date:20191029




On 10/29/19 5:13 PM, Adrian Bunk wrote:

On Tue, Oct 29, 2019 at 03:39:21PM -0500, Trevor Gamblin wrote:

An interface for inotify already exists through pyinotify,
but migrating inotify-tools to oe-core provides an option
that doesn't rely on python.
...

pyinotify is in meta-python.

The only option currently in oe-core is to use C,
which is the standard way to use inotify.

inotify-tools can be useful, but I don't see the rationale
why it should move from meta-oe to oe-core.

cu
Adrian

Right. Echoing the meta-oe patch response, hold off on this after all. I 
have a ptest coming that might use it,


but I'll need to review the gameplan here.

--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] ✗ patchtest: failure for webkitgtk: fix occasional link error (rev2)

2019-10-29 Thread Patchwork

== Series Details ==

Series: webkitgtk: fix occasional link error (rev2)
Revision: 2
URL   : https://patchwork.openembedded.org/series/20777/
State : failure

== Summary ==


Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been executed on the proposed
series by patchtest resulting in the following failures:



* Issue Series does not apply on top of target branch 
[test_series_merge_on_head] 
  Suggested fixRebase your series on top of targeted branch
  Targeted branch  master (currently at b91b30c09f)

* Issue A patch file has been added, but does not have a 
Signed-off-by tag [test_signed_off_by_presence] 
  Suggested fixSign off the added patch file 
(meta/recipes-sato/webkit/webkitgtk/fix-link-error.patch)

* Issue Upstream-Status is in incorrect format 
[test_upstream_status_presence_format] 
  Suggested fixFix Upstream-Status format in fix-link-error.patch
  Current  Upstream-Status:  backport [git://git.webkit.org/WebKit.git]
  Standard format  Upstream-Status: 
  Valid status Pending, Accepted, Backport, Denied, Inappropriate [reason], 
Submitted [where]



If you believe any of these test results are incorrect, please reply to the
mailing list (openembedded-core@lists.openembedded.org) raising your concerns.
Otherwise we would appreciate you correcting the issues and submitting a new
version of the patchset if applicable. Please ensure you add/increment the
version number when sending the new version (i.e. [PATCH] -> [PATCH v2] ->
[PATCH v3] -> ...).

---
Guidelines: 
https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [oe-core][PATCH 1/1] webkitgtk: fix occasional link error

2019-10-29 Thread Joe Slater

Partial backport from WebKit.git.  See patch for details.

Signed-off-by: Joe Slater 
---
 .../webkit/webkitgtk/fix-link-error.patch  | 45 ++
 meta/recipes-sato/webkit/webkitgtk_2.24.4.bb   |  1 +
 2 files changed, 46 insertions(+)
 create mode 100755 meta/recipes-sato/webkit/webkitgtk/fix-link-error.patch

diff --git a/meta/recipes-sato/webkit/webkitgtk/fix-link-error.patch 
b/meta/recipes-sato/webkit/webkitgtk/fix-link-error.patch
new file mode 100755
index 000..9696ddd
--- /dev/null
+++ b/meta/recipes-sato/webkit/webkitgtk/fix-link-error.patch
@@ -0,0 +1,45 @@
+webkitgtk: fix an occasional link error
+
+Part of ae465a4e...  Changelog is not included in the source tarball.
+
+Upstream-Status:  backport [git://git.webkit.org/WebKit.git]
+
+commit ae465a4e3b1498b6c4038fc7e596e0e3662d116f
+Author: hironori.fu...@sony.com 

+Date:   Fri Jun 28 07:38:09 2019 +
+
+[Win] unresolved external symbol "JSC::JSObject::didBecomePrototype(void)" 
referenced in function "JSC::Structure::create(...)"
+https://bugs.webkit.org/show_bug.cgi?id=199312
+
+Reviewed by Keith Miller.
+
+WinCairo port, clang-cl Release builds reported a following linkage error:
+
+> WebCore.lib(UnifiedSource-4babe430-10.cpp.obj) : error LNK2019: 
unresolved external symbol "public: void __cdecl 
JSC::JSObject::didBecomePrototype(void)" 
(?didBecomePrototype@JSObject@JSC@@QEAAXXZ) referenced in function "public: 
static class JSC::Structure * __cdecl JSC::Structure::create(class JSC::VM 
&,class JSC::JSGlobalObject *,class JSC::JSValue,class JSC::TypeInfo const 
&,struct JSC::ClassInfo const *,unsigned char,unsigned int)" 
(?create@Structure@JSC@@SAPEAV12@AEAVVM@2@PEAVJSGlobalObject@2@VJSValue@2@AEBVTypeInfo@2@PEBUClassInfo@2@EI@Z)
+
+No new tests because there is no behavior change.
+
+* Modules/indexeddb/server/SQLiteIDBBackingStore.cpp: Include 
,
+and do not include headers which is included by it.
+
+git-svn-id: http://svn.webkit.org/repository/webkit/trunk@246922 
268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+[ modification of Changelog deleted ]
+
+diff --git a/Source/WebCore/Modules/indexeddb/server/SQLiteIDBBackingStore.cpp 
b/Source/WebCore/Modules/indexeddb/server/SQLiteIDBBackingStore.cpp
+index d1b047c..0899a9a 100644
+--- a/Source/WebCore/Modules/indexeddb/server/SQLiteIDBBackingStore.cpp
 b/Source/WebCore/Modules/indexeddb/server/SQLiteIDBBackingStore.cpp
+@@ -49,11 +49,8 @@
+ #include "SQLiteTransaction.h"
+ #include "ThreadSafeDataBuffer.h"
+ #include 
+-#include 
+-#include 
+-#include 
++#include 
+ #include 
+-#include 
+ #include 
+ #include 
+ #include 
diff --git a/meta/recipes-sato/webkit/webkitgtk_2.24.4.bb 
b/meta/recipes-sato/webkit/webkitgtk_2.24.4.bb
index 8c695ce..b04ec82 100644
--- a/meta/recipes-sato/webkit/webkitgtk_2.24.4.bb
+++ b/meta/recipes-sato/webkit/webkitgtk_2.24.4.bb
@@ -23,6 +23,7 @@ SRC_URI = 
"http://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \
file://include_array.patch \
file://narrowing.patch \
file://0001-gstreamer-add-a-missing-format-string.patch \
+   file://fix-link-error.patch \
"
 
 SRC_URI[md5sum] = "c214963d8c0e7d83460da04a0d8dda87"
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [OE-Core][master][PATCH v4 0/3] Devtool: provide easy means of

2019-10-29 Thread Chandana Kalluri

Hello Paul

Yes, I am in process of sending oeself test patches for devtool reset 
--remove-source command as commented In the other patch. I will also add the 
oeselftest for devtool kernel and send them out. 

Thanks,
Chandana

> -Original Message-
> From: Paul Eggleton 
> Sent: Tuesday, October 29, 2019 3:52 PM
> To: Chandana Kalluri 
> Cc: openembedded-core@lists.openembedded.org
> Subject: Re: [OE-core] [OE-Core][master][PATCH v4 0/3] Devtool: provide easy
> means of
> 
> Hi Chandana
> 
> Having added quite a bit to devtool relating to the kernel, we really ought to
> extend our oe-selftest tests to cover the new functionality. Would you be able
> to take care of that?
> 
> Thanks
> Paul
> 
> On Wednesday, 5 June 2019 5:07:55 PM NZDT Paul Eggleton wrote:
> > Hi Chandana
> >
> > My apologies for the delay in reviewing this - other work got in the way of
> OE-Core contributions but that should be dealt with now.
> >
> > On Thursday, 18 April 2019 10:42:56 AM NZST Sai Hari Chandana Kalluri
> wrote:
> > > This patch series provides support for the user to run menuconfig
> > > command in the devtool flow. This would allow the user to modify the
> > > current configurations and generate a config fragment to update the
> > > recipe using devtool finish. Devtool menuconfig command will work on all
> packages that contain menuconfig as a task.
> > >
> > > 1. The implementation checks if devtool menuconfig command is called
> > > for a valid package.
> > > 2. It checks for oe-local-files dir within source and creates one if
> > > needed, this directory is needed to store the final generated config
> > > fragment so that devtool finish can update the recipe.
> > > 3. Menuconfig command is called for users to make necessary changes.
> > > After saving the changes, diffconfig command is run to generate the
> fragment.
> > >
> > > Currently, when the user runs devtool modify command, it checks out
> > > the entire source tree which is a bit of an over head in time and
> > > space. This patch series also provides a way to create a copy(hard
> > > links) of the kernel source, if present, from work-shared to workspace to 
> > > be
> more efficient .
> > >
> > > Also, if the kernel source is not present in the staging kernel dir
> > > and the user fetches the source tree in workspace using devtool
> > > modify, then this patch series creates a copy of source from
> > > workspace to work-shared. This is necessary for packages that may use the
> kernel source.
> >
> > Looking over the patches again, we're close but the following need to be
> corrected:
> >
> > 1) The devtool.DevtoolUpdateTests.test_devtool_update_recipe_local_files
> test in oe-selftest fails:
> >
> >  snip 
> > INFO: Adding local source files to srctree...
> > Traceback (most recent call last):
> >   File "/data/poky/scripts/devtool", line 334, in 
> > ret = main()
> >   File "/data/poky/scripts/devtool", line 321, in main
> > ret = args.func(args, config, basepath, workspace)
> >   File "/data/poky/scripts/lib/devtool/standard.py", line 845, in modify
> > initial_rev, _ = _extract_source(srctree, args.keep_temp, args.branch,
> False, config, basepath, workspace, args.fixed_setup, rd, tinfoil,
> no_overrides=args.no_overrides)
> >   File "/data/poky/scripts/lib/devtool/standard.py", line 657, in
> _extract_source
> > symblink_oelocal_files_srctree(d,srctree)
> >   File "/data/poky/scripts/lib/devtool/standard.py", line 485, in
> symblink_oelocal_files_srctree
> > oe.patch.GitApplyTree.gitCommandUserOptions(useroptions, d=d)
> > NameError: name 'oe' is not defined
> >  snip 
> >
> > Probably just a missing import.
> >
> > 2) Please change "symblink" to "symlink"
> >
> > 3) Indentation is very inconsistent in the added code. Please use four 
> > spaces
> everywhere.
> >
> > I would also like to see oe-selftest tests covering this functionality, but 
> > I
> won't require them to ack these patches (especially given the delays on my
> part).
> >
> > Thanks
> > Paul
> >
> >
> 
> 
> --
> 
> Paul Eggleton
> Intel System Software Products
> 

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] ✗ patchtest: failure for webkitgtk: fix occasional link error

2019-10-29 Thread Patchwork

== Series Details ==

Series: webkitgtk: fix occasional link error
Revision: 1
URL   : https://patchwork.openembedded.org/series/20777/
State : failure

== Summary ==


Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been executed on the proposed
series by patchtest resulting in the following failures:



* Issue Series does not apply on top of target branch 
[test_series_merge_on_head] 
  Suggested fixRebase your series on top of targeted branch
  Targeted branch  master (currently at b91b30c09f)

* Issue A patch file has been added, but does not have a 
Signed-off-by tag [test_signed_off_by_presence] 
  Suggested fixSign off the added patch file 
(meta/recipes-sato/webkit/webkitgtk/fix-link-error.patch)

* Issue Upstream-Status is in incorrect format 
[test_upstream_status_presence_format] 
  Suggested fixFix Upstream-Status format in fix-link-error.patch
  Current  Upstream-Status:  backport [git://git.webkit.org/WebKit.git]
  Standard format  Upstream-Status: 
  Valid status Pending, Accepted, Backport, Denied, Inappropriate [reason], 
Submitted [where]



If you believe any of these test results are incorrect, please reply to the
mailing list (openembedded-core@lists.openembedded.org) raising your concerns.
Otherwise we would appreciate you correcting the issues and submitting a new
version of the patchset if applicable. Please ensure you add/increment the
version number when sending the new version (i.e. [PATCH] -> [PATCH v2] ->
[PATCH v3] -> ...).

---
Guidelines: 
https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [OE-Core][master][PATCH v4 0/3] Devtool: provide easy means of

2019-10-29 Thread Paul Eggleton

Hi Chandana

Having added quite a bit to devtool relating to the kernel, we really ought to 
extend our oe-selftest tests to cover the new functionality. Would you be able 
to take care of that?

Thanks
Paul

On Wednesday, 5 June 2019 5:07:55 PM NZDT Paul Eggleton wrote:
> Hi Chandana
> 
> My apologies for the delay in reviewing this - other work got in the way of 
> OE-Core contributions but that should be dealt with now.
> 
> On Thursday, 18 April 2019 10:42:56 AM NZST Sai Hari Chandana Kalluri wrote:
> > This patch series provides support for the user to run menuconfig command 
> > in the
> > devtool flow. This would allow the user to modify the current 
> > configurations and
> > generate a config fragment to update the recipe using devtool finish. 
> > Devtool
> > menuconfig command will work on all packages that contain menuconfig as a 
> > task.
> > 
> > 1. The implementation checks if devtool menuconfig command is called for a 
> > valid
> > package.
> > 2. It checks for oe-local-files dir within source and creates one if
> > needed, this directory is needed to store the final generated config 
> > fragment so
> > that devtool finish can update the recipe.
> > 3. Menuconfig command is called for users to make necessary changes. After
> > saving the changes, diffconfig command is run to generate the fragment.
> > 
> > Currently, when the user runs devtool modify command, it checks out the 
> > entire
> > source tree which is a bit of an over head in time and space. This patch 
> > series
> > also provides a way to create a copy(hard links) of the kernel source, if
> > present, from work-shared to workspace to be more efficient .
> > 
> > Also, if the kernel source is not present in the staging kernel dir and the 
> > user
> > fetches the source tree in workspace using devtool modify, then this patch
> > series creates a copy of source from workspace to work-shared. This is
> > necessary for packages that may use the kernel source.
> 
> Looking over the patches again, we're close but the following need to be 
> corrected:
> 
> 1) The devtool.DevtoolUpdateTests.test_devtool_update_recipe_local_files test 
> in oe-selftest fails:
> 
>  snip 
> INFO: Adding local source files to srctree...
> Traceback (most recent call last):
>   File "/data/poky/scripts/devtool", line 334, in 
> ret = main()
>   File "/data/poky/scripts/devtool", line 321, in main
> ret = args.func(args, config, basepath, workspace)
>   File "/data/poky/scripts/lib/devtool/standard.py", line 845, in modify
> initial_rev, _ = _extract_source(srctree, args.keep_temp, args.branch, 
> False, config, basepath, workspace, args.fixed_setup, rd, tinfoil, 
> no_overrides=args.no_overrides)
>   File "/data/poky/scripts/lib/devtool/standard.py", line 657, in 
> _extract_source
> symblink_oelocal_files_srctree(d,srctree)
>   File "/data/poky/scripts/lib/devtool/standard.py", line 485, in 
> symblink_oelocal_files_srctree
> oe.patch.GitApplyTree.gitCommandUserOptions(useroptions, d=d)
> NameError: name 'oe' is not defined
>  snip 
> 
> Probably just a missing import.
> 
> 2) Please change "symblink" to "symlink"
> 
> 3) Indentation is very inconsistent in the added code. Please use four spaces 
> everywhere.
> 
> I would also like to see oe-selftest tests covering this functionality, but I 
> won't require them to ack these patches (especially given the delays on my 
> part).
> 
> Thanks
> Paul
> 
> 


-- 

Paul Eggleton
Intel System Software Products


-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] inotify-tools: move recipe to oe-core from meta-oe

2019-10-29 Thread Randy MacLeod


On 10/29/19 5:13 PM, Adrian Bunk wrote:

On Tue, Oct 29, 2019 at 03:39:21PM -0500, Trevor Gamblin wrote:

An interface for inotify already exists through pyinotify,
but migrating inotify-tools to oe-core provides an option
that doesn't rely on python.
...


pyinotify is in meta-python.

The only option currently in oe-core is to use C,
which is the standard way to use inotify.

inotify-tools can be useful, but I don't see the rationale
why it should move from meta-oe to oe-core.


Trevor,

I thought the motivation for moving inotify-tools to oe-core
was:
 a) It's a nice cmdline utility
 b) coreutils ptests needs it.

I think I've mislead you into believing b) since
inotify-tools provides:
  /usr/bin/inotifywait
  /usr/bin/inotifywatch
and I don't see any mention of that in the coreutils/tests directory
or in fact in coreutils.git at all:

$ cd .../coreutils.git
$ grep -r inotifywa * -> NULL

So we need to figure out what the failing coreutils ptests that
involve inotify really need since it seems that it's not inotify-tools.

../Randy



cu
Adrian




--
# Randy MacLeod
# Wind River Linux
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [oe-core][PATCH 1/1] webkitgtk: fix occasional link error

2019-10-29 Thread Joe Slater

Partial backport from WebKit.git.  See patch for details.

Signed-off-by: Joe Slater 
---
 .../webkit/webkitgtk/fix-link-error.patch  | 45 ++
 meta/recipes-sato/webkit/webkitgtk_2.24.4.bb   |  1 +
 2 files changed, 46 insertions(+)
 create mode 100755 meta/recipes-sato/webkit/webkitgtk/fix-link-error.patch

diff --git a/meta/recipes-sato/webkit/webkitgtk/fix-link-error.patch 
b/meta/recipes-sato/webkit/webkitgtk/fix-link-error.patch
new file mode 100755
index 000..9696ddd
--- /dev/null
+++ b/meta/recipes-sato/webkit/webkitgtk/fix-link-error.patch
@@ -0,0 +1,45 @@
+webkitgtk: fix an occasional link error
+
+Part of ae465a4e...  Changelog is not included in the source tarball.
+
+Upstream-Status:  backport [git://git.webkit.org/WebKit.git]
+
+commit ae465a4e3b1498b6c4038fc7e596e0e3662d116f
+Author: hironori.fu...@sony.com 

+Date:   Fri Jun 28 07:38:09 2019 +
+
+[Win] unresolved external symbol "JSC::JSObject::didBecomePrototype(void)" 
referenced in function "JSC::Structure::create(...)"
+https://bugs.webkit.org/show_bug.cgi?id=199312
+
+Reviewed by Keith Miller.
+
+WinCairo port, clang-cl Release builds reported a following linkage error:
+
+> WebCore.lib(UnifiedSource-4babe430-10.cpp.obj) : error LNK2019: 
unresolved external symbol "public: void __cdecl 
JSC::JSObject::didBecomePrototype(void)" 
(?didBecomePrototype@JSObject@JSC@@QEAAXXZ) referenced in function "public: 
static class JSC::Structure * __cdecl JSC::Structure::create(class JSC::VM 
&,class JSC::JSGlobalObject *,class JSC::JSValue,class JSC::TypeInfo const 
&,struct JSC::ClassInfo const *,unsigned char,unsigned int)" 
(?create@Structure@JSC@@SAPEAV12@AEAVVM@2@PEAVJSGlobalObject@2@VJSValue@2@AEBVTypeInfo@2@PEBUClassInfo@2@EI@Z)
+
+No new tests because there is no behavior change.
+
+* Modules/indexeddb/server/SQLiteIDBBackingStore.cpp: Include 
,
+and do not include headers which is included by it.
+
+git-svn-id: http://svn.webkit.org/repository/webkit/trunk@246922 
268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+[ modification of Changelog deleted ]
+
+diff --git a/Source/WebCore/Modules/indexeddb/server/SQLiteIDBBackingStore.cpp 
b/Source/WebCore/Modules/indexeddb/server/SQLiteIDBBackingStore.cpp
+index d1b047c..0899a9a 100644
+--- a/Source/WebCore/Modules/indexeddb/server/SQLiteIDBBackingStore.cpp
 b/Source/WebCore/Modules/indexeddb/server/SQLiteIDBBackingStore.cpp
+@@ -49,11 +49,8 @@
+ #include "SQLiteTransaction.h"
+ #include "ThreadSafeDataBuffer.h"
+ #include 
+-#include 
+-#include 
+-#include 
++#include 
+ #include 
+-#include 
+ #include 
+ #include 
+ #include 
diff --git a/meta/recipes-sato/webkit/webkitgtk_2.24.4.bb 
b/meta/recipes-sato/webkit/webkitgtk_2.24.4.bb
index 8c695ce..b04ec82 100644
--- a/meta/recipes-sato/webkit/webkitgtk_2.24.4.bb
+++ b/meta/recipes-sato/webkit/webkitgtk_2.24.4.bb
@@ -23,6 +23,7 @@ SRC_URI = 
"http://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \
file://include_array.patch \
file://narrowing.patch \
file://0001-gstreamer-add-a-missing-format-string.patch \
+   file://fix-link-error.patch \
"
 
 SRC_URI[md5sum] = "c214963d8c0e7d83460da04a0d8dda87"
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH v3] elfutils: add PACKAGECONFIG for compression algorithms

2019-10-29 Thread Dan Callaghan

Excerpts from Adrian Bunk's message of 2019-10-29 22:18:21 +02:00:
> On Wed, Oct 16, 2019 at 08:44:56AM +1000, Dan Callaghan wrote:
> > Elfutils has optional support for bzip2 and xz (lzma). It uses
> > this for decompressing embedded ELF sections like the .gnu_debugdata
> > section for "mini debuginfo":
> >
> > https://sourceware.org/gdb/onlinedocs/gdb/MiniDebugInfo.html
> >...
> > +PACKAGECONFIG ??= "bzip2"
> > +PACKAGECONFIG[bzip2] = "--with-bzlib,--without-bzlib,${DEPENDS_BZIP2}"
> > +PACKAGECONFIG[xz] = "--with-lzma,--without-lzma,xz"
> >...
> 
> Is any tooling actually doing this compression by default?
> 
> It is a bit surprising that this has the mostly-obsolete bzip2 enabled
> by default but not the more common (and better compressing) xz.

