went to about 15000.


Do you create a recipe per package version?


I can dig this out and share on Monday. This script could live in the
scripts/ subdirectory, allowing people to create recipes on demand for
projects they care about.


Would be nice to see your code.

Regards
  Stefan
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [RFC][PATCH 0/6] NPM refactoring

[Stefan Herbrechtsmeier]

Am 24.10.19 um 19:58 schrieb Alexander Kanavin:
On Thu, 24 Oct 2019 at 19:45, Stefan Herbrechtsmeier 
mailto:ste...@herbrechtsmeier.net>> wrote:


 > The package-lock.json in their tarball is 600K.

The project use two major version and seven different versions with 30
installations of debug. Furthermore the dependencies include build
tools
which should not be installed on the device.

The "@angular/cli" (242) and "node-red" (324) package share 106
packages.


I have to ask: what point are you trying to make?


The both packages with different audience share between 44% and 33% of 
the packages. I think this true for other packages too.



Here's a related lwn article describing a similar problem faced by opensuse:
https://lwn.net/Articles/712318/


Unfortunately they also have no solution.

""Ruby dependency hell has nothing on JavaScript dependency hell," he 
said. A "hello world" application based on one JavaScript framework has 
759 JavaScript dependencies; this framework is described as "a 
lightweight alternative to Angular2".


Unfortunately they don't name the package nor give details about the 
dependencies. I assume they really count the dependencies with all there 
duplications and multiple minor or patch versions.



There is no way he is going to 
package all 759 dependencies for this thing; the current distribution 
package-management approach just isn't going to work here."


What is the "current distribution package-management approach"? The 
manual creating of build configuration for every package or the 
automatic generation of recipes?


What is the alternative which fulfill the requirements of an embedded 
distribution?


My prototype automatically creates recipes from the packages. It only 
needs manual work if the package have no license file or a circular 
dependency.


The main problem is the pinning of specific versions inside the 
package.json and the increase of the major version if the support for a 
very old node.js version is removed.


The prototype assumes a compatible inside a major version and creates a 
recipe per major version. Thereby it always uses the latest version per 
major version. The recipe count could further optimized in a manual step 
which checks if there is really a breaking change between the major 
version. The number of this recipes is low in compare to the total count 
of recipes but the packages are often shared between different packages.


Regards
  Stefan
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [RFC][PATCH v2 3/7] recipetool/create_npm.py: refactor the npm recipe creation handler

[Jean-Marie LEMETAYER]

This commit refactors the npm recipe creation handler to use the new npm
behavior. The process is kept as simple as possible and only generates
the shrinkwrap file.

To avoid naming issues the recipe name is now extracted from the npm
package name and not directly map.

Signed-off-by: Jean-Marie LEMETAYER 
---
 scripts/lib/recipetool/create_npm.py | 443 ++-
 1 file changed, 167 insertions(+), 276 deletions(-)

diff --git a/scripts/lib/recipetool/create_npm.py 
b/scripts/lib/recipetool/create_npm.py
index 39429ebad3..2cf67e004b 100644
--- a/scripts/lib/recipetool/create_npm.py
+++ b/scripts/lib/recipetool/create_npm.py
@@ -1,321 +1,212 @@
-# Recipe creation tool - node.js NPM module support plugin
-#
 # Copyright (C) 2016 Intel Corporation
+# Copyright (C) 2019 Savoir-Faire Linux
 #
 # SPDX-License-Identifier: GPL-2.0-only
 #
+"""
+Recipe creation tool - npm module support plugin
+"""
 
+import json
+import logging
 import os
+import re
+import shutil
 import sys
-import logging
-import subprocess
 import tempfile
-import shutil
-import json
-from recipetool.create import RecipeHandler, split_pkg_licenses, 
handle_license_vars
+import bb
+from bb.fetch2 import runfetchcmd
+from recipetool.create import RecipeHandler
 
 logger = logging.getLogger('recipetool')
 
-
 tinfoil = None
 
 def tinfoil_init(instance):
+"""
+Initialize tinfoil.
+"""
+
 global tinfoil
 tinfoil = instance
 
-
 class NpmRecipeHandler(RecipeHandler):
-lockdownpath = None
+"""
+Class to handle the npm recipe creation
+"""
+
+@staticmethod
+def _ensure_npm(d):
+"""
+Check if the 'npm' command is available in the recipes, then build
+it and add it to the PATH.
+"""
 
