[OE-core] [meta][dunfell][PATCH 2/2] sdbus-c++-tools: Upgrade sdbus-c++-tools 1.1.0 to 1.2.0

[Riyaz Ahmed Khan]

From: Riyaz Khan 

Update SHA value in SRCREV.

Reference link:
https://github.com/Kistler-Group/sdbus-cpp/releases/tag/v1.2.0

Signed-off-by: Riyaz Khan 
---
 .../{sdbus-c++-tools_1.1.0.bb => sdbus-c++-tools_1.2.0.bb}  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-oe/recipes-core/sdbus-c++/{sdbus-c++-tools_1.1.0.bb => 
sdbus-c++-tools_1.2.0.bb} (88%)

diff --git a/meta-oe/recipes-core/sdbus-c++/sdbus-c++-tools_1.1.0.bb 
b/meta-oe/recipes-core/sdbus-c++/sdbus-c++-tools_1.2.0.bb
similarity index 88%
rename from meta-oe/recipes-core/sdbus-c++/sdbus-c++-tools_1.1.0.bb
rename to meta-oe/recipes-core/sdbus-c++/sdbus-c++-tools_1.2.0.bb
index 01f66c3f2..27b965ac1 100644
--- a/meta-oe/recipes-core/sdbus-c++/sdbus-c++-tools_1.1.0.bb
+++ b/meta-oe/recipes-core/sdbus-c++/sdbus-c++-tools_1.2.0.bb
@@ -8,7 +8,7 @@ inherit cmake
 
 DEPENDS += "expat"
 
-SRCREV = "bca8e81037766a0454740c40307eea32831c101f"
+SRCREV = "751c1addc4fd2f949a466f488c1b7de2ca3b76dc"
 SRC_URI = 
"git://github.com/Kistler-Group/sdbus-cpp.git;protocol=https;branch=master;subpath=tools"
 
 S = "${WORKDIR}/tools"
-- 
2.17.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170452): 
https://lists.openembedded.org/g/openembedded-core/message/170452
Mute This Topic: https://lists.openembedded.org/mt/93543488/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [meta][dunfell][PATCH 1/2] sdbus-c++: Upgrade sdbus-c++ 1.1.0 to 1.2.0

[Riyaz Ahmed Khan]

From: Riyaz Khan 

Add SHA value in SRCREV and remove
7f437a6e06d2ec3abd3e2fd1101ab6aab386bc44.patch as this this patch is
already part of 1.2.0 Source.

Reference link:
https://github.com/Kistler-Group/sdbus-cpp/releases/tag/v1.2.0

Signed-off-by: Riyaz Khan 
---
 ...7a6e06d2ec3abd3e2fd1101ab6aab386bc44.patch | 54 ---
 .../run-ptest |  0
 ...{sdbus-c++_1.1.0.bb => sdbus-c++_1.2.0.bb} |  5 +-
 3 files changed, 2 insertions(+), 57 deletions(-)
 delete mode 100644 
meta-oe/recipes-core/sdbus-c++/sdbus-c++-1.1.0/7f437a6e06d2ec3abd3e2fd1101ab6aab386bc44.patch
 rename meta-oe/recipes-core/sdbus-c++/{sdbus-c++-1.1.0 => 
sdbus-c++-1.2.0}/run-ptest (100%)
 rename meta-oe/recipes-core/sdbus-c++/{sdbus-c++_1.1.0.bb => 
sdbus-c++_1.2.0.bb} (91%)

diff --git 
a/meta-oe/recipes-core/sdbus-c++/sdbus-c++-1.1.0/7f437a6e06d2ec3abd3e2fd1101ab6aab386bc44.patch
 
b/meta-oe/recipes-core/sdbus-c++/sdbus-c++-1.1.0/7f437a6e06d2ec3abd3e2fd1101ab6aab386bc44.patch
deleted file mode 100644
index 641935f68..0
--- 
a/meta-oe/recipes-core/sdbus-c++/sdbus-c++-1.1.0/7f437a6e06d2ec3abd3e2fd1101ab6aab386bc44.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-commit 7f437a6e06d2ec3abd3e2fd1101ab6aab386bc44
-Author: Stanislav Angelovic 
-Date:   Thu Jan 27 13:38:19 2022 +0100
-
-fix(tests): printer for std::chrono in googletest v1.11.0
-
-diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
-index fbf198c..ec42e55 100644
 a/tests/CMakeLists.txt
-+++ b/tests/CMakeLists.txt
-@@ -19,7 +19,7 @@ if (NOT TARGET GTest::gmock)
- if (NOT TARGET GTest::gmock)
- include(FetchContent)
- 
--message("Fetching googletest...")
-+message("Fetching googletest v${GOOGLETEST_VERSION}...")
- FetchContent_Declare(googletest
- GIT_REPOSITORY ${GOOGLETEST_GIT_REPO}
- GIT_TAGrelease-${GOOGLETEST_VERSION}
-diff --git a/tests/integrationtests/Defs.h b/tests/integrationtests/Defs.h
-index 2f129a4..2bfc7c9 100644
 a/tests/integrationtests/Defs.h
-+++ b/tests/integrationtests/Defs.h
-@@ -56,20 +56,18 @@ const bool DEFAULT_BLOCKING_VALUE{true};
- 
- constexpr const double DOUBLE_VALUE{3.24L};
- 
--/** Duration stream operator for human readable gtest value output.
-- *
-- * Note that the conversion to double is lossy if the input type has 64 or 
more bits.
-- * This is ok for our integration tests because they don't have very
-- * accurate timing requirements.
-- *
-- * @return human readable duration in seconds
-- */
-+}}
-+
-+namespace testing::internal {
-+
-+// Printer for std::chrono::duration types.
-+// This is a workaround, since it's not a good thing to add this to std 
namespace.
- template< class Rep, class Period >
--static std::ostream& operator<<(std::ostream& os, const 
std::chrono::duration& d)
--{
-+void PrintTo(const ::std::chrono::duration& d, ::std::ostream* 
os) {
- auto seconds = 
std::chrono::duration_cast>(d);
--return os << seconds.count() << " s";
-+*os << seconds.count() << "s";
-+}
-+
- }
--}}
- 
- #endif /* SDBUS_CPP_INTEGRATIONTESTS_DEFS_H_ */
diff --git a/meta-oe/recipes-core/sdbus-c++/sdbus-c++-1.1.0/run-ptest 
b/meta-oe/recipes-core/sdbus-c++/sdbus-c++-1.2.0/run-ptest
similarity index 100%
rename from meta-oe/recipes-core/sdbus-c++/sdbus-c++-1.1.0/run-ptest
rename to meta-oe/recipes-core/sdbus-c++/sdbus-c++-1.2.0/run-ptest
diff --git a/meta-oe/recipes-core/sdbus-c++/sdbus-c++_1.1.0.bb 
b/meta-oe/recipes-core/sdbus-c++/sdbus-c++_1.2.0.bb
similarity index 91%
rename from meta-oe/recipes-core/sdbus-c++/sdbus-c++_1.1.0.bb
rename to meta-oe/recipes-core/sdbus-c++/sdbus-c++_1.2.0.bb
index 107dbc6c9..75cd81553 100644
--- a/meta-oe/recipes-core/sdbus-c++/sdbus-c++_1.1.0.bb
+++ b/meta-oe/recipes-core/sdbus-c++/sdbus-c++_1.2.0.bb
@@ -16,11 +16,10 @@ PACKAGECONFIG[with-tests] = "-DBUILD_TESTS=ON 
-DTESTS_INSTALL_PATH=${libdir}/${B
 
 DEPENDS += "expat"
 
-SRCREV = "bca8e81037766a0454740c40307eea32831c101f"
+SRCREV = "751c1addc4fd2f949a466f488c1b7de2ca3b76dc"
 
 SRC_URI = 
"git://github.com/Kistler-Group/sdbus-cpp.git;protocol=https;branch=master"
-SRC_URI += "file://run-ptest \
-file://7f437a6e06d2ec3abd3e2fd1101ab6aab386bc44.patch "
+SRC_URI += "file://run-ptest"
 
 EXTRA_OECMAKE = "-DBUILD_CODE_GEN=OFF \
  -DBUILD_DOC=ON \
-- 
2.17.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170451): 
https://lists.openembedded.org/g/openembedded-core/message/170451
Mute This Topic: https://lists.openembedded.org/mt/93543484/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH v2] webkitgtk: Fix build on 32bit arm

[Khem Raj]

Signed-off-by: Khem Raj 
Cc: Mingli Yu 
---
v2: Fix commit msg format

 ...44e17d258106617b0e6d783d073b188a2548.patch | 311 ++
 meta/recipes-sato/webkit/webkitgtk_2.36.7.bb  |   1 +
 2 files changed, 312 insertions(+)
 create mode 100644 
meta/recipes-sato/webkit/webkitgtk/0d3344e17d258106617b0e6d783d073b188a2548.patch

diff --git 
a/meta/recipes-sato/webkit/webkitgtk/0d3344e17d258106617b0e6d783d073b188a2548.patch
 
b/meta/recipes-sato/webkit/webkitgtk/0d3344e17d258106617b0e6d783d073b188a2548.patch
new file mode 100644
index 00..204f76633f
--- /dev/null
+++ 
b/meta/recipes-sato/webkit/webkitgtk/0d3344e17d258106617b0e6d783d073b188a2548.patch
@@ -0,0 +1,311 @@
+From 0d3344e17d258106617b0e6d783d073b188a2548 Mon Sep 17 00:00:00 2001
+From: Adrian Perez de Castro 
+Date: Thu, 2 Jun 2022 11:19:06 +0300
+Subject: [PATCH] [ARM][NEON] FELightningNEON.cpp fails to build, NEON fast
+ path seems unused https://bugs.webkit.org/show_bug.cgi?id=241182
+
+Reviewed by NOBODY (OOPS!).
+
+Move the NEON fast path for the SVG lighting filter effects into
+FELightingSoftwareApplier, and arrange to actually use them by
+forwarding calls to applyPlatformGeneric() into applyPlatformNeon().
+
+Some changes were needed to adapt platformApplyNeon() to the current
+state of filters after r286140. This was not detected because the code
+bitrotted due to it being guarded with CPU(ARM_TRADITIONAL), which does
+not get used much these days: CPU(ARM_THUMB2) is more common. It should
+be possible to use the NEON fast paths also in Thumb mode, but that is
+left for a follow-up fix.
+
+* Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.cpp:
+(WebCore::FELightingSoftwareApplier::platformApplyNeonWorker):
+(WebCore::FELightingSoftwareApplier::getPowerCoefficients):
+(WebCore::FELighting::platformApplyNeonWorker): Deleted.
+(WebCore::FELighting::getPowerCoefficients): Deleted.
+* Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.h:
+(WebCore::FELightingSoftwareApplier::applyPlatformNeon):
+(WebCore::FELighting::platformApplyNeon): Deleted.
+* Source/WebCore/platform/graphics/filters/DistantLightSource.h:
+* Source/WebCore/platform/graphics/filters/FELighting.h:
+* Source/WebCore/platform/graphics/filters/PointLightSource.h:
+* Source/WebCore/platform/graphics/filters/SpotLightSource.h:
+* 
Source/WebCore/platform/graphics/filters/software/FELightingSoftwareApplier.h:
+---
+Upstream-Status: Submitted [https://github.com/WebKit/WebKit/pull/1233]
+Signed-off-by: Khem Raj 
+
+ .../cpu/arm/filters/FELightingNEON.cpp|  4 +-
+ .../graphics/cpu/arm/filters/FELightingNEON.h | 54 +--
+ .../graphics/filters/DistantLightSource.h |  4 ++
+ .../platform/graphics/filters/FELighting.h|  7 ---
+ .../graphics/filters/PointLightSource.h   |  4 ++
+ .../graphics/filters/SpotLightSource.h|  4 ++
+ .../software/FELightingSoftwareApplier.h  | 16 ++
+ 7 files changed, 57 insertions(+), 36 deletions(-)
+
+diff --git 
a/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.cpp 
b/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.cpp
+index f6ff8c20a5a8..42a97ffc5372 100644
+--- a/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.cpp
 b/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.cpp
+@@ -49,7 +49,7 @@ short* feLightingConstantsForNeon()
+ return s_FELightingConstantsForNeon;
+ }
+ 
+-void FELighting::platformApplyNeonWorker(FELightingPaintingDataForNeon* 
parameters)
++void 
FELightingSoftwareApplier::platformApplyNeonWorker(FELightingPaintingDataForNeon*
 parameters)
+ {
+ neonDrawLighting(parameters);
+ }
+@@ -464,7 +464,7 @@ TOSTRING(neonDrawLighting) ":" NL
+ "b .lightStrengthCalculated" NL
+ ); // NOLINT
+ 
+-int FELighting::getPowerCoefficients(float exponent)
++int FELightingSoftwareApplier::getPowerCoefficients(float exponent)
+ {
+ // Calling a powf function from the assembly code would require to save
+ // and reload a lot of NEON registers. Since the base is in range [0..1]
+diff --git a/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.h 
b/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.h
+index b17c603d40d3..c6d17f573eca 100644
+--- a/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.h
 b/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.h
+@@ -24,14 +24,15 @@
+  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+  */
+ 
+-#ifndef FELightingNEON_h
+-#define FELightingNEON_h
++#pragma once
+ 
+ #if CPU(ARM_NEON) && CPU(ARM_TRADITIONAL) && COMPILER(GCC_COMPATIBLE)
+ 
+-#include "FELighting.h"
++#include "FELightingSoftwareApplier.h"
++#include "ImageBuffer.h"
+ #include "PointLightSource.h"
+ #include "SpotLightSource.h"
++#include 
+ #include 
+ 
+ namespace WebCore {
+@@ -93,14 +94,14 @@ extern "C" {
+ void neonDrawLighting(FELightingPaintingDataForNeon*);
+ }
+ 
+-inline void FELighting::pla

Re: [OE-core] [PATCH] webkitgtk: Update to 2.6.37

[Khem Raj]

https://patchwork.yoctoproject.org/project/oe-core/patch/20220908021846.2245323-1-raj.k...@gmail.com/

On Wed, Sep 7, 2022 at 9:16 PM Yu, Mingli  wrote:
>
> Hi Khem,
>
> On 9/8/22 10:19, Khem Raj wrote:
> > [Please note: This e-mail is from an EXTERNAL e-mail address]
> >
> > On Wed, Sep 7, 2022 at 6:43 PM Yu, Mingli  wrote:
> >>
> >>
> >> Fail to build on beaglebone-yocto.
> >>
> >> /build/tmp-glibc/work/cortexa8hf-neon-wrs-linux-gnueabi/webkitgtk/2.36.7-r0/webkitgtk-2.36.7/Source/W
> >> ebCore/platform/graphics/filters/FELighting.h:72:41: error:
> >> 'LightingData' does not name a type
> >>  72 | inline void platformApplyNeon(const LightingData&, const
> >> LightSource::PaintingData&);
> >> | ^~~~
> >>
> >
> > there is a proposed patch upstream. I have taken that and applied. The
> > patch is on ml.
> > while you are at it. Please test that patch out and report if the
> > issue is solved.
>
> Which patch is supposed to resolve the issue on the mail list?
>
> Thanks,
>
> >
> >> Thanks,
> >>
> >> On 9/3/22 17:21, Khem Raj wrote:
> >>> [Please note: This e-mail is from an EXTERNAL e-mail address]
> >>>
> >>> Signed-off-by: Khem Raj 
> >>> ---
> >>>.../webkit/{webkitgtk_2.36.6.bb => webkitgtk_2.36.7.bb}| 3 +--
> >>>1 file changed, 1 insertion(+), 2 deletions(-)
> >>>rename meta/recipes-sato/webkit/{webkitgtk_2.36.6.bb => 
> >>> webkitgtk_2.36.7.bb} (98%)
> >>>
> >>> diff --git a/meta/recipes-sato/webkit/webkitgtk_2.36.6.bb 
> >>> b/meta/recipes-sato/webkit/webkitgtk_2.36.7.bb
> >>> similarity index 98%
> >>> rename from meta/recipes-sato/webkit/webkitgtk_2.36.6.bb
> >>> rename to meta/recipes-sato/webkit/webkitgtk_2.36.7.bb
> >>> index 37b977f9ba..026e24ae39 100644
> >>> --- a/meta/recipes-sato/webkit/webkitgtk_2.36.6.bb
> >>> +++ b/meta/recipes-sato/webkit/webkitgtk_2.36.7.bb
> >>> @@ -16,8 +16,7 @@ SRC_URI = 
> >>> "https://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \
> >>>   file://reproducibility.patch \
> >>>   
> >>> file://0001-When-building-introspection-files-do-not-quote-CFLAG.patch \
> >>>   "
> >>> -
> >>> -SRC_URI[sha256sum] = 
> >>> "1193bc821946336776f0dfa5e0dca5651f1e57157eda12da4721d2441f24a61a"
> >>> +SRC_URI[sha256sum] = 
> >>> "0c260cf2b32f0481d017670dfed1b61e554967cd067195606c9f9eb5fe731743"
> >>>
> >>>inherit cmake pkgconfig gobject-introspection perlnative 
> >>> features_check upstream-version-is-even gtk-doc
> >>>
> >>> --
> >>> 2.37.3
> >>>
> >>>
> >>>
> >>> 
> >>>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170449): 
https://lists.openembedded.org/g/openembedded-core/message/170449
Mute This Topic: https://lists.openembedded.org/mt/93436476/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-Core][dunfell][PATCH] tiff: Fix for CVE-2022-2867/8/9

[Virendra Thakur via lists.openembedded.org]