I couldn't find anything that would ever use the bzip2 decompression in 
elfutils, so I had a quick look at why they even added bzip2 support in 
the first place. It turns out it was for reading compressed kernel 
images (presumably, in the elfutils tools like eu-readelf):

https://sourceware.org/git/?p=elfutils.git;a=commitdiff;h=d6ccdc1a05f27bf0bb5d802ec14f879aa9fe3e98

commit d6ccdc1a05f27bf0bb5d802ec14f879aa9fe3e98
Author: Roland McGrath 
Date:   Wed Aug 26 00:23:01 2009 -0700

libdwfl: Support Linux bzip2 kernel images for automatic decompression.

And indeed on my Fedora host eu-readelf can decode ELF information from 
a kernel bzImage, but the eu-readelf built by Yocto's elfutils-native 
recipe says "not a valid ELF file" when I feed it the same bzImage.

Whether that's useful or not is a different question. In our product 
I am planning to disable bzip2 (because we don't use the elfutils tools 
for anything) and enable xz (for .gnu_debugdata sections).

-- 
Dan Callaghan 
Software Engineer
Opengear 

signature.asc
Description: PGP signature
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [thud][PATCH v2] sudo: Fix CVE-2019-14287

2019-10-29 Thread msft . dantran

From: Dan Tran 

Signed-off-by: Dan Tran 
---
 .../sudo/sudo/CVE-2019-14287_p1.patch | 170 ++
 .../sudo/sudo/CVE-2019-14287_p2.patch |  98 ++
 meta/recipes-extended/sudo/sudo_1.8.23.bb |   2 +
 3 files changed, 270 insertions(+)
 create mode 100644 meta/recipes-extended/sudo/sudo/CVE-2019-14287_p1.patch
 create mode 100644 meta/recipes-extended/sudo/sudo/CVE-2019-14287_p2.patch

diff --git a/meta/recipes-extended/sudo/sudo/CVE-2019-14287_p1.patch 
b/meta/recipes-extended/sudo/sudo/CVE-2019-14287_p1.patch
new file mode 100644
index 00..f954fac8fc
--- /dev/null
+++ b/meta/recipes-extended/sudo/sudo/CVE-2019-14287_p1.patch
@@ -0,0 +1,170 @@
+Treat an ID of -1 as invalid since that means "no change".
+Fixes CVE-2019-14287.
+Found by Joe Vennix from Apple Information Security.
+
+CVE: CVE-2019-14287
+Upstream-Status: Backport
+[https://www.sudo.ws/repos/sudo/rev/83db8dba09e7]
+
+Signed-off-by: Dan Tran 
+
+Index: sudo-1.8.21p2/lib/util/strtoid.c
+===
+--- sudo-1.8.21p2.orig/lib/util/strtoid.c  2019-10-10 14:31:08.338476078 
-0400
 sudo-1.8.21p2/lib/util/strtoid.c   2019-10-10 14:31:08.338476078 -0400
+@@ -42,6 +42,27 @@
+ #include "sudo_util.h"
+ 
+ /*
++ * Make sure that the ID ends with a valid separator char.
++ */
++static bool
++valid_separator(const char *p, const char *ep, const char *sep)
++{
++bool valid = false;
++debug_decl(valid_separator, SUDO_DEBUG_UTIL)
++
++if (ep != p) {
++  /* check for valid separator (including '\0') */
++  if (sep == NULL)
++  sep = "";
++  do {
++  if (*ep == *sep)
++  valid = true;
++  } while (*sep++ != '\0');
++}
++debug_return_bool(valid);
++}
++
++/*
+  * Parse a uid/gid in string form.
+  * If sep is non-NULL, it contains valid separator characters (e.g. comma, 
space)
+  * If endp is non-NULL it is set to the next char after the ID.
+@@ -55,36 +76,33 @@ sudo_strtoid_v1(const char *p, const cha
+ char *ep;
+ id_t ret = 0;
+ long long llval;
+-bool valid = false;
+ debug_decl(sudo_strtoid, SUDO_DEBUG_UTIL)
+ 
+ /* skip leading space so we can pick up the sign, if any */
+ while (isspace((unsigned char)*p))
+   p++;
+-if (sep == NULL)
+-  sep = "";
++
++/* While id_t may be 64-bit signed, uid_t and gid_t are 32-bit unsigned. 
*/
+ errno = 0;
+ llval = strtoll(p, &ep, 10);
+-if (ep != p) {
+-  /* check for valid separator (including '\0') */
+-  do {
+-  if (*ep == *sep)
+-  valid = true;
+-  } while (*sep++ != '\0');
++if ((errno == ERANGE && llval == LLONG_MAX) || llval > (id_t)UINT_MAX) {
++  errno = ERANGE;
++  if (errstr != NULL)
++  *errstr = N_("value too large");
++  goto done;
+ }
+-if (!valid) {
++if ((errno == ERANGE && llval == LLONG_MIN) || llval < INT_MIN) {
++  errno = ERANGE;
+   if (errstr != NULL)
+-  *errstr = N_("invalid value");
+-  errno = EINVAL;
++  *errstr = N_("value too small");
+   goto done;
+ }
+-if (errno == ERANGE) {
+-  if (errstr != NULL) {
+-  if (llval == LLONG_MAX)
+-  *errstr = N_("value too large");
+-  else
+-  *errstr = N_("value too small");
+-  }
++
++/* Disallow id -1, which means "no change". */
++if (!valid_separator(p, ep, sep) || llval == -1 || llval == 
(id_t)UINT_MAX) {
++  if (errstr != NULL)
++  *errstr = N_("invalid value");
++  errno = EINVAL;
+   goto done;
+ }
+ ret = (id_t)llval;
+@@ -101,30 +119,15 @@ sudo_strtoid_v1(const char *p, const cha
+ {
+ char *ep;
+ id_t ret = 0;
+-bool valid = false;
+ debug_decl(sudo_strtoid, SUDO_DEBUG_UTIL)
+ 
+ /* skip leading space so we can pick up the sign, if any */
+ while (isspace((unsigned char)*p))
+   p++;
+-if (sep == NULL)
+-  sep = "";
++
+ errno = 0;
+ if (*p == '-') {
+   long lval = strtol(p, &ep, 10);
+-  if (ep != p) {
+-  /* check for valid separator (including '\0') */
+-  do {
+-  if (*ep == *sep)
+-  valid = true;
+-  } while (*sep++ != '\0');
+-  }
+-  if (!valid) {
+-  if (errstr != NULL)
+-  *errstr = N_("invalid value");
+-  errno = EINVAL;
+-  goto done;
+-  }
+   if ((errno == ERANGE && lval == LONG_MAX) || lval > INT_MAX) {
+   errno = ERANGE;
+   if (errstr != NULL)
+@@ -137,28 +140,31 @@ sudo_strtoid_v1(const char *p, const cha
+   *errstr = N_("value too small");
+   goto done;
+   }
+-  ret = (id_t)lval;
+-} else {
+-  unsigned long ulval = strtoul(p, &ep, 10);
+-  if (ep != p) {
+-  /* check for valid separator (including '\0') */
+-  do {
+-  if (*ep == *sep)
+-  valid

[OE-core] ✗ patchtest: failure for sudo: fix CVE-2019-14287 (rev4)

2019-10-29 Thread Patchwork

== Series Details ==

Series: sudo: fix CVE-2019-14287 (rev4)
Revision: 4
URL   : https://patchwork.openembedded.org/series/20565/
State : failure

== Summary ==


Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been executed on the proposed
series by patchtest resulting in the following failures:



* Issue A patch file has been added, but does not have a 
Signed-off-by tag [test_signed_off_by_presence] 
  Suggested fixSign off the added patch file 
(meta/recipes-extended/sudo/sudo/CVE-2019-14287_p1.patch)



If you believe any of these test results are incorrect, please reply to the
mailing list (openembedded-core@lists.openembedded.org) raising your concerns.
Otherwise we would appreciate you correcting the issues and submitting a new
version of the patchset if applicable. Please ensure you add/increment the
version number when sending the new version (i.e. [PATCH] -> [PATCH v2] ->
[PATCH v3] -> ...).

---
Guidelines: 
https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [thud][PATCH] sudo: Fix CVE-2019-14287

2019-10-29 Thread msft . dantran

From: Dan Tran 

Signed-off-by: Dan Tran 
---
 .../sudo/sudo/CVE-2019-14287_p1.patch | 168 ++
 .../sudo/sudo/CVE-2019-14287_p2.patch |  96 ++
 meta/recipes-extended/sudo/sudo_1.8.23.bb |   2 +
 3 files changed, 266 insertions(+)
 create mode 100644 meta/recipes-extended/sudo/sudo/CVE-2019-14287_p1.patch
 create mode 100644 meta/recipes-extended/sudo/sudo/CVE-2019-14287_p2.patch

diff --git a/meta/recipes-extended/sudo/sudo/CVE-2019-14287_p1.patch 
b/meta/recipes-extended/sudo/sudo/CVE-2019-14287_p1.patch
new file mode 100644
index 00..edcbf7bd88
--- /dev/null
+++ b/meta/recipes-extended/sudo/sudo/CVE-2019-14287_p1.patch
@@ -0,0 +1,168 @@
+Treat an ID of -1 as invalid since that means "no change".
+Fixes CVE-2019-14287.
+Found by Joe Vennix from Apple Information Security.
+
+CVE: CVE-2019-14287
+Upstream-Status: Backport
+[https://www.sudo.ws/repos/sudo/rev/83db8dba09e7]
+
+Index: sudo-1.8.21p2/lib/util/strtoid.c
+===
+--- sudo-1.8.21p2.orig/lib/util/strtoid.c  2019-10-10 14:31:08.338476078 
-0400
 sudo-1.8.21p2/lib/util/strtoid.c   2019-10-10 14:31:08.338476078 -0400
+@@ -42,6 +42,27 @@
+ #include "sudo_util.h"
+ 
+ /*
++ * Make sure that the ID ends with a valid separator char.
++ */
++static bool
++valid_separator(const char *p, const char *ep, const char *sep)
++{
++bool valid = false;
++debug_decl(valid_separator, SUDO_DEBUG_UTIL)
++
++if (ep != p) {
++  /* check for valid separator (including '\0') */
++  if (sep == NULL)
++  sep = "";
++  do {
++  if (*ep == *sep)
++  valid = true;
++  } while (*sep++ != '\0');
++}
++debug_return_bool(valid);
++}
++
++/*
+  * Parse a uid/gid in string form.
+  * If sep is non-NULL, it contains valid separator characters (e.g. comma, 
space)
+  * If endp is non-NULL it is set to the next char after the ID.
+@@ -55,36 +76,33 @@ sudo_strtoid_v1(const char *p, const cha
+ char *ep;
+ id_t ret = 0;
+ long long llval;
+-bool valid = false;
+ debug_decl(sudo_strtoid, SUDO_DEBUG_UTIL)
+ 
+ /* skip leading space so we can pick up the sign, if any */
+ while (isspace((unsigned char)*p))
+   p++;
+-if (sep == NULL)
+-  sep = "";
++
++/* While id_t may be 64-bit signed, uid_t and gid_t are 32-bit unsigned. 
*/
+ errno = 0;
+ llval = strtoll(p, &ep, 10);
+-if (ep != p) {
+-  /* check for valid separator (including '\0') */
+-  do {
+-  if (*ep == *sep)
+-  valid = true;
+-  } while (*sep++ != '\0');
++if ((errno == ERANGE && llval == LLONG_MAX) || llval > (id_t)UINT_MAX) {
++  errno = ERANGE;
++  if (errstr != NULL)
++  *errstr = N_("value too large");
++  goto done;
+ }
+-if (!valid) {
++if ((errno == ERANGE && llval == LLONG_MIN) || llval < INT_MIN) {
++  errno = ERANGE;
+   if (errstr != NULL)
+-  *errstr = N_("invalid value");
+-  errno = EINVAL;
++  *errstr = N_("value too small");
+   goto done;
+ }
+-if (errno == ERANGE) {
+-  if (errstr != NULL) {
+-  if (llval == LLONG_MAX)
+-  *errstr = N_("value too large");
+-  else
+-  *errstr = N_("value too small");
+-  }
++
++/* Disallow id -1, which means "no change". */
++if (!valid_separator(p, ep, sep) || llval == -1 || llval == 
(id_t)UINT_MAX) {
++  if (errstr != NULL)
++  *errstr = N_("invalid value");
++  errno = EINVAL;
+   goto done;
+ }
+ ret = (id_t)llval;
+@@ -101,30 +119,15 @@ sudo_strtoid_v1(const char *p, const cha
+ {
+ char *ep;
+ id_t ret = 0;
+-bool valid = false;
+ debug_decl(sudo_strtoid, SUDO_DEBUG_UTIL)
+ 
+ /* skip leading space so we can pick up the sign, if any */
+ while (isspace((unsigned char)*p))
+   p++;
+-if (sep == NULL)
+-  sep = "";
++
+ errno = 0;
+ if (*p == '-') {
+   long lval = strtol(p, &ep, 10);
+-  if (ep != p) {
+-  /* check for valid separator (including '\0') */
+-  do {
+-  if (*ep == *sep)
+-  valid = true;
+-  } while (*sep++ != '\0');
+-  }
+-  if (!valid) {
+-  if (errstr != NULL)
+-  *errstr = N_("invalid value");
+-  errno = EINVAL;
+-  goto done;
+-  }
+   if ((errno == ERANGE && lval == LONG_MAX) || lval > INT_MAX) {
+   errno = ERANGE;
+   if (errstr != NULL)
+@@ -137,28 +140,31 @@ sudo_strtoid_v1(const char *p, const cha
+   *errstr = N_("value too small");
+   goto done;
+   }
+-  ret = (id_t)lval;
+-} else {
+-  unsigned long ulval = strtoul(p, &ep, 10);
+-  if (ep != p) {
+-  /* check for valid separator (including '\0') */
+-  do {
+-  if (*ep == *sep)
+-  valid = true;
+-  } while

[OE-core] [RFC] Transitioning GStreamer 1.0 recipes to meson

2019-10-29 Thread Carlos Rafael Giani


Hello all,

I have managed to transition most GStreamer recipes to meson. The 
patches can be found here: 
https://github.com/OSSystems/meta-gstreamer1.0/tree/transition-to-meson


The only recipe that still uses autotools is gst-validate, and that's 
because the tarball does not contain meson scripts. This is a known 
issue. https://gitlab.freedesktop.org/gstreamer/gst-devtools/issues/28


Overall, this worked well in my test builds, both on an i.MX6 machine 
and in a qemux86-64 VM.



Please note that this requires the 1.16.0 -> 1.16.1 changes I posted to 
the mailing list a few days ago.



Noteworthy changes:

- A lot of autotools/M4 related patches are just gone. Well, obviously 
:) But it is surprising just how much fewer patches there are now.


- gstreamer1.0-libav no longer builds its own FFmpeg copy. This was done 
in the past because there were no stable versioned FFmpeg releases. They 
do exist now, so in meson based builds, gst-libav just builds the actual 
plugin code, meaning that the build time is much shorter, most of the 
recipe code (and all of the patches) are gone (because they were FFmpeg 
specific), and the libgstlibav.so binary in /usr/lib/gstreamer-1.0/ is 
much smaller. This also means that FFmpeg specials do not have to be 
added both to the FFmpeg and to the gstreamer1.0-libav recipe anymore.


- gstreamer1.0-plugins.inc was replaced by 
gstreamer1.0-plugins-common.inc, and gst-plugins-package.inc by 
gstreamer1.0-plugins-packaging.inc . These names are clearer. 
gst-plugins-package.inc in particular was named that way because it used 
to be shared between GStreamer 0.10 and 1.0 recipes. Since the former 
are gone by now, there's no point in keeping that name.


- gstreamer1.0 ptest is now done differently. Originally, make was 
installed on the target and the Makefile was run by the run-ptest 
script. Now, gstreamer is patched to allow for installable tests that 
are accompanied by individual shell scripts that set up the necessary 
environment variables, along with .test files so that the 
gnome-desktop-testing test runner can be used in run-ptest to run the 
unit tests. This also makes it possible to inherit from ptest-gnome in 
the gstreamer1.0 recipe. The patch against gstreamer is necessary 
because by default, one runs the test by executing "meson test". I don't 
think installing meson along with all of the necessary meson.build 
scripts is a practical approach.


- OpenGL packageconfigs now work quite differently in 
gstreamer1.0-plugins-base, since the meson options distinguish between 
OpenGL APIs, platforms, and windowing systems.


- zlib in gstreamer1.0-plugins-base and -good is now required. I don't 
think this is a big deal, since it is also a dependency of GLib itself, 
so zlib has to be present on the rootfs anyway.



There are some TODOs left that I want to bring up here for discussion:

- The aforementioned PTest approach needs some review. Also, initially, 
I thought I'd have to add PTest support to several GStreamer recipes, 
which is why I isolated the ptest code in gstreamer1.0-ptest.inc . But 
it turned out that only the gstreamer1.0 recipe needs it. I am unsure if 
I should just merge that .inc into that recipe, since there's no reason 
why the tests from other recipes shouldn't be "ptest-ified" in the 
future. And then that .inc would be useful to have. (Tests from the 
plugin sets may be partially tough to run, since some of them create X11 
windows etc.)


- The code in gstreamer1.0-ptest.inc sets up run-ptest in a rather 
uncommon way, since that file has to be autogenerated.


- gstreamer1.0_1.16.1.bb and gstreamer1.0-plugins-common.inc both 
contain a "gettext_oemeson" function to set up meson NLS options. 
Ideally, this functionality would be part of the gettext bbclass itself. 
However, my bitbake/OE knowledge does not suffice to do that, since with 
meson, you want to be able to configure what the enable/disable flags 
should be ("enabled"/"disabled", "true"/"false" etc.); that's why for 
example the gtk-doc bbclass defines GTKDOC_MESON_OPTION, 
GTKDOC_MESON_ENABLE_FLAG, GTKDOC_MESON_DISABLE_FLAG. I am not sure how 
to combine such variables with this kind of custom python code, and 
still allow for customized values in other recipes. In other words, if I 
first get a "NLS_MESON_DISABLE_FLAG" value with getValue() in a modified 
gettext_oemeson function, then I might not get the value I expect, since 
it will get the initial value (the one set with ?=), not necessarily the 
one that is redefined by a recipe.


- The OpenGL packageconfigs are handled by a get_opengl_cmdline_list 
function in gstreamer1.0-plugins-base_1.16.1.bb . I did this so that a 
comma-separated list can be generated out of the packageconfigs that are 
(a) part of PACKAGECONFIG and (b) part of the newly added 
OPENGL_APIS/OPENGL_PLATFORMS/OPENGL_WINSYS lists. I do not know if 
there's a better approach for this. The intent is that other layers 
(most notably BSP layers) can

Re: [OE-core] inotify-tools: move recipe to oe-core from meta-oe

2019-10-29 Thread Adrian Bunk

On Tue, Oct 29, 2019 at 03:39:21PM -0500, Trevor Gamblin wrote:
> An interface for inotify already exists through pyinotify,
> but migrating inotify-tools to oe-core provides an option
> that doesn't rely on python.
>... 

pyinotify is in meta-python.

The only option currently in oe-core is to use C,
which is the standard way to use inotify.

inotify-tools can be useful, but I don't see the rationale
why it should move from meta-oe to oe-core.

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH v3] elfutils: add PACKAGECONFIG for compression algorithms


On 29/10/2019 20:18, Adrian Bunk wrote:

On Wed, Oct 16, 2019 at 08:44:56AM +1000, Dan Callaghan wrote:

Elfutils has optional support for bzip2 and xz (lzma). It uses
this for decompressing embedded ELF sections like the .gnu_debugdata
section for "mini debuginfo":

https://sourceware.org/gdb/onlinedocs/gdb/MiniDebugInfo.html
...
+PACKAGECONFIG ??= "bzip2"
+PACKAGECONFIG[bzip2] = "--with-bzlib,--without-bzlib,${DEPENDS_BZIP2}"
+PACKAGECONFIG[xz] = "--with-lzma,--without-lzma,xz"
...


Is any tooling actually doing this compression by default?

It is a bit surprising that this has the mostly-obsolete bzip2 enabled
by default but not the more common (and better compressing) xz.


Exactly.

Ross
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] zimage Initramfs booting stuck at Start Kernel

2019-10-29 Thread JH

Hi Ferry,

On 10/30/19, Ferry Toth  wrote:
> Op 29-10-2019 om 11:25 schreef JH:
>> Hi Ferry,
>>
>> On 10/29/19, Ferry Toth  wrote:
>>>
>>> https://github.com/edison-fw/meta-intel-edison/blob/master/meta-intel-edison-bsp/conf/machine/edison.conf
>>>
>>> And there is the max size!
>>
>> Are you able to run u-boot to start kernel in the large size 64 MB?
>
> No, the largest I had was 18MB compressed and it didn't boot. After I
> brought it back to 10MB or so it boots again. Like I said, I don't know
> where the limit comes from.

Oh, so no one could boot zImage-initramfs in a size larger than 10 MB?
And no one concerns?
If anyone could provide more information about kernel.bbclass bundle
function, I would like to help to solve this problem.

> I think you should be able to make the initramfs minimal and put the
> rest in a separate file system same as I do and your problem will be
> solved. But it looks like if you want to trace the root cause and solve
> it, you are on your own.

I have already got zImage-initramfs running in a small size of 8MB
without rootfs bundle.

Thank you.

Kind regards,

- jh
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] inotify-tools: move recipe to oe-core from meta-oe

An interface for inotify already exists through pyinotify,
but migrating inotify-tools to oe-core provides an option
that doesn't rely on python.