-def _ensure_npm(self, fixed_setup=False):
 if not tinfoil.recipes_parsed:
 tinfoil.parse_recipes()
 try:
 rd = tinfoil.parse_recipe('nodejs-native')
 except bb.providers.NoProvider:
-if fixed_setup:
-msg = 'nodejs-native is required for npm but is not available 
within this SDK'
-else:
-msg = 'nodejs-native is required for npm but is not available 
- you will likely need to add a layer that provides nodejs'
-logger.error(msg)
-return None
+logger.error("Nothing provides 'nodejs-native' which is required 
for the build")
+logger.info("You will likely need to add a layer that provides 
nodejs")
+sys.exit(14)
+
 bindir = rd.getVar('STAGING_BINDIR_NATIVE')
 npmpath = os.path.join(bindir, 'npm')
 if not os.path.exists(npmpath):
 tinfoil.build_targets('nodejs-native', 'addto_recipe_sysroot')
 if not os.path.exists(npmpath):
-logger.error('npm required to process specified source, but 
nodejs-native did not seem to populate it')
-return None
-return bindir
-
-def _handle_license(self, data):
-'''
-Handle the license value from an npm package.json file
-'''
-license = None
-if 'license' in data:
-license = data['license']
-if isinstance(license, dict):
-license = license.get('type', None)
-if license:
-if 'OR' in license:
-license = license.replace('OR', '|')
-license = license.replace('AND', '&')
-license = license.replace(' ', '_')
-if not license[0] == '(':
-license = '(' + license + ')'
-else:
-license = license.replace('AND', '&')
-if license[0] == '(':
-license = license[1:]
-if license[-1] == ')':
-license = license[:-1]
-license = license.replace('MIT/X11', 'MIT')
-license = license.replace('Public Domain', 'PD')
-license = license.replace('SEE LICENSE IN EULA',
-  'SEE-LICENSE-IN-EULA')
-return license
-
-def _shrinkwrap(self, srctree, localfilesdir, extravalues, lines_before, 
d):
-try:
-runenv = dict(os.environ, PATH=d.getVar('PATH'))
-bb.process.run('npm shrinkwrap', cwd=srctree, 
stderr=subprocess.STDOUT, env=runenv, shell=True)
-except bb.process.ExecutionError as e:
-logger.warning('npm shrinkwrap failed:\n%s' % e.stdout)
-return
+logger.error("Failed to add 'npm' to sysroot")
+sys.exit(14)
 
-tmpfile = os.path.join(localfilesdir, 'npm-shrinkwrap.json')
-shutil.move(os.path.join(srctree, 'npm-shrinkwrap.json'), tmpfile)
-extravalues.setdefault('extrafiles', {})
-extravalues['extrafiles']['npm-shrinkwrap.json'] = tmpfile
-lines_before.ap

[OE-core] [RFC][PATCH v2 7/7] oeqa/selftest/recipetool: add npm recipe creation test

[Jean-Marie LEMETAYER]

This commit adds a recipetool creation test for npm recipe.

Signed-off-by: Jean-Marie LEMETAYER 
---
 meta/lib/oeqa/selftest/cases/recipetool.py | 19 +++
 1 file changed, 19 insertions(+)

diff --git a/meta/lib/oeqa/selftest/cases/recipetool.py 
b/meta/lib/oeqa/selftest/cases/recipetool.py
index c1562c63b2..71613fd2fb 100644
--- a/meta/lib/oeqa/selftest/cases/recipetool.py
+++ b/meta/lib/oeqa/selftest/cases/recipetool.py
@@ -421,6 +421,25 @@ class RecipetoolTests(RecipetoolBase):
 inherits = ['cmake']
 self._test_recipe_contents(recipefile, checkvars, inherits)
 
+def test_recipetool_create_npm(self):
+temprecipe = os.path.join(self.tempdir, 'recipe')
+os.makedirs(temprecipe)
+recipefile = os.path.join(temprecipe, 
'savoirfairelinux-node-server-example_1.0.0.bb')
+shrinkwrap = os.path.join(temprecipe, 
'savoirfairelinux-node-server-example', 'npm-shrinkwrap.json')
+srcuri = 
'npm://registry.npmjs.org;name=@savoirfairelinux/node-server-example;version=1.0.0'
+result = runCmd('recipetool create -o %s \'%s\'' % (temprecipe, 
srcuri))
+self.assertTrue(os.path.isfile(recipefile))
+self.assertTrue(os.path.isfile(shrinkwrap))
+checkvars = {}
+checkvars['SUMMARY'] = 'Node Server Example'
+checkvars['HOMEPAGE'] = 
'https://github.com/savoirfairelinux/node-server-example#readme'
+checkvars['LICENSE'] = set(['MIT'])
+checkvars['SRC_URI'] = 
'npm://registry.npmjs.org/;name=@savoirfairelinux/node-server-example;version=${PV}'
+checkvars['S'] = '${WORKDIR}/npm'
+checkvars['NPM_SHRINKWRAP'] = '${THISDIR}/${BPN}/npm-shrinkwrap.json'
+inherits = ['npm']
+self._test_recipe_contents(recipefile, checkvars, inherits)
+
 def test_recipetool_create_github(self):
 # Basic test to see if github URL mangling works
 temprecipe = os.path.join(self.tempdir, 'recipe')
-- 
2.20.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [RFC][PATCH v2 0/7] NPM refactoring