From: Virendra Thakur 

Add Patch to fix CVE-2022-2867, CVE-2022-2868
CVE-2022-2869

Signed-off-by: Virendra Thakur 
---
 ...022-2867-CVE-2022-2868-CVE-2022-2869.patch | 159 ++
 meta/recipes-multimedia/libtiff/tiff_4.1.0.bb |   1 +
 2 files changed, 160 insertions(+)
 create mode 100644 
meta/recipes-multimedia/libtiff/files/CVE-2022-2867-CVE-2022-2868-CVE-2022-2869.patch

diff --git 
a/meta/recipes-multimedia/libtiff/files/CVE-2022-2867-CVE-2022-2868-CVE-2022-2869.patch
 
b/meta/recipes-multimedia/libtiff/files/CVE-2022-2867-CVE-2022-2868-CVE-2022-2869.patch
new file mode 100644
index 00..131ff94119
--- /dev/null
+++ 
b/meta/recipes-multimedia/libtiff/files/CVE-2022-2867-CVE-2022-2868-CVE-2022-2869.patch
@@ -0,0 +1,159 @@
+From 07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c Mon Sep 17 00:00:00 2001
+From: Su Laus 
+Date: Wed, 9 Feb 2022 21:31:29 +
+Subject: [PATCH] tiffcrop.c: Fix issue #352 heap-buffer-overflow by correcting
+ uint32_t underflow.
+
+CVE: CVE-2022-2867 CVE-2022-2868 CVE-2022-2869
+Upstream-Status: Backport 
[https://gitlab.com/libtiff/libtiff/-/commit/07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c]
+Signed-off-by: Virendra Thakur 
+---
+Index: tiff-4.1.0/tools/tiffcrop.c
+===
+--- tiff-4.1.0.orig/tools/tiffcrop.c
 tiff-4.1.0/tools/tiffcrop.c
+@@ -5153,29 +5153,45 @@ computeInputPixelOffsets(struct crop_mas
+   y1 = _TIFFClampDoubleToUInt32(crop->corners[i].Y1);
+   y2 = _TIFFClampDoubleToUInt32(crop->corners[i].Y2);
+   }
+-  if (x1 < 1)
+-crop->regionlist[i].x1 = 0;
+-  else
+-crop->regionlist[i].x1 = (uint32) (x1 - 1);
++  /* a) Region needs to be within image sizes 0.. width-1; 0..length-1
++   * b) Corners are expected to be submitted as top-left to bottom-right.
++   *Therefore, check that and reorder input.
++   * (be aware x,y are already casted to (uint32_t) and avoid (0 - 1) )
++   */
++  uint32_t aux;
++  if (x1 > x2) {
++aux = x1;
++x1 = x2;
++x2 = aux;
++  }
++  if (y1 > y2) {
++aux = y1;
++y1 = y2;
++y2 = aux;
++  }
++  if (x1 > image->width - 1)
++crop->regionlist[i].x1 = image->width - 1;
++  else if (x1 > 0)
++crop->regionlist[i].x1 = (uint32_t)(x1 - 1);
+
+   if (x2 > image->width - 1)
+ crop->regionlist[i].x2 = image->width - 1;
+-  else
+-crop->regionlist[i].x2 = (uint32) (x2 - 1);
+-  zwidth  = crop->regionlist[i].x2 - crop->regionlist[i].x1 + 1;
+-
+-  if (y1 < 1)
+-crop->regionlist[i].y1 = 0;
+-  else
+-crop->regionlist[i].y1 = (uint32) (y1 - 1);
++  else if (x2 > 0)
++crop->regionlist[i].x2 = (uint32_t)(x2 - 1);
++
++  zwidth = crop->regionlist[i].x2 - crop->regionlist[i].x1 + 1;
++
++  if (y1 > image->length - 1)
++crop->regionlist[i].y1 = image->length - 1;
++  else if (y1 > 0)
++crop->regionlist[i].y1 = (uint32_t)(y1 - 1);
+
+   if (y2 > image->length - 1)
+ crop->regionlist[i].y2 = image->length - 1;
+-  else
+-crop->regionlist[i].y2 = (uint32) (y2 - 1);
+-
+-  zlength = crop->regionlist[i].y2 - crop->regionlist[i].y1 + 1;
++  else if (y2 > 0)
++crop->regionlist[i].y2 = (uint32_t)(y2 - 1);
+
++  zlength = crop->regionlist[i].y2 - crop->regionlist[i].y1 + 1;
+   if (zwidth > max_width)
+ max_width = zwidth;
+   if (zlength > max_length)
+@@ -5205,7 +5221,7 @@ computeInputPixelOffsets(struct crop_mas
+   }
+   }
+ return (0);
+-}
++}  /* crop_mode == CROP_REGIONS */
+
+   /* Convert crop margins into offsets into image
+* Margins are expressed as pixel rows and columns, not bytes
+@@ -5241,7 +5257,7 @@ computeInputPixelOffsets(struct crop_mas
+   bmargin = (uint32) 0;
+   return (-1);
+   }
+-}
++}  /* crop_mode == CROP_MARGINS */
+   else
+ { /* no margins requested */
+ tmargin = (uint32) 0;
+@@ -5332,24 +5348,23 @@ computeInputPixelOffsets(struct crop_mas
+   off->endx   = endx;
+   off->endy   = endy;
+
+-  crop_width  = endx - startx + 1;
+-  crop_length = endy - starty + 1;
+-
+-  if (crop_width <= 0)
++  if (endx + 1 <= startx)
+ {
+ TIFFError("computeInputPixelOffsets",
+"Invalid left/right margins and /or image crop width 
requested");
+ return (-1);
+ }
++  crop_width  = endx - startx + 1;
+   if (crop_width > image->width)
+ crop_width = image->width;
+
+-  if (crop_length <= 0)
++  if (endy + 1 <= starty)
+ {
+ TIFFError("computeInputPixelOffsets",
+   "Invalid top/bottom margins and /or image crop length 
requested");
+ return (-1);
+ }
++  crop_length = endy - starty + 1;
+   if (crop_length > image->length)
+ crop_length = image->length;
+
+@@ -5449,10 +5464,17 @@ getCropOffsets(struct image_data *image,
+   else
+ crop->selections = crop->zones;

Re: [OE-core] [PATCH] webkitgtk: Update to 2.6.37

[Yu, Mingli]

Hi Khem,

On 9/8/22 10:19, Khem Raj wrote:

[Please note: This e-mail is from an EXTERNAL e-mail address]

On Wed, Sep 7, 2022 at 6:43 PM Yu, Mingli  wrote:



Fail to build on beaglebone-yocto.

/build/tmp-glibc/work/cortexa8hf-neon-wrs-linux-gnueabi/webkitgtk/2.36.7-r0/webkitgtk-2.36.7/Source/W
ebCore/platform/graphics/filters/FELighting.h:72:41: error:
'LightingData' does not name a type
 72 | inline void platformApplyNeon(const LightingData&, const
LightSource::PaintingData&);
| ^~~~



there is a proposed patch upstream. I have taken that and applied. The
patch is on ml.
while you are at it. Please test that patch out and report if the
issue is solved.


Which patch is supposed to resolve the issue on the mail list?

Thanks,




Thanks,

On 9/3/22 17:21, Khem Raj wrote:

[Please note: This e-mail is from an EXTERNAL e-mail address]

Signed-off-by: Khem Raj 
---
   .../webkit/{webkitgtk_2.36.6.bb => webkitgtk_2.36.7.bb}| 3 +--
   1 file changed, 1 insertion(+), 2 deletions(-)
   rename meta/recipes-sato/webkit/{webkitgtk_2.36.6.bb => webkitgtk_2.36.7.bb} 
(98%)

diff --git a/meta/recipes-sato/webkit/webkitgtk_2.36.6.bb 
b/meta/recipes-sato/webkit/webkitgtk_2.36.7.bb
similarity index 98%
rename from meta/recipes-sato/webkit/webkitgtk_2.36.6.bb
rename to meta/recipes-sato/webkit/webkitgtk_2.36.7.bb
index 37b977f9ba..026e24ae39 100644
--- a/meta/recipes-sato/webkit/webkitgtk_2.36.6.bb
+++ b/meta/recipes-sato/webkit/webkitgtk_2.36.7.bb
@@ -16,8 +16,7 @@ SRC_URI = 
"https://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \
  file://reproducibility.patch \
  
file://0001-When-building-introspection-files-do-not-quote-CFLAG.patch \
  "
-
-SRC_URI[sha256sum] = 
"1193bc821946336776f0dfa5e0dca5651f1e57157eda12da4721d2441f24a61a"
+SRC_URI[sha256sum] = 
"0c260cf2b32f0481d017670dfed1b61e554967cd067195606c9f9eb5fe731743"

   inherit cmake pkgconfig gobject-introspection perlnative features_check 
upstream-version-is-even gtk-doc

--
2.37.3






-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170447): 
https://lists.openembedded.org/g/openembedded-core/message/170447
Mute This Topic: https://lists.openembedded.org/mt/93436476/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 7/7] vim: Upgrade 9.0.0242 -> 9.0.0341

[Steve Sakoman]

From: Richard Purdie 

Addresses CVE-2022-2980, CVE-2022-2946 and CVE-2022-2982.

Signed-off-by: Richard Purdie 
Signed-off-by: Alexandre Belloni 
(cherry picked from commit 01c08d47ecfcc7aefacc8280e0055c75b13795b2)
Signed-off-by: Steve Sakoman 
---
 meta/recipes-support/vim/vim.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 8f89699560..d885847fb1 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -20,8 +20,8 @@ SRC_URI = 
"git://github.com/vim/vim.git;branch=master;protocol=https \
file://no-path-adjust.patch \
"
 
-PV .= ".0242"
-SRCREV = "171c683237149262665135c7d5841a89bb156f53"
+PV .= ".0341"
+SRCREV = "92a3d20682d46359bb50a452b4f831659e799155"
 
 # Remove when 8.3 is out
 UPSTREAM_VERSION_UNKNOWN = "1"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170446): 
https://lists.openembedded.org/g/openembedded-core/message/170446
Mute This Topic: https://lists.openembedded.org/mt/93540583/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 6/7] cve-check: close cursors as soon as possible

[Steve Sakoman]

From: Ross Burton 

We can have multiple processes reading the database at the same time, and
cursors only release their locks when they're garbage collected.

This might be the cause of random sqlite errors on the autobuilder, so
explicitly close the cursors when we're done with them.

Signed-off-by: Ross Burton 
Signed-off-by: Luca Ceresoli 
(cherry picked from commit 5d2e90e4a58217a943ec21140bc2ecdd4357a98a)
Signed-off-by: Steve Sakoman 
---
 meta/classes/cve-check.bbclass| 13 +++--
 .../recipes-core/meta/cve-update-db-native.bb | 51 ++-
 2 files changed, 37 insertions(+), 27 deletions(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index c0d4e2a972..4fc4e545e4 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -290,7 +290,8 @@ def check_cves(d, patched_cves):
 vendor = "%"
 
 # Find all relevant CVE IDs.
-for cverow in conn.execute("SELECT DISTINCT ID FROM PRODUCTS WHERE 
PRODUCT IS ? AND VENDOR LIKE ?", (product, vendor)):
+cve_cursor = conn.execute("SELECT DISTINCT ID FROM PRODUCTS WHERE 
PRODUCT IS ? AND VENDOR LIKE ?", (product, vendor))
+for cverow in cve_cursor:
 cve = cverow[0]
 
 if cve in cve_whitelist:
@@ -309,7 +310,8 @@ def check_cves(d, patched_cves):
 vulnerable = False
 ignored = False
 
-for row in conn.execute("SELECT * FROM PRODUCTS WHERE ID IS ? AND 
PRODUCT IS ? AND VENDOR LIKE ?", (cve, product, vendor)):
+product_cursor = conn.execute("SELECT * FROM PRODUCTS WHERE ID IS 
? AND PRODUCT IS ? AND VENDOR LIKE ?", (cve, product, vendor))
+for row in product_cursor:
 (_, _, _, version_start, operator_start, version_end, 
operator_end) = row
 #bb.debug(2, "Evaluating row " + str(row))
 if cve in cve_whitelist:
@@ -353,10 +355,12 @@ def check_cves(d, patched_cves):
 bb.note("%s-%s is vulnerable to %s" % (pn, real_pv, 
cve))
 cves_unpatched.append(cve)
 break
+product_cursor.close()
 
 if not vulnerable:
 bb.note("%s-%s is not vulnerable to %s" % (pn, real_pv, cve))
 patched_cves.add(cve)
+cve_cursor.close()
 
 if not cves_in_product:
 bb.note("No CVE records found for product %s, pn %s" % (product, 
pn))
@@ -378,14 +382,15 @@ def get_cve_info(d, cves):
 conn = sqlite3.connect(db_file, uri=True)
 
 for cve in cves:
-for row in conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,)):
+cursor = conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,))
+for row in cursor:
 cve_data[row[0]] = {}
 cve_data[row[0]]["summary"] = row[1]
 cve_data[row[0]]["scorev2"] = row[2]
 cve_data[row[0]]["scorev3"] = row[3]
 cve_data[row[0]]["modified"] = row[4]
 cve_data[row[0]]["vector"] = row[5]
-
+cursor.close()
 conn.close()
 return cve_data
 
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb 
b/meta/recipes-core/meta/cve-update-db-native.bb
index a49f446a53..85874ead01 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -65,9 +65,7 @@ python do_fetch() {
 
 # Connect to database
 conn = sqlite3.connect(db_file)
-c = conn.cursor()
-
-initialize_db(c)
+initialize_db(conn)
 
 with bb.progress.ProgressHandler(d) as ph, 
open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') as cve_f:
 total_years = date.today().year + 1 - YEAR_START
@@ -96,18 +94,20 @@ python do_fetch() {
 return
 
 # Compare with current db last modified date
-c.execute("select DATE from META where YEAR = ?", (year,))
-meta = c.fetchone()
+cursor = conn.execute("select DATE from META where YEAR = ?", 
(year,))
+meta = cursor.fetchone()
+cursor.close()
+
 if not meta or meta[0] != last_modified:
 # Clear products table entries corresponding to current year
-c.execute("delete from PRODUCTS where ID like ?", ('CVE-%d%%' 
% year,))
+conn.execute("delete from PRODUCTS where ID like ?", 
('CVE-%d%%' % year,)).close()
 
 # Update db with current year json file
 try:
 response = urllib.request.urlopen(json_url)
 if response:
-update_db(c, 
gzip.decompress(response.read()).decode('utf-8'))
-c.execute("insert or replace into META values (?, ?)", 
[year, last_modified])
+update_db(conn, 
gzip.decompress(response.read()).decode('utf-8'))
+conn.execute("insert or replace into META values (?, ?)", 
[year, las

[OE-core][dunfell 4/7] libarchive: Fix CVE-2021-31566 issue

[Steve Sakoman]

From: Ranjitsinh Rathod 

Add patch to fix CVE-2021-31566 issue for libarchive
Link: 
http://deb.debian.org/debian/pool/main/liba/libarchive/libarchive_3.4.3-2+deb11u1.debian.tar.xz

Signed-off-by: Ranjitsinh Rathod 
Signed-off-by: Steve Sakoman 
---
 .../libarchive/CVE-2021-31566-01.patch|  23 +++
 .../libarchive/CVE-2021-31566-02.patch| 172 ++
 .../libarchive/libarchive_3.4.2.bb|   2 +
 3 files changed, 197 insertions(+)
 create mode 100644 
meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-01.patch
 create mode 100644 
meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-02.patch

diff --git 
a/meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-01.patch 
b/meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-01.patch
new file mode 100644
index 00..c4a2fb612c
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-01.patch
@@ -0,0 +1,23 @@
+Description: Never follow symlinks when setting file flags on Linux
+ Published as CVE-2021-31566
+Origin: upstream, 
https://github.com/libarchive/libarchive/commit/e2ad1a2c3064fa9eba6274b3641c4c1beed25c0b
+Bug-Debian: https://bugs.debian.org/1001990
+Author: Martin Matuska 
+Last-Update: 2021-12-20
+
+CVE: CVE-2021-31566
+Upstream-Status: Backport 
[http://deb.debian.org/debian/pool/main/liba/libarchive/libarchive_3.4.3-2+deb11u1.debian.tar.xz]
+Signed-off-by: Ranjitsinh Rathod 
+
+--- a/libarchive/archive_write_disk_posix.c
 b/libarchive/archive_write_disk_posix.c
+@@ -3927,7 +3927,8 @@
+ 
+   /* If we weren't given an fd, open it ourselves. */
+   if (myfd < 0) {
+-  myfd = open(name, O_RDONLY | O_NONBLOCK | O_BINARY | O_CLOEXEC);
++  myfd = open(name, O_RDONLY | O_NONBLOCK | O_BINARY |
++  O_CLOEXEC | O_NOFOLLOW);
+   __archive_ensure_cloexec_flag(myfd);
+   }
+   if (myfd < 0)
diff --git 
a/meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-02.patch 
b/meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-02.patch
new file mode 100644
index 00..0dfcd1ac5c
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-02.patch
@@ -0,0 +1,172 @@
+Description: Do not follow symlinks when processing the fixup list
+ Published as CVE-2021-31566
+Origin: upstream, 
https://github.com/libarchive/libarchive/commit/b41daecb5ccb4c8e3b2c53fd6147109fc12c3043
+Bug-Debian: https://bugs.debian.org/1001990
+Author: Martin Matuska 
+Last-Update: 2021-12-20
+
+CVE: CVE-2021-31566
+Upstream-Status: Backport 
[http://deb.debian.org/debian/pool/main/liba/libarchive/libarchive_3.4.3-2+deb11u1.debian.tar.xz]
+Signed-off-by: Ranjitsinh Rathod 
+
+--- a/Makefile.am
 b/Makefile.am
+@@ -556,6 +556,7 @@
+   libarchive/test/test_write_disk.c \
+   libarchive/test/test_write_disk_appledouble.c \
+   libarchive/test/test_write_disk_failures.c \
++  libarchive/test/test_write_disk_fixup.c \
+   libarchive/test/test_write_disk_hardlink.c \
+   libarchive/test/test_write_disk_hfs_compression.c \
+   libarchive/test/test_write_disk_lookup.c \
+--- a/libarchive/archive_write_disk_posix.c
 b/libarchive/archive_write_disk_posix.c
+@@ -2461,6 +2461,7 @@
+ {
+   struct archive_write_disk *a = (struct archive_write_disk *)_a;
+   struct fixup_entry *next, *p;
++  struct stat st;
+   int fd, ret;
+ 
+   archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
+@@ -2478,6 +2479,20 @@
+   (TODO_TIMES | TODO_MODE_BASE | TODO_ACLS | TODO_FFLAGS)) {
+   fd = open(p->name,
+   O_WRONLY | O_BINARY | O_NOFOLLOW | O_CLOEXEC);
++  if (fd == -1) {
++  /* If we cannot lstat, skip entry */
++  if (lstat(p->name, &st) != 0)
++  goto skip_fixup_entry;
++  /*
++   * If we deal with a symbolic link, mark
++   * it in the fixup mode to ensure no
++   * modifications are made to its target.
++   */
++  if (S_ISLNK(st.st_mode)) {
++  p->mode &= ~S_IFMT;
++  p->mode |= S_IFLNK;
++  }
++  }
+   }
+   if (p->fixup & TODO_TIMES) {
+   set_times(a, fd, p->mode, p->name,
+@@ -2492,7 +2507,12 @@
+   fchmod(fd, p->mode);
+   else
+ #endif
+-  chmod(p->name, p->mode);
++#ifdef HAVE_LCHMOD
++  lchmod(p->name, p->mode);
++#else
++  if (!S_ISLNK(p->mode))
++  chmod(p->name, p->mode);
++#endif
+   }
+   if (p->fixup & 

[OE-core][dunfell 5/7] classes: cve-check: Get shared database lock

[Steve Sakoman]

From: Joshua Watt 

The CVE check database needs to have a shared lock acquired on it before
it is accessed. This to prevent cve-update-db-native from deleting the
database file out from underneath it.