Signed-off-by: Trevor Gamblin 
---
 ...inotify-nosys-fix-system-call-number.patch | 31 +++
 .../inotify-tools/inotify-tools_git.bb| 23 ++
 2 files changed, 54 insertions(+)
 create mode 100644 
meta/recipes-support/inotify-tools/inotify-tools/inotify-nosys-fix-system-call-number.patch
 create mode 100644 meta/recipes-support/inotify-tools/inotify-tools_git.bb

diff --git 
a/meta/recipes-support/inotify-tools/inotify-tools/inotify-nosys-fix-system-call-number.patch
 
b/meta/recipes-support/inotify-tools/inotify-tools/inotify-nosys-fix-system-call-number.patch
new file mode 100644
index 00..89b890dda9
--- /dev/null
+++ 
b/meta/recipes-support/inotify-tools/inotify-tools/inotify-nosys-fix-system-call-number.patch
@@ -0,0 +1,31 @@
+inotify-tools: fix __NR_inotify_add_watch system call number on _MIPS_SIM_ABI64
+
+The correct value should be the same as defined in
+linux/arch/mips/include/uapi/asm/unistd.h
+
+Upstream-Status: Summitted [https://github.com/rvoicilas/inotify-tools/pull/71]
+
+Signed-off-by: Roy Li 
+Signed-off-by: Jackie Huang 
+---
+ libinotifytools/src/inotifytools/inotify-nosys.h |4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libinotifytools/src/inotifytools/inotify-nosys.h 
b/libinotifytools/src/inotifytools/inotify-nosys.h
+index db76b2c..5f7b11b 100644
+--- a/libinotifytools/src/inotifytools/inotify-nosys.h
 b/libinotifytools/src/inotifytools/inotify-nosys.h
+@@ -100,8 +100,8 @@ struct inotify_event {
+ # endif
+ # if _MIPS_SIM == _MIPS_SIM_ABI64
+ #  define __NR_inotify_init (__NR_Linux + 243)
+-#  define __NR_inotify_add_watch (__NR_Linux + 243)
+-#  define __NR_inotify_rm_watch (__NR_Linux + 243)
++#  define __NR_inotify_add_watch (__NR_Linux + 244)
++#  define __NR_inotify_rm_watch (__NR_Linux + 245)
+ # endif
+ # if _MIPS_SIM == _MIPS_SIM_NABI32
+ #  define __NR_inotify_init (__NR_Linux + 247)
+-- 
+1.7.10.4
+
diff --git a/meta/recipes-support/inotify-tools/inotify-tools_git.bb 
b/meta/recipes-support/inotify-tools/inotify-tools_git.bb
new file mode 100644
index 00..05ca4b4ad5
--- /dev/null
+++ b/meta/recipes-support/inotify-tools/inotify-tools_git.bb
@@ -0,0 +1,23 @@
+SUMMARY = "Command line tools and C library providing a simple interface to 
inotify"
+AUTHOR = "Rohan McGovern "
+HOMEPAGE = "http://wiki.github.com/rvoicilas/inotify-tools";
+SECTION = "console/devel"
+LICENSE = "GPL-2.0"
+LIC_FILES_CHKSUM = "file://COPYING;md5=ac6c26e52aea428ee7f56dc2c56424c6"
+
+SRCREV = "e203934e46784bb34c213078423ba1678e0c4936"
+PV = "3.20.1"
+
+SRC_URI = "git://github.com/rvoicilas/${BPN} \
+   file://inotify-nosys-fix-system-call-number.patch \
+  "
+
+S = "${WORKDIR}/git"
+
+inherit autotools
+
+EXTRA_OECONF = "--disable-doxygen"
+
+PACKAGES =+ "libinotifytools"
+
+FILES_libinotifytools = "${libdir}/lib*.so.*"
-- 
2.23.0

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [thud][PATCH] tar: Fix CVE-2018-20482

2019-10-29 Thread msft . dantran

From: Dan Tran 

Signed-off-by: Dan Tran 
---
 .../tar/tar/CVE-2018-20482.patch  | 405 ++
 meta/recipes-extended/tar/tar_1.30.bb |   1 +
 2 files changed, 406 insertions(+)
 create mode 100644 meta/recipes-extended/tar/tar/CVE-2018-20482.patch

diff --git a/meta/recipes-extended/tar/tar/CVE-2018-20482.patch 
b/meta/recipes-extended/tar/tar/CVE-2018-20482.patch
new file mode 100644
index 00..2a13148427
--- /dev/null
+++ b/meta/recipes-extended/tar/tar/CVE-2018-20482.patch
@@ -0,0 +1,405 @@
+From 331be56598b284d41370c67046df25673b040a55 Mon Sep 17 00:00:00 2001
+From: Sergey Poznyakoff 
+Date: Thu, 27 Dec 2018 17:48:57 +0200
+Subject: [PATCH] Fix CVE-2018-20482
+
+* NEWS: Update.
+* src/sparse.c (sparse_dump_region): Handle short read condition.
+(sparse_extract_region,check_data_region): Fix dumped_size calculation.
+Handle short read condition.
+(pax_decode_header): Fix dumped_size calculation.
+* tests/Makefile.am: Add new testcases.
+* tests/testsuite.at: Likewise.
+
+* tests/sptrcreat.at: New file.
+* tests/sptrdiff00.at: New file.
+* tests/sptrdiff01.at: New file.
+
+CVE: CVE-2018-20482
+Upstream-Status: Backport
+[http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454]
+
+Signed-off-by: Dan Tran 
+---
+ src/sparse.c| 50 +++-
+ tests/Makefile.am   |  5 +++-
+ tests/sptrcreat.at  | 62 +
+ tests/sptrdiff00.at | 55 
+ tests/sptrdiff01.at | 55 
+ tests/testsuite.at  |  5 +++-
+ 6 files changed, 224 insertions(+), 8 deletions(-)
+ create mode 100644 tests/sptrcreat.at
+ create mode 100644 tests/sptrdiff00.at
+ create mode 100644 tests/sptrdiff01.at
+
+diff --git a/src/sparse.c b/src/sparse.c
+index 0830f62..e8e8259 100644
+--- a/src/sparse.c
 b/src/sparse.c
+@@ -1,6 +1,6 @@
+ /* Functions for dealing with sparse files
+ 
+-   Copyright 2003-2007, 2010, 2013-2017 Free Software Foundation, Inc.
++   Copyright 2003-2007, 2010, 2013-2018 Free Software Foundation, Inc.
+ 
+This program is free software; you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by the
+@@ -427,6 +427,30 @@ sparse_dump_region (struct tar_sparse_file *file, size_t 
i)
+bufsize);
+ return false;
+   }
++  else if (bytes_read == 0)
++  {
++char buf[UINTMAX_STRSIZE_BOUND];
++struct stat st;
++size_t n;
++if (fstat (file->fd, &st) == 0)
++  n = file->stat_info->stat.st_size - st.st_size;
++else
++  n = file->stat_info->stat.st_size
++- (file->stat_info->sparse_map[i].offset
++   + file->stat_info->sparse_map[i].numbytes
++   - bytes_left);
++
++WARNOPT (WARN_FILE_SHRANK,
++ (0, 0,
++  ngettext ("%s: File shrank by %s byte; padding with zeros",
++"%s: File shrank by %s bytes; padding with zeros",
++n),
++  quotearg_colon (file->stat_info->orig_file_name),
++  STRINGIFY_BIGINT (n, buf)));
++if (! ignore_failed_read_option)
++  set_exit_status (TAREXIT_DIFFERS);
++return false;
++  }
+ 
+   memset (blk->buffer + bytes_read, 0, BLOCKSIZE - bytes_read);
+   bytes_left -= bytes_read;
+@@ -464,9 +488,9 @@ sparse_extract_region (struct tar_sparse_file *file, 
size_t i)
+ return false;
+   }
+   set_next_block_after (blk);
++  file->dumped_size += BLOCKSIZE;
+   count = blocking_write (file->fd, blk->buffer, wrbytes);
+   write_size -= count;
+-  file->dumped_size += count;
+   mv_size_left (file->stat_info->archive_file_size - file->dumped_size);
+   file->offset += count;
+   if (count != wrbytes)
+@@ -598,6 +622,12 @@ check_sparse_region (struct tar_sparse_file *file, off_t 
beg, off_t end)
+rdsize);
+ return false;
+   }
++  else if (bytes_read == 0)
++  {
++report_difference (file->stat_info, _("Size differs"));
++return false;
++  }
++  
+   if (!zero_block_p (diff_buffer, bytes_read))
+   {
+ char begbuf[INT_BUFSIZE_BOUND (off_t)];
+@@ -609,6 +639,7 @@ check_sparse_region (struct tar_sparse_file *file, off_t 
beg, off_t end)
+ 
+   beg += bytes_read;
+ }
++
+   return true;
+ }
+ 
+@@ -635,6 +666,7 @@ check_data_region (struct tar_sparse_file *file, size_t i)
+ return false;
+   }
+   set_next_block_after (blk);
++  file->dumped_size += BLOCKSIZE;  
+   bytes_read = safe_read (file->fd, diff_buffer, rdsize);
+   if (bytes_read == SAFE_READ_ERROR)
+   {
+@@ -645,7 +677,11 @@ check_data_region (struct tar_sparse_file *file, size_t i)
+

Re: [OE-core] [zeus 18/28] cmake.bbclass: add HOSTTOOLS_DIR to CMAKE_FIND_ROOT_PATH

2019-10-29 Thread Khem Raj

On Tue, Oct 29, 2019 at 9:19 AM Richard Purdie <
richard.pur...@linuxfoundation.org> wrote:

> On Fri, 2019-10-25 at 23:49 -0700, Armin Kuster wrote:
> > From: Michael Ho 
> >
> > The find_program command will fail if it is used on a tool that is
> > listed in
> > ASSUME_PROVIDED. This is because these tools are in the hosttools
> > directory
> > which is not listed in CMAKE_FIND_ROOT_PATH so cmake will not find
> > them.
> >
> > Adding the directory HOSTTOOLS_DIR to the CMAKE_FIND_ROOT_PATH
> > variable fixes
> > the initial issue of needing to search for tools in ASSUME_PROVIDED.
> >
> > Note that this change alone does not fix the issue because
> > find_program will
> > by default only look into the subdirectories bin and usr/bin under
> > the paths
> > in CMAKE_FIND_ROOT_PATH to find the programs and the hosttools
> > directory has
> > instead the symlinks directly present without these subdirectories.
> >
> > Set CMAKE_PROGRAM_PATH to by default include the root directory so
> > find_program can search the hosttools directory without needing the
> > prefix
> > directories.
> >
> > Signed-off-by: Ross Burton 
> > (cherry picked from commit 7847f431cd8db59fce8c9401a603c4b0678ee16d)
> > Signed-off-by: Armin Kuster 
>
> Given the fallout in meta-oe, I don't plan to take this.
>

+1


> Cheers,
>
> Richard
>
> --
> ___
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH v3] elfutils: add PACKAGECONFIG for compression algorithms

2019-10-29 Thread Adrian Bunk

On Wed, Oct 16, 2019 at 08:44:56AM +1000, Dan Callaghan wrote:
> Elfutils has optional support for bzip2 and xz (lzma). It uses
> this for decompressing embedded ELF sections like the .gnu_debugdata
> section for "mini debuginfo":
> 
> https://sourceware.org/gdb/onlinedocs/gdb/MiniDebugInfo.html
>...
> +PACKAGECONFIG ??= "bzip2"
> +PACKAGECONFIG[bzip2] = "--with-bzlib,--without-bzlib,${DEPENDS_BZIP2}"
> +PACKAGECONFIG[xz] = "--with-lzma,--without-lzma,xz"
>...

Is any tooling actually doing this compression by default?

It is a bit surprising that this has the mostly-obsolete bzip2 enabled 
by default but not the more common (and better compressing) xz.

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH v3] elfutils: add PACKAGECONFIG for compression algorithms


On 22/10/2019 13:53, Richard Purdie wrote:

Breaks nativesdk-elftutils:

https://autobuilder.yoctoproject.org/typhoon/#/builders/62/builds/1157

Probably need to do:

DEPENDS_BZIP2 = "bzip2"
DEPENDS_BZIP2_class-native = "bzip2-replacement-native"


but I still think the default should be bzip2 off for -native unless
someone can tell me why we need it. That would mean adding something
like:

PACKAGECONFIG_class-native ??= ""


Proposal: lets just disable bzip2 support in elfutils by default.

Ross
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH v3] libgcrypt: upgrade 1.8.4 -> 1.8.5

Upgrade libgcrypt. Upstream repo now has a pkg-config
feature. The new patch for compatibility with oe-core
is a replacement for a patch that added pkg-config as
a feature when upstream did not have it.

Signed-off-by: Trevor Gamblin 
---
 ...1-libgcrypt-fix-m4-file-for-oe-core.patch} | 138 +++---
 ...{libgcrypt_1.8.4.bb => libgcrypt_1.8.5.bb} |   6 +-
 2 files changed, 55 insertions(+), 89 deletions(-)
 rename 
meta/recipes-support/libgcrypt/files/{0001-Add-and-use-pkg-config-for-libgcrypt-instead-of-conf.patch
 => 0001-libgcrypt-fix-m4-file-for-oe-core.patch} (51%)
 rename meta/recipes-support/libgcrypt/{libgcrypt_1.8.4.bb => 
libgcrypt_1.8.5.bb} (90%)

diff --git 
a/meta/recipes-support/libgcrypt/files/0001-Add-and-use-pkg-config-for-libgcrypt-instead-of-conf.patch
 
b/meta/recipes-support/libgcrypt/files/0001-libgcrypt-fix-m4-file-for-oe-core.patch
similarity index 51%
rename from 
meta/recipes-support/libgcrypt/files/0001-Add-and-use-pkg-config-for-libgcrypt-instead-of-conf.patch
rename to 
meta/recipes-support/libgcrypt/files/0001-libgcrypt-fix-m4-file-for-oe-core.patch
index d41c3de3b6..cd8a5993b4 100644
--- 
a/meta/recipes-support/libgcrypt/files/0001-Add-and-use-pkg-config-for-libgcrypt-instead-of-conf.patch
+++ 
b/meta/recipes-support/libgcrypt/files/0001-libgcrypt-fix-m4-file-for-oe-core.patch
@@ -1,41 +1,26 @@
-From 72b9e9040d58c15f0302bd8abda28179f04e1c5f Mon Sep 17 00:00:00 2001
-From: Richard Purdie 
-Date: Wed, 16 Aug 2017 10:43:18 +0800
-Subject: [PATCH 1/4] Add and use pkg-config for libgcrypt instead of -config
- scripts.
+From bee26d7c4ea0b4a397c289b819b89e78bc325ba0 Mon Sep 17 00:00:00 2001
+From: Trevor Gamblin 
+Date: Tue, 29 Oct 2019 14:08:32 -0400
+Subject: [PATCH] libgcrypt: fix m4 file for oe-core
 
-Upstream-Status: Denied [upstream have indicated they don't want a
-pkg-config dependency]
+Modify libgcrypt pkgconfig specifically for oe-core. Changes
+are based on a previous patch from RP, using wiggle to
+incorporate the parts that aren't in the upstream pkgconfig
+settings.
 
-RP 2014/5/22
+Upstream-Status: Inappropriate [oe-specific]
 
-Rebase to 1.8.0
+Signed-off-by: Trevor Gamblin 
 
-Signed-off-by: Hongxu Jia 
 ---
- configure.ac|  1 +
- src/libgcrypt.m4| 71 +++--
- src/libgcrypt.pc.in | 33 +
- 3 files changed, 38 insertions(+), 67 deletions(-)
- create mode 100644 src/libgcrypt.pc.in
+ src/libgcrypt.m4 | 90 +++-
+ 1 file changed, 4 insertions(+), 86 deletions(-)
 
-diff --git a/configure.ac b/configure.ac
-index bbe8104..3d2de73 100644
 a/configure.ac
-+++ b/configure.ac
-@@ -2607,6 +2607,7 @@ random/Makefile
- doc/Makefile
- src/Makefile
- src/gcrypt.h
-+src/libgcrypt.pc
- src/libgcrypt-config
- src/versioninfo.rc
- tests/Makefile
 diff --git a/src/libgcrypt.m4 b/src/libgcrypt.m4
-index c67cfec..4ea5f2c 100644
+index 37dfbea2..3d2e90a8 100644
 --- a/src/libgcrypt.m4
 +++ b/src/libgcrypt.m4
-@@ -29,30 +29,6 @@ dnl is added to the gpg_config_script_warn variable.
+@@ -29,41 +29,6 @@ dnl is added to the gpg_config_script_warn variable.
  dnl
  AC_DEFUN([AM_PATH_LIBGCRYPT],
  [ AC_REQUIRE([AC_CANONICAL_HOST])
@@ -46,8 +31,20 @@ index c67cfec..4ea5f2c 100644
 -  if test x"${LIBGCRYPT_CONFIG}" = x ; then
 - if test x"${libgcrypt_config_prefix}" != x ; then
 -LIBGCRYPT_CONFIG="${libgcrypt_config_prefix}/bin/libgcrypt-config"
-- else
--   case "${SYSROOT}" in
+- fi
+-  fi
+-
+-  use_gpgrt_config=""
+-  if test x"${LIBGCRYPT_CONFIG}" = x -a x"$GPGRT_CONFIG" != x -a 
"$GPGRT_CONFIG" != "no"; then
+-if $GPGRT_CONFIG libgcrypt --exists; then
+-  LIBGCRYPT_CONFIG="$GPGRT_CONFIG libgcrypt"
+-  AC_MSG_NOTICE([Use gpgrt-config as libgcrypt-config])
+-  use_gpgrt_config=yes
+-fi
+-  fi
+-  if test -z "$use_gpgrt_config"; then
+-if test x"${LIBGCRYPT_CONFIG}" = x ; then
+-  case "${SYSROOT}" in
 - /*)
 -   if test -x "${SYSROOT}/bin/libgcrypt-config" ; then
 - LIBGCRYPT_CONFIG="${SYSROOT}/bin/libgcrypt-config"
@@ -58,15 +55,14 @@ index c67cfec..4ea5f2c 100644
 -  *)
 -   AC_MSG_WARN([Ignoring \$SYSROOT as it is not an absolute path.])
 -   ;;
--   esac
-- fi
+-  esac
+-fi
+-AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no)
 -  fi
--
--  AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no)
+ 
tmp=ifelse([$1], ,1:1.2.0,$1)
if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
-  req_libgcrypt_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'`
-@@ -62,48 +38,13 @@ AC_DEFUN([AM_PATH_LIBGCRYPT],
+@@ -74,56 +39,13 @@ AC_DEFUN([AM_PATH_LIBGCRYPT],
   min_libgcrypt_version="$tmp"
fi
  
@@ -79,7 +75,11 @@ index c67cfec..4ea5f2c 100644
 -   sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'`
 -req_micro=`echo $min_libgcrypt_version | \
 -   sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]

Re: [OE-core] [PATCH v2] libgcrypt: upgrade 1.8.4 -> 1.8.5




On 10/29/19 1:38 PM, Ross Burton wrote:

On 29/10/2019 16:42, Trevor Gamblin wrote:

+ src/libgcrypt.pc.in | 33 +


Surely the upstream .pc file is sufficient now so we just need to 
patch the m4 file?
You're right - the old patch is actually just duplicating the file 
contents. I'll send a v3.


Ross

--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH v2] libgcrypt: upgrade 1.8.4 -> 1.8.5


On 29/10/2019 16:42, Trevor Gamblin wrote:

+ src/libgcrypt.pc.in | 33 +


Surely the upstream .pc file is sufficient now so we just need to patch 
the m4 file?


Ross
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] zimage Initramfs booting stuck at Start Kernel

2019-10-29 Thread Ferry Toth


Op 29-10-2019 om 11:25 schreef JH:

Hi Ferry,

On 10/29/19, Ferry Toth  wrote:


https://github.com/edison-fw/meta-intel-edison/blob/master/meta-intel-edison-bsp/conf/machine/edison.conf

And there is the max size!


Are you able to run u-boot to start kernel in the large size 64 MB?


No, the largest I had was 18MB compressed and it didn't boot. After I 
brought it back to 10MB or so it boots again. Like I said, I don't know 
where the limit comes from.


I think you should be able to make the initramfs minimal and put the 
rest in a separate file system same as I do and your problem will be 
solved. But it looks like if you want to trace the root cause and solve 
it, you are on your own.



Thank you.

Kind regards,

- jh




--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH v2] libgcrypt: upgrade 1.8.4 -> 1.8.5

Upgrade libgcrypt. Upstream repo now has a pkg-config
feature. The new patch for compatibility with oe-core
is a replacement for a patch that added pkg-config as
a feature when upstream did not have it.