[Jean-Marie LEMETAYER]

The current NPM support have several issues:
 - The current NPM fetcher downloads the dependency tree but not the other
   fetchers. The 'subdir' parameter was used to fix this issue.
 - They are multiple issues with package names (uppercase, exotic characters,
   scoped packages) even if they are inside the dependencies.
 - The lockdown file generation have issues. When a package depends on
   multiple version of the same package (all versions have the same checksum).

This patchset refactors the NPM support in Yocto:
 - As the NPM algorithm for dependency management is hard to handle, the new
   NPM fetcher downloads only the package source (and not the dependencies,
   like the other fetchers) (patch submitted in the bitbake-devel list).
 - The NPM class handles the dependencies using NPM (and not manually).
 - The NPM recipe creation is simplified to avoid issues.
 - The lockdown file is no more used as it is no longer relevant compared to the
   latest shrinkwrap file format.

This patchset may remove some features (lockdown file, license management for
dependencies) but fixes the majority of the NPM issues. All of these issues
from the bugzilla.yoctoproject.org are resolved by this patchset:
#10237, #10760, #11028, #11728, #11902, #12534

The fetcher and recipetool are now aware of a 'latest' keyword for the version
which allow to build the latest version available on the registry. This feature
fixes the two issues: #10515, #11029

Moreover the issue #13415 should also be fixed but I cannot test it.

I have tested the recipe creation and builds using a self made example to
generate build failures:
 - https://github.com/savoirfairelinux/node-server-example
 - https://npmjs.com/package/@savoirfairelinux/node-server-example

The test steps are these ones:
  $ source poky/oe-init-build-env
  $ bitbake-layers add-layer ../meta-openembedded/meta-oe
  $ devtool add 
"npm://registry.npmjs.org;name=@savoirfairelinux/node-server-example;version=latest"
  $ devtool build savoirfairelinux-node-server-example
  $ bitbake-layers create-layer ../meta-test
  $ bitbake-layers add-layer ../meta-test
  $ devtool finish savoirfairelinux-node-server-example ../meta-test
  $ echo IMAGE_INSTALL_append = '" savoirfairelinux-node-server-example"' >> 
conf/local.conf
  $ bitbake core-image-minimal

Also the 'devtool add' url could be one of these:
 - 
npm://registry.npmjs.org;name=@savoirfairelinux/node-server-example;version=latest
   This url uses the new npm fetcher and request the latest version available on
   the registry.
 - 
npm://registry.npmjs.org;name=@savoirfairelinux/node-server-example;version=1.0.0
   This url uses the new npm fetcher and request a fixed version.
 - git://github.com/savoirfairelinux/node-server-example.git;protocol=https
   This url uses the git fetcher. As the dependencies are managed by the NPM
   class, any fetcher can be used.

When this patchset will be merged, I have planned to update the NPM wiki:
  https://wiki.yoctoproject.org/wiki/TipsAndTricks/NPM

This patchset is also the base work for the full Angular support in Yocto that I
am preparing. These applications have a huge dependency tree which is ideal to
test the NPM support.

--- V2

 - Add the 'check_network_access' function before each network access to check
   for 'BB_NO_NETWORK' and 'BB_ALLOWED_NETWORKS' variables.

 - Add a 'recipetool.RecipetoolTests.test_recipetool_create_npm' test case for
   'oe-selftest' to test the npm recipe creation.

 - Update the 'npm.bbclass' to fetch the dependencies in the 'do_fetch' task.
   The dependencies are cached in a npm cache stored in '${DL_DIR}/npm_cache'
   allowing the dependencies to be saved in the download directory and verify
   on insertion and extraction [1]:
  "All data that passes through the cache is fully verified
   for integrity on both insertion and extraction."