[YOCTO #14899]

Signed-off-by: Joshua Watt 
Signed-off-by: Richard Purdie 
(cherry picked from commit 20a9911b73df62a0d0d1884e57085f13ac5016dd)
Signed-off-by: Steve Sakoman 
---
 meta/classes/cve-check.bbclass | 23 ---
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 9eb9a95574..c0d4e2a972 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -138,17 +138,18 @@ python do_cve_check () {
 """
 from oe.cve_check import get_patched_cves
 
-if os.path.exists(d.getVar("CVE_CHECK_DB_FILE")):
-try:
-patched_cves = get_patched_cves(d)
-except FileNotFoundError:
-bb.fatal("Failure in searching patches")
-whitelisted, patched, unpatched, status = check_cves(d, patched_cves)
-if patched or unpatched or (d.getVar("CVE_CHECK_COVERAGE") == "1" and 
status):
-cve_data = get_cve_info(d, patched + unpatched + whitelisted)
-cve_write_data(d, patched, unpatched, whitelisted, cve_data, 
status)
-else:
-bb.note("No CVE database found, skipping CVE check")
+with bb.utils.fileslocked([d.getVar("CVE_CHECK_DB_FILE_LOCK")], 
shared=True):
+if os.path.exists(d.getVar("CVE_CHECK_DB_FILE")):
+try:
+patched_cves = get_patched_cves(d)
+except FileNotFoundError:
+bb.fatal("Failure in searching patches")
+ignored, patched, unpatched, status = check_cves(d, patched_cves)
+if patched or unpatched or (d.getVar("CVE_CHECK_COVERAGE") == "1" 
and status):
+cve_data = get_cve_info(d, patched + unpatched + ignored)
+cve_write_data(d, patched, unpatched, ignored, cve_data, 
status)
+else:
+bb.note("No CVE database found, skipping CVE check")
 
 }
 
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170444): 
https://lists.openembedded.org/g/openembedded-core/message/170444
Mute This Topic: https://lists.openembedded.org/mt/93540571/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 3/7] libarchive: Fix CVE-2021-23177 issue

[Steve Sakoman]

From: Ranjitsinh Rathod 

Add patch to fix CVE-2021-23177 issue for libarchive
Link: 
http://deb.debian.org/debian/pool/main/liba/libarchive/libarchive_3.4.3-2+deb11u1.debian.tar.xz

Signed-off-by: Ranjitsinh Rathod 
Signed-off-by: Steve Sakoman 
---
 .../libarchive/CVE-2021-23177.patch   | 183 ++
 .../libarchive/libarchive_3.4.2.bb|   1 +
 2 files changed, 184 insertions(+)
 create mode 100644 
meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch

diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch 
b/meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch
new file mode 100644
index 00..555c7a47f7
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch
@@ -0,0 +1,183 @@
+Description: Fix handling of symbolic link ACLs
+ Published as CVE-2021-23177
+Origin: upstream, 
https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad
+Bug-Debian: https://bugs.debian.org/1001986
+Author: Martin Matuska 
+Last-Updated: 2021-12-20
+
+CVE: CVE-2021-23177
+Upstream-Status: Backport 
[http://deb.debian.org/debian/pool/main/liba/libarchive/libarchive_3.4.3-2+deb11u1.debian.tar.xz]
+Signed-off-by: Ranjitsinh Rathod 
+
+--- a/libarchive/archive_disk_acl_freebsd.c
 b/libarchive/archive_disk_acl_freebsd.c
+@@ -319,7 +319,7 @@
+ 
+ static int
+ set_acl(struct archive *a, int fd, const char *name,
+-struct archive_acl *abstract_acl,
++struct archive_acl *abstract_acl, __LA_MODE_T mode,
+ int ae_requested_type, const char *tname)
+ {
+   int  acl_type = 0;
+@@ -364,6 +364,13 @@
+   return (ARCHIVE_FAILED);
+   }
+ 
++  if (acl_type == ACL_TYPE_DEFAULT && !S_ISDIR(mode)) {
++  errno = EINVAL;
++  archive_set_error(a, errno,
++  "Cannot set default ACL on non-directory");
++  return (ARCHIVE_WARN);
++  }
++
+   acl = acl_init(entries);
+   if (acl == (acl_t)NULL) {
+   archive_set_error(a, errno,
+@@ -542,7 +549,10 @@
+   else if (acl_set_link_np(name, acl_type, acl) != 0)
+ #else
+   /* FreeBSD older than 8.0 */
+-  else if (acl_set_file(name, acl_type, acl) != 0)
++  else if (S_ISLNK(mode)) {
++  /* acl_set_file() follows symbolic links, skip */
++  ret = ARCHIVE_OK;
++  } else if (acl_set_file(name, acl_type, acl) != 0)
+ #endif
+   {
+   if (errno == EOPNOTSUPP) {
+@@ -677,14 +687,14 @@
+   & ARCHIVE_ENTRY_ACL_TYPE_POSIX1E) != 0) {
+   if ((archive_acl_types(abstract_acl)
+   & ARCHIVE_ENTRY_ACL_TYPE_ACCESS) != 0) {
+-  ret = set_acl(a, fd, name, abstract_acl,
++  ret = set_acl(a, fd, name, abstract_acl, mode,
+   ARCHIVE_ENTRY_ACL_TYPE_ACCESS, "access");
+   if (ret != ARCHIVE_OK)
+   return (ret);
+   }
+   if ((archive_acl_types(abstract_acl)
+   & ARCHIVE_ENTRY_ACL_TYPE_DEFAULT) != 0)
+-  ret = set_acl(a, fd, name, abstract_acl,
++  ret = set_acl(a, fd, name, abstract_acl, mode,
+   ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, "default");
+ 
+   /* Simultaneous POSIX.1e and NFSv4 is not supported */
+@@ -693,7 +703,7 @@
+ #if ARCHIVE_ACL_FREEBSD_NFS4
+   else if ((archive_acl_types(abstract_acl) &
+   ARCHIVE_ENTRY_ACL_TYPE_NFS4) != 0) {
+-  ret = set_acl(a, fd, name, abstract_acl,
++  ret = set_acl(a, fd, name, abstract_acl, mode,
+   ARCHIVE_ENTRY_ACL_TYPE_NFS4, "nfs4");
+   }
+ #endif
+--- a/libarchive/archive_disk_acl_linux.c
 b/libarchive/archive_disk_acl_linux.c
+@@ -343,6 +343,11 @@
+   return (ARCHIVE_FAILED);
+   }
+ 
++  if (S_ISLNK(mode)) {
++  /* Linux does not support RichACLs on symbolic links */
++  return (ARCHIVE_OK);
++  }
++
+   richacl = richacl_alloc(entries);
+   if (richacl == NULL) {
+   archive_set_error(a, errno,
+@@ -455,7 +460,7 @@
+ #if ARCHIVE_ACL_LIBACL
+ static int
+ set_acl(struct archive *a, int fd, const char *name,
+-struct archive_acl *abstract_acl,
++struct archive_acl *abstract_acl, __LA_MODE_T mode,
+ int ae_requested_type, const char *tname)
+ {
+   int  acl_type = 0;
+@@ -488,6 +493,18 @@
+   return (ARCHIVE_FAILED);
+   }
+ 
++  if (S_ISLNK(mode)) {
++  /* Linux does not support ACLs on symbolic links */
++  return (ARCHIVE_OK);
++  }
++
++  if (acl_type == ACL_TYPE_DEFAULT && !S_ISDIR(mode)) {
++  errno = EINVAL;
++  archive_set_error(a, errno,
++  "Cannot set default ACL on non-directory");
++  return (ARCHIVE_WARN);
++  }
++
+   acl = acl_init(

[OE-core][dunfell 2/7] curl: Backport patch for CVE-2022-35252

[Steve Sakoman]

From: Robert Joslyn 

https://curl.se/docs/CVE-2022-35252.html

Signed-off-by: Robert Joslyn 
Signed-off-by: Steve Sakoman 
---
 .../curl/curl/CVE-2022-35252.patch| 72 +++
 meta/recipes-support/curl/curl_7.69.1.bb  |  1 +
 2 files changed, 73 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-35252.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2022-35252.patch 
b/meta/recipes-support/curl/curl/CVE-2022-35252.patch
new file mode 100644
index 00..a5160c01f4
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2022-35252.patch
@@ -0,0 +1,72 @@
+From c9212bdb21f0cc90a1a60dfdbb716deefe78fd40 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg 
+Date: Mon, 29 Aug 2022 00:09:17 +0200
+Subject: [PATCH] cookie: reject cookies with "control bytes"
+
+Rejects 0x01 - 0x1f (except 0x09) plus 0x7f
+
+Reported-by: Axel Chong
+
+Bug: https://curl.se/docs/CVE-2022-35252.html
+
+CVE-2022-35252
+
+Closes #9381
+
+Upstream-Status: Backport 
[https://github.com/curl/curl/commit/8dfc93e573ca740544a2d79ebb]
+
+Signed-off-by: Robert Joslyn 
+---
+ lib/cookie.c | 29 +
+ 1 file changed, 29 insertions(+)
+
+diff --git a/lib/cookie.c b/lib/cookie.c
+index a9ad20a..66c7715 100644
+--- a/lib/cookie.c
 b/lib/cookie.c
+@@ -412,6 +412,30 @@ static bool bad_domain(const char *domain)
+   return !strchr(domain, '.') && !strcasecompare(domain, "localhost");
+ }
+ 
++/*
++  RFC 6265 section 4.1.1 says a server should accept this range:
++
++  cookie-octet= %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
++
++  But Firefox and Chrome as of June 2022 accept space, comma and double-quotes
++  fine. The prime reason for filtering out control bytes is that some HTTP
++  servers return 400 for requests that contain such.
++*/
++static int invalid_octets(const char *p)
++{
++  /* Reject all bytes \x01 - \x1f (*except* \x09, TAB) + \x7f */
++  static const char badoctets[] = {
++"\x01\x02\x03\x04\x05\x06\x07\x08\x0a"
++"\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14"
++"\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x7f"
++  };
++  size_t vlen, len;
++  /* scan for all the octets that are *not* in cookie-octet */
++  len = strcspn(p, badoctets);
++  vlen = strlen(p);
++  return (len != vlen);
++}
++
+ /
+  *
+  * Curl_cookie_add()
+@@ -558,6 +582,11 @@ Curl_cookie_add(struct Curl_easy *data,
+ badcookie = TRUE;
+ break;
+   }
++  if(invalid_octets(whatptr) || invalid_octets(name)) {
++infof(data, "invalid octets in name/value, cookie dropped");
++badcookie = TRUE;
++break;
++  }
+ }
+ else if(!len) {
+   /* this was a "=" with no content, and we must allow
+-- 
+2.35.1
+
diff --git a/meta/recipes-support/curl/curl_7.69.1.bb 
b/meta/recipes-support/curl/curl_7.69.1.bb
index 7b67b68f1d..ed37094049 100644
--- a/meta/recipes-support/curl/curl_7.69.1.bb
+++ b/meta/recipes-support/curl/curl_7.69.1.bb
@@ -38,6 +38,7 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \
file://CVE-2022-32206.patch \
file://CVE-2022-32207.patch \
file://CVE-2022-32208.patch \
+   file://CVE-2022-35252.patch \
 "
 
 SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170441): 
https://lists.openembedded.org/g/openembedded-core/message/170441
Mute This Topic: https://lists.openembedded.org/mt/93540565/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 1/7] sqlite: CVE-2022-35737 assertion failure

[Steve Sakoman]

From: Hitendra Prajapati 

Source: https://www.sqlite.org/
MR: 120541
Type: Security Fix
Disposition: Backport from https://www.sqlite.org/src/info/aab790a16e1bdff7
ChangeID: cf6d0962be0d1f7d4a5019843da6349eb7f9acda
Description:
 CVE-2022-35737 sqlite: assertion failure via query when compiled with 
-DSQLITE_ENABLE_STAT4.

Signed-off-by: Hitendra Prajapati 
Signed-off-by: Steve Sakoman 
---
 .../sqlite/files/CVE-2022-35737.patch | 29 +++
 meta/recipes-support/sqlite/sqlite3_3.31.1.bb |  1 +
 2 files changed, 30 insertions(+)
 create mode 100644 meta/recipes-support/sqlite/files/CVE-2022-35737.patch

diff --git a/meta/recipes-support/sqlite/files/CVE-2022-35737.patch 
b/meta/recipes-support/sqlite/files/CVE-2022-35737.patch
new file mode 100644
index 00..341e002913
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2022-35737.patch
@@ -0,0 +1,29 @@
+From 2bbf4c999dbb4b520561a57e0bafc19a15562093 Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati 
+Date: Fri, 2 Sep 2022 11:22:29 +0530
+Subject: [PATCH] CVE-2022-35737
+
+Upstream-Status: Backport [https://www.sqlite.org/src/info/aab790a16e1bdff7]
+CVE: CVE-2022-35737
+Signed-off-by: Hitendra Prajapati 
+---
+ sqlite3.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/sqlite3.c b/sqlite3.c
+index f664217..33dfb78 100644
+--- a/sqlite3.c
 b/sqlite3.c
+@@ -28758,7 +28758,8 @@ SQLITE_API void sqlite3_str_vappendf(
+   case etSQLESCAPE:   /* %q: Escape ' characters */
+   case etSQLESCAPE2:  /* %Q: Escape ' and enclose in '...' */
+   case etSQLESCAPE3: {/* %w: Escape " characters */
+-int i, j, k, n, isnull;
++i64  i, j, k, n;
++int isnull;
+ int needQuote;
+ char ch;
+ char q = ((xtype==etSQLESCAPE3)?'"':'\'');   /* Quote character */
+-- 
+2.25.1
+
diff --git a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb 
b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
index 877e80f5a3..3440bf4913 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
@@ -13,6 +13,7 @@ SRC_URI = 
"http://www.sqlite.org/2020/sqlite-autoconf-${SQLITE_PV}.tar.gz \
file://CVE-2020-13630.patch \
file://CVE-2020-13631.patch \
file://CVE-2020-13632.patch \
+   file://CVE-2022-35737.patch \
"
 SRC_URI[md5sum] = "2d0a553534c521504e3ac3ad3b90f125"
 SRC_URI[sha256sum] = 
"62284efebc05a76f909c580ffa5c008a7d22a1287285d68b7825a2b6b51949ae"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170440): 
https://lists.openembedded.org/g/openembedded-core/message/170440
Mute This Topic: https://lists.openembedded.org/mt/93540564/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 0/7] Patch review

[Steve Sakoman]

Please review this set of patches for dunfell and have comments back by
end of day Friday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4200

The following changes since commit 345193f36d08cfe4899c65e8edf3f79db09c50d2:

  relocate_sdk.py: ensure interpreter size error causes relocation to fail 
(2022-08-29 05:02:16 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Hitendra Prajapati (1):
  sqlite: CVE-2022-35737 assertion failure

Joshua Watt (1):
  classes: cve-check: Get shared database lock

Ranjitsinh Rathod (2):
  libarchive: Fix CVE-2021-23177 issue
  libarchive: Fix CVE-2021-31566 issue

Richard Purdie (1):
  vim: Upgrade 9.0.0242 -> 9.0.0341

Robert Joslyn (1):
  curl: Backport patch for CVE-2022-35252

Ross Burton (1):
  cve-check: close cursors as soon as possible

 meta/classes/cve-check.bbclass|  36 ++--
 .../recipes-core/meta/cve-update-db-native.bb |  51 ++---
 .../libarchive/CVE-2021-23177.patch   | 183 ++
 .../libarchive/CVE-2021-31566-01.patch|  23 +++
 .../libarchive/CVE-2021-31566-02.patch| 172 
 .../libarchive/libarchive_3.4.2.bb|   3 +
 .../curl/curl/CVE-2022-35252.patch|  72 +++
 meta/recipes-support/curl/curl_7.69.1.bb  |   1 +
 .../sqlite/files/CVE-2022-35737.patch |  29 +++
 meta/recipes-support/sqlite/sqlite3_3.31.1.bb |   1 +
 meta/recipes-support/vim/vim.inc  |   4 +-
 11 files changed, 535 insertions(+), 40 deletions(-)
 create mode 100644 
meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch
 create mode 100644 
meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-01.patch
 create mode 100644 
meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-02.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-35252.patch
 create mode 100644 meta/recipes-support/sqlite/files/CVE-2022-35737.patch

-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170439): 
https://lists.openembedded.org/g/openembedded-core/message/170439
Mute This Topic: https://lists.openembedded.org/mt/93540561/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] webkitgtk: Update to 2.6.37

[Khem Raj]

On Wed, Sep 7, 2022 at 6:43 PM Yu, Mingli  wrote:
>
>
> Fail to build on beaglebone-yocto.
>
> /build/tmp-glibc/work/cortexa8hf-neon-wrs-linux-gnueabi/webkitgtk/2.36.7-r0/webkitgtk-2.36.7/Source/W
> ebCore/platform/graphics/filters/FELighting.h:72:41: error:
> 'LightingData' does not name a type
> 72 | inline void platformApplyNeon(const LightingData&, const
> LightSource::PaintingData&);
>| ^~~~
>

there is a proposed patch upstream. I have taken that and applied. The
patch is on ml.
while you are at it. Please test that patch out and report if the
issue is solved.