Signed-off-by: Trevor Gamblin 
---
 ...gcrypt-modify-pkgconfig-for-oe-core.patch} | 110 +-
 ...{libgcrypt_1.8.4.bb => libgcrypt_1.8.5.bb} |   6 +-
 2 files changed, 60 insertions(+), 56 deletions(-)
 rename 
meta/recipes-support/libgcrypt/files/{0001-Add-and-use-pkg-config-for-libgcrypt-instead-of-conf.patch
 => 0001-libgcrypt-modify-pkgconfig-for-oe-core.patch} (67%)
 rename meta/recipes-support/libgcrypt/{libgcrypt_1.8.4.bb => 
libgcrypt_1.8.5.bb} (90%)

diff --git 
a/meta/recipes-support/libgcrypt/files/0001-Add-and-use-pkg-config-for-libgcrypt-instead-of-conf.patch
 
b/meta/recipes-support/libgcrypt/files/0001-libgcrypt-modify-pkgconfig-for-oe-core.patch
similarity index 67%
rename from 
meta/recipes-support/libgcrypt/files/0001-Add-and-use-pkg-config-for-libgcrypt-instead-of-conf.patch
rename to 
meta/recipes-support/libgcrypt/files/0001-libgcrypt-modify-pkgconfig-for-oe-core.patch
index d41c3de3b6..516d85e138 100644
--- 
a/meta/recipes-support/libgcrypt/files/0001-Add-and-use-pkg-config-for-libgcrypt-instead-of-conf.patch
+++ 
b/meta/recipes-support/libgcrypt/files/0001-libgcrypt-modify-pkgconfig-for-oe-core.patch
@@ -1,41 +1,23 @@
-From 72b9e9040d58c15f0302bd8abda28179f04e1c5f Mon Sep 17 00:00:00 2001
-From: Richard Purdie 
-Date: Wed, 16 Aug 2017 10:43:18 +0800
-Subject: [PATCH 1/4] Add and use pkg-config for libgcrypt instead of -config
- scripts.
+From b8be2c0d782886a7305fff8af50542d6c92dbb74 Mon Sep 17 00:00:00 2001
+From: Trevor Gamblin 
+Date: Tue, 29 Oct 2019 08:31:41 -0400
+Subject: [PATCH] libgcrypt-fix-pkgconfig-for-oe-core
 
-Upstream-Status: Denied [upstream have indicated they don't want a
-pkg-config dependency]
+Modify libgcrypt pkgconfig specifically for oe-core. Changes
+are based on a previous patch from RP, using wiggle to 
+incorporate the parts that aren't in the upstream pkgconfig
+settings.
 
-RP 2014/5/22
-
-Rebase to 1.8.0
-
-Signed-off-by: Hongxu Jia 
 ---
- configure.ac|  1 +
- src/libgcrypt.m4| 71 +++--
- src/libgcrypt.pc.in | 33 +
- 3 files changed, 38 insertions(+), 67 deletions(-)
- create mode 100644 src/libgcrypt.pc.in
+ src/libgcrypt.m4| 90 ++---
+ src/libgcrypt.pc.in | 33 +
+ 2 files changed, 37 insertions(+), 86 deletions(-)
 
-diff --git a/configure.ac b/configure.ac
-index bbe8104..3d2de73 100644
 a/configure.ac
-+++ b/configure.ac
-@@ -2607,6 +2607,7 @@ random/Makefile
- doc/Makefile
- src/Makefile
- src/gcrypt.h
-+src/libgcrypt.pc
- src/libgcrypt-config
- src/versioninfo.rc
- tests/Makefile
 diff --git a/src/libgcrypt.m4 b/src/libgcrypt.m4
-index c67cfec..4ea5f2c 100644
+index 37dfbea2..3d2e90a8 100644
 --- a/src/libgcrypt.m4
 +++ b/src/libgcrypt.m4
-@@ -29,30 +29,6 @@ dnl is added to the gpg_config_script_warn variable.
+@@ -29,41 +29,6 @@ dnl is added to the gpg_config_script_warn variable.
  dnl
  AC_DEFUN([AM_PATH_LIBGCRYPT],
  [ AC_REQUIRE([AC_CANONICAL_HOST])
@@ -46,8 +28,20 @@ index c67cfec..4ea5f2c 100644
 -  if test x"${LIBGCRYPT_CONFIG}" = x ; then
 - if test x"${libgcrypt_config_prefix}" != x ; then
 -LIBGCRYPT_CONFIG="${libgcrypt_config_prefix}/bin/libgcrypt-config"
-- else
--   case "${SYSROOT}" in
+- fi
+-  fi
+-
+-  use_gpgrt_config=""
+-  if test x"${LIBGCRYPT_CONFIG}" = x -a x"$GPGRT_CONFIG" != x -a 
"$GPGRT_CONFIG" != "no"; then
+-if $GPGRT_CONFIG libgcrypt --exists; then
+-  LIBGCRYPT_CONFIG="$GPGRT_CONFIG libgcrypt"
+-  AC_MSG_NOTICE([Use gpgrt-config as libgcrypt-config])
+-  use_gpgrt_config=yes
+-fi
+-  fi
+-  if test -z "$use_gpgrt_config"; then
+-if test x"${LIBGCRYPT_CONFIG}" = x ; then
+-  case "${SYSROOT}" in
 - /*)
 -   if test -x "${SYSROOT}/bin/libgcrypt-config" ; then
 - LIBGCRYPT_CONFIG="${SYSROOT}/bin/libgcrypt-config"
@@ -58,15 +52,14 @@ index c67cfec..4ea5f2c 100644
 -  *)
 -   AC_MSG_WARN([Ignoring \$SYSROOT as it is not an absolute path.])
 -   ;;
--   esac
-- fi
+-  esac
+-fi
+-AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no)
 -  fi
--
--  AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no)
+ 
tmp=ifelse([$1], ,1:1.2.0,$1)
if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
-  req_libgcrypt_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'`
-@@ -62,48 +38,13 @@ AC_DEFUN([AM_PATH_LIBGCRYPT],
+@@ -74,56 +39,13 @@ AC_DEFUN([AM_PATH_LIBGCRYPT],
   min_libgcrypt_version="$tmp"
fi
  
@@ -79,7 +72,11 @@ index c67cfec..4ea5f2c 100644
 -   sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'`
 -req_micro=`echo $min_libgcrypt_version | \
 -   sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'

[OE-core] Yocto Project Status WW44’19

2019-10-29 Thread Stephen K Jolley

Current Dev Position: YP 3.1 M1

Next Deadline: YP 3.1 M1 build Dec. 2, 2019

SWAT Team Rotation:

SWAT lead is currently: Amanda
-

SWAT team rotation: Amanda -> Armin on Nov. 1, 2019
-

SWAT team rotation: Armin-> Anuj on Nov. 8, 2019
-

https://wiki.yoctoproject.org/wiki/Yocto_Build_Failure_Swat_Team

Next Team Meetings:

Bug Triage meeting Thursday Nov. 7th at 7:30am PDT (
https://zoom.us/j/454367603)
-

Monthly Project Meeting Tuesday Nov. 5th at 8am PDT (
https://zoom.us/j/990892712)
-

Weekly Engineering Sync Tuesday Nov. 12th at 8am PDT (
https://zoom.us/j/990892712)
-

Twitch - Next event is Tuesday Nov. 12th at 8am PDT (
https://www.twitch.tv/yocto_project)

Key Status/Updates:

Yocto Project “Zeus” 3.0 has been released! Thank you to everyone who
contributed patches, bugs, feedback and testing. Some very rough git
metrics say that 182 different people have contributed patches to this
cycle.
-

This week is ELC-E in Lyon, so meetings are limited. If anyone reading
this is there please do visit the Yocto Project booth and say hello!
-

Patches have been flowing fast into master. Due to ELC-E this will slow
down this week, but Ross will continue to collect patches for testing in
ross/mut.
-

There are ongoing intermittent autobuilder failures, particularly in
selftest but in other areas too. There is a separate email about this and
we could do with help in debugging and resolving those issues.
-

YP 2.6.4 was built and has passed QA, will be released imminently.
-

YP 2.7.2 was held due to an unexplained test failure but will now be
built in the next few days.
-

Armin and Anuj have volunteered to maintain Zeus and they plan to work
out the maintainership between them, thanks!
-

We have begun collecting ideas for YP 3.1 in this document:

https://docs.google.com/document/d/1UKZIGe88-eq3-pOPtkAvFAegbQDzhy_f4ye64yjnABc/edit?usp=sharing
-

If anyone has any status items for the project they’d like to add to the
weekly reports, please email Richard and Stephen.

Planned upcoming dot releases:

YP 2.7.2 (Warrior) is planned this week.
-

YP 2.6.4 (Thud) is is to be released shortly.

Tracking Metrics:

WDD 2493 (last week 2498) (
https://wiki.yoctoproject.org/charts/combo.html)
-

Poky Patch Metrics
-

Total patches found: 1441 (last week 1432)
-

Patches in the Pending State: 579 (40%) [last week 578 (41%)]

The Yocto Project’s technical governance is through its Technical Steering
Committee, more information is available at:

https://wiki.yoctoproject.org/wiki/TSC

The Status reports are now stored on the wiki at:
https://wiki.yoctoproject.org/wiki/Weekly_Status

[If anyone has suggestions for other information you’d like to see on this
weekly status update, let us know!]

Thanks,

*Stephen K. Jolley*

*Yocto Project Program Manager*

*7867 SW Bayberry Dr., Beaverton, OR 97007*

(*Cell*:(208) 244-4460

* *Email*: *s
jolley.yp...@gmail.com *
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH v5 1/2] libsdl2: Fix build failure when using mesa 19.2.1

2019-10-29 Thread Alistair Francis

On Fri, Oct 25, 2019 at 11:51 PM Alistair Francis
 wrote:
>
> Signed-off-by: Alistair Francis 

Ping!

Alistair

> ---
> v5:
>  - Backport upstream fix
>
>  ...DL-fails-to-compile-with-Mesa-Master.patch | 41 +++
>  .../libsdl2/libsdl2_2.0.10.bb |  1 +
>  2 files changed, 42 insertions(+)
>  create mode 100644 
> meta/recipes-graphics/libsdl2/libsdl2/0002-Fixed-bug-4797-SDL-fails-to-compile-with-Mesa-Master.patch
>
> diff --git 
> a/meta/recipes-graphics/libsdl2/libsdl2/0002-Fixed-bug-4797-SDL-fails-to-compile-with-Mesa-Master.patch
>  
> b/meta/recipes-graphics/libsdl2/libsdl2/0002-Fixed-bug-4797-SDL-fails-to-compile-with-Mesa-Master.patch
> new file mode 100644
> index 00..8f5b6a0cef
> --- /dev/null
> +++ 
> b/meta/recipes-graphics/libsdl2/libsdl2/0002-Fixed-bug-4797-SDL-fails-to-compile-with-Mesa-Master.patch
> @@ -0,0 +1,41 @@
> +# HG changeset patch
> +# User Sylvain Becker 
> +# Date 1570898876 -7200
> +#  Sat Oct 12 18:47:56 2019 +0200
> +# Node ID 369b01006eb2f6fd563f7c315d29ae3fe503c432
> +# Parent  4cbaffd0083b8cd17070dbd9d4ab1ce0fa9fca2d
> +Fixed bug 4797 - SDL fails to compile with Mesa Master (thanks Michael 
> Olbrich!)
> +
> +fix building with Mesa 19.2
> +
> +With Mesa 19.2 building fails with:
> +
> +/include/GLES/gl.h:63:25: error: conflicting types for 'GLsizeiptr'
> +
> +The same type is defined in include/SDL_opengl.h for OpenGL and the two
> +headers should not be included at the same time.
> +This was just never noticed because the same header guard '__gl_h_' was
> +used. This was changed in Mesa. The result is this error.
> +
> +Fix this the same way GLES2 already handles this: Don't include the GLES
> +header when the OpenGL header was already included.
> +(https://hg.libsdl.org/SDL/rev/a60b3c292f0f)
> +
> +Upstream-Status: Backport [https://hg.libsdl.org/SDL/rev/369b01006eb2]
> +Signed-off-by: Alistair Francis 
> +
> +diff --git a/src/video/SDL_video.c b/src/video/SDL_video.c
> +--- a/src/video/SDL_video.c
>  b/src/video/SDL_video.c
> +@@ -37,9 +37,9 @@
> + #include "SDL_opengl.h"
> + #endif /* SDL_VIDEO_OPENGL */
> +
> +-#if SDL_VIDEO_OPENGL_ES
> ++#if SDL_VIDEO_OPENGL_ES && !SDL_VIDEO_OPENGL
> + #include "SDL_opengles.h"
> +-#endif /* SDL_VIDEO_OPENGL_ES */
> ++#endif /* SDL_VIDEO_OPENGL_ES && !SDL_VIDEO_OPENGL */
> +
> + /* GL and GLES2 headers conflict on Linux 32 bits */
> + #if SDL_VIDEO_OPENGL_ES2 && !SDL_VIDEO_OPENGL
> diff --git a/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb 
> b/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb
> index cdc8650e17..862abe1d54 100644
> --- a/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb
> +++ b/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb
> @@ -15,6 +15,7 @@ PROVIDES = "virtual/libsdl2"
>  SRC_URI = "http://www.libsdl.org/release/SDL2-${PV}.tar.gz \
> file://more-gen-depends.patch \
> 
> file://0001-Fixed-bug-4538-validate-image-size-when-loading-BMP-.patch \
> +   
> file://0002-Fixed-bug-4797-SDL-fails-to-compile-with-Mesa-Master.patch \
>  "
>
>  S = "${WORKDIR}/SDL2-${PV}"
> --
> 2.23.0
>
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH] libgcrypt: upgrade 1.8.4 -> 1.8.5


On 10/28/19 7:29 PM, Ross Burton wrote:


On 19/10/2019 16:52, Trevor Gamblin wrote:
Note that the patch 
0001-Add-and-use-pkg-config-for-libgcrypt-instead-of-conf.patch

was removed as its intent was to provide a pkg-config option, but
libgcrypt upstream added one in commit 813b002eaf.


I think we need to retain portions of that patch:

| checking for libgcrypt-config... 
/data/poky-tmp/master/work/corei7-64-poky-linux/gcr/3.34.0-r0/recipe-sysroot/usr/bin/crossscripts/libgcrypt-config
| checking for LIBGCRYPT - version >= 1.4.5... ERROR: 
/usr/bin/libgcrypt-config should not be used, use an alternative such 
as pkg-config
| ../gcr-3.34.0/configure: line 14093: test: 
--should-not-have-used-/usr/bin/libgcrypt-config: integer expression 
expected
| ../gcr-3.34.0/configure: line 14096: test: 
--should-not-have-used-/usr/bin/libgcrypt-config: integer expression 
expected


Whilst it's great that libgcrypt is shipping a pc file, we need to 
retain the porting of the macro files to use that pc file.


Ross


Testing a v2 now. Will cc you on the update.
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH v2] binutils: CVE-2019-17450 and CVE-2019-17451


On 29/10/2019 03:12, Zhixiong Chi wrote:

This patch fix the stack overflow issue for recursive call
and the segment fault issue.


Trevor has already posted these patches.

Ross

--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] GStreamer 1.0 meson build transition


On 28/10/2019 23:01, Carlos Rafael Giani wrote:
Hm, true. Alright, I'll do that. For discussions about the recipe 
changes, should I create a fork of oe-core and place them there, just 
like how one would prepare merge requests? To me, it sounds more 
efficient than posting the patches in the mailing list for discussing them.


You can create a fork to ease merging, but review happens by patches 
sent to this list.


And speaking of upgrades, my changes are against 1.16.1, so the 1.16.0 
-> 1.16.1 upgrade needs to make it into master-next in first.


Queued in ross/mut already.

Ross
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH] mesa: Upgrade 19.1.6 -> 19.2.1

2019-10-29 Thread Fabio Berton

Hi all!

I didn't change this update because there's another patch here
https://patches.openembedded.org/patch/166248/

Thanks!

On Sat, Oct 26, 2019 at 6:09 AM Khem Raj  wrote:
>
> On Sat, Oct 26, 2019 at 12:27 AM Martin Jansa  wrote:
> >
> > It's not part of this mesa upgrade, but as you're maintaining it and I'll 
> > possibly forget to mention it next time (or if someone is using newest mesa 
> > for whatever reason like pinephone does now)...
> >
> > In latest mesa MESA_EGL_NO_X11_HEADERS was renamed to EGL_NO_X11 in:
> > https://github.com/mesa3d/mesa/commit/6202a13b71e18dc31ba7e2f4ea915b67eacc1ddb
> >
> > which will require do_install_append update in mesa recipe, libepoxy 
> > upgrade or patch and possibly few other fixes like I just did for pinephone 
> > here:
> > https://github.com/webOS-ports/meta-pine64-luneos/commit/a65667ab835647869c2e24cd6ad6a6cec61f
> >
>
> This is a good point I see it being used in few layers that yoe distro uses
>
> meta-96boards/recipes-graphics/mesa/mesa-lima_git.bb
> meta-odroid/recipes-graphics/mali/mali-450_r6p1.bb
> meta-qt5/recipes-qt/qt5/qtmultimedia_git.bb
> meta-wpe/recipes-wpe/wpewebkit/wpewebkit_2.22.bb
> meta-wpe/recipes-wpe/wpewebkit/wpewebkit_20170728.bb
>
>
> > Regards,
> >
> > On Fri, Oct 11, 2019 at 10:20 PM Fabio Berton 
> >  wrote:
> >>
> >>   - Update patches with devtool finish --force-patch-refresh
> >>
> >>   - Update license checksum due to commit d5e273aad2
> >> docs: remove pointless line-break
> >>
> >>   This upgrade include the following changes:
> >>
> >> - Mesa 19.2.1 This is a bug fix release.
> >>   Full log: https://mesa3d.org/relnotes/19.2.1.html
> >>
> >> - Mesa 19.2.0 This is a new development release.
> >>   Full log: https://mesa3d.org/relnotes/19.2.0.html
> >>
> >> - Mesa 19.1.7 is released.
> >>   Full log: https://mesa3d.org/relnotes/19.1.7.html
> >>
> >> - Mesa 19.1.6 is released. This is a bug-fix release.
> >>   Full log: https://mesa3d.org/relnotes/19.1.6.html
> >>
> >> Signed-off-by: Fabio Berton 
> >> ---
> >>  ...k-for-all-linux-host_os-combinations.patch |  9 
> >>  ...on.build-make-TLS-GLX-optional-again.patch | 22 +--
> >>  ...Allow-enable-DRI-without-DRI-drivers.patch |  9 
> >>  .../{mesa-gl_19.1.6.bb => mesa-gl_19.2.1.bb}  |  0
> >>  meta/recipes-graphics/mesa/mesa.inc   |  2 +-
> >>  .../mesa/{mesa_19.1.6.bb => mesa_19.2.1.bb}   |  4 ++--
> >>  6 files changed, 24 insertions(+), 22 deletions(-)
> >>  rename meta/recipes-graphics/mesa/{mesa-gl_19.1.6.bb => 
> >> mesa-gl_19.2.1.bb} (100%)
> >>  rename meta/recipes-graphics/mesa/{mesa_19.1.6.bb => mesa_19.2.1.bb} (85%)
> >>
> >> diff --git 
> >> a/meta/recipes-graphics/mesa/files/0001-meson.build-check-for-all-linux-host_os-combinations.patch
> >>  
> >> b/meta/recipes-graphics/mesa/files/0001-meson.build-check-for-all-linux-host_os-combinations.patch
> >> index 9fba5da4b2..461fc83345 100644
> >> --- 
> >> a/meta/recipes-graphics/mesa/files/0001-meson.build-check-for-all-linux-host_os-combinations.patch
> >> +++ 
> >> b/meta/recipes-graphics/mesa/files/0001-meson.build-check-for-all-linux-host_os-combinations.patch
> >> @@ -1,4 +1,4 @@
> >> -From ea966884e39aae9571c038fab55f3c1663d17850 Mon Sep 17 00:00:00 2001
> >> +From 7ed5b340f4077e616287b6124dfd46cf6a2cab50 Mon Sep 17 00:00:00 2001
> >>  From: Fabio Berton 
> >>  Date: Wed, 12 Jun 2019 13:40:20 -0300
> >>  Subject: [PATCH] meson.build: check for all linux host_os combinations
> >> @@ -14,15 +14,16 @@ Upstream-Status: Pending
> >>  Signed-off-by: Anuj Mittal 
> >>  Signed-off-by: Fabio Berton 
> >>  Signed-off-by: Otavio Salvador 
> >> +
> >>  ---
> >>   meson.build | 4 ++--
> >>   1 file changed, 2 insertions(+), 2 deletions(-)
> >>
> >>  diff --git a/meson.build b/meson.build
> >> -index 567a81afd6f..b33b430aed4 100644
> >> +index db94f85..6f7b0ed 100644
> >>  --- a/meson.build
> >>  +++ b/meson.build
> >> -@@ -107,7 +107,7 @@ with_any_opengl = with_opengl or with_gles1 or 
> >> with_gles2
> >> +@@ -117,7 +117,7 @@ with_any_opengl = with_opengl or with_gles1 or 
> >> with_gles2
> >>   # Only build shared_glapi if at least one OpenGL API is enabled
> >>   with_shared_glapi = get_option('shared-glapi') and with_any_opengl
> >>
> >> @@ -31,7 +32,7 @@ index 567a81afd6f..b33b430aed4 100644
> >>
> >>   dri_drivers = get_option('dri-drivers')
> >>   if dri_drivers.contains('auto')
> >> -@@ -845,7 +845,7 @@ if cc.compiles('int foo(void) 
> >> __attribute__((__noreturn__));',
> >> +@@ -856,7 +856,7 @@ if cc.compiles('__uint128_t foo(void) { return 0; }',
> >>   endif
> >>
> >>   # TODO: this is very incomplete
> >> diff --git 
> >> a/meta/recipes-graphics/mesa/files/0002-meson.build-make-TLS-GLX-optional-again.patch
> >>  
> >> b/meta/recipes-graphics/mesa/files/0002-meson.build-make-TLS-GLX-optional-again.patch
> >> index 641bacf1d9..dc232285f0 100644
> >> --- 
> >> a/meta/recipes-graphics/mesa/files/0002-meson.build-make-TLS-GLX-optional-a

Re: [OE-core] [RFC][PATCH 0/6] NPM refactoring

2019-10-29 Thread André Draszik

Hi,

On Fri, 2019-10-25 at 11:10 +0200, Stefan Herbrechtsmeier wrote:
> Hi Andre,
> 
> Am 25.10.19 um 10:01 schrieb André Draszik:
> > Hi,
> > 
> > This has been an interesting discussion so far.
> > 
> > I'd like to throw in something else...
> > 
> > A couple years back I wrote a little python script to automatically
> > generate all the required dependency recipes given an npm project's
> > package.json
> 
> This is similar to my prototype but I try to reuse the recipetool and 
> this makes the recipe creation very slow.