1: https://docs.npmjs.com/cli/cache.html

Jean-Marie LEMETAYER (7):
  npm.bbclass: refactor the npm class
  devtool: update command line options for npm
  recipetool/create_npm.py: refactor the npm recipe creation handler
  devtool/standard.py: update the append file for the npm recipes
  recipetool/create.py: replace 'latest' keyword for npm
  recipetool/create.py: remove the 'noverify' url parameter
  oeqa/selftest/recipetool: add npm recipe creation test

 meta/classes/npm.bbclass   | 255 
 meta/lib/oeqa/selftest/cases/recipetool.py |  19 +
 scripts/lib/devtool/standard.py|  22 +-
 scripts/lib/recipetool/create.py   |  16 +-
 scripts/lib/recipetool/create_npm.py   | 443 -
 5 files changed, 394 insertions(+), 361 deletions(-)

--
2.20.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [RFC][PATCH v2 2/7] devtool: update command line options for npm

[Jean-Marie LEMETAYER]

This commit renames the '--fetch-dev' option into '--npm-dev' which is
more easily understandable.

It also adds the '--npm-registry' option to allow creating a npm recipe
with a non default npm registry (e.g. if the SRC_URI is using git://).

Signed-off-by: Jean-Marie LEMETAYER 
---
 scripts/lib/devtool/standard.py  |  9 ++---
 scripts/lib/recipetool/create.py | 12 +++-
 2 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/scripts/lib/devtool/standard.py b/scripts/lib/devtool/standard.py
index 8d9c1a3022..7068a02a01 100644
--- a/scripts/lib/devtool/standard.py
+++ b/scripts/lib/devtool/standard.py
@@ -145,8 +145,10 @@ def add(args, config, basepath, workspace):
 extracmdopts += ' --src-subdir "%s"' % args.src_subdir
 if args.autorev:
 extracmdopts += ' -a'
-if args.fetch_dev:
-extracmdopts += ' --fetch-dev'
+if args.npm_dev:
+extracmdopts += ' --npm-dev'
+if args.npm_registry:
+extracmdopts += ' --npm-registry "%s"' % args.npm_registry
 if args.mirrors:
 extracmdopts += ' --mirrors'
 if args.srcrev:
@@ -2197,7 +2199,8 @@ def register_commands(subparsers, context):
 group.add_argument('--same-dir', '-s', help='Build in same directory as 
source', action="store_true")
 group.add_argument('--no-same-dir', help='Force build in a separate build 
directory', action="store_true")
 parser_add.add_argument('--fetch', '-f', help='Fetch the specified URI and 
extract it to create the source tree (deprecated - pass as positional argument 
instead)', metavar='URI')
-parser_add.add_argument('--fetch-dev', help='For npm, also fetch 
devDependencies', action="store_true")
+parser_add.add_argument('--npm-dev', help='For npm, also fetch 
devDependencies', action="store_true")
+parser_add.add_argument('--npm-registry', help='For npm, use the specified 
registry', type=str)
 parser_add.add_argument('--version', '-V', help='Version to use within 
recipe (PV)')
 parser_add.add_argument('--no-git', '-g', help='If fetching source, do not 
set up source tree as a git repository', action="store_true")
 group = parser_add.add_mutually_exclusive_group()
diff --git a/scripts/lib/recipetool/create.py b/scripts/lib/recipetool/create.py
index 1fb6b55530..932dc3f374 100644
--- a/scripts/lib/recipetool/create.py
+++ b/scripts/lib/recipetool/create.py
@@ -716,10 +716,11 @@ def create_recipe(args):
 lines_after.append('INSANE_SKIP_${PN} += "already-stripped"')
 lines_after.append('')
 
-if args.fetch_dev:
-extravalues['fetchdev'] = True
-else:
-extravalues['fetchdev'] = None
+if args.npm_dev:
+extravalues['NPM_INSTALL_DEV'] = 1
+
+if args.npm_registry:
+extravalues['NPM_REGISTRY'] = args.npm_registry
 
 # Find all plugins that want to register handlers
 logger.debug('Loading recipe handlers')
@@ -1315,7 +1316,8 @@ def register_commands(subparsers):
 group.add_argument('-S', '--srcrev', help='Source revision to fetch if 
fetching from an SCM such as git (default latest)')
 parser_create.add_argument('-B', '--srcbranch', help='Branch in source 
repository if fetching from an SCM such as git (default master)')
 parser_create.add_argument('--keep-temp', action="store_true", help='Keep 
temporary directory (for debugging)')
-parser_create.add_argument('--fetch-dev', action="store_true", help='For 
npm, also fetch devDependencies')
+parser_create.add_argument('--npm-dev', action="store_true", help='For 
npm, also fetch devDependencies')
+parser_create.add_argument('--npm-registry', help='For npm, use the 
specified registry', type=str)
 parser_create.add_argument('--devtool', action="store_true", 
help=argparse.SUPPRESS)
 parser_create.add_argument('--mirrors', action="store_true", help='Enable 
PREMIRRORS and MIRRORS for source tree fetching (disabled by default).')
 parser_create.set_defaults(func=create_recipe)
-- 
2.20.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core