> Thanks,
>
> On 9/3/22 17:21, Khem Raj wrote:
> > [Please note: This e-mail is from an EXTERNAL e-mail address]
> >
> > Signed-off-by: Khem Raj 
> > ---
> >   .../webkit/{webkitgtk_2.36.6.bb => webkitgtk_2.36.7.bb}| 3 +--
> >   1 file changed, 1 insertion(+), 2 deletions(-)
> >   rename meta/recipes-sato/webkit/{webkitgtk_2.36.6.bb => 
> > webkitgtk_2.36.7.bb} (98%)
> >
> > diff --git a/meta/recipes-sato/webkit/webkitgtk_2.36.6.bb 
> > b/meta/recipes-sato/webkit/webkitgtk_2.36.7.bb
> > similarity index 98%
> > rename from meta/recipes-sato/webkit/webkitgtk_2.36.6.bb
> > rename to meta/recipes-sato/webkit/webkitgtk_2.36.7.bb
> > index 37b977f9ba..026e24ae39 100644
> > --- a/meta/recipes-sato/webkit/webkitgtk_2.36.6.bb
> > +++ b/meta/recipes-sato/webkit/webkitgtk_2.36.7.bb
> > @@ -16,8 +16,7 @@ SRC_URI = 
> > "https://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \
> >  file://reproducibility.patch \
> >  
> > file://0001-When-building-introspection-files-do-not-quote-CFLAG.patch \
> >  "
> > -
> > -SRC_URI[sha256sum] = 
> > "1193bc821946336776f0dfa5e0dca5651f1e57157eda12da4721d2441f24a61a"
> > +SRC_URI[sha256sum] = 
> > "0c260cf2b32f0481d017670dfed1b61e554967cd067195606c9f9eb5fe731743"
> >
> >   inherit cmake pkgconfig gobject-introspection perlnative features_check 
> > upstream-version-is-even gtk-doc
> >
> > --
> > 2.37.3
> >
> >
> >
> > 
> >

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170438): 
https://lists.openembedded.org/g/openembedded-core/message/170438
Mute This Topic: https://lists.openembedded.org/mt/93436476/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] Fix build on 32bit arm

[Khem Raj]

Signed-off-by: Khem Raj 
Cc: Mingli Yu 
---
 ...44e17d258106617b0e6d783d073b188a2548.patch | 311 ++
 meta/recipes-sato/webkit/webkitgtk_2.36.7.bb  |   1 +
 2 files changed, 312 insertions(+)
 create mode 100644 
meta/recipes-sato/webkit/webkitgtk/0d3344e17d258106617b0e6d783d073b188a2548.patch

diff --git 
a/meta/recipes-sato/webkit/webkitgtk/0d3344e17d258106617b0e6d783d073b188a2548.patch
 
b/meta/recipes-sato/webkit/webkitgtk/0d3344e17d258106617b0e6d783d073b188a2548.patch
new file mode 100644
index 00..204f76633f
--- /dev/null
+++ 
b/meta/recipes-sato/webkit/webkitgtk/0d3344e17d258106617b0e6d783d073b188a2548.patch
@@ -0,0 +1,311 @@
+From 0d3344e17d258106617b0e6d783d073b188a2548 Mon Sep 17 00:00:00 2001
+From: Adrian Perez de Castro 
+Date: Thu, 2 Jun 2022 11:19:06 +0300
+Subject: [PATCH] [ARM][NEON] FELightningNEON.cpp fails to build, NEON fast
+ path seems unused https://bugs.webkit.org/show_bug.cgi?id=241182
+
+Reviewed by NOBODY (OOPS!).
+
+Move the NEON fast path for the SVG lighting filter effects into
+FELightingSoftwareApplier, and arrange to actually use them by
+forwarding calls to applyPlatformGeneric() into applyPlatformNeon().
+
+Some changes were needed to adapt platformApplyNeon() to the current
+state of filters after r286140. This was not detected because the code
+bitrotted due to it being guarded with CPU(ARM_TRADITIONAL), which does
+not get used much these days: CPU(ARM_THUMB2) is more common. It should
+be possible to use the NEON fast paths also in Thumb mode, but that is
+left for a follow-up fix.
+
+* Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.cpp:
+(WebCore::FELightingSoftwareApplier::platformApplyNeonWorker):
+(WebCore::FELightingSoftwareApplier::getPowerCoefficients):
+(WebCore::FELighting::platformApplyNeonWorker): Deleted.
+(WebCore::FELighting::getPowerCoefficients): Deleted.
+* Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.h:
+(WebCore::FELightingSoftwareApplier::applyPlatformNeon):
+(WebCore::FELighting::platformApplyNeon): Deleted.
+* Source/WebCore/platform/graphics/filters/DistantLightSource.h:
+* Source/WebCore/platform/graphics/filters/FELighting.h:
+* Source/WebCore/platform/graphics/filters/PointLightSource.h:
+* Source/WebCore/platform/graphics/filters/SpotLightSource.h:
+* 
Source/WebCore/platform/graphics/filters/software/FELightingSoftwareApplier.h:
+---
+Upstream-Status: Submitted [https://github.com/WebKit/WebKit/pull/1233]
+Signed-off-by: Khem Raj 
+
+ .../cpu/arm/filters/FELightingNEON.cpp|  4 +-
+ .../graphics/cpu/arm/filters/FELightingNEON.h | 54 +--
+ .../graphics/filters/DistantLightSource.h |  4 ++
+ .../platform/graphics/filters/FELighting.h|  7 ---
+ .../graphics/filters/PointLightSource.h   |  4 ++
+ .../graphics/filters/SpotLightSource.h|  4 ++
+ .../software/FELightingSoftwareApplier.h  | 16 ++
+ 7 files changed, 57 insertions(+), 36 deletions(-)
+
+diff --git 
a/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.cpp 
b/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.cpp
+index f6ff8c20a5a8..42a97ffc5372 100644
+--- a/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.cpp
 b/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.cpp
+@@ -49,7 +49,7 @@ short* feLightingConstantsForNeon()
+ return s_FELightingConstantsForNeon;
+ }
+ 
+-void FELighting::platformApplyNeonWorker(FELightingPaintingDataForNeon* 
parameters)
++void 
FELightingSoftwareApplier::platformApplyNeonWorker(FELightingPaintingDataForNeon*
 parameters)
+ {
+ neonDrawLighting(parameters);
+ }
+@@ -464,7 +464,7 @@ TOSTRING(neonDrawLighting) ":" NL
+ "b .lightStrengthCalculated" NL
+ ); // NOLINT
+ 
+-int FELighting::getPowerCoefficients(float exponent)
++int FELightingSoftwareApplier::getPowerCoefficients(float exponent)
+ {
+ // Calling a powf function from the assembly code would require to save
+ // and reload a lot of NEON registers. Since the base is in range [0..1]
+diff --git a/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.h 
b/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.h
+index b17c603d40d3..c6d17f573eca 100644
+--- a/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.h
 b/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNEON.h
+@@ -24,14 +24,15 @@
+  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+  */
+ 
+-#ifndef FELightingNEON_h
+-#define FELightingNEON_h
++#pragma once
+ 
+ #if CPU(ARM_NEON) && CPU(ARM_TRADITIONAL) && COMPILER(GCC_COMPATIBLE)
+ 
+-#include "FELighting.h"
++#include "FELightingSoftwareApplier.h"
++#include "ImageBuffer.h"
+ #include "PointLightSource.h"
+ #include "SpotLightSource.h"
++#include 
+ #include 
+ 
+ namespace WebCore {
+@@ -93,14 +94,14 @@ extern "C" {
+ void neonDrawLighting(FELightingPaintingDataForNeon*);
+ }
+ 
+-inline void FELighting::platformApplyNeon(const Lighti

Re: [OE-core] [PATCH] webkitgtk: Update to 2.6.37

[Yu, Mingli]

Fail to build on beaglebone-yocto.

/build/tmp-glibc/work/cortexa8hf-neon-wrs-linux-gnueabi/webkitgtk/2.36.7-r0/webkitgtk-2.36.7/Source/W
ebCore/platform/graphics/filters/FELighting.h:72:41: error: 
'LightingData' does not name a type
   72 | inline void platformApplyNeon(const LightingData&, const 
LightSource::PaintingData&);

  | ^~~~

Thanks,

On 9/3/22 17:21, Khem Raj wrote:

[Please note: This e-mail is from an EXTERNAL e-mail address]

Signed-off-by: Khem Raj 
---
  .../webkit/{webkitgtk_2.36.6.bb => webkitgtk_2.36.7.bb}| 3 +--
  1 file changed, 1 insertion(+), 2 deletions(-)
  rename meta/recipes-sato/webkit/{webkitgtk_2.36.6.bb => webkitgtk_2.36.7.bb} 
(98%)

diff --git a/meta/recipes-sato/webkit/webkitgtk_2.36.6.bb 
b/meta/recipes-sato/webkit/webkitgtk_2.36.7.bb
similarity index 98%
rename from meta/recipes-sato/webkit/webkitgtk_2.36.6.bb
rename to meta/recipes-sato/webkit/webkitgtk_2.36.7.bb
index 37b977f9ba..026e24ae39 100644
--- a/meta/recipes-sato/webkit/webkitgtk_2.36.6.bb
+++ b/meta/recipes-sato/webkit/webkitgtk_2.36.7.bb
@@ -16,8 +16,7 @@ SRC_URI = 
"https://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \
 file://reproducibility.patch \
 
file://0001-When-building-introspection-files-do-not-quote-CFLAG.patch \
 "
-
-SRC_URI[sha256sum] = 
"1193bc821946336776f0dfa5e0dca5651f1e57157eda12da4721d2441f24a61a"
+SRC_URI[sha256sum] = 
"0c260cf2b32f0481d017670dfed1b61e554967cd067195606c9f9eb5fe731743"

  inherit cmake pkgconfig gobject-introspection perlnative features_check 
upstream-version-is-even gtk-doc

--
2.37.3






-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170436): 
https://lists.openembedded.org/g/openembedded-core/message/170436
Mute This Topic: https://lists.openembedded.org/mt/93436476/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] linux-yocto: Enable mdio for qemu

[Bruce Ashfield]

On Wed, Sep 7, 2022 at 6:05 PM Khem Raj  wrote:
>
> There are package like mdio-netlink in meta-oe which need this feature
> to be available, it has started to fail with 5.19

Fine with me!

Bruce

>
> Signed-off-by: Khem Raj 
> Cc: Bruce Ashfield 
> ---
>  meta/recipes-kernel/linux/linux-yocto_5.19.bb | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta/recipes-kernel/linux/linux-yocto_5.19.bb 
> b/meta/recipes-kernel/linux/linux-yocto_5.19.bb
> index 0ff28aa952..e96395d1bb 100644
> --- a/meta/recipes-kernel/linux/linux-yocto_5.19.bb
> +++ b/meta/recipes-kernel/linux/linux-yocto_5.19.bb
> @@ -56,7 +56,7 @@ COMPATIBLE_MACHINE = 
> "^(qemuarm|qemuarmv5|qemuarm64|qemux86|qemuppc|qemuppc64|qe
>  # Functionality flags
>  KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc"
>  KERNEL_FEATURES:append = " ${KERNEL_EXTRA_FEATURES}"
> -KERNEL_FEATURES:append:qemuall=" cfg/virtio.scc 
> features/drm-bochs/drm-bochs.scc"
> +KERNEL_FEATURES:append:qemuall=" cfg/virtio.scc 
> features/drm-bochs/drm-bochs.scc cfg/net/mdio.scc"
>  KERNEL_FEATURES:append:qemux86=" cfg/sound.scc cfg/paravirt_kvm.scc"
>  KERNEL_FEATURES:append:qemux86-64=" cfg/sound.scc cfg/paravirt_kvm.scc"
>  KERNEL_FEATURES:append = " ${@bb.utils.contains("TUNE_FEATURES", "mx32", " 
> cfg/x32.scc", "", d)}"
> --
> 2.37.3
>


-- 
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170435): 
https://lists.openembedded.org/g/openembedded-core/message/170435
Mute This Topic: https://lists.openembedded.org/mt/93535950/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 1/2] binutils-cross-canadian: Do not package gprofng.rc

[Khem Raj]

This file is already packaged via nativesdk-gprofng and can cause
populate SDK conflicts

Signed-off-by: Khem Raj 
---
 meta/recipes-devtools/binutils/binutils-cross-canadian.inc | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/meta/recipes-devtools/binutils/binutils-cross-canadian.inc 
b/meta/recipes-devtools/binutils/binutils-cross-canadian.inc
index 4e8f10c1c4..c18468ad50 100644
--- a/meta/recipes-devtools/binutils/binutils-cross-canadian.inc
+++ b/meta/recipes-devtools/binutils/binutils-cross-canadian.inc
@@ -23,10 +23,9 @@ do_install () {
rm -f ${D}${libdir}/libiberty*
rm -f ${D}${libdir}/libopcodes*
rm -f ${D}${includedir}/*.h
+rm -f ${D}${sysconfdir}/gprofng.rc

cross_canadian_bindirlinks
 }
 
-FILES:${PN} += "${sysconfdir}/gprofng.rc"
-
 BBCLASSEXTEND = ""
-- 
2.37.3


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170433): 
https://lists.openembedded.org/g/openembedded-core/message/170433
Mute This Topic: https://lists.openembedded.org/mt/93537151/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 2/2] vala: Update to 0.56.3 bugfix release

[Khem Raj]

Signed-off-by: Khem Raj 
---
 meta/recipes-devtools/vala/vala_0.56.2.bb | 3 ---
 meta/recipes-devtools/vala/vala_0.56.3.bb | 3 +++
 2 files changed, 3 insertions(+), 3 deletions(-)
 delete mode 100644 meta/recipes-devtools/vala/vala_0.56.2.bb
 create mode 100644 meta/recipes-devtools/vala/vala_0.56.3.bb

diff --git a/meta/recipes-devtools/vala/vala_0.56.2.bb 
b/meta/recipes-devtools/vala/vala_0.56.2.bb
deleted file mode 100644
index 08c8ccca1d..00
--- a/meta/recipes-devtools/vala/vala_0.56.2.bb
+++ /dev/null
@@ -1,3 +0,0 @@
-require ${BPN}.inc
-
-SRC_URI[sha256sum] = 
"66c9619bb17859fd1ac3aba0a57970613e38fd2a1ee30541174260c9fb90124c"
diff --git a/meta/recipes-devtools/vala/vala_0.56.3.bb 
b/meta/recipes-devtools/vala/vala_0.56.3.bb
new file mode 100644
index 00..83f61e5b2f
--- /dev/null
+++ b/meta/recipes-devtools/vala/vala_0.56.3.bb
@@ -0,0 +1,3 @@
+require ${BPN}.inc
+
+SRC_URI[sha256sum] = 
"e1066221bf7b89cb1fa7327a3888645cb33b604de3bf45aa81132fd040b699bf"
-- 
2.37.3


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170434): 
https://lists.openembedded.org/g/openembedded-core/message/170434
Mute This Topic: https://lists.openembedded.org/mt/93537152/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] cmake: Fix CMAKE_SYSTEM_PROCESSOR setting for SDK

[Tom Hochstein]

When building using an SDK, cmake complains that the target
architecture 'cortexa53-crypto' is unknown. The same build in bitbake
uses the target architecture 'aarch64'.

Set CMAKE_SYSTEM_PROCESSOR the same as for bitbake.

Signed-off-by: Tom Hochstein 
---
 meta/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake | 5 +
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/meta/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake 
b/meta/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake
index 3ddef12c83..d6a1e0464c 100644
--- a/meta/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake
+++ b/meta/recipes-devtools/cmake/cmake/OEToolchainConfig.cmake
@@ -11,10 +11,7 @@ set( CMAKE_FIND_ROOT_PATH_MODE_PACKAGE ONLY )
 
 set(CMAKE_FIND_LIBRARY_CUSTOM_LIB_SUFFIX 
"$ENV{OE_CMAKE_FIND_LIBRARY_CUSTOM_LIB_SUFFIX}")
 
-# Set CMAKE_SYSTEM_PROCESSOR from the sysroot name (assuming 
processor-distro-os).
-if ($ENV{SDKTARGETSYSROOT} MATCHES "/sysroots/([a-zA-Z0-9_-]+)-.+-.+")
-  set(CMAKE_SYSTEM_PROCESSOR ${CMAKE_MATCH_1})
-endif()
+set( CMAKE_SYSTEM_PROCESSOR $ENV{OECORE_TARGET_ARCH} )
 
 # Include the toolchain configuration subscripts
 file( GLOB toolchain_config_files "${CMAKE_CURRENT_LIST_FILE}.d/*.cmake" )
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170432): 
https://lists.openembedded.org/g/openembedded-core/message/170432
Mute This Topic: https://lists.openembedded.org/mt/93536574/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] linux-yocto: Enable mdio for qemu

[Khem Raj]

There are package like mdio-netlink in meta-oe which need this feature
to be available, it has started to fail with 5.19

Signed-off-by: Khem Raj 
Cc: Bruce Ashfield 
---
 meta/recipes-kernel/linux/linux-yocto_5.19.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto_5.19.bb 
b/meta/recipes-kernel/linux/linux-yocto_5.19.bb
index 0ff28aa952..e96395d1bb 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.19.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.19.bb
@@ -56,7 +56,7 @@ COMPATIBLE_MACHINE = 
"^(qemuarm|qemuarmv5|qemuarm64|qemux86|qemuppc|qemuppc64|qe
 # Functionality flags
 KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc"
 KERNEL_FEATURES:append = " ${KERNEL_EXTRA_FEATURES}"
-KERNEL_FEATURES:append:qemuall=" cfg/virtio.scc 
features/drm-bochs/drm-bochs.scc"
+KERNEL_FEATURES:append:qemuall=" cfg/virtio.scc 
features/drm-bochs/drm-bochs.scc cfg/net/mdio.scc"
 KERNEL_FEATURES:append:qemux86=" cfg/sound.scc cfg/paravirt_kvm.scc"
 KERNEL_FEATURES:append:qemux86-64=" cfg/sound.scc cfg/paravirt_kvm.scc"
 KERNEL_FEATURES:append = " ${@bb.utils.contains("TUNE_FEATURES", "mx32", " 
cfg/x32.scc", "", d)}"
-- 
2.37.3


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170431): 
https://lists.openembedded.org/g/openembedded-core/message/170431
Mute This Topic: https://lists.openembedded.org/mt/93535950/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 5/5] oeqa/selftest: Add lower layer test for overlayfs-etc

[Vyacheslav Yurkov]

From: Vyacheslav Yurkov 

Place a test file on the /etc by means of overlayfs-user recipe.
Perform QA checks to make sure that:
- When lower layer is exposed, that it's read-only to avoid undefined behavior
- By default lower layer is not exposed

Signed-off-by: Vyacheslav Yurkov 
---
 .../overlayfs-user/overlayfs-user.bb  |  7 +-
 meta/lib/oeqa/selftest/cases/overlayfs.py | 90 ++-
 2 files changed, 74 insertions(+), 23 deletions(-)

diff --git a/meta-selftest/recipes-test/overlayfs-user/overlayfs-user.bb 
b/meta-selftest/recipes-test/overlayfs-user/overlayfs-user.bb
index 913a4d1fdb..50cba9514b 100644
--- a/meta-selftest/recipes-test/overlayfs-user/overlayfs-user.bb
+++ b/meta-selftest/recipes-test/overlayfs-user/overlayfs-user.bb
@@ -12,6 +12,11 @@ OVERLAYFS_WRITABLE_PATHS[mnt-overlay] += 
"/usr/share/my-application"
 
 do_install() {
 install -d ${D}/usr/share/my-application
+install -d ${D}${sysconfdir}
+echo "Original file in /etc" >> ${D}${sysconfdir}/lower-layer-test.txt
 }
 
-FILES:${PN} += "/usr"
+FILES:${PN} += "\
+${exec_prefix} \
+${sysconfdir \
+"
diff --git a/meta/lib/oeqa/selftest/cases/overlayfs.py 
b/meta/lib/oeqa/selftest/cases/overlayfs.py
index f550015b4b..57a8c8bdb6 100644
--- a/meta/lib/oeqa/selftest/cases/overlayfs.py
+++ b/meta/lib/oeqa/selftest/cases/overlayfs.py
@@ -381,28 +381,7 @@ OVERLAYFS_ETC_DEVICE = "/dev/sda3"
 Author:Vyacheslav Yurkov 
 """
 