Attached is the latest snapshot of scripts and support classes
that I had used back then...

nodejs.bbclass does the main work of handling the recipes.
It supports usage of the same npm package with different
versions by adding appropriate symlinks for the file system
Also, it extracts the runtime depends from package.json (and
add runtime provides) so as to get proper dependency trees.

nodegyp.bbclass is for recipes that use node-gyp (or node-pre-gyp).
This needs node-gyp and gyp (as build tools). I didn't 

create-recipe-from-json.py is the actual script, point it at a
package.json, and optional shrinkwrap. It does the other part of the
deduplication by keeping track of the dependency tree and adding the
appropriate symlink information to the recipes as understood by
nodejs.bbclass.

At the time I had a problem with runtime depends for native packages,
RDEPENDS for native packages wasn't implemented in OE back then.
I've commented out "DEPENDS_append_class-native" handling now,
as this should work without tricks these days.

node-pre-gyp support wasn't fully implemented in the create-recipe
script. npm-modules using node-gyp or node-pre-gyp did work fine and
can be cross-compiled without probllem, though.

Some npm-modules require extra handling, e.g. patches to be applied, this
is done in around line 205, where an extra 'require' line is added
to the generated recipe, I've also added nodejs-node-gyp.inc as an
example for what that could look like.

I didn't use recipetool, either cause I didn't know it back then, or it
wasn't available at the time.

It's very fast though. Most time is spent downloading the packages for
analysis...

> Do you reuse code from OE to generate the license information?

I had to look it up, this used 'licensee' https://github.com/licensee/licensee

> The generated recipes worked very well, including cross-compilation using
> > node-gyp.
> 
> Do you use any bbclass? I have create multiple bbclasses to minimize the 
> code inside the recipes.

All included in this mail.

> 
> > At least at the time this was all reasonably straight forward, avoided 
> > *any* use
> > of npm, gave me all the benefits of reproducibility, yocto caching, license
> > management, correct cross-compilation for native code, etc. Also, the
> > generated yocto packages contained none of the test- or other items that
> > npm packages usually contain and don't need to be copied onto the target
> > for image builds. All this by simply inspecting the package.json
> 
> This is the reason I go this way too.
> 
> > This approach also minimised maintenance cost, as all recipes were 
> > auto-generated.
> > 
> > The only downside was that bitbake became a bit slow, as the number of
> > tasks went to about 15000.
> 
> Do you create a recipe per package version?

Yes, but it is clever in the sense that deduplication is applied, including 
looking
for matching version numbers as per the version specification.

> 
> > I can dig this out and share on Monday. This script could live in the
> > scripts/ subdirectory, allowing people to create recipes on demand for
> > projects they care about.
> 
> Would be nice to see your code.
> 
> Regards
>Stefan

Cheers,
Andre'

DEPENDS += "gyp-native"

inherit pythonnative

EXTRA_OEMAKE = "\
CC.host="${BUILD_CC}" \
CFLAGS.host="${BUILD_CFLAGS}" \
CXX.host="${BUILD_CXX}" \
CXXFLAGS.host="${BUILD_CXXFLAGS}" \
LINK.host="${BUILD_CXX}" \
LDFLAGS.host="${BUILD_LDFLAGS}" \
\
LINK.target="${CXX}" \
"
DEPENDS += "nodejs-node-gyp1.0.3-native nodejs-native"

inherit gyp nodejs

export NODE_GYP_NODEJS_INCLUDE_DIR = 
"${PKG_CONFIG_SYSROOT_DIR}${NODEJS_INCLUDE_DIR}"

nodegyp_do_configure() {
node-gyp --arch ${TARGET_ARCH} --verbose configure ${EXTRA_OECONF}
}

python __anonymous () {
# Ensure we run this usually noexec task (due to nodejs.bbclass)
d.delVarFlag("do_compile", "noexec")
}
nodegyp_do_compile() {
node-gyp --arch ${TARGET_ARCH} --verbose build ${EXTRA_OEMAKE}
}
nodegyp_shell_do_install_helper() {
cd ${D}${NODE_MODULE_DIR}
# (node-)gyp creates multiple copies of the object files, we
# only keep one!
# node-expat: build/Release/node_expat.node (patch needed)
# sqlite3: lib/node_sqlite3.node (no build/ needed!)
if [ -d build ] ; then
# dtrace-provider builds nothing for !MacOS
if ls build/Release/*.node 2> /dev/null > /dev/null ; then
tmpdir=$(mktemp -d

Re: [OE-core] zimage Initramfs booting stuck at Start Kernel

2019-10-29 Thread JH

Hi Ferry,

On 10/29/19, Ferry Toth  wrote:
>
> https://github.com/edison-fw/meta-intel-edison/blob/master/meta-intel-edison-bsp/conf/machine/edison.conf
>
> And there is the max size!

Are you able to run u-boot to start kernel in the large size 64 MB?

Thank you.

Kind regards,

- jh
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH V3] mdadm: fix do_package failed when changed local.conf but not cleaned

2019-10-29 Thread changqing.li

From: Changqing Li 

reproduce steps:
1. add DISTRO_FEATURE_append = 'usrmerge' in local.conf
2. bitbake mdadm --success
3. remove DISTRO_FEATURE_append = 'usrmerge' from local.conf
4. bitbake mdadm  -- failed when do_package

it is not proper to change source Makefile during do_install by sed,
fix by pass correct config to EXTRA_OEMAKE

[YOCTO #13493]

Signed-off-by: Changqing Li 
---
 meta/recipes-extended/mdadm/mdadm_4.1.bb | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-extended/mdadm/mdadm_4.1.bb 
b/meta/recipes-extended/mdadm/mdadm_4.1.bb
index 639382e..64f519e 100644
--- a/meta/recipes-extended/mdadm/mdadm_4.1.bb
+++ b/meta/recipes-extended/mdadm/mdadm_4.1.bb
@@ -43,13 +43,12 @@ CFLAGS_append_powerpc64 = ' -D__SANE_USERSPACE_TYPES__'
 CFLAGS_append_mipsarchn64 = ' -D__SANE_USERSPACE_TYPES__'
 CFLAGS_append_mipsarchn32 = ' -D__SANE_USERSPACE_TYPES__'
 
-EXTRA_OEMAKE = 'CHECK_RUN_DIR=0 CXFLAGS="${CFLAGS}"'
+EXTRA_OEMAKE = 'CHECK_RUN_DIR=0 CXFLAGS="${CFLAGS}" 
SYSTEMD_DIR=${systemd_unitdir}/system \
+BINDIR="${base_sbindir}" UDEVDIR="${nonarch_base_libdir}/udev"'
 
 DEBUG_OPTIMIZATION_append = " -Wno-error"
 
 do_compile() {
-   # Point to right sbindir
-   sed -i -e "s;BINDIR  = /sbin;BINDIR = $base_sbindir;" -e "s;UDEVDIR = 
/lib;UDEVDIR = $nonarch_base_libdir;" -e 
"s;SYSTEMD_DIR=/lib/systemd/system;SYSTEMD_DIR=${systemd_unitdir}/system;" 
${S}/Makefile
oe_runmake SYSROOT="${STAGING_DIR_TARGET}"
 }
 
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH V2] mdadm: fix do_package failed when changed local.conf but not cleaned

2019-10-29 Thread Changqing Li



On 10/29/19 6:05 AM, Ross Burton wrote:

On 08/10/2019 04:16, Changqing Li wrote:

Ping


My previous comment still stands:

Can't you just pass BINDIR=${base_sbindir} MANDIR=${docdir}/man 
UDEVDIR=${nonarch_base_libdir}/udev etc, instead of patching the 
makefile?


Ross

Oh,  I missed your last comments.  Thanks for remind. I have send a 
V3 for this.

--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [warrior 17/19] sudo: fix CVE-2019-14287

From: Changqing Li 

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer
account can bypass certain policy blacklists and session PAM modules,
and can cause incorrect logging, by invoking sudo with a crafted user
ID. For example, this allows bypass of !root configuration, and USER=
logging, for a "sudo -u \#$((0x))" command.

Signed-off-by: Changqing Li 
Signed-off-by: Richard Purdie 
(cherry picked from commit 4e11cd561f2bdaa6807cf02ee7c9870881826308)
Signed-off-by: Armin Kuster 
(cherry picked from commit b1e0149c41e3c344a0496e64ab3b0c9dd4685ea4)
Signed-off-by: Armin Kuster 
---
 .../sudo/sudo/CVE-2019-14287-1.patch   | 178 +
 .../sudo/sudo/CVE-2019-14287-2.patch   | 112 +
 meta/recipes-extended/sudo/sudo_1.8.27.bb  |   2 +
 3 files changed, 292 insertions(+)
 create mode 100644 meta/recipes-extended/sudo/sudo/CVE-2019-14287-1.patch
 create mode 100644 meta/recipes-extended/sudo/sudo/CVE-2019-14287-2.patch

diff --git a/meta/recipes-extended/sudo/sudo/CVE-2019-14287-1.patch 
b/meta/recipes-extended/sudo/sudo/CVE-2019-14287-1.patch
new file mode 100644
index 000..2a11e3f
--- /dev/null
+++ b/meta/recipes-extended/sudo/sudo/CVE-2019-14287-1.patch
@@ -0,0 +1,178 @@
+From f752ae5cee163253730ff7cdf293e34a91aa5520 Mon Sep 17 00:00:00 2001
+From: "Todd C. Miller" 
+Date: Thu, 10 Oct 2019 10:04:13 -0600
+Subject: [PATCH] Treat an ID of -1 as invalid since that means "no change".
+ Fixes CVE-2019-14287. Found by Joe Vennix from Apple Information Security.
+
+Upstream-Status: Backport 
[https://github.com/sudo-project/sudo/commit/f752ae5cee163253730ff7cdf293e34a91aa5520]
+CVE: CVE-2019-14287
+
+Signed-off-by: Changqing Li 
+
+---
+ lib/util/strtoid.c | 100 -
+ 1 files changed, 53 insertions(+), 46 deletions(-)
+
+diff --git a/lib/util/strtoid.c b/lib/util/strtoid.c
+index 2dfce75..6b3916b 100644
+--- a/lib/util/strtoid.c
 b/lib/util/strtoid.c
+@@ -49,6 +49,27 @@
+ #include "sudo_util.h"
+ 
+ /*
++ * Make sure that the ID ends with a valid separator char.
++ */
++static bool
++valid_separator(const char *p, const char *ep, const char *sep)
++{
++bool valid = false;
++debug_decl(valid_separator, SUDO_DEBUG_UTIL)
++
++if (ep != p) {
++  /* check for valid separator (including '\0') */
++  if (sep == NULL)
++  sep = "";
++  do {
++  if (*ep == *sep)
++  valid = true;
++  } while (*sep++ != '\0');
++}
++debug_return_bool(valid);
++}
++
++/*
+  * Parse a uid/gid in string form.
+  * If sep is non-NULL, it contains valid separator characters (e.g. comma, 
space)
+  * If endp is non-NULL it is set to the next char after the ID.
+@@ -62,36 +83,33 @@ sudo_strtoid_v1(const char *p, const char *sep, char 
**endp, const char **errstr
+ char *ep;
+ id_t ret = 0;
+ long long llval;
+-bool valid = false;
+ debug_decl(sudo_strtoid, SUDO_DEBUG_UTIL)
+ 
+ /* skip leading space so we can pick up the sign, if any */
+ while (isspace((unsigned char)*p))
+   p++;
+-if (sep == NULL)
+-  sep = "";
++
++/* While id_t may be 64-bit signed, uid_t and gid_t are 32-bit unsigned. 
*/
+ errno = 0;
+ llval = strtoll(p, &ep, 10);
+-if (ep != p) {
+-  /* check for valid separator (including '\0') */
+-  do {
+-  if (*ep == *sep)
+-  valid = true;
+-  } while (*sep++ != '\0');
++if ((errno == ERANGE && llval == LLONG_MAX) || llval > (id_t)UINT_MAX) {
++  errno = ERANGE;
++  if (errstr != NULL)
++  *errstr = N_("value too large");
++  goto done;
+ }
+-if (!valid) {
++if ((errno == ERANGE && llval == LLONG_MIN) || llval < INT_MIN) {
++  errno = ERANGE;
+   if (errstr != NULL)
+-  *errstr = N_("invalid value");
+-  errno = EINVAL;
++  *errstr = N_("value too small");
+   goto done;
+ }
+-if (errno == ERANGE) {
+-  if (errstr != NULL) {
+-  if (llval == LLONG_MAX)
+-  *errstr = N_("value too large");
+-  else
+-  *errstr = N_("value too small");
+-  }
++
++/* Disallow id -1, which means "no change". */
++if (!valid_separator(p, ep, sep) || llval == -1 || llval == 
(id_t)UINT_MAX) {
++  if (errstr != NULL)
++  *errstr = N_("invalid value");
++  errno = EINVAL;
+   goto done;
+ }
+ ret = (id_t)llval;
+@@ -108,30 +126,15 @@ sudo_strtoid_v1(const char *p, const char *sep, char 
**endp, const char **errstr
+ {
+ char *ep;
+ id_t ret = 0;
+-bool valid = false;
+ debug_decl(sudo_strtoid, SUDO_DEBUG_UTIL)
+ 
+ /* skip leading space so we can pick up the sign, if any */
+ while (isspace((unsigned char)*p))
+   p++;
+-if (sep == NULL)
+-  sep = "";
++
+ errno = 0;
+ if (*p == '-') {
+   long lval = strtol(p, &ep, 10);
+-  if (ep != p) {
+-  /* check for

[OE-core] [warrior 19/19] qemu: update to 3.1.1.1

bug fix only update.

Drop patches included in update.

For full set of changes, see: 
https://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/tags/v3.1.1.1

Signed-off-by: Armin Kuster 
---
 ...qemu-native_3.1.0.bb => qemu-native_3.1.1.1.bb} |   0
 ...tive_3.1.0.bb => qemu-system-native_3.1.1.1.bb} |   0
 meta/recipes-devtools/qemu/qemu.inc|  14 +-
 .../0001-egl-headless-add-egl_create_context.patch |  50 -
 .../qemu/qemu/0014-fix-CVE-2018-16872.patch|  85 
 .../qemu/qemu/0015-fix-CVE-2018-20124.patch|  60 --
 .../qemu/qemu/0016-fix-CVE-2018-20125.patch|  54 --
 .../qemu/qemu/0017-fix-CVE-2018-20126.patch| 113 ---
 .../qemu/qemu/0018-fix-CVE-2018-20191.patch|  47 -
 .../qemu/qemu/0019-fix-CVE-2018-20216.patch|  85 
 .../qemu/qemu/CVE-2018-20815.patch |  38 
 .../recipes-devtools/qemu/qemu/CVE-2019-3812.patch |  39 
 .../recipes-devtools/qemu/qemu/CVE-2019-8934.patch | 215 -
 .../qemu/{qemu_3.1.0.bb => qemu_3.1.1.1.bb}|   0
 14 files changed, 2 insertions(+), 798 deletions(-)
 rename meta/recipes-devtools/qemu/{qemu-native_3.1.0.bb => 
qemu-native_3.1.1.1.bb} (100%)
 rename meta/recipes-devtools/qemu/{qemu-system-native_3.1.0.bb => 
qemu-system-native_3.1.1.1.bb} (100%)
 delete mode 100644 
meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch
 delete mode 100644 
meta/recipes-devtools/qemu/qemu/0014-fix-CVE-2018-16872.patch
 delete mode 100644 
meta/recipes-devtools/qemu/qemu/0015-fix-CVE-2018-20124.patch
 delete mode 100644 
meta/recipes-devtools/qemu/qemu/0016-fix-CVE-2018-20125.patch
 delete mode 100644 
meta/recipes-devtools/qemu/qemu/0017-fix-CVE-2018-20126.patch
 delete mode 100644 
meta/recipes-devtools/qemu/qemu/0018-fix-CVE-2018-20191.patch
 delete mode 100644 
meta/recipes-devtools/qemu/qemu/0019-fix-CVE-2018-20216.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2018-20815.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2019-8934.patch
 rename meta/recipes-devtools/qemu/{qemu_3.1.0.bb => qemu_3.1.1.1.bb} (100%)

diff --git a/meta/recipes-devtools/qemu/qemu-native_3.1.0.bb 
b/meta/recipes-devtools/qemu/qemu-native_3.1.1.1.bb
similarity index 100%
rename from meta/recipes-devtools/qemu/qemu-native_3.1.0.bb
rename to meta/recipes-devtools/qemu/qemu-native_3.1.1.1.bb
diff --git a/meta/recipes-devtools/qemu/qemu-system-native_3.1.0.bb 
b/meta/recipes-devtools/qemu/qemu-system-native_3.1.1.1.bb
similarity index 100%
rename from meta/recipes-devtools/qemu/qemu-system-native_3.1.0.bb
rename to meta/recipes-devtools/qemu/qemu-system-native_3.1.1.1.bb
diff --git a/meta/recipes-devtools/qemu/qemu.inc 
b/meta/recipes-devtools/qemu/qemu.inc
index 40c3174..202134b 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -22,24 +22,14 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \

file://0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \

file://0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch \
file://0001-Add-a-missing-X11-include.patch \
-   file://0001-egl-headless-add-egl_create_context.patch \
-   file://0014-fix-CVE-2018-16872.patch \
-   file://0015-fix-CVE-2018-20124.patch \
-   file://0016-fix-CVE-2018-20125.patch \
-   file://0017-fix-CVE-2018-20126.patch \
-   file://0018-fix-CVE-2018-20191.patch \
-   file://0019-fix-CVE-2018-20216.patch \
-   file://CVE-2019-3812.patch \

file://0014-linux-user-fix-to-handle-variably-sized-SIOCGSTAMP-w.patch \
-   file://CVE-2018-20815.patch \
-   file://CVE-2019-8934.patch \
file://0001-linux-user-assume-__NR_gettid-always-exists.patch \

file://0001-linux-user-rename-gettid-to-sys_gettid-to-avoid-clas.patch \
"
 UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar"
 
-SRC_URI[md5sum] = "fb687ce0b02d3bf4327e36d3b99427a8"
-SRC_URI[sha256sum] = 
"6a0508df079a0a33c2487ca936a56c12122f105b8a96a44374704bef6c69abfc"
+SRC_URI[md5sum] = "aafb005c252eb3a667c2468868348c0a"
+SRC_URI[sha256sum] = 
"b148fc3c7382c5addd915db433383160ca7b840bc6ea90bb0d35c6b253526d56"
 
 COMPATIBLE_HOST_mipsarchn32 = "null"
 COMPATIBLE_HOST_mipsarchn64 = "null"
diff --git 
a/meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch
 
b/meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch
deleted file mode 100644
index d9326c0..000
--- 
a/meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 952e5d584f5aabe41298c278065fe628f3f7aa7a Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann 
-Date: Thu, 29 Nov 2018 13:35:02 +0100
-Subject: [PATCH] egl-headless: add egl_create_context
-
-We m

[OE-core] [warrior 18/19] go: fix CVE-2019-16276

From: Chen Qi 

Signed-off-by: Chen Qi 
Signed-off-by: Richard Purdie 
(cherry picked from commit e31f87e289dfd3bbca961e927447a9c7ba816d3f)
Signed-off-by: Armin Kuster 
(cherry picked from commit e02e8fa2e82cceaaa6a433466f52f97b0984762a)
Signed-off-by: Armin Kuster 
---
 meta/recipes-devtools/go/go-1.12.inc   |   1 +
 ...nch.go1.12-security-net-textproto-don-t-n.patch | 163 +
 2 files changed, 164 insertions(+)
 create mode 100644 
meta/recipes-devtools/go/go-1.12/0001-release-branch.go1.12-security-net-textproto-don-t-n.patch

diff --git a/meta/recipes-devtools/go/go-1.12.inc 
b/meta/recipes-devtools/go/go-1.12.inc
index 0cf0a63..66df500 100644
--- a/meta/recipes-devtools/go/go-1.12.inc
+++ b/meta/recipes-devtools/go/go-1.12.inc
@@ -16,6 +16,7 @@ SRC_URI += "\
 file://0006-cmd-dist-separate-host-and-target-builds.patch \
 file://0007-cmd-go-make-GOROOT-precious-by-default.patch \
 file://0008-use-GOBUILDMODE-to-set-buildmode.patch \
+file://0001-release-branch.go1.12-security-net-textproto-don-t-n.patch \
 "
 SRC_URI_append_libc-musl = " 
file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
 
diff --git 
a/meta/recipes-devtools/go/go-1.12/0001-release-branch.go1.12-security-net-textproto-don-t-n.patch
 
b/meta/recipes-devtools/go/go-1.12/0001-release-branch.go1.12-security-net-textproto-don-t-n.patch
new file mode 100644
index 000..7b39dbd
--- /dev/null
+++ 
b/meta/recipes-devtools/go/go-1.12/0001-release-branch.go1.12-security-net-textproto-don-t-n.patch
@@ -0,0 +1,163 @@
+From 265b691ac440bfb711d8de323346f7d72e620efe Mon Sep 17 00:00:00 2001
+From: Filippo Valsorda 
+Date: Thu, 12 Sep 2019 12:37:36 -0400
+Subject: [PATCH] [release-branch.go1.12-security] net/textproto: don't
+ normalize headers with spaces before the colon
+
+RFC 7230 is clear about headers with a space before the colon, like
+
+X-Answer : 42
+
+being invalid, but we've been accepting and normalizing them for compatibility
+purposes since CL 5690059 in 2012.
+
+On the client side, this is harmless and indeed most browsers behave the same
+to this day. On the server side, this becomes a security issue when the
+behavior doesn't match that of a reverse proxy sitting in front of the server.
+
+For example, if a WAF accepts them without normalizing them, it might be
+possible to bypass its filters, because the Go server would interpret the
+header differently. Worse, if the reverse proxy coalesces requests onto a
+single HTTP/1.1 connection to a Go server, the understanding of the request
+boundaries can get out of sync between them, allowing an attacker to tack an
+arbitrary method and path onto a request by other clients, including
+authentication headers unknown to the attacker.
+
+This was recently presented at multiple security conferences:
+https://portswigger.net/blog/http-desync-attacks-request-smuggling-reborn
+
+net/http servers already reject header keys with invalid characters.
+Simply stop normalizing extra spaces in net/textproto, let it return them
+unchanged like it does for other invalid headers, and let net/http enforce
+RFC 7230, which is HTTP specific. This loses us normalization on the client
+side, but there's no right answer on the client side anyway, and hiding the
+issue sounds worse than letting the application decide.
+
+Fixes CVE-2019-16276
+
+Change-Id: I6d272de827e0870da85d93df770d6a0e161bbcf1
+Reviewed-on: 
https://team-review.git.corp.google.com/c/golang/go-private/+/549719
+Reviewed-by: Brad Fitzpatrick 
+(cherry picked from commit 1280b868e82bf173ea3e988be3092d160ee66082)
+Reviewed-on: 
https://team-review.git.corp.google.com/c/golang/go-private/+/558776
+Reviewed-by: Dmitri Shuralyov 
+
+CVE: CVE-2019-16276
+
+Upstream-Status: Backport 
[https://github.com/golang/go/commit/6e6f4aaf70c8b1cc81e65a26332aa9409de03ad8]
+
+Signed-off-by: Chen Qi 
+---
+ src/net/http/serve_test.go   |  4 
+ src/net/http/transport_test.go   | 27 +++
+ src/net/textproto/reader.go  | 10 ++
+ src/net/textproto/reader_test.go | 13 ++---
+ 4 files changed, 39 insertions(+), 15 deletions(-)
+
+diff --git a/src/net/http/serve_test.go b/src/net/http/serve_test.go
+index 6eb0088a96..89bfdfbb82 100644
+--- a/src/net/http/serve_test.go
 b/src/net/http/serve_test.go
+@@ -4748,6 +4748,10 @@ func TestServerValidatesHeaders(t *testing.T) {
+   {"foo\xffbar: foo\r\n", 400}, // binary 
in header
+   {"foo\x00bar: foo\r\n", 400}, // binary 
in header
+   {"Foo: " + strings.Repeat("x", 1<<21) + "\r\n", 431}, // header 
too large
++  // Spaces between the header key and colon are not allowed.
++  // See RFC 7230, Section 3.2.4.
++  {"Foo : bar\r\n", 400},
++  {"Foo\t: bar\r\n", 400},
+ 
+   {"foo: foo foo\r\n", 200},// LWS space is okay
+   {"foo: foo\tfoo\r\n", 200},   // LWS ta

[OE-core] [warrior 10/19] libcroco: Fix two CVEs

From: Muminul Islam 

CVE: CVE-2017-8834 CVE-2017-8871

Signed-off-by: Muminul Islam 
Signed-off-by: Armin Kuster 
---
 .../libcroco/libcroco/CVE-2017-8834_71.patch   | 38 ++
 meta/recipes-support/libcroco/libcroco_0.6.12.bb   |  1 +
 2 files changed, 39 insertions(+)
 create mode 100644 
meta/recipes-support/libcroco/libcroco/CVE-2017-8834_71.patch

diff --git a/meta/recipes-support/libcroco/libcroco/CVE-2017-8834_71.patch 
b/meta/recipes-support/libcroco/libcroco/CVE-2017-8834_71.patch
new file mode 100644
index 000..cdfc9cf
--- /dev/null
+++ b/meta/recipes-support/libcroco/libcroco/CVE-2017-8834_71.patch
@@ -0,0 +1,38 @@
+From 38bdf8e956218dd6a72942229cf39ef8e45dd28f Mon Sep 17 00:00:00 2001
+From: Mike Gorse 
+Date: Thu, 2 May 2019 10:54:43 -0500
+Subject: [PATCH] cr_utils_read_char_from_utf8_buf: move past invalid UTF-8
+Reply-To: muis...@microsoft.com; Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+Otherwise, the offending character is never consumed, possibly leading
+to an infinite loop.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=782647
+
+CVE: CVE-2017-8834 CVE-2017-8871
+
+Upstream-Status: Backport
+
+Signed-off-by: Muminul Islam 
+
+Upstream commit: 
https://bug782647.bugzilla-attachments.gnome.org/attachment.cgi?id=374219
+---
+ src/cr-utils.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/cr-utils.c b/src/cr-utils.c
+index 2420cec..6cf4849 100644
+--- a/src/cr-utils.c
 b/src/cr-utils.c
+@@ -505,6 +505,7 @@ cr_utils_read_char_from_utf8_buf (const guchar * a_in,
+ 
+ } else {
+ /*BAD ENCODING */
++nb_bytes_2_decode = 1;
+ goto end;
+ }
+ 
+-- 
+2.23.0
+
diff --git a/meta/recipes-support/libcroco/libcroco_0.6.12.bb 
b/meta/recipes-support/libcroco/libcroco_0.6.12.bb
index f95a583..85a120d 100644
--- a/meta/recipes-support/libcroco/libcroco_0.6.12.bb
+++ b/meta/recipes-support/libcroco/libcroco_0.6.12.bb
@@ -18,6 +18,7 @@ inherit gnomebase gtk-doc binconfig-disabled
 
 SRC_URI += "file://CVE-2017-7960.patch \
 file://CVE-2017-7961.patch \
+file://CVE-2017-8834_71.patch \
 "
 
 SRC_URI[archive.md5sum] = "bc0984fce078ba2ce29f9500c6b9ddce"
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [warrior 11/19] python: include CVE patches for python-native as well

From: Anuj Mittal 

Also avoids maintaining a different set of patches for both.

Signed-off-by: Anuj Mittal 
Signed-off-by: Richard Purdie 
(cherry picked from commit b3b1c00cc46b33ddbf7e008267032220e1e298af)
Signed-off-by: Armin Kuster 
---
 meta/recipes-devtools/python/python.inc   | 5 +
 meta/recipes-devtools/python/python_2.7.16.bb | 5 -
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/meta/recipes-devtools/python/python.inc 
b/meta/recipes-devtools/python/python.inc
index 779df53..8d0e908 100644
--- a/meta/recipes-devtools/python/python.inc
+++ b/meta/recipes-devtools/python/python.inc
@@ -8,6 +8,11 @@ INC_PR = "r1"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=e466242989bd33c1bd2b6a526a742498"
 
 SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
+   file://bpo-35907-cve-2019-9948.patch \
+   file://bpo-35907-cve-2019-9948-fix.patch \
+   file://bpo-36216-cve-2019-9636.patch \
+   file://bpo-36216-cve-2019-9636-fix.patch \
+   file://CVE-2019-9740.patch \
"
 
 SRC_URI[md5sum] = "30157d85a2c0479c09ea2cbe61f2aaf5"
diff --git a/meta/recipes-devtools/python/python_2.7.16.bb 
b/meta/recipes-devtools/python/python_2.7.16.bb
index c6160ae..a02a628 100644
--- a/meta/recipes-devtools/python/python_2.7.16.bb
+++ b/meta/recipes-devtools/python/python_2.7.16.bb
@@ -30,11 +30,6 @@ SRC_URI += " \
file://support_SOURCE_DATE_EPOCH_in_py_compile_2.7.patch \
file://float-endian.patch \

file://0001-python2-use-cc_basename-to-replace-CC-for-checking-c.patch \
-file://bpo-35907-cve-2019-9948.patch \
-file://bpo-35907-cve-2019-9948-fix.patch \
-file://bpo-36216-cve-2019-9636.patch \
-file://bpo-36216-cve-2019-9636-fix.patch \
-file://CVE-2019-9740.patch \
 "
 
 S = "${WORKDIR}/Python-${PV}"
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [warrior 12/19] python: add tk-lib as runtime dependency for python-tkinter

From: Yi Zhao 

Fixes:
ERROR: python-2.7.16-r0 do_package_qa: QA Issue:
/usr/lib/python2.7/lib-dynload/_tkinter.so contained in package
python-tkinter requires libtk8.6.so, but no providers found in
RDEPENDS_python-tkinter? [file-rdeps]

Signed-off-by: Yi Zhao 
Signed-off-by: Ross Burton 
(cherry picked from commit f78248a2380f271b5bb02c762f5bc7a3a92e)
Signed-off-by: Armin Kuster 
---
 meta/recipes-devtools/python/python3_3.7.4.bb | 2 +-
 meta/recipes-devtools/python/python_2.7.16.bb | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-devtools/python/python3_3.7.4.bb 
b/meta/recipes-devtools/python/python3_3.7.4.bb
index dd16351..af3c325 100644
--- a/meta/recipes-devtools/python/python3_3.7.4.bb
+++ b/meta/recipes-devtools/python/python3_3.7.4.bb
@@ -294,6 +294,6 @@ FILES_${PN}-man = "${datadir}/man"
 
 RDEPENDS_${PN}-ptest = "${PN}-modules ${PN}-tests unzip bzip2 libgcc 
tzdata-europe coreutils sed"
 RDEPENDS_${PN}-ptest_append_libc-glibc = " locale-base-tr-tr.iso-8859-9"
-RDEPENDS_${PN}-tkinter += "${@bb.utils.contains('PACKAGECONFIG', 'tk', 'tk', 
'', d)}"
+RDEPENDS_${PN}-tkinter += "${@bb.utils.contains('PACKAGECONFIG', 'tk', 'tk 
tk-lib', '', d)}"
 RDEPENDS_${PN}-dev = ""
 
diff --git a/meta/recipes-devtools/python/python_2.7.16.bb 
b/meta/recipes-devtools/python/python_2.7.16.bb
index a02a628..ec724c3 100644
--- a/meta/recipes-devtools/python/python_2.7.16.bb
+++ b/meta/recipes-devtools/python/python_2.7.16.bb
@@ -173,7 +173,7 @@ RDEPENDS_${PN}-modules += "${PN}-misc"
 
 # ptest
 RDEPENDS_${PN}-ptest = "${PN}-modules ${PN}-tests unzip tzdata-europe 
coreutils sed"
-RDEPENDS_${PN}-tkinter += "${@bb.utils.contains('PACKAGECONFIG', 'tk', 'tk', 
'', d)}"
+RDEPENDS_${PN}-tkinter += "${@bb.utils.contains('PACKAGECONFIG', 'tk', 'tk 
tk-lib', '', d)}"
 # catch manpage
 PACKAGES += "${PN}-man"
 FILES_${PN}-man = "${datadir}/man"
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [warrior 14/19] python: Fix CVE-2019-10160

From: Changqing Li 

Signed-off-by: Changqing Li 
Signed-off-by: Ross Burton 
(cherry picked from commit b4240b585d7fcac2fdbf33a8e72d48cb732eb696)
Signed-off-by: Armin Kuster 
(cherry picked from commit 10d87a3085665a959a5fda64ae3895cb27ddf343)
Signed-off-by: Armin Kuster 
---
 .../python/python/bpo-36742-cve-2019-10160.patch   | 81 ++
 meta/recipes-devtools/python/python_2.7.16.bb  |  1 +
 2 files changed, 82 insertions(+)
 create mode 100644 
meta/recipes-devtools/python/python/bpo-36742-cve-2019-10160.patch

diff --git a/meta/recipes-devtools/python/python/bpo-36742-cve-2019-10160.patch 
b/meta/recipes-devtools/python/python/bpo-36742-cve-2019-10160.patch
new file mode 100644
index 000..1b6cb8c
--- /dev/null
+++ b/meta/recipes-devtools/python/python/bpo-36742-cve-2019-10160.patch
@@ -0,0 +1,81 @@
+From 5a1033fe5be764a135adcfff2fdc14edc3e5f327 Mon Sep 17 00:00:00 2001
+From: Changqing Li 
+Date: Thu, 10 Oct 2019 16:32:19 +0800
+Subject: [PATCH] bpo-36742: Fixes handling of pre-normalization characters in
+ urlsplit() bpo-36742: Corrects fix to handle decomposition in usernames
+
+Upstream-Status: Backport
+
+https://github.com/python/cpython/commit/98a4dcefbbc3bce5ab07e7c0830a183157250259
+https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de#diff-b577545d73dd0cdb2c337a4c5f89e1d7
+
+CVE: CVE-2019-10160
+
+Signed-off-by: Changqing Li 
+---
+ Lib/test/test_urlparse.py | 19 +--
+ Lib/urlparse.py   | 14 +-
+ 2 files changed, 22 insertions(+), 11 deletions(-)
+
+diff --git a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py
+index 1830d0b..857ed96 100644
+--- a/Lib/test/test_urlparse.py
 b/Lib/test/test_urlparse.py
+@@ -641,13 +641,20 @@ class UrlParseTestCase(unittest.TestCase):
+ self.assertIn(u'\u2100', denorm_chars)
+ self.assertIn(u'\uFF03', denorm_chars)
+ 
++# bpo-36742: Verify port separators are ignored when they
++# existed prior to decomposition
++urlparse.urlsplit(u'http://\u30d5\u309a:80')
++with self.assertRaises(ValueError):
++urlparse.urlsplit(u'http://\u30d5\u309a\ufe1380')
++
+ for scheme in [u"http", u"https", u"ftp"]:
+-for c in denorm_chars:
+-url = u"{}://netloc{}false.netloc/path".format(scheme, c)
+-if test_support.verbose:
+-print "Checking %r" % url
+-with self.assertRaises(ValueError):
+-urlparse.urlsplit(url)
++for netloc in [u"netloc{}false.netloc", u"n{}user@netloc"]:
++for c in denorm_chars:
++url = u"{}://{}/path".format(scheme, netloc.format(c))
++if test_support.verbose:
++print "Checking %r" % url
++with self.assertRaises(ValueError):
++urlparse.urlsplit(url)
+ 
+ def test_main():
+ test_support.run_unittest(UrlParseTestCase)
+diff --git a/Lib/urlparse.py b/Lib/urlparse.py
+index 54eda08..e34b368 100644
+--- a/Lib/urlparse.py
 b/Lib/urlparse.py
+@@ -171,14 +171,18 @@ def _checknetloc(netloc):
+ # looking for characters like \u2100 that expand to 'a/c'
+ # IDNA uses NFKC equivalence, so normalize for this check
+ import unicodedata
+-netloc2 = unicodedata.normalize('NFKC', netloc)
+-if netloc == netloc2:
++n = netloc.replace(u'@', u'') # ignore characters already included
++n = n.replace(u':', u'')  # but not the surrounding text
++n = n.replace(u'#', u'')
++n = n.replace(u'?', u'')
++
++netloc2 = unicodedata.normalize('NFKC', n)
++if n == netloc2:
+ return
+-_, _, netloc = netloc.rpartition('@') # anything to the left of '@' is 
okay
+ for c in '/?#@:':
+ if c in netloc2:
+-raise ValueError("netloc '" + netloc2 + "' contains invalid " +
+- "characters under NFKC normalization")
++raise ValueError(u"netloc '" + netloc + u"' contains invalid " +
++ u"characters under NFKC normalization")
+ 
+ def urlsplit(url, scheme='', allow_fragments=True):
+ """Parse a URL into 5 components:
+-- 
+2.7.4
+
diff --git a/meta/recipes-devtools/python/python_2.7.16.bb 
b/meta/recipes-devtools/python/python_2.7.16.bb
index b263e72..1c7c581 100644
--- a/meta/recipes-devtools/python/python_2.7.16.bb
+++ b/meta/recipes-devtools/python/python_2.7.16.bb
@@ -31,6 +31,7 @@ SRC_URI += " \
file://float-endian.patch \

file://0001-python2-use-cc_basename-to-replace-CC-for-checking-c.patch \

file://0001-2.7-bpo-34155-Dont-parse-domains-containing-GH-13079.patch \
+   file://bpo-36742-cve-2019-10160.patch \
 "
 
 S = "${WORKDIR}/Python-${PV}"
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/m

[OE-core] [warrior 16/19] libgcrypt: fix CVE-2019-12904

From: Yi Zhao 

In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a
flush-and-reload side-channel attack because physical addresses are
available to other processes. (The C implementation is used on platforms
where an assembly-language implementation is unavailable.)

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2019-12904

Patches from:
https://github.com/gpg/libgcrypt/commit/1374254c2904ab5b18ba4a890856824a102d4705
https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762
https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020

Signed-off-by: Yi Zhao 
Signed-off-by: Ross Burton 
(cherry picked from commit 37e390ff05b6a4509019db358ed496731d80cc51)
Signed-off-by: Armin Kuster 
(cherry picked from commit 4c207cb1ad46c0d2005ab3eae70d78c937e084b5)
Signed-off-by: Armin Kuster 
---
 .../files/0001-Prefetch-GCM-look-up-tables.patch   |  90 ++
 ...ok-up-tables-to-.data-section-and-unshare.patch | 332 +
 ...ok-up-table-to-.data-section-and-unshare-.patch | 178 +++
 meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb  |   3 +
 4 files changed, 603 insertions(+)
 create mode 100644 
meta/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch
 create mode 100644 
meta/recipes-support/libgcrypt/files/0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch
 create mode 100644 
meta/recipes-support/libgcrypt/files/0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch

diff --git 
a/meta/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch 
b/meta/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch
new file mode 100644
index 000..4df96f0
--- /dev/null
+++ 
b/meta/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch
@@ -0,0 +1,90 @@
+From 1374254c2904ab5b18ba4a890856824a102d4705 Mon Sep 17 00:00:00 2001
+From: Jussi Kivilinna 
+Date: Sat, 27 Apr 2019 19:33:28 +0300
+Subject: [PATCH 1/3] Prefetch GCM look-up tables
+
+* cipher/cipher-gcm.c (prefetch_table, do_prefetch_tables)
+(prefetch_tables): New.
+(ghash_internal): Call prefetch_tables.
+--
+
+Signed-off-by: Jussi Kivilinna 
+
+Upstream-Status: Backport
+[https://github.com/gpg/libgcrypt/commit/1374254c2904ab5b18ba4a890856824a102d4705]
+
+CVE: CVE-2019-12904
+
+Signed-off-by: Yi Zhao 
+---
+ cipher/cipher-gcm.c | 33 +
+ 1 file changed, 33 insertions(+)
+
+diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c
+index c19f09f..11f119a 100644
+--- a/cipher/cipher-gcm.c
 b/cipher/cipher-gcm.c
+@@ -118,6 +118,34 @@ static const u16 gcmR[256] = {
+   0xbbf0, 0xba32, 0xb874, 0xb9b6, 0xbcf8, 0xbd3a, 0xbf7c, 0xbebe,
+ };
+ 
++static inline
++void prefetch_table(const void *tab, size_t len)
++{
++  const volatile byte *vtab = tab;
++  size_t i;
++
++  for (i = 0; i < len; i += 8 * 32)
++{
++  (void)vtab[i + 0 * 32];
++  (void)vtab[i + 1 * 32];
++  (void)vtab[i + 2 * 32];
++  (void)vtab[i + 3 * 32];
++  (void)vtab[i + 4 * 32];
++  (void)vtab[i + 5 * 32];
++  (void)vtab[i + 6 * 32];
++  (void)vtab[i + 7 * 32];
++}
++
++  (void)vtab[len - 1];
++}
++
++static inline void
++do_prefetch_tables (const void *gcmM, size_t gcmM_size)
++{
++  prefetch_table(gcmM, gcmM_size);
++  prefetch_table(gcmR, sizeof(gcmR));
++}
++
+ #ifdef GCM_TABLES_USE_U64
+ static void
+ bshift (u64 * b0, u64 * b1)
+@@ -365,6 +393,8 @@ do_ghash (unsigned char *result, const unsigned char *buf, 
const u32 *gcmM)
+ #define fillM(c) \
+   do_fillM (c->u_mode.gcm.u_ghash_key.key, c->u_mode.gcm.gcm_table)
+ #define GHASH(c, result, buf) do_ghash (result, buf, c->u_mode.gcm.gcm_table)
++#define prefetch_tables(c) \
++  do_prefetch_tables(c->u_mode.gcm.gcm_table, sizeof(c->u_mode.gcm.gcm_table))
+ 
+ #else
+ 
+@@ -430,6 +460,7 @@ do_ghash (unsigned char *hsub, unsigned char *result, 
const unsigned char *buf)
+ 
+ #define fillM(c) do { } while (0)
+ #define GHASH(c, result, buf) do_ghash (c->u_mode.gcm.u_ghash_key.key, 
result, buf)
++#define prefetch_tables(c) do {} while (0)
+ 
+ #endif /* !GCM_USE_TABLES */
+ 
+@@ -441,6 +472,8 @@ ghash_internal (gcry_cipher_hd_t c, byte *result, const 
byte *buf,
+   const unsigned int blocksize = GCRY_GCM_BLOCK_LEN;
+   unsigned int burn = 0;
+ 
++  prefetch_tables (c);
++
+   while (nblocks)
+ {
+   burn = GHASH (c, result, buf);
+-- 
+2.7.4
+
diff --git 
a/meta/recipes-support/libgcrypt/files/0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch
 
b/meta/recipes-support/libgcrypt/files/0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch
new file mode 100644
index 000..c82c5b5
--- /dev/null
+++ 
b/meta/recipes-support/libgcrypt/files/0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch
@@ -0,0 +1,332 @@
+From 119348dd9aa52ab229afb5e2d3342d2b76fe81bf Mon Sep 17 00:00:00 2001
+From: Jussi Kivilinna 
+Date: Fri, 31 May 2019 17:18:09 +0300
+Subject: [PATCH 2/3] AES: move look-up t

[OE-core] [warrior 15/19] openssl: make OPENSSL_ENGINES match install path

From: George McCollister 

Set OPENSSL_ENGINES to the path where engines are actually installed.