-config = """
-DISTRO_FEATURES:append = " systemd"
-
-# Use systemd as init manager
-VIRTUAL-RUNTIME_init_manager = "systemd"
-
-# enable overlayfs in the kernel
-KERNEL_EXTRA_FEATURES:append = " features/overlayfs/overlayfs.scc"
-
-IMAGE_FSTYPES += "wic"
-OVERLAYFS_INIT_OPTION = "{OVERLAYFS_INIT_OPTION}"
-WKS_FILE = "overlayfs_etc.wks.in"
-
-EXTRA_IMAGE_FEATURES += "read-only-rootfs"
-# Image configuration for overlayfs-etc
-EXTRA_IMAGE_FEATURES += "overlayfs-etc"
-IMAGE_FEATURES:remove = "package-management"
-OVERLAYFS_ETC_MOUNT_POINT = "/data"
-OVERLAYFS_ETC_FSTYPE = "ext4"
-OVERLAYFS_ETC_DEVICE = "/dev/sda3"
-OVERLAYFS_ETC_USE_ORIG_INIT_NAME = "{OVERLAYFS_ETC_USE_ORIG_INIT_NAME}"
-"""
+config = self.get_working_config()
 
 args = {
 'OVERLAYFS_INIT_OPTION': "" if origInit else "init=/sbin/preinit",
@@ -423,6 +402,11 @@ OVERLAYFS_ETC_USE_ORIG_INIT_NAME = 
"{OVERLAYFS_ETC_USE_ORIG_INIT_NAME}"
 line = getline_qemu(output, "upperdir=/data/overlay-etc/upper")
 self.assertTrue(line and line.startswith("/data/overlay-etc/upper 
on /etc type overlay"), msg=output)
 
+# check that lower layer is not available
+status, output = qemu.run_serial("ls -1 /data/overlay-etc/lower")
+line = getline_qemu(output, "No such file or directory")
+self.assertTrue(line, msg=output)
+
 status, output = qemu.run_serial("touch " + testFile)
 status, output = qemu.run_serial("sync")
 status, output = qemu.run_serial("ls -1 " + testFile)
@@ -434,3 +418,65 @@ OVERLAYFS_ETC_USE_ORIG_INIT_NAME = 
"{OVERLAYFS_ETC_USE_ORIG_INIT_NAME}"
 status, output = qemu.run_serial("ls -1 " + testFile)
 line = getline_qemu(output, testFile)
 self.assertTrue(line and line.startswith(testFile), msg=output)
+
+def test_lower_layer_access(self):
+"""
+Summary:   Test that lower layer of /etc is available read-only when 
configured
+Expected:  Can't write to lower layer. The files on lower and upper 
different after
+   modification
+Author:Vyacheslav Yurkov 
+"""
+
+config = self.get_working_config()
+
+configLower = """
+OVERLAYFS_ETC_EXPOSE_LOWER = "1"
+IMAGE_INSTALL:append = " overlayfs-user"
+"""
+testFile = "lower-layer-test.txt"
+
+args = {
+'OVERLAYFS_INIT_OPTION': "",
+'OVERLAYFS_ETC_USE_ORIG_INIT_NAME': 1
+}
+
+self.write_config(config.format(**args))
+
+self.append_config(configLower)
+bitbake('core-image-minimal')
+
+with runqemu('core-image-minimal', image_fstype='wic') as qemu:
+status, output = qemu.run_serial("echo \"Modified in upper\" > 
/etc/" + testFile)
+status, output = qemu.run_serial("diff /etc/" + testFile + " 
/data/overlay-etc/lower/" + testFile)
+line = getline_qemu(output, "Modified in upper")
+self.assertTrue(line, msg=output)
+line = getline_qemu(output, "Original file")
+self.assertTrue(line, msg=output)
+
+status, output = qemu.run_serial("touch 
/data/overlay-etc/lower/ro-test.txt")
+line = getline_qemu(output, "Read-only file system")
+self.assertTrue(line, msg=output)
+
+def get_working_config(self):
+return """
+DISTRO_FEATURES:append = " systemd"
+
+# Use systemd as init manager
+VIRTUAL-RUNTIME_init_manager = "systemd"
+
+# ena

[OE-core] [PATCH 4/5] classes: files: Extend overlayfs-etc class

[Vyacheslav Yurkov]

From: Vyacheslav Yurkov 

Add the ability to expose the lower layer of /etc when mounting overlay.
This is the similar to what overlayroot script from initramfs-framework does.

By default, this option is turned off to keep an old behavior intact.

Signed-off-by: Vyacheslav Yurkov 
---
 meta/classes-recipe/overlayfs-etc.bbclass | 5 -
 meta/files/overlayfs-etc-preinit.sh.in| 9 +
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/meta/classes-recipe/overlayfs-etc.bbclass 
b/meta/classes-recipe/overlayfs-etc.bbclass
index d0bc3ecfac..f8343106f3 100644
--- a/meta/classes-recipe/overlayfs-etc.bbclass
+++ b/meta/classes-recipe/overlayfs-etc.bbclass
@@ -40,6 +40,7 @@ OVERLAYFS_ETC_DEVICE ??= ""
 OVERLAYFS_ETC_USE_ORIG_INIT_NAME ??= "1"
 OVERLAYFS_ETC_MOUNT_OPTIONS ??= "defaults"
 OVERLAYFS_ETC_INIT_TEMPLATE ??= 
"${COREBASE}/meta/files/overlayfs-etc-preinit.sh.in"
+OVERLAYFS_ETC_EXPOSE_LOWER ??= "0"
 
 python create_overlayfs_etc_preinit() {
 overlayEtcMountPoint = d.getVar("OVERLAYFS_ETC_MOUNT_POINT")
@@ -60,13 +61,15 @@ python create_overlayfs_etc_preinit() {
 preinitPath = oe.path.join(d.getVar("IMAGE_ROOTFS"), 
d.getVar("base_sbindir"), "preinit")
 initBaseName = oe.path.join(d.getVar("base_sbindir"), "init")
 origInitNameSuffix = ".orig"
+exposeLower = oe.types.boolean(d.getVar('OVERLAYFS_ETC_EXPOSE_LOWER'))
 
 args = {
 'OVERLAYFS_ETC_MOUNT_POINT': overlayEtcMountPoint,
 'OVERLAYFS_ETC_MOUNT_OPTIONS': d.getVar('OVERLAYFS_ETC_MOUNT_OPTIONS'),
 'OVERLAYFS_ETC_FSTYPE': overlayEtcFsType,
 'OVERLAYFS_ETC_DEVICE': overlayEtcDevice,
-'SBIN_INIT_NAME': initBaseName + origInitNameSuffix if useOrigInit 
else initBaseName
+'SBIN_INIT_NAME': initBaseName + origInitNameSuffix if useOrigInit 
else initBaseName,
+'OVERLAYFS_ETC_EXPOSE_LOWER': "true" if exposeLower else "false"
 }
 
 if useOrigInit:
diff --git a/meta/files/overlayfs-etc-preinit.sh.in 
b/meta/files/overlayfs-etc-preinit.sh.in
index 0e80849f12..8db076f4ba 100644
--- a/meta/files/overlayfs-etc-preinit.sh.in
+++ b/meta/files/overlayfs-etc-preinit.sh.in
@@ -18,6 +18,7 @@ mount -t sysfs sysfs /sys
 BASE_OVERLAY_ETC_DIR={OVERLAYFS_ETC_MOUNT_POINT}/overlay-etc
 UPPER_DIR=$BASE_OVERLAY_ETC_DIR/upper
 WORK_DIR=$BASE_OVERLAY_ETC_DIR/work
+LOWER_DIR=$BASE_OVERLAY_ETC_DIR/lower
 
 mkdir -p {OVERLAYFS_ETC_MOUNT_POINT}
 if mount -n -t {OVERLAYFS_ETC_FSTYPE} \
@@ -26,6 +27,14 @@ if mount -n -t {OVERLAYFS_ETC_FSTYPE} \
 then
 mkdir -p $UPPER_DIR
 mkdir -p $WORK_DIR
+
+if {OVERLAYFS_ETC_EXPOSE_LOWER}; then
+mkdir -p $LOWER_DIR
+
+# provide read-only access to original /etc content
+mount -o bind,ro /etc $LOWER_DIR
+fi
+
 mount -n -t overlay \
 -o upperdir=$UPPER_DIR \
 -o lowerdir=/etc \
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170429): 
https://lists.openembedded.org/g/openembedded-core/message/170429
Mute This Topic: https://lists.openembedded.org/mt/93533202/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 3/5] files: overlayfs-etc: refactor preinit template

[Vyacheslav Yurkov]

From: Vyacheslav Yurkov 

Signed-off-by: Vyacheslav Yurkov 
---
 meta/files/overlayfs-etc-preinit.sh.in | 14 +-
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/meta/files/overlayfs-etc-preinit.sh.in 
b/meta/files/overlayfs-etc-preinit.sh.in
index 43c9b04eb9..0e80849f12 100644
--- a/meta/files/overlayfs-etc-preinit.sh.in
+++ b/meta/files/overlayfs-etc-preinit.sh.in
@@ -15,19 +15,23 @@ mount -t sysfs sysfs /sys
 
 [ -z "$CONSOLE" ] && CONSOLE="/dev/console"
 
+BASE_OVERLAY_ETC_DIR={OVERLAYFS_ETC_MOUNT_POINT}/overlay-etc
+UPPER_DIR=$BASE_OVERLAY_ETC_DIR/upper
+WORK_DIR=$BASE_OVERLAY_ETC_DIR/work
+
 mkdir -p {OVERLAYFS_ETC_MOUNT_POINT}
 if mount -n -t {OVERLAYFS_ETC_FSTYPE} \
 -o {OVERLAYFS_ETC_MOUNT_OPTIONS} \
 {OVERLAYFS_ETC_DEVICE} {OVERLAYFS_ETC_MOUNT_POINT}
 then
-mkdir -p {OVERLAYFS_ETC_MOUNT_POINT}/overlay-etc/upper
-mkdir -p {OVERLAYFS_ETC_MOUNT_POINT}/overlay-etc/work
+mkdir -p $UPPER_DIR
+mkdir -p $WORK_DIR
 mount -n -t overlay \
--o upperdir={OVERLAYFS_ETC_MOUNT_POINT}/overlay-etc/upper \
+-o upperdir=$UPPER_DIR \
 -o lowerdir=/etc \
--o workdir={OVERLAYFS_ETC_MOUNT_POINT}/overlay-etc/work \
+-o workdir=$WORK_DIR \
 -o index=off,xino=off,redirect_dir=off,metacopy=off \
-{OVERLAYFS_ETC_MOUNT_POINT}/overlay-etc/upper /etc || \
+$UPPER_DIR /etc || \
 echo "PREINIT: Mounting etc-overlay failed!"
 else
 echo "PREINIT: Mounting  failed!"
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170428): 
https://lists.openembedded.org/g/openembedded-core/message/170428
Mute This Topic: https://lists.openembedded.org/mt/93533201/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 1/5] oeqa/selftest: drop image_feature test from overlayfs

[Vyacheslav Yurkov]

From: Vyacheslav Yurkov 

The test checked the incorrect class use with INHERIT. This
functionality is now covered by bitbake

Signed-off-by: Vyacheslav Yurkov 
---
 meta/lib/oeqa/selftest/cases/overlayfs.py | 13 +
 1 file changed, 1 insertion(+), 12 deletions(-)

diff --git a/meta/lib/oeqa/selftest/cases/overlayfs.py 
b/meta/lib/oeqa/selftest/cases/overlayfs.py
index bff22f21b6..f550015b4b 100644
--- a/meta/lib/oeqa/selftest/cases/overlayfs.py
+++ b/meta/lib/oeqa/selftest/cases/overlayfs.py
@@ -333,24 +333,14 @@ EXTRA_IMAGE_FEATURES += "package-management"
 self.assertTrue("overlayfs-etc" in res.output, msg=res.output)
 self.assertTrue("package-management" in res.output, msg=res.output)
 
-def test_image_feature_is_missing_class_included(self):
-configAppend = """
-INHERIT += "overlayfs-etc"
-"""
-self.run_check_image_feature(configAppend)
-
 def test_image_feature_is_missing(self):
-self.run_check_image_feature()
-
-def run_check_image_feature(self, appendToConfig=""):
 """
 Summary:   Overlayfs-etc class is not applied when image feature is 
not set
-   even if we inherit it directly,
 Expected:  Image is created successfully but /etc is not an overlay
 Author:Vyacheslav Yurkov 
 """
 
-config = f"""
+config = """
 DISTRO_FEATURES:append = " systemd"
 
 # Use systemd as init manager
@@ -366,7 +356,6 @@ EXTRA_IMAGE_FEATURES += "read-only-rootfs"
 # Image configuration for overlayfs-etc
 OVERLAYFS_ETC_MOUNT_POINT = "/data"
 OVERLAYFS_ETC_DEVICE = "/dev/sda3"
-{appendToConfig}
 """
 
 self.write_config(config)
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170426): 
https://lists.openembedded.org/g/openembedded-core/message/170426
Mute This Topic: https://lists.openembedded.org/mt/93533199/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 2/5] classes: Update overlayfs classes to use new bitbake functionality

[Vyacheslav Yurkov]

From: Vyacheslav Yurkov 

OverlayFS classes belong to a recipe scope

Signed-off-by: Vyacheslav Yurkov 
---
 meta/{classes => classes-recipe}/overlayfs-etc.bbclass | 0
 meta/{classes => classes-recipe}/overlayfs.bbclass | 0
 2 files changed, 0 insertions(+), 0 deletions(-)
 rename meta/{classes => classes-recipe}/overlayfs-etc.bbclass (100%)
 rename meta/{classes => classes-recipe}/overlayfs.bbclass (100%)

diff --git a/meta/classes/overlayfs-etc.bbclass 
b/meta/classes-recipe/overlayfs-etc.bbclass
similarity index 100%
rename from meta/classes/overlayfs-etc.bbclass
rename to meta/classes-recipe/overlayfs-etc.bbclass
diff --git a/meta/classes/overlayfs.bbclass 
b/meta/classes-recipe/overlayfs.bbclass
similarity index 100%
rename from meta/classes/overlayfs.bbclass
rename to meta/classes-recipe/overlayfs.bbclass
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170427): 
https://lists.openembedded.org/g/openembedded-core/message/170427
Mute This Topic: https://lists.openembedded.org/mt/93533200/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] connman: Drop redundant nfsroot handling

[Tom Hochstein]

connman has nfsroot support built in since version 1.34 [1], so the
nfsroot handling in the init script is redundant.

[1] 
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=ef0d26e6ef2b883193469f016117d8238c1c9658

Signed-off-by: Tom Hochstein 
---
 .../connman/connman/connman   | 39 +--
 1 file changed, 1 insertion(+), 38 deletions(-)

diff --git a/meta/recipes-connectivity/connman/connman/connman 
b/meta/recipes-connectivity/connman/connman/connman
index 310a696863..a021fd4655 100644
--- a/meta/recipes-connectivity/connman/connman/connman
+++ b/meta/recipes-connectivity/connman/connman/connman
@@ -10,48 +10,11 @@ fi
 
 set -e
 
-nfsroot=0
-
-exec 9<&0 < /proc/mounts
-while read dev mtpt fstype rest; do
-   if test $mtpt = "/" ; then
-   case $fstype in
-   nfs | nfs4)
-   nfsroot=1
-   break
-   ;;
-   *)
-   ;;
-   esac
-   fi
-done
-
 do_start() {
-   if test $nfsroot -eq 1 ; then
-   NET_DEVS=`cat /proc/net/dev | sed -ne 's/^\([a-zA-Z0-9 
]*\):.*$/\1/p'`
-   NET_ADDR=`cat /proc/cmdline | sed -ne 's/^.*ip=\([^ :]*\).*$/\1/p'`
-
-   if [ ! -z "$NET_ADDR" ]; then
-   if [ "$NET_ADDR" = dhcp ]; then
-   ethn=`ifconfig | grep "^eth" | sed -e 
"s/\(eth[0-9]\)\(.*\)/\1/"`
-   if [ ! -z "$ethn" ]; then
-   EXTRA_PARAM="$EXTRA_PARAM -I $ethn"
-   fi
-   else
-   for i in $NET_DEVS; do
-   ADDR=`ifconfig $i | sed 's/addr://g' | sed -ne 
's/^.*inet \([0-9.]*\) .*$/\1/p'`
-   if [ "$NET_ADDR" = "$ADDR" ]; then
-   EXTRA_PARAM="$EXTRA_PARAM -I $i"
-   break
-   fi
-   done
-   fi
-   fi
-   fi
if [ -f @DATADIR@/connman/wired-setup ] ; then
. @DATADIR@/connman/wired-setup
fi
-   $DAEMON $EXTRA_PARAM
+   $DAEMON
 }
 
 do_stop() {
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170425): 
https://lists.openembedded.org/g/openembedded-core/message/170425
Mute This Topic: https://lists.openembedded.org/mt/93531638/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 3/3] gcc: remove obsolete 0012-export-CPP.patch

[Khem Raj]

lgtm. it should have been dropped for I forgot.