Signed-off-by: George McCollister 
Signed-off-by: Ross Burton 
(cherry picked from commit 59565fec0b3f3e24eb01c03b671913599cd3134d)
Signed-off-by: Armin Kuster 
(cherry picked from commit 578f41124565a7cda738c7fe3d25702ee41b08ed)
Signed-off-by: Armin Kuster 
---
 meta/recipes-connectivity/openssl/openssl_1.1.1b.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1b.bb 
b/meta/recipes-connectivity/openssl/openssl_1.1.1b.bb
index df2698f..9e36df8 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1b.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1b.bb
@@ -148,7 +148,7 @@ do_install_append_class-native () {
OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \
SSL_CERT_DIR=${libdir}/ssl-1.1/certs \
SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \
-   OPENSSL_ENGINES=${libdir}/ssl-1.1/engines
+   OPENSSL_ENGINES=${libdir}/engines-1.1
 }
 
 do_install_append_class-nativesdk () {
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [warrior 08/19] linux-yocto/4.19: make drm-bochs feature available

From: Bruce Ashfield 

The other active kernel versions have this feature available. To
consistently enable the same video output for qemu, we can cherry
pick the feature to 4.19.

(From OE-Core rev: a777e0f34e106455f963bd58fd8728a16c588c4d)

Signed-off-by: Bruce Ashfield 
Signed-off-by: Richard Purdie 
Signed-off-by: Armin Kuster 
---
 meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb   | 2 +-
 meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb | 2 +-
 meta/recipes-kernel/linux/linux-yocto_4.19.bb  | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb 
b/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb
index 958f0ee..db7ade9 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb
@@ -12,7 +12,7 @@ python () {
 }
 
 SRCREV_machine ?= "ca2e3322f4c5678eaef6434c808d0842c805d74d"
-SRCREV_meta ?= "283939d5c9ebec9750c34982405a39a9864ac10f"
+SRCREV_meta ?= "20a6158aa35dbf11819382ef1eeb28915afea765"
 
 SRC_URI = 
"git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \

git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.19;destsuffix=${KMETA}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb 
b/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb
index 0178947..cadf1a7 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb
@@ -17,7 +17,7 @@ KCONF_BSP_AUDIT_LEVEL = "2"
 
 SRCREV_machine_qemuarm ?= "b5a2efa31290f31384971494031285d394635938"
 SRCREV_machine ?= "4ec6f255163da37a4c83528e5835b6b9baccee63"
-SRCREV_meta ?= "283939d5c9ebec9750c34982405a39a9864ac10f"
+SRCREV_meta ?= "20a6158aa35dbf11819382ef1eeb28915afea765"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_4.19.bb 
b/meta/recipes-kernel/linux/linux-yocto_4.19.bb
index f5e03da..d200e4d 100644
--- a/meta/recipes-kernel/linux/linux-yocto_4.19.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_4.19.bb
@@ -19,7 +19,7 @@ SRCREV_machine_qemux86 ?= 
"4ec6f255163da37a4c83528e5835b6b9baccee63"
 SRCREV_machine_qemux86-64 ?= "4ec6f255163da37a4c83528e5835b6b9baccee63"
 SRCREV_machine_qemumips64 ?= "ca47368b698795cd5cada84dbfcceda1f47da1aa"
 SRCREV_machine ?= "4ec6f255163da37a4c83528e5835b6b9baccee63"
-SRCREV_meta ?= "283939d5c9ebec9750c34982405a39a9864ac10f"
+SRCREV_meta ?= "20a6158aa35dbf11819382ef1eeb28915afea765"
 
 SRC_URI = 
"git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \

git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.19;destsuffix=${KMETA}
 \
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [warrior 13/19] python: CVE-2019-16056

From: Chen Qi 

Signed-off-by: Chen Qi 
Signed-off-by: Richard Purdie 
Signed-off-by: Armin Kuster 
(cherry picked from commit 27be9cf71a6fe906a23e81b56f1cc18a6fc9ef97)
Signed-off-by: Armin Kuster 
---
 ...55-Dont-parse-domains-containing-GH-13079.patch | 90 ++
 meta/recipes-devtools/python/python_2.7.16.bb  |  1 +
 2 files changed, 91 insertions(+)
 create mode 100644 
meta/recipes-devtools/python/python/0001-2.7-bpo-34155-Dont-parse-domains-containing-GH-13079.patch

diff --git 
a/meta/recipes-devtools/python/python/0001-2.7-bpo-34155-Dont-parse-domains-containing-GH-13079.patch
 
b/meta/recipes-devtools/python/python/0001-2.7-bpo-34155-Dont-parse-domains-containing-GH-13079.patch
new file mode 100644
index 000..5415472
--- /dev/null
+++ 
b/meta/recipes-devtools/python/python/0001-2.7-bpo-34155-Dont-parse-domains-containing-GH-13079.patch
@@ -0,0 +1,90 @@
+From 532ed09c5454bb789a301bb6f1339a0818255610 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Roberto=20C=2E=20S=C3=A1nchez?= 
+Date: Sat, 14 Sep 2019 13:26:38 -0400
+Subject: [PATCH] [2.7] bpo-34155: Dont parse domains containing @ (GH-13079)
+ (GH-16006)
+
+This change skips parsing of email addresses where domains include a "@" 
character, which can be maliciously used since the local part is returned as a 
complete address.
+
+(cherry picked from commit 8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9)
+
+Excludes changes to Lib/email/_header_value_parser.py, which did not
+exist in 2.7.
+
+Co-authored-by: jpic 
+
+https://bugs.python.org/issue34155
+
+Upstream-Status: Backport 
[https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9]
+
+CVE: CVE-2019-16056
+
+Signed-off-by: Chen Qi 
+---
+ Lib/email/_parseaddr.py| 11 ++-
+ Lib/email/test/test_email.py   | 14 ++
+ .../2019-05-04-13-33-37.bpo-34155.MJll68.rst   |  1 +
+ 3 files changed, 25 insertions(+), 1 deletion(-)
+ create mode 100644 
Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst
+
+diff --git a/Lib/email/_parseaddr.py b/Lib/email/_parseaddr.py
+index 690db2c22d..dc49d2e45a 100644
+--- a/Lib/email/_parseaddr.py
 b/Lib/email/_parseaddr.py
+@@ -336,7 +336,12 @@ class AddrlistClass:
+ aslist.append('@')
+ self.pos += 1
+ self.gotonext()
+-return EMPTYSTRING.join(aslist) + self.getdomain()
++domain = self.getdomain()
++if not domain:
++# Invalid domain, return an empty address instead of returning a
++# local part to denote failed parsing.
++return EMPTYSTRING
++return EMPTYSTRING.join(aslist) + domain
+ 
+ def getdomain(self):
+ """Get the complete domain name from an address."""
+@@ -351,6 +356,10 @@ class AddrlistClass:
+ elif self.field[self.pos] == '.':
+ self.pos += 1
+ sdlist.append('.')
++elif self.field[self.pos] == '@':
++# bpo-34155: Don't parse domains with two `@` like
++# `a...@malicious.org@important.com`.
++return EMPTYSTRING
+ elif self.field[self.pos] in self.atomends:
+ break
+ else:
+diff --git a/Lib/email/test/test_email.py b/Lib/email/test/test_email.py
+index 4b4dee3d34..2efe44ac5a 100644
+--- a/Lib/email/test/test_email.py
 b/Lib/email/test/test_email.py
+@@ -2306,6 +2306,20 @@ class TestMiscellaneous(TestEmailBase):
+ self.assertEqual(Utils.parseaddr('<>'), ('', ''))
+ self.assertEqual(Utils.formataddr(Utils.parseaddr('<>')), '')
+ 
++def test_parseaddr_multiple_domains(self):
++self.assertEqual(
++Utils.parseaddr('a@b@c'),
++('', '')
++)
++self.assertEqual(
++Utils.parseaddr('a@b.c@c'),
++('', '')
++)
++self.assertEqual(
++Utils.parseaddr('a@172.17.0.1@c'),
++('', '')
++)
++
+ def test_noquote_dump(self):
+ self.assertEqual(
+ Utils.formataddr(('A Silly Person', 'per...@dom.ain')),
+diff --git 
a/Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst 
b/Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst
+new file mode 100644
+index 00..50292e29ed
+--- /dev/null
 b/Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst
+@@ -0,0 +1 @@
++Fix parsing of invalid email addresses with more than one ``@`` (e.g. 
a@b...@c.com.) to not return the part before 2nd ``@`` as valid email address. 
Patch by maxking & jpic.
diff --git a/meta/recipes-devtools/python/python_2.7.16.bb 
b/meta/recipes-devtools/python/python_2.7.16.bb
index ec724c3..b263e72 100644
--- a/meta/recipes-devtools/python/python_2.7.16.bb
+++ b/meta/recipes-devtools/python/python_2.7.16.bb
@@ -30,6 +30,7 @@ SRC_URI += " \
file://support_SOURCE_DATE_EPOCH_in_py_compile_2.7.patch \
file://float-endian.

[OE-core] [warrior 09/19] linux-yocto: add drm-bochs support

From: Alexander Kanavin 

This allows better modesetting support for the '-vga std'
emulated hardware provided by Qemu, which we want to
standardize on.

See here for background:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=13466

(From OE-Core rev: 569d3f5d0454ed31f2f6df29f1703246a3dcd715)

Signed-off-by: Alexander Kanavin 
Signed-off-by: Richard Purdie 
Signed-off-by: Armin Kuster 
---
 meta/recipes-kernel/linux/linux-yocto-dev.bb | 2 +-
 meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb | 2 +-
 meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb  | 2 +-
 meta/recipes-kernel/linux/linux-yocto_4.19.bb| 2 +-
 meta/recipes-kernel/linux/linux-yocto_5.0.bb | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-dev.bb 
b/meta/recipes-kernel/linux/linux-yocto-dev.bb
index ae8c343..f6ffb1f 100644
--- a/meta/recipes-kernel/linux/linux-yocto-dev.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-dev.bb
@@ -46,7 +46,7 @@ KERNEL_DEVICETREE_qemuarm = "versatile-pb.dtb"
 # Functionality flags
 KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc 
features/taskstats/taskstats.scc"
 KERNEL_FEATURES_append = " ${KERNEL_EXTRA_FEATURES}"
-KERNEL_FEATURES_append_qemuall=" cfg/virtio.scc"
+KERNEL_FEATURES_append_qemuall=" cfg/virtio.scc 
features/drm-bochs/drm-bochs.scc"
 KERNEL_FEATURES_append_qemux86=" cfg/sound.scc cfg/paravirt_kvm.scc"
 KERNEL_FEATURES_append_qemux86-64=" cfg/sound.scc"
 KERNEL_FEATURES_append = " ${@bb.utils.contains("TUNE_FEATURES", "mx32", " 
cfg/x32.scc", "" ,d)}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb 
b/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb
index db7ade9..da87d47 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb
@@ -38,6 +38,6 @@ KERNEL_DEVICETREE_qemuarm = "versatile-pb.dtb"
 # Functionality flags
 KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc 
features/taskstats/taskstats.scc"
 KERNEL_FEATURES_append = " ${KERNEL_EXTRA_FEATURES}"
-KERNEL_FEATURES_append_qemuall=" cfg/virtio.scc"
+KERNEL_FEATURES_append_qemuall=" cfg/virtio.scc 
features/drm-bochs/drm-bochs.scc"
 KERNEL_FEATURES_append_qemux86=" cfg/sound.scc cfg/paravirt_kvm.scc"
 KERNEL_FEATURES_append_qemux86-64=" cfg/sound.scc cfg/paravirt_kvm.scc"
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb 
b/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb
index abc8b0c..928d140 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb
@@ -38,6 +38,6 @@ KERNEL_DEVICETREE_qemuarm = "versatile-pb.dtb"
 # Functionality flags
 KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc 
features/taskstats/taskstats.scc"
 KERNEL_FEATURES_append = " ${KERNEL_EXTRA_FEATURES}"
-KERNEL_FEATURES_append_qemuall=" cfg/virtio.scc"
+KERNEL_FEATURES_append_qemuall=" cfg/virtio.scc 
features/drm-bochs/drm-bochs.scc"
 KERNEL_FEATURES_append_qemux86=" cfg/sound.scc cfg/paravirt_kvm.scc"
 KERNEL_FEATURES_append_qemux86-64=" cfg/sound.scc cfg/paravirt_kvm.scc"
diff --git a/meta/recipes-kernel/linux/linux-yocto_4.19.bb 
b/meta/recipes-kernel/linux/linux-yocto_4.19.bb
index d200e4d..5edb97f 100644
--- a/meta/recipes-kernel/linux/linux-yocto_4.19.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_4.19.bb
@@ -43,7 +43,7 @@ COMPATIBLE_MACHINE = 
"qemuarm|qemuarmv5|qemuarm64|qemux86|qemuppc|qemumips|qemum
 # Functionality flags
 KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc"
 KERNEL_FEATURES_append = " ${KERNEL_EXTRA_FEATURES}"
-KERNEL_FEATURES_append_qemuall=" cfg/virtio.scc"
+KERNEL_FEATURES_append_qemuall=" cfg/virtio.scc 
features/drm-bochs/drm-bochs.scc"
 KERNEL_FEATURES_append_qemux86=" cfg/sound.scc cfg/paravirt_kvm.scc"
 KERNEL_FEATURES_append_qemux86-64=" cfg/sound.scc cfg/paravirt_kvm.scc"
 KERNEL_FEATURES_append = " ${@bb.utils.contains("TUNE_FEATURES", "mx32", " 
cfg/x32.scc", "" ,d)}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.0.bb 
b/meta/recipes-kernel/linux/linux-yocto_5.0.bb
index 6008e3d..d415a4a 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.0.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.0.bb
@@ -47,7 +47,7 @@ COMPATIBLE_MACHINE = 
"qemuarm|qemuarmv5|qemuarm64|qemux86|qemuppc|qemumips|qemum
 # Functionality flags
 KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc"
 KERNEL_FEATURES_append = " ${KERNEL_EXTRA_FEATURES}"
-KERNEL_FEATURES_append_qemuall=" cfg/virtio.scc"
+KERNEL_FEATURES_append_qemuall=" cfg/virtio.scc 
features/drm-bochs/drm-bochs.scc"
 KERNEL_FEATURES_append_qemux86=" cfg/sound.scc cfg/paravirt_kvm.scc"
 KERNEL_FEATURES_append_qemux86-64=" cfg/sound.scc cfg/paravirt_kvm.scc"
 KERNEL_FEATURES_append = " ${@bb.utils.contains("TUNE_FEATURES", "mx32", " 
cfg/x32.scc", "" ,d)}"
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded

[OE-core] [warrior 07/19] kernel-yocto: import security fragments from meta-security

From: Bruce Ashfield 

Adding the following fragments from meta-security to make them
centrally available and easier to maintain:

   283939d5c9e kernel-cache: add yama security fragments
   0b86f3fa241 kernel-cache: add ima fragments
   731b466654d kernel-cache: add smack
   813afe8ff47 kernel-cache: add apparmor fragments

(From OE-Core rev: 3063d64984e993d3e7dc2f4c80fb74005f5d6d7e)

Signed-off-by: Armin Kuster 
Signed-off-by: Bruce Ashfield 
Signed-off-by: Richard Purdie 
Signed-off-by: Armin Kuster 
---
 meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb   | 2 +-
 meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb| 2 +-
 meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb | 2 +-
 meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb  | 2 +-
 meta/recipes-kernel/linux/linux-yocto_4.19.bb  | 2 +-
 meta/recipes-kernel/linux/linux-yocto_5.0.bb   | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb 
b/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb
index 213a21e..958f0ee 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb
@@ -12,7 +12,7 @@ python () {
 }
 
 SRCREV_machine ?= "ca2e3322f4c5678eaef6434c808d0842c805d74d"
-SRCREV_meta ?= "960be4218436fbbb3500e019f7abf02fa94e6aac"
+SRCREV_meta ?= "283939d5c9ebec9750c34982405a39a9864ac10f"
 
 SRC_URI = 
"git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \

git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.19;destsuffix=${KMETA}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb 
b/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb
index d1adf0c..abc8b0c 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb
@@ -12,7 +12,7 @@ python () {
 }
 
 SRCREV_machine ?= "e6cb812b5532630b6fc6dfd7778d57a4907d3180"
-SRCREV_meta ?= "96c82f3d7ab25a3f44e517f9dbbb53e2c4c45729"
+SRCREV_meta ?= "7f6e97c357746382d4339e7e0463637e715acd4b"
 
 SRC_URI = 
"git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \

git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.0;destsuffix=${KMETA}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb 
b/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb
index a4be4b5..0178947 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb
@@ -17,7 +17,7 @@ KCONF_BSP_AUDIT_LEVEL = "2"
 
 SRCREV_machine_qemuarm ?= "b5a2efa31290f31384971494031285d394635938"
 SRCREV_machine ?= "4ec6f255163da37a4c83528e5835b6b9baccee63"
-SRCREV_meta ?= "960be4218436fbbb3500e019f7abf02fa94e6aac"
+SRCREV_meta ?= "283939d5c9ebec9750c34982405a39a9864ac10f"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb 
b/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb
index 7d49de6..9b5e69d 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb
@@ -17,7 +17,7 @@ KCONF_BSP_AUDIT_LEVEL = "2"
 
 SRCREV_machine_qemuarm ?= "b9001287984b0066814c8739f38d629de73739b7"
 SRCREV_machine ?= "55dd15336b7301b686a0c183f5372b49c1003d03"
-SRCREV_meta ?= "96c82f3d7ab25a3f44e517f9dbbb53e2c4c45729"
+SRCREV_meta ?= "7f6e97c357746382d4339e7e0463637e715acd4b"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_4.19.bb 
b/meta/recipes-kernel/linux/linux-yocto_4.19.bb
index 9c794ba..f5e03da 100644
--- a/meta/recipes-kernel/linux/linux-yocto_4.19.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_4.19.bb
@@ -19,7 +19,7 @@ SRCREV_machine_qemux86 ?= 
"4ec6f255163da37a4c83528e5835b6b9baccee63"
 SRCREV_machine_qemux86-64 ?= "4ec6f255163da37a4c83528e5835b6b9baccee63"
 SRCREV_machine_qemumips64 ?= "ca47368b698795cd5cada84dbfcceda1f47da1aa"
 SRCREV_machine ?= "4ec6f255163da37a4c83528e5835b6b9baccee63"
-SRCREV_meta ?= "960be4218436fbbb3500e019f7abf02fa94e6aac"
+SRCREV_meta ?= "283939d5c9ebec9750c34982405a39a9864ac10f"
 
 SRC_URI = 
"git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \

git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.19;destsuffix=${KMETA}
 \
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.0.bb 
b/meta/recipes-kernel/linux/linux-yocto_5.0.bb
index 35088da..6008e3d 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.0.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.0.bb
@@ -20,7 +20,7 @@ SRCREV_machine_qemux86 ?= 
"55dd15336b7301b686a0c183f5372b49c1003d03"
 SRCREV_machine_qemux86-64 ?= "55dd15336b7301b686a0c183f5372b49c1003d03"
 SRCREV_machine_qemumips64 ?= "9d4105b32cf123a861bc754377d2f2e156278a7e"
 SRCREV_machine ?= "55dd15336b7301b686a0c183f5372b49c1003d03"
-SRCREV_meta ?= "96c82f3d7ab25a3f44e517f9dbbb53e2c4c45729"
+SRCREV_meta ?= "7f6e97c357746382d4339e7e0463637e715acd4b"
 
 # rema

[OE-core] [warrior 06/19] linux-yocto: arch/x86/boot: use prefix map to avoid embedded paths

From: Bruce Ashfield 

>From the kernel patch:

[
It was observed that the kernel embeds the path in the x86 boot
artifacts.

From https://bugzilla.yoctoproject.org/show_bug.cgi?id=13458:

[
   If you turn on the buildpaths QA test, or try a reproducible build, you
   discover that the kernel image contains build paths.

   $ strings bzImage-5.0.19-yocto-standard |grep tmp/
   out of pgt_buf in
   
/data/poky-tmp/reproducible/tmp/work-shared/qemux86-64/kernel-source/arch/x86/boot/compressed/kaslr_64.c!?

   But what's this in the top-level Makefile:

   $ git grep prefix-map
   Makefile:KBUILD_CFLAGS  += $(call
   cc-option,-fmacro-prefix-map=$(srctree)/=)

   So the __FILE__ shouldn't be using the full path.  However
   arch/x86/boot/compressed/Makefile has this:

   KBUILD_CFLAGS := -m$(BITS) -O2

   So that clears KBUILD_FLAGS, removing the -fmacro-prefix-map option.
]

Other architectures do not clear the flags, but instead prune before
adding boot or specific options. There's no obvious reason why x86 isn't
doing the same thing (pruning vs clearing) and no build or boot issues
have been observed.

So we make x86 can do the same thing, and we no longer have embedded paths.
]

This issue has been reported upstream, and a patch submission is
pending, but for now, we'll soak the proposed patch in linux-yocto to
see if any issues are found

[YOCTO: #13458]

(From OE-Core rev: 78b0ff5960814af935a8089ec49c51d76f148149)

Signed-off-by: Bruce Ashfield 
Signed-off-by: Richard Purdie 
Signed-off-by: Armin Kuster 
---
 meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb   |  4 ++--
 meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb |  6 +++---
 meta/recipes-kernel/linux/linux-yocto_5.0.bb  | 19 ++-
 3 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb 
b/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb
index d7b3b38..d1adf0c 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb
@@ -11,8 +11,8 @@ python () {
 raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to 
linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "9c1e84c9b81b6bf1df55f26f2e0517266c37f7eb"
-SRCREV_meta ?= "c2e34d9ab2894edc6abc6be9ac89907bf4348447"
+SRCREV_machine ?= "e6cb812b5532630b6fc6dfd7778d57a4907d3180"
+SRCREV_meta ?= "96c82f3d7ab25a3f44e517f9dbbb53e2c4c45729"
 
 SRC_URI = 
"git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \

git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.0;destsuffix=${KMETA}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb 
b/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb
index c0caed3..7d49de6 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine_qemuarm ?= "fabee455f397ba8054f35a3ad5f2250bbad93bef"
-SRCREV_machine ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458"
-SRCREV_meta ?= "c2e34d9ab2894edc6abc6be9ac89907bf4348447"
+SRCREV_machine_qemuarm ?= "b9001287984b0066814c8739f38d629de73739b7"
+SRCREV_machine ?= "55dd15336b7301b686a0c183f5372b49c1003d03"
+SRCREV_meta ?= "96c82f3d7ab25a3f44e517f9dbbb53e2c4c45729"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.0.bb 
b/meta/recipes-kernel/linux/linux-yocto_5.0.bb
index 895cb15..35088da 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.0.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.0.bb
@@ -11,15 +11,16 @@ KBRANCH_qemux86  ?= "v5.0/standard/base"
 KBRANCH_qemux86-64 ?= "v5.0/standard/base"
 KBRANCH_qemumips64 ?= "v5.0/standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "9161b2fa2f1cec0ba02976c389c788445858e0de"
-SRCREV_machine_qemuarm64 ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458"
-SRCREV_machine_qemumips ?= "7de9b8f0db98e51a666477c8e2b64f1964b45410"
-SRCREV_machine_qemuppc ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458"
-SRCREV_machine_qemux86 ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458"
-SRCREV_machine_qemux86-64 ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458"
-SRCREV_machine_qemumips64 ?= "5a8b27bcc0b16077ab8edfcd3fb25c80dc2c652e"
-SRCREV_machine ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458"
-SRCREV_meta ?= "c2e34d9ab2894edc6abc6be9ac89907bf4348447"
+SRCREV_machine_qemuarm ?= "d1ed980ad989252d42386c8bc63b2f5f11985ea4"
+SRCREV_machine_qemuarm64 ?= "55dd15336b7301b686a0c183f5372b49c1003d03"
+SRCREV_machine_qemumips ?= "1520e78195e64f27be46a46a8d6711c8470fb083"
+SRCREV_machine_qemuppc ?= "55dd15336b7301b686a0c183f5372b49c1003d03"
+SRCREV_machine_qemuriscv64 ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458"
+SRCREV_machine_qemux86 ?= "55dd15336b7301b686a0c183f5372b49c1003d03"
+SRCREV_machine_qemux86-64 ?= "

[OE-core] [warrior 05/19] linux-yocto: bsp/beaglebone: support qemu -machine virt

From: Bruce Ashfield 

While we don't normally do a dual h/w and virt BSP (since they
tend to have conflicting requirements over time). A minimal overhead
option to do this was submitted to linux-yocto. Since it has no
impact on the h/w reference, has SDK testing value and can serve
as a template on how to do this for other arm boards, it is worth
making the configuration available.

The original commit log follows:

[

   If the kernel supports Qemu's virt machine, runqemu works almost for free.
   The device tree for machine virt is included in Qemu, which simplifies
   everything quite a bit.
   This change adds ARCH_VIRT=y and some drivers to the beaglebone kernel
   configuration which allows to:

 export MACHINE="beaglebone-yocto"
 bitbake core-image-minimale
 runqemu

   This also works out of an eSDK. Whithout this feature usually two
   different SDKs need to be compiled and maintained. One SDK is used for 
development
   in Qemu, another one is used to develop for the real target hardware.

   Signed-off-by: Adrian Freihofer 
]

(From OE-Core rev: cc1fca6d464775daa15032f11c02d16b99759407)

Signed-off-by: Bruce Ashfield 
Signed-off-by: Richard Purdie 
Signed-off-by: Armin Kuster 
---
 meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb   | 2 +-
 meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb | 2 +-
 meta/recipes-kernel/linux/linux-yocto_5.0.bb  | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb 
b/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb
index cc6ffd5..d7b3b38 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb
@@ -12,7 +12,7 @@ python () {
 }
 
 SRCREV_machine ?= "9c1e84c9b81b6bf1df55f26f2e0517266c37f7eb"
-SRCREV_meta ?= "eb6ef084f987441359145c41cadcbdd768eeb012"
+SRCREV_meta ?= "c2e34d9ab2894edc6abc6be9ac89907bf4348447"
 
 SRC_URI = 
"git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \

git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.0;destsuffix=${KMETA}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb 
b/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb
index a3a9315..c0caed3 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb
@@ -17,7 +17,7 @@ KCONF_BSP_AUDIT_LEVEL = "2"
 
 SRCREV_machine_qemuarm ?= "fabee455f397ba8054f35a3ad5f2250bbad93bef"
 SRCREV_machine ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458"
-SRCREV_meta ?= "eb6ef084f987441359145c41cadcbdd768eeb012"
+SRCREV_meta ?= "c2e34d9ab2894edc6abc6be9ac89907bf4348447"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.0.bb 
b/meta/recipes-kernel/linux/linux-yocto_5.0.bb
index b106a37..895cb15 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.0.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.0.bb
@@ -19,7 +19,7 @@ SRCREV_machine_qemux86 ?= 
"00638cdd8f92869a0f89ebe3289fdbd856ba9458"
 SRCREV_machine_qemux86-64 ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458"
 SRCREV_machine_qemumips64 ?= "5a8b27bcc0b16077ab8edfcd3fb25c80dc2c652e"
 SRCREV_machine ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458"
-SRCREV_meta ?= "eb6ef084f987441359145c41cadcbdd768eeb012"
+SRCREV_meta ?= "c2e34d9ab2894edc6abc6be9ac89907bf4348447"
 
 # remap qemuarm to qemuarma15 for the 5.0 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [warrior 04/19] linux-yocto/5.0: make scsi-debug include scsi core configs

From: Bruce Ashfield 

Updating the scsi-debug fragment to include the core scsi config
options. This allows standalone use of the fragment, since all
supporting options will be enabled simply by including the top
level config in a BSP.

This also removes a configuration warning on qemuarm, since we
will no longer have missing / unavailable options during the
config audit.

(From OE-Core rev: c65826e96a77928938fef69fc0cbc65ec7431cb2)

Signed-off-by: Bruce Ashfield 
Signed-off-by: Richard Purdie 
Signed-off-by: Armin Kuster 
---
 meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb   | 2 +-
 meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb | 2 +-
 meta/recipes-kernel/linux/linux-yocto_5.0.bb  | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb 
b/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb
index aa1609c..cc6ffd5 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb
@@ -12,7 +12,7 @@ python () {
 }
 
 SRCREV_machine ?= "9c1e84c9b81b6bf1df55f26f2e0517266c37f7eb"
-SRCREV_meta ?= "97eac3146504a2348543b8b8859f44a7b8f0d590"
+SRCREV_meta ?= "eb6ef084f987441359145c41cadcbdd768eeb012"
 
 SRC_URI = 
"git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \

git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.0;destsuffix=${KMETA}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb 
b/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb
index 603c0c5..a3a9315 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb
@@ -17,7 +17,7 @@ KCONF_BSP_AUDIT_LEVEL = "2"
 
 SRCREV_machine_qemuarm ?= "fabee455f397ba8054f35a3ad5f2250bbad93bef"
 SRCREV_machine ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458"
-SRCREV_meta ?= "97eac3146504a2348543b8b8859f44a7b8f0d590"
+SRCREV_meta ?= "eb6ef084f987441359145c41cadcbdd768eeb012"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.0.bb 
b/meta/recipes-kernel/linux/linux-yocto_5.0.bb
index 88eacc2..b106a37 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.0.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.0.bb
@@ -19,7 +19,7 @@ SRCREV_machine_qemux86 ?= 
"00638cdd8f92869a0f89ebe3289fdbd856ba9458"
 SRCREV_machine_qemux86-64 ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458"
 SRCREV_machine_qemumips64 ?= "5a8b27bcc0b16077ab8edfcd3fb25c80dc2c652e"
 SRCREV_machine ?= "00638cdd8f92869a0f89ebe3289fdbd856ba9458"
-SRCREV_meta ?= "97eac3146504a2348543b8b8859f44a7b8f0d590"
+SRCREV_meta ?= "eb6ef084f987441359145c41cadcbdd768eeb012"
 
 # remap qemuarm to qemuarma15 for the 5.0 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [warrior 03/19] linux-yocto/5.0: bsp: add basic xilinx zynqmp support

From: Bruce Ashfield 

Zumeng Chen has added core/basic support for the zynqmp that is bootable
using the 5.0 and 5.2-rcX kernels. This makes the fragments available
for future refinement and factoring. A bootlog follows:

ZynqMP> setenv bootargs console=ttyPS0,115200 root=/dev/mmcblk0p3 rw
rootwait earlycon=cdns,mmio,0xFF00 clk_ignore_unused ip=dhcp
ZynqMP> tftpboot 0x1000 Image; tftpboot 0x1180 dtb; booti
0x1000 - 0x1180
Using ethernet@ff0e device

Filename 'Image'.
Load address: 0x1000
Loading:
  ###
  11.3 MiB/s
done
Bytes transferred = 16378368 (f9ea00 hex)
Using ethernet@ff0e device
TFTP from server 128.224.162.211; our IP address is 128.224.162.99
Filename 'dtb'.
Load address: 0x1180
Loading: ##
  4.7 MiB/s
done
Bytes transferred = 19746 (4d22 hex)
Booting using the fdt blob at 0x1180
Loading Device Tree to 07ff8000, end 07fffd21 ... OK

Starting kernel ...

Booting Linux on physical CPU 0x00 [0x410fd034]
Linux version 5.2.0-rc3-yoctodev-standard (oe-user@oe-host) (gcc version
9.1.0 (GCC)) #1 SMP PREEMPT Thu Jun 6 00:53:26 UTC 2019
Machine model: ZynqMP ZCU102 Rev1.0
earlycon: cdns0 at MMIO 0xff00 (options '')
printk: bootconsole [cdns0] enabled
efi: Getting EFI parameters from FDT:
efi: UEFI not found.
cma: Reserved 16 MiB at 0x7ec0
psci: probing for conduit method from DT.
psci: PSCIv1.1 detected in firmware.
psci: Using standard PSCI v0.2 function IDs
psci: MIGRATE_INFO_TYPE not supported.
psci: SMC Calling Convention v1.1
percpu: Embedded 30 pages/cpu s83416 r8192 d31272 u122880
Detected VIPT I-cache on CPU0
CPU features: detected: ARM erratum 845719
Speculative Store Bypass Disable mitigation not required
Built 1 zonelists, mobility grouping on.  Total pages: 1031940
Kernel command line: console=ttyPS0,115200 root=/dev/mmcblk0p3 rw
rootwait earlycon=cdns,mmio,0xFF00 clk_ignore_unused ip=dhcp
Dentry cache hash table entries: 524288 (order: 10, 4194304 bytes)
Inode-cache hash table entries: 262144 (order: 9, 2097152 bytes)
software IO TLB: mapped [mem 0x7ac0-0x7ec0] (64MB)
Memory: 4013572K/4193280K available (10748K kernel code, 1210K rwdata,
2764K rodata, 1216K init, 757K bss, 163324K reserved, 16384K
cma-reserved)
SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=4, Nodes=1
ftrace: allocating 36121 entries in 142 pages
rcu: Preemptible hierarchical RCU implementation.
rcu:RCU restricting CPUs from NR_CPUS=256 to nr_cpu_ids=4.
 Tasks RCU enabled.
rcu: RCU calculated value of scheduler-enlistment delay is 25 jiffies.
rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=4
NR_IRQS: 64, nr_irqs: 64, preallocated irqs: 0
GIC: Adjusting CPU interface base to 0xf902f000
GIC: Using split EOI/Deactivate mode
random: get_random_bytes called from start_kernel+0x328/0x4c4 with
crng_init=0
arch_timer: cp15 timer(s) running at 99.99MHz (phys).
clocksource: arch_sys_counter: mask: 0xff max_cycles:
0x170f8de2d3, max_idle_ns: 440795206112 ns
sched_clock: 56 bits at 99MHz, resolution 10ns, wraps every
4398046511101ns
Console: colour dummy device 80x25
Calibrating delay loop (skipped), value calculated using timer
frequency.. 199.98 BogoMIPS (lpj=399960)
pid_max: default: 32768 minimum: 301
LSM: Security Framework initializing
Mount-cache hash table entries: 8192 (order: 4, 65536 bytes)
Mountpoint-cache hash table entries: 8192 (order: 4, 65536 bytes)
*** VALIDATE proc ***
*** VALIDATE cgroup1 ***
*** VALIDATE cgroup2 ***
ASID allocator initialised with 32768 entries
rcu: Hierarchical SRCU implementation.
EFI services will not be available.
smp: Bringing up secondary CPUs ...
Detected VIPT I-cache on CPU1
CPU1: Booted secondary processor 0x01 [0x410fd034]
Detected VIPT I-cache on CPU2
CPU2: Booted secondary processor 0x02 [0x410fd034]
Detected VIPT I-cache on CPU3
CPU3: Booted secondary processor 0x03 [0x410fd034]
smp: Brought up 1 node, 4 CPUs
SMP: Total of 4 processors activated.
CPU features: detected: 32-bit EL0 Support
CPU features: detected: CRC32 instructions
CPU: All CPU(s) started at EL2
alternatives: patching kernel code
devtmpfs: initialized
clocksource: jiffies: mask: 0x max_cycles: 0x,
max_idle_ns: 764504178510 ns
futex hash table entries: 1024 (order: 4, 65536 bytes)
xor: measuring software checksum speed
8regs :  2360.000 MB/sec
32regs:  2706.000 MB/sec
arm64_neon:  2018.000 MB/sec
xor: using function: 32regs (2706.000 MB/sec)
DMI not present or invalid.
N

[OE-core] [warrior 01/19] kernel.bbclass: fix installation of modules signing certificates

From: Dmitry Eremin-Solenikov 

If one has provided external key/certificate for modules signing, Kbuild
will skip creating signing_key.pem and will write only signing_key.x509
certificate. Thus we have to check for .x509 file existence rather than
.pem one.

Signed-off-by: Dmitry Eremin-Solenikov 
Signed-off-by: Richard Purdie 
(cherry picked from commit 2527e731eba43bd36d0ea268aca6b03155376134)
Signed-off-by: Nicolas Dechesne 
Signed-off-by: Armin Kuster 
---
 meta/classes/kernel.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/kernel.bbclass b/meta/classes/kernel.bbclass
index 111a0b2..fb1f493 100644
--- a/meta/classes/kernel.bbclass
+++ b/meta/classes/kernel.bbclass
@@ -453,7 +453,7 @@ do_shared_workdir () {
cp .config $kerneldir/
mkdir -p $kerneldir/include/config
cp include/config/kernel.release 
$kerneldir/include/config/kernel.release
-   if [ -e certs/signing_key.pem ]; then
+   if [ -e certs/signing_key.x509 ]; then
# The signing_key.* files are stored in the certs/ dir in
# newer Linux kernels
mkdir -p $kerneldir/certs
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [warrior 00/19] Pull request

This set passed A-full AB.
Most fo these have already been on the mailing list.

This is last set needed for the next dot release. 

The following changes since commit b6e17afc06d7a44dc9774ee98de7f186580ddf0d:

  uninative: Update to 2.7 release (2019-10-08 07:54:37 -0700)

are available in the git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/warrior-next
  http://cgit.openembedded.org//log/?h=stable/warrior-next

Alexander Kanavin (1):
  linux-yocto: add drm-bochs support

Anuj Mittal (1):
  python: include CVE patches for python-native as well

Armin Kuster (1):
  qemu: update to 3.1.1.1

Bruce Ashfield (6):
  linux-yocto/5.0: bsp: add basic xilinx zynqmp support
  linux-yocto/5.0: make scsi-debug include scsi core configs
  linux-yocto: bsp/beaglebone: support qemu -machine virt
  linux-yocto: arch/x86/boot: use prefix map to avoid embedded paths
  kernel-yocto: import security fragments from meta-security
  linux-yocto/4.19: make drm-bochs feature available

Changqing Li (2):
  python: Fix CVE-2019-10160
  sudo: fix CVE-2019-14287

Chen Qi (2):
  python: CVE-2019-16056
  go: fix CVE-2019-16276

Dmitry Eremin-Solenikov (1):
  kernel.bbclass: fix installation of modules signing certificates

George McCollister (1):
  openssl: make OPENSSL_ENGINES match install path

Muminul Islam (1):
  libcroco: Fix two CVEs

Yi Zhao (2):
  python: add tk-lib as runtime dependency for python-tkinter
  libgcrypt: fix CVE-2019-12904

Zang Ruochen (1):
  gnutls:upgrade 3.6.7 -> 3.6.8

 meta/classes/kernel.bbclass|   2 +-
 .../recipes-connectivity/openssl/openssl_1.1.1b.bb |   2 +-
 meta/recipes-devtools/go/go-1.12.inc   |   1 +
 ...nch.go1.12-security-net-textproto-don-t-n.patch | 163 ++
 meta/recipes-devtools/python/python.inc|   5 +
 ...55-Dont-parse-domains-containing-GH-13079.patch |  90 ++
 .../python/python/bpo-36742-cve-2019-10160.patch   |  81 +
 meta/recipes-devtools/python/python3_3.7.4.bb  |   2 +-
 meta/recipes-devtools/python/python_2.7.16.bb  |   9 +-
 ...qemu-native_3.1.0.bb => qemu-native_3.1.1.1.bb} |   0
 ...tive_3.1.0.bb => qemu-system-native_3.1.1.1.bb} |   0
 meta/recipes-devtools/qemu/qemu.inc|  14 +-
 .../0001-egl-headless-add-egl_create_context.patch |  50 
 .../qemu/qemu/0014-fix-CVE-2018-16872.patch|  85 --
 .../qemu/qemu/0015-fix-CVE-2018-20124.patch|  60 
 .../qemu/qemu/0016-fix-CVE-2018-20125.patch|  54 
 .../qemu/qemu/0017-fix-CVE-2018-20126.patch| 113 ---
 .../qemu/qemu/0018-fix-CVE-2018-20191.patch|  47 ---
 .../qemu/qemu/0019-fix-CVE-2018-20216.patch|  85 --
 .../qemu/qemu/CVE-2018-20815.patch |  38 ---
 .../recipes-devtools/qemu/qemu/CVE-2019-3812.patch |  39 ---
 .../recipes-devtools/qemu/qemu/CVE-2019-8934.patch | 215 -
 .../qemu/{qemu_3.1.0.bb => qemu_3.1.1.1.bb}|   0
 .../sudo/sudo/CVE-2019-14287-1.patch   | 178 +++
 .../sudo/sudo/CVE-2019-14287-2.patch   | 112 +++
 meta/recipes-extended/sudo/sudo_1.8.27.bb  |   2 +
 meta/recipes-kernel/linux/linux-yocto-dev.bb   |   2 +-
 meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb   |   4 +-
 meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb|   6 +-
 meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb |   2 +-
 meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb  |   6 +-
 meta/recipes-kernel/linux/linux-yocto_4.19.bb  |   4 +-
 meta/recipes-kernel/linux/linux-yocto_5.0.bb   |  21 +-
 .../gnutls/{gnutls_3.6.7.bb => gnutls_3.6.8.bb}|   4 +-
 .../libcroco/libcroco/CVE-2017-8834_71.patch   |  38 +++
 meta/recipes-support/libcroco/libcroco_0.6.12.bb   |   1 +
 .../files/0001-Prefetch-GCM-look-up-tables.patch   |  90 ++
 ...ok-up-tables-to-.data-section-and-unshare.patch | 332 +
 ...ok-up-table-to-.data-section-and-unshare-.patch | 178 +++
 meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb  |   3 +
 40 files changed, 1307 insertions(+), 831 deletions(-)
 create mode 100644 
meta/recipes-devtools/go/go-1.12/0001-release-branch.go1.12-security-net-textproto-don-t-n.patch
 create mode 100644 
meta/recipes-devtools/python/python/0001-2.7-bpo-34155-Dont-parse-domains-containing-GH-13079.patch
 create mode 100644 
meta/recipes-devtools/python/python/bpo-36742-cve-2019-10160.patch
 rename meta/recipes-devtools/qemu/{qemu-native_3.1.0.bb => 
qemu-native_3.1.1.1.bb} (100%)
 rename meta/recipes-devtools/qemu/{qemu-system-native_3.1.0.bb => 
qemu-system-native_3.1.1.1.bb} (100%)
 delete mode 100644 
meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch
 delete mode 100644 
meta/recipes-devtools/qemu/qemu/0014-fix-CVE-2018-16872.patch
 delete mode 100644 
meta/recipes-devtools/qemu/qemu/0015-fix-CVE-2018-20124.patch
 delete mode 100644 
meta/recipes-devtools/qemu/qemu/0016-fix-CVE-2018-20125.patch
 delete mode 100644 
m

[OE-core] [warrior 02/19] gnutls:upgrade 3.6.7 -> 3.6.8