On Wed, Sep 7, 2022 at 6:02 AM Ross Burton  wrote:
>
> This patch is no longer needed, the upstream Makefile exports CPP from
> CPP_FOR_BUILD since 12.1.
>
> Signed-off-by: Ross Burton 
> ---
>  meta/recipes-devtools/gcc/gcc-12.2.inc|  1 -
>  .../gcc/gcc/0012-export-CPP.patch | 50 ---
>  2 files changed, 51 deletions(-)
>  delete mode 100644 meta/recipes-devtools/gcc/gcc/0012-export-CPP.patch
>
> diff --git a/meta/recipes-devtools/gcc/gcc-12.2.inc 
> b/meta/recipes-devtools/gcc/gcc-12.2.inc
> index 572fd8b6692..7cc34b26215 100644
> --- a/meta/recipes-devtools/gcc/gcc-12.2.inc
> +++ b/meta/recipes-devtools/gcc/gcc-12.2.inc
> @@ -49,7 +49,6 @@ SRC_URI = "${BASEURI} \
> 
> file://0009-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch \
> 
> file://0010-Use-the-multilib-config-files-from-B-instead-of-usin.patch \
> 
> file://0011-Avoid-using-libdir-from-.la-which-usually-points-to-.patch \
> -   file://0012-export-CPP.patch \
> file://0013-Ensure-target-gcc-headers-can-be-included.patch \
> 
> file://0014-Don-t-search-host-directory-during-relink-if-inst_pr.patch \
> file://0015-libcc1-fix-libcc1-s-install-path-and-rpath.patch \
> diff --git a/meta/recipes-devtools/gcc/gcc/0012-export-CPP.patch 
> b/meta/recipes-devtools/gcc/gcc/0012-export-CPP.patch
> deleted file mode 100644
> index 7e1ebef463a..000
> --- a/meta/recipes-devtools/gcc/gcc/0012-export-CPP.patch
> +++ /dev/null
> @@ -1,50 +0,0 @@
> -From 20afebc61199cd74481b0b831c1b56465cd37fa0 Mon Sep 17 00:00:00 2001
> -From: Khem Raj 
> -Date: Fri, 20 Feb 2015 09:40:59 +
> -Subject: [PATCH] export CPP
> -
> -The OE environment sets and exports CPP as being the target gcc. When
> -building gcc-cross-canadian for a mingw targetted sdk, the following can be 
> found
> -in 
> build.x86_64-pokysdk-mingw32.i586-poky-linux/build-x86_64-linux/libiberty/config.log:
> -
> -configure:3641: checking for _FILE_OFFSET_BITS value needed for large files
> -configure:3666: gcc  -c 
> -isystem/media/build1/poky/build/tmp/sysroots/x86_64-linux/usr/include -O2 
> -pipe  conftest.c >&5
> -configure:3666: $? = 0
> -configure:3698: result: no
> -configure:3786: checking how to run the C preprocessor
> -configure:3856: result: x86_64-pokysdk-mingw32-gcc -E 
> --sysroot=/media/build1/poky/build/tmp/sysroots/x86_64-nativesdk-mingw32-pokysdk-mingw32
> -configure:3876: x86_64-pokysdk-mingw32-gcc -E 
> --sysroot=/media/build1/poky/build/tmp/sysroots/x86_64-nativesdk-mingw32-pokysdk-mingw32
>  conftest.c
> -configure:3876: $? = 0
> -
> -Note this is a *build* target (in build-x86_64-linux) so it should be
> -using the host "gcc", not x86_64-pokysdk-mingw32-gcc. Since the mingw32
> -headers are very different, using the wrong cpp is a real problem. It is 
> leaking
> -into configure through the CPP variable. Ultimately this leads to build
> -failures related to not being able to include a process.h file for 
> pem-unix.c.
> -
> -The fix is to ensure we export a sane CPP value into the build
> -environment when using build targets. We could define a CPP_FOR_BUILD value 
> which may be
> -the version which needs to be upstreamed but for now, this fix is good 
> enough to
> -avoid the problem.
> -
> -RP 22/08/2013
> -
> -Upstream-Status: Pending
> -
> -Signed-off-by: Khem Raj 
> 
> - Makefile.in | 1 +
> - 1 file changed, 1 insertion(+)
> -
> -diff --git a/Makefile.in b/Makefile.in
> -index 1d9c83cc566..11819667751 100644
>  a/Makefile.in
> -+++ b/Makefile.in
> -@@ -152,6 +152,7 @@ BUILD_EXPORTS = \
> -   AR="$(AR_FOR_BUILD)"; export AR; \
> -   AS="$(AS_FOR_BUILD)"; export AS; \
> -   CC="$(CC_FOR_BUILD)"; export CC; \
> -+  CPP="$(CC_FOR_BUILD) -E"; export CPP; \
> -   CFLAGS="$(CFLAGS_FOR_BUILD)"; export CFLAGS; \
> -   CONFIG_SHELL="$(SHELL)"; export CONFIG_SHELL; \
> -   CPP="$(CPP_FOR_BUILD)"; export CPP; \
> --
> 2.34.1
>
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170424): 
https://lists.openembedded.org/g/openembedded-core/message/170424
Mute This Topic: https://lists.openembedded.org/mt/93524139/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [meta][dunfell][PATCH] python3: Fix CVE-2021-28861 for python3

[Riyaz Ahmed Khan]

From: Riyaz Khan 

Add patch to fix CVE-2021-28861

CVE-2021-28861.patch
Link: 
https://github.com/python/cpython/commit/4dc2cae3abd75f386374d0635d00443b897d0672

Signed-off-by: Riyaz Khan 
---
 .../python/python3/CVE-2021-28861.patch   | 135 ++
 .../recipes-devtools/python/python3_3.8.13.bb |   1 +
 2 files changed, 136 insertions(+)
 create mode 100644 meta/recipes-devtools/python/python3/CVE-2021-28861.patch

diff --git a/meta/recipes-devtools/python/python3/CVE-2021-28861.patch 
b/meta/recipes-devtools/python/python3/CVE-2021-28861.patch
new file mode 100644
index 00..dc97c6b4eb
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/CVE-2021-28861.patch
@@ -0,0 +1,135 @@
+From 4dc2cae3abd75f386374d0635d00443b897d0672 Mon Sep 17 00:00:00 2001
+From: "Miss Islington (bot)"
+ <31488909+miss-isling...@users.noreply.github.com>
+Date: Wed, 22 Jun 2022 01:42:52 -0700
+Subject: [PATCH] gh-87389: Fix an open redirection vulnerability in
+ http.server. (GH-93879) (GH-94094)
+
+Fix an open redirection vulnerability in the `http.server` module when
+an URI path starts with `//` that could produce a 301 Location header
+with a misleading target.  Vulnerability discovered, and logic fix
+proposed, by Hamza Avvan (@hamzaavvan).
+
+Test and comments authored by Gregory P. Smith [Google].
+(cherry picked from commit 4abab6b603dd38bec1168e9a37c40a48ec89508e)
+
+Co-authored-by: Gregory P. Smith 
+
+Signed-off-by: Riyaz Khan 
+
+CVE: CVE-2021-28861
+
+Upstream-Status: Backport 
[https://github.com/python/cpython/commit/4dc2cae3abd75f386374d0635d00443b897d0672]
+
+---
+ Lib/http/server.py|  7 +++
+ Lib/test/test_httpservers.py  | 53 ++-
+ ...2-06-15-20-09-23.gh-issue-87389.QVaC3f.rst |  3 ++
+ 3 files changed, 61 insertions(+), 2 deletions(-)
+ create mode 100644 
Misc/NEWS.d/next/Security/2022-06-15-20-09-23.gh-issue-87389.QVaC3f.rst
+
+diff --git a/Lib/http/server.py b/Lib/http/server.py
+index 38f7accad7a3..39de35458c38 100644
+--- a/Lib/http/server.py
 b/Lib/http/server.py
+@@ -332,6 +332,13 @@ def parse_request(self):
+ return False
+ self.command, self.path = command, path
+ 
++# gh-87389: The purpose of replacing '//' with '/' is to protect
++# against open redirect attacks possibly triggered if the path starts
++# with '//' because http clients treat //path as an absolute URI
++# without scheme (similar to http://path) rather than a path.
++if self.path.startswith('//'):
++self.path = '/' + self.path.lstrip('/')  # Reduce to a single /
++
+ # Examine the headers and look for a Connection directive.
+ try:
+ self.headers = http.client.parse_headers(self.rfile,
+diff --git a/Lib/test/test_httpservers.py b/Lib/test/test_httpservers.py
+index 87d4924a34b3..fb026188f0b4 100644
+--- a/Lib/test/test_httpservers.py
 b/Lib/test/test_httpservers.py
+@@ -330,7 +330,7 @@ class request_handler(NoLogRequestHandler, 
SimpleHTTPRequestHandler):
+ pass
+ 
+ def setUp(self):
+-BaseTestCase.setUp(self)
++super().setUp()
+ self.cwd = os.getcwd()
+ basetempdir = tempfile.gettempdir()
+ os.chdir(basetempdir)
+@@ -358,7 +358,7 @@ def tearDown(self):
+ except:
+ pass
+ finally:
+-BaseTestCase.tearDown(self)
++super().tearDown()
+ 
+ def check_status_and_reason(self, response, status, data=None):
+ def close_conn():
+@@ -414,6 +414,55 @@ def test_undecodable_filename(self):
+ self.check_status_and_reason(response, HTTPStatus.OK,
+  data=support.TESTFN_UNDECODABLE)
+ 
++def test_get_dir_redirect_location_domain_injection_bug(self):
++"""Ensure //evil.co/..%2f../../X does not put //evil.co/ in Location.
++
++//netloc/ in a Location header is a redirect to a new host.
++https://github.com/python/cpython/issues/87389
++
++This checks that a path resolving to a directory on our server cannot
++resolve into a redirect to another server.
++"""
++os.mkdir(os.path.join(self.tempdir, 'existing_directory'))
++url = 
f'/python.org/..%2f..%2f..%2f..%2f..%2f../%0a%0d/../{self.tempdir_name}/existing_directory'
++expected_location = f'{url}/'  # /python.org.../ single slash single 
prefix, trailing slash
++# Canonicalizes to /tmp/tempdir_name/existing_directory which does
++# exist and is a dir, triggering the 301 redirect logic.
++response = self.request(url)
++self.check_status_and_reason(response, HTTPStatus.MOVED_PERMANENTLY)
++location = response.getheader('Location')
++self.assertEqual(location, expected_location, msg='non-attack 
failed!')
++
++# //python.org... multi-slash prefix, no trailing slash
++attack_url = f'/{url}'
++response = se

Re: [OE-core] [PATCH v10] Rust Oe-Selftest implementation

[Richard Purdie]

On Wed, 2022-09-07 at 20:34 +0530, pgowda cve wrote:
> Hi Richard,
> 
> Thanks for pointing this out and your help in improving the patch.
> I am using an Ubuntu-18.04 machine and am not able to see the error.
> 
> > > Something is mangling spaces in your patch. There shouldn't be tabs here.
> Fixed.
> 
> > > I think this can be merged with the RustSelfTestBase class as I don't
> Merged.
> 
> > > If we want to change grammar, it should be in a separate patch.
> Removed it.

Thanks for tweaking these.

> 
> > > addtask do_test_compile after do_configure do_rust_gen_targets
> > > put that alongside the task definition.
> Added along with addtask definition.

I clearly wasn't clear enough!

It should be next to where the task is defined in rust_1.63.0.bb, i.e.
alongside the do_test_compile task definition itself.

Cheers,

Richard



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170422): 
https://lists.openembedded.org/g/openembedded-core/message/170422
Mute This Topic: https://lists.openembedded.org/mt/93454351/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH v10] Rust Oe-Selftest implementation

[Pgowda]

Hi Richard,

Thanks for pointing this out and your help in improving the patch.
I am using an Ubuntu-18.04 machine and am not able to see the error.

>> Something is mangling spaces in your patch. There shouldn't be tabs here.
Fixed.

>> I think this can be merged with the RustSelfTestBase class as I don't
Merged.

>> If we want to change grammar, it should be in a separate patch.
Removed it.

>> addtask do_test_compile after do_configure do_rust_gen_targets
>> put that alongside the task definition.
Added along with addtask definition.

Please find the patch posted with all the above modifications as :-
https://lists.openembedded.org/g/openembedded-core/message/170420

Thanks,
Pgowda

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170421): 
https://lists.openembedded.org/g/openembedded-core/message/170421
Mute This Topic: https://lists.openembedded.org/mt/93454351/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH v11] Rust Oe-Selftest implementation

[Pgowda]

From: pgowda 

The patch implements Rust testing framework similar to other selftest,
specifically the gcc selftest in OE. It uses the client and server
based method to test the binaries for cross-target on the image.
The test framework is a wrapper around the Rust build system as ./x.py
test. It tests many functionalities of Rust distribution like tools,
documentation, libraries, packages, tools, Cargo, Crater etc.
Please refer the following link for detailed description of Rust
testing:-
https://rustc-dev-guide.rust-lang.org/tests/intro.html#tool-tests

To support the rust tests in oe-core, the following functions were
added:-
setup_cargo_environment(): Build bootstrap and some early stage tools.
do_rust_setup_snapshot(): Install the snapshot version of rust binaries.
do_configure(): To generate config.toml
do_compile(): To build "remote-test-server" for qemu target image.

Approximate Number of Tests Run in the Rust Testsuite :- 18000
Approximate Number of Tests that FAIL in bitbake environment :- 100-150
Normally majority of the testcases are present in major folder "test/"
It contributes to more than 80% of the testcases present in Rust test
framework. These tests pass as expected on any Rust versions without
much fuss. The tests that fail are of less important and contribute to
less than 2% of the total testcases. These minor tests are observed to
work on some versions and fail on others. They have to be added, ignored
or excluded for different versions as per the behavior.
These tests have been ignored or excluded in the Rust selftest
environment to generate success of completing the testsuite.

These tests work in parallel mode even in the skipped test mode as
expected. Although the patch to disable tests is large, it is very simple
in that it only disables tests. When updating to a newer version of Rust,
the patch can usually be ported in a day.

Signed-off-by: pgowda 
Signed-off-by: Vinay Kumar 
---
 meta/lib/oeqa/selftest/cases/rust.py  |  54 ++
 meta/recipes-devtools/rust/rust-source.inc|   3 +-
 meta/recipes-devtools/rust/rust.inc   |   1 +
 .../rust/rust/rust-oe-selftest.patch  | 508 ++
 meta/recipes-devtools/rust/rust_1.63.0.bb |   5 +
 5 files changed, 570 insertions(+), 1 deletion(-)
 create mode 100644 meta/lib/oeqa/selftest/cases/rust.py
 create mode 100644 meta/recipes-devtools/rust/rust/rust-oe-selftest.patch

diff --git a/meta/lib/oeqa/selftest/cases/rust.py 
b/meta/lib/oeqa/selftest/cases/rust.py
new file mode 100644
index 00..e06ddaa6d7
--- /dev/null
+++ b/meta/lib/oeqa/selftest/cases/rust.py
@@ -0,0 +1,54 @@
+# SPDX-License-Identifier: MIT
+import os
+import subprocess
+from oeqa.core.decorator import OETestTag
+from oeqa.core.case import OEPTestResultTestCase
+from oeqa.selftest.case import OESelftestTestCase
+from oeqa.utils.commands import runCmd, bitbake, get_bb_var, get_bb_vars, 
runqemu, Command
+from oeqa.utils.sshcontrol import SSHControl
+
+# Total time taken for testing is of about 2hr 20min, with PARALLEL_MAKE set 
to 40 number of jobs.
+class RustSelfTestSystemEmulated(OESelftestTestCase, OEPTestResultTestCase):
+def test_rust(self, *args, **kwargs):
+# build remote-test-server before image build
+recipe = "rust"
+bitbake("{} -c test_compile".format(recipe))
+builddir = get_bb_var("RUSTSRC", "rust")
+# build core-image-minimal with required packages
+default_installed_packages = ["libgcc", "libstdc++", "libatomic", 
"libgomp"]
+features = []
+features.append('IMAGE_FEATURES += "ssh-server-openssh"')
+features.append('CORE_IMAGE_EXTRA_INSTALL += "{0}"'.format(" 
".join(default_installed_packages)))
+self.write_config("\n".join(features))
+bitbake("core-image-minimal")
+# wrap the execution with a qemu instance.
+# Tests are run with 512 tasks in parallel to execute all tests very 
quickly
+with runqemu("core-image-minimal", runqemuparams = "nographic", 
qemuparams = "-m 512") as qemu:
+# Copy remote-test-server to image through scp
+ssh = SSHControl(ip=qemu.ip, logfile=qemu.sshlog, user="root")
+ssh.copy_to(builddir + "/" + 
"build/x86_64-unknown-linux-gnu/stage1-tools-bin/remote-test-server","~/")
+# Execute remote-test-server on image through background ssh
+command = '~/remote-test-server -v remote'
+sshrun=subprocess.Popen(("ssh", '-o',  
'UserKnownHostsFile=/dev/null', '-o',  'StrictHostKeyChecking=no', '-f', 
"root@%s" % qemu.ip, command), shell=False, stdout=subprocess.PIPE, 
stderr=subprocess.PIPE)
+# Get the values of variables.
+tcpath = get_bb_var("TARGET_SYS", "rust")
+targetsys = get_bb_var("RUST_TARGET_SYS", "rust")
+rustlibpath = get_bb_var("WORKDIR", "rust")
+tmpdir = get_bb_var("TMPDIR", "rust")
+
+# Exclude the test folders that error out whil

[OE-core][kirkstone 24/24] npm: use npm_registry to cache package

[Steve Sakoman]

From: Enrico Scholz 

With nodejs 16, the simple 'npm cache add' approach does not work
anymore because its fetcher implementation downloads also meta
information from the registry.

We have to generate these information and add them to the cache.
There is no direct support in 'npm' for task so we have to implement
it manually.

This implementation consists of a openembedded python module (in
oe-core) and a nodejs version specific helper (in oe-meta).

Signed-off-by: Enrico Scholz 
Signed-off-by: Richard Purdie 
(cherry picked from commit 019b9c341d539939098962c228c1fd5c99331312)
Signed-off-by: Steve Sakoman 
---
 meta/classes/npm.bbclass | 15 +--
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/meta/classes/npm.bbclass b/meta/classes/npm.bbclass
index 11c80a738e..8379c7b988 100644
--- a/meta/classes/npm.bbclass
+++ b/meta/classes/npm.bbclass
@@ -19,7 +19,7 @@
 
 inherit python3native
 
-DEPENDS:prepend = "nodejs-native "
+DEPENDS:prepend = "nodejs-native nodejs-oe-cache-native "
 RDEPENDS:${PN}:append:class-target = " nodejs"
 
 EXTRA_OENPM = ""
@@ -46,6 +46,7 @@ NPM_ARCH ?= "${@npm_target_arch_map(d.getVar("TARGET_ARCH"))}"
 NPM_PACKAGE = "${WORKDIR}/npm-package"
 NPM_CACHE = "${WORKDIR}/npm-cache"
 NPM_BUILD = "${WORKDIR}/npm-build"
+NPM_REGISTRY = "${WORKDIR}/npm-registry"
 
 def npm_global_configs(d):
 """Get the npm global configuration"""
@@ -109,16 +110,18 @@ python npm_do_configure() {
 from bb.fetch2.npm import npm_unpack
 from bb.fetch2.npmsw import foreach_dependencies
 from bb.progress import OutOfProgressHandler
+from oe.npm_registry import NpmRegistry
 
 bb.utils.remove(d.getVar("NPM_CACHE"), recurse=True)
 bb.utils.remove(d.getVar("NPM_PACKAGE"), recurse=True)
 
 env = NpmEnvironment(d, configs=npm_global_configs(d))
+registry = NpmRegistry(d.getVar('NPM_REGISTRY'), d.getVar('NPM_CACHE'))
 
-def _npm_cache_add(tarball):
-"""Run 'npm cache add' for a specified tarball"""
-cmd = "npm cache add %s" % shlex.quote(tarball)
-env.run(cmd)
+def _npm_cache_add(tarball, pkg):
+"""Add tarball to local registry and register it in the
+   cache"""
+registry.add_pkg(tarball, pkg)
 
 def _npm_integrity(tarball):
 """Return the npm integrity of a specified tarball"""
@@ -182,7 +185,7 @@ python npm_do_configure() {
 # Add the dependency to the npm cache
 destdir = os.path.join(d.getVar("S"), destsuffix)
 (tarball, pkg) = npm_pack(env, destdir, tmpdir)
-_npm_cache_add(tarball)
+_npm_cache_add(tarball, pkg)
 # Add its signature to the cached shrinkwrap
 dep = _npmsw_dependency_dict(cached_shrinkwrap, deptree)
 dep["version"] = pkg['version']
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170419): 
https://lists.openembedded.org/g/openembedded-core/message/170419
Mute This Topic: https://lists.openembedded.org/mt/93525927/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 19/24] kernel-fitimage.bbclass: add padding algorithm property in config nodes

[Steve Sakoman]

From: LUIS ENRIQUEZ 

This allows choosing padding algorithm when building fitImage. It may be 
pkcs-1.5 or pss.

Signed-off-by: LUIS ENRIQUEZ 
Signed-off-by: Alexandre Belloni 
(cherry picked from commit 29d5336c728b28890bbaadebf0ccff00ad90a64d)
Signed-off-by: Ming Liu 
Signed-off-by: Steve Sakoman 
---
 meta/classes/kernel-fitimage.bbclass | 2 ++
 meta/classes/uboot-sign.bbclass  | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/meta/classes/kernel-fitimage.bbclass 
b/meta/classes/kernel-fitimage.bbclass
index 7b16633f6f..983392c23a 100644
--- a/meta/classes/kernel-fitimage.bbclass
+++ b/meta/classes/kernel-fitimage.bbclass
@@ -346,6 +346,7 @@ fitimage_emit_section_config() {
 
conf_csum="${FIT_HASH_ALG}"
conf_sign_algo="${FIT_SIGN_ALG}"
+   conf_padding_algo="${FIT_PAD_ALG}"
if [ "${UBOOT_SIGN_ENABLE}" = "1" ] ; then
conf_sign_keyname="${UBOOT_SIGN_KEYNAME}"
fi
@@ -465,6 +466,7 @@ EOF
 signature-1 {
 algo = "$conf_csum,$conf_sign_algo";
 key-name-hint = "$conf_sign_keyname";
+padding = "$conf_padding_algo";
 $sign_line
 };
 EOF
diff --git a/meta/classes/uboot-sign.bbclass b/meta/classes/uboot-sign.bbclass
index 31ffe1f472..eecdec9160 100644
--- a/meta/classes/uboot-sign.bbclass
+++ b/meta/classes/uboot-sign.bbclass
@@ -73,6 +73,9 @@ UBOOT_FIT_HASH_ALG ?= "sha256"
 FIT_SIGN_ALG ?= "rsa2048"
 UBOOT_FIT_SIGN_ALG ?= "rsa2048"
 
+# Kernel / U-Boot fitImage Padding Algo
+FIT_PAD_ALG ?= "pkcs-1.5"
+
 # Generate keys for signing Kernel / U-Boot fitImage
 FIT_GENERATE_KEYS ?= "0"
 UBOOT_FIT_GENERATE_KEYS ?= "0"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170414): 
https://lists.openembedded.org/g/openembedded-core/message/170414
Mute This Topic: https://lists.openembedded.org/mt/93525920/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 15/24] bitbake.conf: set BB_DEFAULT_UMASK using ??=

[Steve Sakoman]

From: Rasmus Villemoes 

Currently, there's no way for the user's site.conf, local.conf or
similar to set BB_DEFAULT_UMASK, because those files are included by
bitbake.conf prior to the unconditional assignment of
BB_DEFAULT_UMASK. To make that possible, use a weak default assignment
instead. This is also consistent with most other variable assignments
in the lower half of bitbake.conf.

I believe the risk of a regression is very small; it would require
something like somebody having a definition of BB_DEFAULT_UMASK in a
local configuration file, and having been relying on that _not_ taking
effect.

Signed-off-by: Rasmus Villemoes 
Signed-off-by: Luca Ceresoli 
(cherry picked from commit e3dbded499f0bd1e71abb0650ae98fd9ade94250)
Signed-off-by: Steve Sakoman 
---
 meta/conf/bitbake.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf
index 2a3cf6f8aa..516a30c963 100644
--- a/meta/conf/bitbake.conf
+++ b/meta/conf/bitbake.conf
@@ -924,7 +924,7 @@ SHELL[unexport] = "1"
 TRANSLATED_TARGET_ARCH ??= "${@d.getVar('TARGET_ARCH').replace("_", "-")}"
 
 # Set a default umask to use for tasks for determinism
-BB_DEFAULT_UMASK = "022"
+BB_DEFAULT_UMASK ??= "022"
 
 # Complete output from bitbake
 BB_CONSOLELOG ?= "${LOG_DIR}/cooker/${MACHINE}/${DATETIME}.log"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170410): 
https://lists.openembedded.org/g/openembedded-core/message/170410
Mute This Topic: https://lists.openembedded.org/mt/93525916/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 22/24] npm: take 'version' directly from 'package.json'

[Steve Sakoman]

From: Enrico Scholz 

We know the content of 'package.json' from earlier patches; there is
no need to parse the tarball name to extract the version.

Signed-off-by: Enrico Scholz 
Signed-off-by: Richard Purdie 
(cherry picked from commit f553e528e76f7e3925ed1c0950d96e73aec37da9)
Signed-off-by: Steve Sakoman 
---
 meta/classes/npm.bbclass | 7 +--
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/meta/classes/npm.bbclass b/meta/classes/npm.bbclass
index 014f793450..11c80a738e 100644
--- a/meta/classes/npm.bbclass
+++ b/meta/classes/npm.bbclass
@@ -125,11 +125,6 @@ python npm_do_configure() {
 sha512 = bb.utils.sha512_file(tarball)
 return "sha512-" + base64.b64encode(bytes.fromhex(sha512)).decode()
 
-def _npm_version(tarball):
-"""Return the version of a specified tarball"""
-regex = r"-(\d+\.\d+\.\d+(-.*)?(\+.*)?)\.tgz"
-return re.search(regex, tarball).group(1)
-
 def _npmsw_dependency_dict(orig, deptree):
 """
 Return the sub dictionary in the 'orig' dictionary corresponding to the
@@ -190,7 +185,7 @@ python npm_do_configure() {
 _npm_cache_add(tarball)
 # Add its signature to the cached shrinkwrap
 dep = _npmsw_dependency_dict(cached_shrinkwrap, deptree)
-dep["version"] = _npm_version(tarball)
+dep["version"] = pkg['version']
 dep["integrity"] = _npm_integrity(tarball)
 if params.get("dev", False):
 dep["dev"] = True
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170417): 
https://lists.openembedded.org/g/openembedded-core/message/170417
Mute This Topic: https://lists.openembedded.org/mt/93525925/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 23/24] lib:npm_registry: initial checkin

[Steve Sakoman]

From: Enrico Scholz 

Helper module to:

- generate meta information from package.json content.  This data has
  a format as provided by https://registry.npmjs.org

- put this meta information and the corresponding tarball in the
  nodejs cache.  This uses an external, nodejs version specific helper
  script (oe-npm-cache) shipped in oe-meta

To avoid further nodejs version dependencies, future versions of this
module might omit the caching completely and serve meta information
and tarball by an http server.

Signed-off-by: Enrico Scholz 
Signed-off-by: Richard Purdie 
(cherry picked from commit 6cd5886ad05fee704e8a5892bd370c360c8c3b54)
Signed-off-by: Steve Sakoman 
---
 meta/lib/oe/npm_registry.py | 169 
 1 file changed, 169 insertions(+)
 create mode 100644 meta/lib/oe/npm_registry.py

diff --git a/meta/lib/oe/npm_registry.py b/meta/lib/oe/npm_registry.py
new file mode 100644
index 00..96c0affb45
--- /dev/null
+++ b/meta/lib/oe/npm_registry.py
@@ -0,0 +1,169 @@
+import bb
+import json
+import subprocess
+
+_ALWAYS_SAFE = frozenset('ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+ 'abcdefghijklmnopqrstuvwxyz'
+ '0123456789'
+ '_.-~')
+
+MISSING_OK = object()
+
+REGISTRY = "https://registry.npmjs.org";
+
+# we can not use urllib.parse here because npm expects lowercase
+# hex-chars but urllib generates uppercase ones
+def uri_quote(s, safe = '/'):
+res = ""
+safe_set = set(safe)
+for c in s:
+if c in _ALWAYS_SAFE or c in safe_set:
+res += c
+else:
+res += '%%%02x' % ord(c)
+return res
+
+class PackageJson:
+def __init__(self, spec):
+self.__spec = spec
+
+@property
+def name(self):
+return self.__spec['name']
+
+@property
+def version(self):
+return self.__spec['version']
+
+@property
+def empty_manifest(self):
+return {
+'name': self.name,
+'description': self.__spec.get('description', ''),
+'versions': {},
+}
+
+def base_filename(self):
+return uri_quote(self.name, safe = '@')
+
+def as_manifest_entry(self, tarball_uri):
+res = {}
+
+## NOTE: 'npm install' requires more than basic meta information;
+## e.g. it takes 'bin' from this manifest entry but not the actual
+## 'package.json'
+for (idx,dflt) in [('name', None),
+   ('description', ""),
+   ('version', None),
+   ('bin', MISSING_OK),
+   ('man', MISSING_OK),
+   ('scripts', MISSING_OK),
+   ('directories', MISSING_OK),
+   ('dependencies', MISSING_OK),
+   ('devDependencies', MISSING_OK),
+   ('optionalDependencies', MISSING_OK),
+   ('license', "unknown")]:
+if idx in self.__spec:
+res[idx] = self.__spec[idx]
+elif dflt == MISSING_OK:
+pass
+elif dflt != None:
+res[idx] = dflt
+else:
+raise Exception("%s-%s: missing key %s" % (self.name,
+   self.version,
+   idx))
+
+res['dist'] = {
+'tarball': tarball_uri,
+}
+
+return res
+
+class ManifestImpl:
+def __init__(self, base_fname, spec):
+self.__base = base_fname
+self.__spec = spec
+
+def load(self):
+try:
+with open(self.filename, "r") as f:
+res = json.load(f)
+except IOError:
+res = self.__spec.empty_manifest
+
+return res
+
+def save(self, meta):
+with open(self.filename, "w") as f:
+json.dump(meta, f, indent = 2)
+
+@property
+def filename(self):
+return self.__base + ".meta"
+
+class Manifest:
+def __init__(self, base_fname, spec):
+self.__base = base_fname
+self.__spec = spec
+self.__lockf = None
+self.__impl = None
+
+def __enter__(self):
+self.__lockf = bb.utils.lockfile(self.__base + ".lock")
+self.__impl  = ManifestImpl(self.__base, self.__spec)
+return self.__impl
+
+def __exit__(self, exc_type, exc_val, exc_tb):
+bb.utils.unlockfile(self.__lockf)
+
+class NpmCache:
+def __init__(self, cache):
+self.__cache = cache
+
+@property
+def path(self):
+return self.__cache
+
+def run(self, type, key, fname):
+subprocess.run(['oe-npm-cache', self.__cache, type, key, fname],
+   check = True)
+
+class NpmRegistry:
+def __init__(self, path, cache):
+self.__path = path
+self.__cache = NpmCache(cache + '/_cacache')
+  

[OE-core][kirkstone 21/24] npm: return content of 'package.json' in 'npm_pack'

[Steve Sakoman]

From: Enrico Scholz 

We have to read 'package.json' to calculate the name of the tarball.
This content is interesting for later patches.

Signed-off-by: Enrico Scholz 
Signed-off-by: Richard Purdie 
(cherry picked from commit d67367e389c492ae90f9021066d6a4d5ebcf68e5)
Signed-off-by: Steve Sakoman 
---
 meta/classes/npm.bbclass | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/meta/classes/npm.bbclass b/meta/classes/npm.bbclass
index 91f8f36b0d..014f793450 100644
--- a/meta/classes/npm.bbclass
+++ b/meta/classes/npm.bbclass
@@ -86,7 +86,7 @@ def npm_pack(env, srcdir, workdir):
 '.'],
check = True, cwd = srcdir)
 
-return tarball
+return (tarball, j)
 
 python npm_do_configure() {
 """
@@ -186,7 +186,7 @@ python npm_do_configure() {
 with tempfile.TemporaryDirectory() as tmpdir:
 # Add the dependency to the npm cache
 destdir = os.path.join(d.getVar("S"), destsuffix)
-tarball = npm_pack(env, destdir, tmpdir)
+(tarball, pkg) = npm_pack(env, destdir, tmpdir)
 _npm_cache_add(tarball)
 # Add its signature to the cached shrinkwrap
 dep = _npmsw_dependency_dict(cached_shrinkwrap, deptree)
@@ -207,7 +207,7 @@ python npm_do_configure() {
 
 # Configure the main package
 with tempfile.TemporaryDirectory() as tmpdir:
-tarball = npm_pack(env, d.getVar("S"), tmpdir)
+(tarball, _) = npm_pack(env, d.getVar("S"), tmpdir)
 npm_unpack(tarball, d.getVar("NPM_PACKAGE"), d)
 
 # Configure the cached manifest file and cached shrinkwrap file
@@ -280,7 +280,7 @@ python npm_do_compile() {
 args.append(("build-from-source", "true"))
 
 # Pack and install the main package
-tarball = npm_pack(env, d.getVar("NPM_PACKAGE"), tmpdir)
+(tarball, _) = npm_pack(env, d.getVar("NPM_PACKAGE"), tmpdir)
 cmd = "npm install %s %s" % (shlex.quote(tarball), 
d.getVar("EXTRA_OENPM"))
 env.run(cmd, args=args)
 }
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170416): 
https://lists.openembedded.org/g/openembedded-core/message/170416
Mute This Topic: https://lists.openembedded.org/mt/93525923/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 18/24] meta: introduce UBOOT_MKIMAGE_KERNEL_TYPE

[Steve Sakoman]

From: Ming Liu 

Sometimes an end user might want to choose another kernel type argument
for uboot-mkimage other than "kernel", for instance: "kernel_noload".

Let's introduce a variable UBOOT_MKIMAGE_KERNEL_TYPE to support that,
and it could be used by BSP layers as well.

(From OE-Core rev: e288686e97de1265eeeaf452141e1473867efb1b)

Signed-off-by: Ming Liu 
Signed-off-by: Alexandre Belloni 
Signed-off-by: Richard Purdie 
(cherry picked from commit 4eb7bbcc2f08b25387a15b7e4a89ef199783c973)
Signed-off-by: Ming Liu 
Signed-off-by: Steve Sakoman 
---
 meta/classes/kernel-fitimage.bbclass | 2 +-
 meta/classes/kernel-uboot.bbclass| 3 +++
 meta/classes/kernel-uimage.bbclass   | 2 +-
 meta/lib/oeqa/selftest/cases/fitimage.py | 4 +++-
 4 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/meta/classes/kernel-fitimage.bbclass 
b/meta/classes/kernel-fitimage.bbclass
index 56d71ba8fa..7b16633f6f 100644
--- a/meta/classes/kernel-fitimage.bbclass
+++ b/meta/classes/kernel-fitimage.bbclass
@@ -148,7 +148,7 @@ fitimage_emit_section_kernel() {
 kernel-$2 {
 description = "Linux kernel";
 data = /incbin/("$3");
-type = "kernel";
+type = "${UBOOT_MKIMAGE_KERNEL_TYPE}";
 arch = "${UBOOT_ARCH}";
 os = "linux";
 compression = "$4";
diff --git a/meta/classes/kernel-uboot.bbclass 
b/meta/classes/kernel-uboot.bbclass
index 2facade818..1bc98e042d 100644
--- a/meta/classes/kernel-uboot.bbclass
+++ b/meta/classes/kernel-uboot.bbclass
@@ -2,6 +2,9 @@
 FIT_KERNEL_COMP_ALG ?= "gzip"
 FIT_KERNEL_COMP_ALG_EXTENSION ?= ".gz"
 
+# Kernel image type passed to mkimage (i.e. kernel kernel_noload...)
+UBOOT_MKIMAGE_KERNEL_TYPE ?= "kernel"
+
 uboot_prep_kimage() {
if [ -e arch/${ARCH}/boot/compressed/vmlinux ]; then
vmlinux_path="arch/${ARCH}/boot/compressed/vmlinux"
diff --git a/meta/classes/kernel-uimage.bbclass 
b/meta/classes/kernel-uimage.bbclass
index cedb4fa070..2e661ea916 100644
--- a/meta/classes/kernel-uimage.bbclass
+++ b/meta/classes/kernel-uimage.bbclass
@@ -30,6 +30,6 @@ do_uboot_mkimage() {
awk '$3=="${UBOOT_ENTRYSYMBOL}" {print "0x"$1;exit}'`
fi
 
-   uboot-mkimage -A ${UBOOT_ARCH} -O linux -T kernel -C "${linux_comp}" -a 
${UBOOT_LOADADDRESS} -e $ENTRYPOINT -n "${DISTRO_NAME}/${PV}/${MACHINE}" -d 
linux.bin ${B}/arch/${ARCH}/boot/uImage
+   uboot-mkimage -A ${UBOOT_ARCH} -O linux -T ${UBOOT_MKIMAGE_KERNEL_TYPE} 
-C "${linux_comp}" -a ${UBOOT_LOADADDRESS} -e $ENTRYPOINT -n 
"${DISTRO_NAME}/${PV}/${MACHINE}" -d linux.bin ${B}/arch/${ARCH}/boot/uImage
rm -f linux.bin
 }
diff --git a/meta/lib/oeqa/selftest/cases/fitimage.py 
b/meta/lib/oeqa/selftest/cases/fitimage.py
index e6bfd1257e..d732a9020d 100644
--- a/meta/lib/oeqa/selftest/cases/fitimage.py
+++ b/meta/lib/oeqa/selftest/cases/fitimage.py
@@ -738,6 +738,7 @@ UBOOT_LOADADDRESS = "0x8000"
 UBOOT_DTB_LOADADDRESS = "0x8200"
 UBOOT_ARCH = "arm"
 UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb -p 2000"
+UBOOT_MKIMAGE_KERNEL_TYPE = "kernel"
 UBOOT_EXTLINUX = "0"
 FIT_GENERATE_KEYS = "1"
 KERNEL_IMAGETYPE_REPLACEMENT = "zImage"
@@ -763,6 +764,7 @@ FIT_HASH_ALG = "sha256"
 
 kernel_load = str(get_bb_var('UBOOT_LOADADDRESS'))
 kernel_entry = str(get_bb_var('UBOOT_ENTRYPOINT'))
+kernel_type = str(get_bb_var('UBOOT_MKIMAGE_KERNEL_TYPE'))
 kernel_compression = str(get_bb_var('FIT_KERNEL_COMP_ALG'))
 uboot_arch = str(get_bb_var('UBOOT_ARCH'))
 fit_hash_alg = str(get_bb_var('FIT_HASH_ALG'))
@@ -775,7 +777,7 @@ FIT_HASH_ALG = "sha256"
 'kernel-1 {',
 'description = "Linux kernel";',
 'data = /incbin/("linux.bin");',
-'type = "kernel";',
+'type = "' + kernel_type + '";',
 'arch = "' + uboot_arch + '";',
 'os = "linux";',
 'compression = "' + kernel_compression + '";',
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170413): 
https://lists.openembedded.org/g/openembedded-core/message/170413
Mute This Topic: https://lists.openembedded.org/mt/93525919/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 17/24] scripts/runqemu.README: fix typos and trailing whitespaces

[Steve Sakoman]

From: Ulrich Ölmann 

Signed-off-by: Ulrich Ölmann 
Signed-off-by: Richard Purdie 
(cherry picked from commit 217b00d378f359689613ca4c0666bb2eed040f69)
Signed-off-by: Steve Sakoman 
---
 scripts/runqemu.README | 16 
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/scripts/runqemu.README b/scripts/runqemu.README
index da9abd7dfb..e5f4b4634c 100644
--- a/scripts/runqemu.README
+++ b/scripts/runqemu.README
@@ -1,12 +1,12 @@
 Using OE images with QEMU
 =
 
-OE-Core can generate qemu bootable kernels and images with can be used 
+OE-Core can generate qemu bootable kernels and images which can be used
 on a desktop system. The scripts currently support booting ARM, MIPS, PowerPC
-and x86 (32 and 64 bit) images. The scripts can be used within the OE build 
-system or externaly.
+and x86 (32 and 64 bit) images. The scripts can be used within the OE build
+system or externally.
 
-The runqemu script is run as: 
+The runqemu script is run as:
 
runqemu   
 
@@ -15,13 +15,13 @@ where:
 is the machine/architecture to use 
(qemuarm/qemumips/qemuppc/qemux86/qemux86-64)
 is the path to a kernel (e.g. zimage-qemuarm.bin)
 is the path to an ext2 image (e.g. filesystem-qemuarm.ext2) or 
an nfs directory
-   
-If  isn't specified, the script will try to detect the machine name 
+
+If  isn't specified, the script will try to detect the machine name
 from the name of the  file.
 
 If  isn't specified, nfs booting will be assumed.
 
-When used within the build system, it will default to qemuarm, ext2 and the 
last kernel and 
+When used within the build system, it will default to qemuarm, ext2 and the 
last kernel and
 core-image-sato-sdk image built by the build system. If an sdk image isn't 
present it will look
 for sato and minimal images.
 
@@ -31,7 +31,7 @@ Full usage instructions can be seen by running the command 
with no options speci
 Notes
 =
 
- - The scripts run qemu using sudo. Change perms on /dev/net/tun to 
+ - The scripts run qemu using sudo. Change perms on /dev/net/tun to
run as non root. The runqemu-gen-tapdevs script can also be used by
root to prepopulate the appropriate network devices.
  - You can access the host computer at 192.168.7.1 within the image.
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170412): 
https://lists.openembedded.org/g/openembedded-core/message/170412
Mute This Topic: https://lists.openembedded.org/mt/93525918/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 14/24] apr: Cache configure tests which use AC_TRY_RUN

[Steve Sakoman]

From: Khem Raj 

AC_TRY_RUN macro means the test needs to run to find the result and we
are cross compiling so this will always get wrong results, this results
in miscompiling apache2 on musl because it disables rlimit
(ac_cv_struct_rlimit) wrongly.

All these variables are determined with AC_TRY_RUN checks

Signed-off-by: Khem Raj 
Signed-off-by: Luca Ceresoli 
(cherry picked from commit 504eb0ff1cae200ee85ec18ebae564cae9bf9c8c)
Signed-off-by: Steve Sakoman 
---
 ...-runtime-test-for-mmap-that-can-map-.patch | 62 +++
 meta/recipes-support/apr/apr_1.7.0.bb | 15 -
 2 files changed, 75 insertions(+), 2 deletions(-)
 create mode 100644 
meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch

diff --git 
a/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch
 
b/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch
new file mode 100644
index 00..fa6202da79
--- /dev/null
+++ 
b/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch
@@ -0,0 +1,62 @@
+From ee728971fd9d2da39356f1574d58d5daa3b24520 Mon Sep 17 00:00:00 2001
+From: Khem Raj 
+Date: Fri, 26 Aug 2022 00:28:08 -0700
+Subject: [PATCH] configure: Remove runtime test for mmap that can map
+ /dev/zero
+
+This never works for cross-compile moreover it ends up disabling
+ac_cv_file__dev_zero which then results in compiler errors in shared
+mutexes
+
+Upstream-Status: Inappropriate [Cross-compile specific]
+Signed-off-by: Khem Raj 
+---
+ configure.in | 32 
+ 1 file changed, 32 deletions(-)
+
+diff --git a/configure.in b/configure.in
+index a99049d..f1f55c7 100644
+--- a/configure.in
 b/configure.in
+@@ -1182,38 +1182,6 @@ AC_CHECK_FUNCS([mmap munmap shm_open shm_unlink shmget 
shmat shmdt shmctl \
+ APR_CHECK_DEFINE(MAP_ANON, sys/mman.h)
+ AC_CHECK_FILE(/dev/zero)
+ 
+-# Not all systems can mmap /dev/zero (such as HP-UX).  Check for that.
+-if test "$ac_cv_func_mmap" = "yes" &&
+-   test "$ac_cv_file__dev_zero" = "yes"; then
+-AC_MSG_CHECKING(for mmap that can map /dev/zero)
+-AC_TRY_RUN([
+-#include 
+-#include 
+-#include 
+-#ifdef HAVE_SYS_MMAN_H
+-#include 
+-#endif
+-int main()
+-{
+-int fd;
+-void *m;
+-fd = open("/dev/zero", O_RDWR);
+-if (fd < 0) {
+-return 1;
+-}
+-m = mmap(0, sizeof(void*), PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
+-if (m == (void *)-1) {  /* aka MAP_FAILED */
+-return 2;
+-}
+-if (munmap(m, sizeof(void*)) < 0) {
+-return 3;
+-}
+-return 0;
+-}], [], [ac_cv_file__dev_zero=no], [ac_cv_file__dev_zero=no])
+-
+-AC_MSG_RESULT($ac_cv_file__dev_zero)
+-fi
+-
+ # Now we determine which one is our anonymous shmem preference.
+ haveshmgetanon="0"
+ havemmapzero="0"
+-- 
+2.37.2
+
diff --git a/meta/recipes-support/apr/apr_1.7.0.bb 
b/meta/recipes-support/apr/apr_1.7.0.bb
index 07bf61545e..cb4bb936d7 100644
--- a/meta/recipes-support/apr/apr_1.7.0.bb
+++ b/meta/recipes-support/apr/apr_1.7.0.bb
@@ -25,6 +25,7 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.bz2 \
file://0001-Add-option-to-disable-timed-dependant-tests.patch \
file://autoconf270.patch \
file://0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch \
+   
file://0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch \
file://CVE-2021-35940.patch \
"
 
@@ -37,12 +38,22 @@ OE_BINCONFIG_EXTRA_MANGLE = " -e 
's:location=source:location=installed:'"
 
 # Added to fix some issues with cmake. Refer to 
https://github.com/bmwcarit/meta-ros/issues/68#issuecomment-19896928
 CACHED_CONFIGUREVARS += "apr_cv_mutex_recursive=yes"
-
+# Enable largefile
+CACHED_CONFIGUREVARS += "apr_cv_use_lfs64=yes"
+# Additional AC_TRY_RUN tests which will need to be cached for cross compile
+CACHED_CONFIGUREVARS += "apr_cv_epoll=yes epoll_create1=yes 
apr_cv_sock_cloexec=yes \
+ac_cv_struct_rlimit=yes \
+ac_cv_func_sem_open=yes \
+apr_cv_process_shared_works=yes \
+apr_cv_mutex_robust_shared=yes \
+"
 # Also suppress trying to use sctp.
 #
 CACHED_CONFIGUREVARS += "ac_cv_header_netinet_sctp_h=no 
ac_cv_header_netinet_sctp_uio_h=no"
 
-CACHED_CONFIGUREVARS += "ac_cv_sizeof_struct_iovec=yes"
+# ac_cv_sizeof_struct_iovec is deduced using runtime check which will fail 
during cross-compile
+CACHED_CONFIGUREVARS += 
"${@['ac_cv_sizeof_struct_iovec=16','ac_cv_sizeof_struct_iovec=8'][d.getVar('SITEINFO_BITS')
 != '32']}"
+
 CACHED_CONFIGUREVARS += "ac_cv_file__dev_zero=yes"
 
 CACHED_CONFIGUREVARS:append:libc-musl = " ac_cv_strerror_r_rc_int=yes"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170409): 
https://lists.openembedded.org/g/openembedded-core/message/170409
Mute This Topic: ht

[OE-core][kirkstone 16/24] pseudo: Update to include recent upstream minor fixes

[Steve Sakoman]

From: Richard Purdie 

Pull in some minor fixes:

 pseudo_util: Silence symlink errors and fix resolution bug
 ports/linux: Remove build dependency on libattr
 Minor build fixes
 pseudo_util: Fix resolving relative paths from "/"

Signed-off-by: Richard Purdie 
(cherry picked from commit c57d0c57d00cdef622dab3bf783a10d52f8d9ffb)
Signed-off-by: Steve Sakoman 
---
 meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb 
b/meta/recipes-devtools/pseudo/pseudo_git.bb
index e7ef6a730c..c34580b4ff 100644
--- a/meta/recipes-devtools/pseudo/pseudo_git.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_git.bb
@@ -13,7 +13,7 @@ SRC_URI:append:class-nativesdk = " \
 file://older-glibc-symbols.patch"
 SRC_URI[prebuilt.sha256sum] = 
"ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa"
 
-SRCREV = "2b4b88eb513335b0ece55fe51854693d9b20de35"
+SRCREV = "c9670c27ff67ab899007ce749254b16091577e55"
 S = "${WORKDIR}/git"
 PV = "1.9.0+git${SRCPV}"
 
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170411): 
https://lists.openembedded.org/g/openembedded-core/message/170411
Mute This Topic: https://lists.openembedded.org/mt/93525917/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 20/24] npm: replace 'npm pack' call by 'tar czf'

[Steve Sakoman]

From: Enrico Scholz 

'npm pack' is a maintainer tool which tries to execute 'prepare'
and similar scripts.  This fails usually in OE because it requires
completely installed 'node_modules'.

Earlier nodejs versions supported an undocumented 'ignore-scripts'
option.  This has been removed in nodejs 16.

We could patch 'package.json' and remove the unwanted scripts.  But
this might complicate local workflows (applying patches) and installed
packages will contain the modified 'package.json'.

Instead of, package it manually by 'tar czf'.  As a sideeffect,
'do_configure' is running much faster now.

Signed-off-by: Enrico Scholz 
Signed-off-by: Richard Purdie 
(cherry picked from commit 68b480d64ffb6750699cc8fa00d2ac0bc6a2e58a)
Signed-off-by: Steve Sakoman 
---
 meta/classes/npm.bbclass | 35 +--
 1 file changed, 29 insertions(+), 6 deletions(-)

diff --git a/meta/classes/npm.bbclass b/meta/classes/npm.bbclass
index ba50fcac20..91f8f36b0d 100644
--- a/meta/classes/npm.bbclass
+++ b/meta/classes/npm.bbclass
@@ -57,13 +57,36 @@ def npm_global_configs(d):
 configs.append(("cache", d.getVar("NPM_CACHE")))
 return configs
 
+## 'npm pack' runs 'prepare' and 'prepack' scripts. Support for
+## 'ignore-scripts' which prevents this behavior has been removed
+## from nodejs 16.  Use simple 'tar' instead of.
 def npm_pack(env, srcdir, workdir):
-"""Run 'npm pack' on a specified directory"""
-import shlex
-cmd = "npm pack %s" % shlex.quote(srcdir)
-args = [("ignore-scripts", "true")]
-tarball = env.run(cmd, args=args, workdir=workdir).strip("\n")
-return os.path.join(workdir, tarball)
+"""Emulate 'npm pack' on a specified directory"""
+import subprocess
+import os
+import json
+
+src = os.path.join(srcdir, 'package.json')
+with open(src) as f:
+j = json.load(f)
+
+# base does not really matter and is for documentation purposes
+# only.  But the 'version' part must exist because other parts of
+# the bbclass rely on it.
+base = j['name'].split('/')[-1]
+tarball = os.path.join(workdir, "%s-%s.tgz" % (base, j['version']));
+
+# TODO: real 'npm pack' does not include directories while 'tar'
+# does.  But this does not seem to matter...
+subprocess.run(['tar', 'czf', tarball,
+'--exclude', './node-modules',
+'--exclude-vcs',
+'--transform', 's,^\./,package/,',
+'--mtime', '1985-10-26T08:15:00.000Z',
+'.'],
+   check = True, cwd = srcdir)
+
+return tarball
 
 python npm_do_configure() {
 """
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170415): 
https://lists.openembedded.org/g/openembedded-core/message/170415
Mute This Topic: https://lists.openembedded.org/mt/93525921/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 13/24] maintainers: update opkg maintainer

[Steve Sakoman]

From: Alex Stewart 

Alex Stewart assumed maintainership of the yocto project's opkg fork,
and opkg recipes, from Alejandro Del Castilo back in Q1 of 2020.

Update maintainership of the opkg recipes.

Signed-off-by: Alex Stewart 
Signed-off-by: Luca Ceresoli 
(cherry picked from commit fd0511080fb5744b4b58df43184fa2561cc37134)
Signed-off-by: Steve Sakoman 
---
 meta/conf/distro/include/maintainers.inc | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/meta/conf/distro/include/maintainers.inc 
b/meta/conf/distro/include/maintainers.inc
index 0a1897fc92..4778b1e5e6 100644
--- a/meta/conf/distro/include/maintainers.inc
+++ b/meta/conf/distro/include/maintainers.inc
@@ -544,10 +544,10 @@ RECIPE_MAINTAINER:pn-ofono = "Ross Burton 
"
 RECIPE_MAINTAINER:pn-opensbi = "Alistair Francis "
 RECIPE_MAINTAINER:pn-openssh = "Unassigned "
 RECIPE_MAINTAINER:pn-openssl = "Alexander Kanavin "
-RECIPE_MAINTAINER:pn-opkg = "Alejandro del Castillo 
"
-RECIPE_MAINTAINER:pn-opkg-arch-config = "Alejandro del Castillo 
"
-RECIPE_MAINTAINER:pn-opkg-keyrings = "Alejandro del Castillo 
"
-RECIPE_MAINTAINER:pn-opkg-utils = "Alejandro del Castillo 
"
+RECIPE_MAINTAINER:pn-opkg = "Alex Stewart "
+RECIPE_MAINTAINER:pn-opkg-arch-config = "Alex Stewart "
+RECIPE_MAINTAINER:pn-opkg-keyrings = "Alex Stewart "
+RECIPE_MAINTAINER:pn-opkg-utils = "Alex Stewart "
 RECIPE_MAINTAINER:pn-orc = "Anuj Mittal "
 RECIPE_MAINTAINER:pn-os-release = "Ross Burton "
 RECIPE_MAINTAINER:pn-ovmf = "Ricardo Neri 
"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170408): 
https://lists.openembedded.org/g/openembedded-core/message/170408
Mute This Topic: https://lists.openembedded.org/mt/93525911/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 12/24] insane.bbclass: Skip patches not in oe-core by full path

[Steve Sakoman]

From: Yang Xu 

The full path of patch may contain '/meta/' but not in oe-core, skip
patches by checking it starts with oe-core full path or not.

Signed-off-by: Yang Xu 
Signed-off-by: Alexandre Belloni 
(cherry picked from commit d8a525afdfb5d371e76b09301c8b2741d23d1d10)
Signed-off-by: Steve Sakoman 
---
 meta/classes/insane.bbclass | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta/classes/insane.bbclass b/meta/classes/insane.bbclass
index f3f80334f6..0d93d50e58 100644
--- a/meta/classes/insane.bbclass
+++ b/meta/classes/insane.bbclass
@@ -1196,11 +1196,12 @@ python do_qa_patch() {
 import re
 from oe import patch
 
+coremeta_path = os.path.join(d.getVar('COREBASE'), 'meta', '')
 for url in patch.src_patches(d):
(_, _, fullpath, _, _, _) = bb.fetch.decodeurl(url)
 
# skip patches not in oe-core
-   if '/meta/' not in fullpath:
+   if not os.path.abspath(fullpath).startswith(coremeta_path):
continue
 
kinda_status_re = re.compile(r"^.*upstream.*status.*$", re.IGNORECASE | 
re.MULTILINE)
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170407): 
https://lists.openembedded.org/g/openembedded-core/message/170407
Mute This Topic: https://lists.openembedded.org/mt/93525910/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 11/24] lz4: upgrade 1.9.3 -> 1.9.4

[Steve Sakoman]

From: wangmy 

CVE-2021-3520.patch
removed since it's included in 1.9.4

License-Update:
  Copyright year updated to 2020
  description of 3rd party applications changed

Signed-off-by: Wang Mingyu 
Signed-off-by: Alexandre Belloni 
(cherry picked from commit f95c66050bc69af7769d1868b0118cefb24e5b0d)
Signed-off-by: Steve Sakoman 
---
 .../lz4/files/CVE-2021-3520.patch | 27 ---
 .../lz4/{lz4_1.9.3.bb => lz4_1.9.4.bb}| 10 +++
 2 files changed, 4 insertions(+), 33 deletions(-)
 delete mode 100644 meta/recipes-support/lz4/files/CVE-2021-3520.patch
 rename meta/recipes-support/lz4/{lz4_1.9.3.bb => lz4_1.9.4.bb} (78%)

diff --git a/meta/recipes-support/lz4/files/CVE-2021-3520.patch 
b/meta/recipes-support/lz4/files/CVE-2021-3520.patch
deleted file mode 100644
index 5ac8f6691f..00
--- a/meta/recipes-support/lz4/files/CVE-2021-3520.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 8301a21773ef61656225e264f4f06ae14462bca7 Mon Sep 17 00:00:00 2001
-From: Jasper Lievisse Adriaanse 
-Date: Fri, 26 Feb 2021 15:21:20 +0100
-Subject: [PATCH] Fix potential memory corruption with negative memmove() size
-
-Upstream-Status: Backport
-https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7#diff-7055e9cf14c488aea9837aaf9f528b58ee3c22988d7d0d81d172ec62d94a88a7
-CVE: CVE-2021-3520
-Signed-off-by: Armin Kuster 
-

- lib/lz4.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Index: git/lib/lz4.c
-===
 git.orig/lib/lz4.c
-+++ git/lib/lz4.c
-@@ -1665,7 +1665,7 @@ LZ4_decompress_generic(
-  const size_t dictSize /* note : = 0 if noDict */
-  )
- {
--if (src == NULL) { return -1; }
-+if ((src == NULL) || (outputSize < 0)) { return -1; }
- 
- {   const BYTE* ip = (const BYTE*) src;
- const BYTE* const iend = ip + srcSize;
diff --git a/meta/recipes-support/lz4/lz4_1.9.3.bb 
b/meta/recipes-support/lz4/lz4_1.9.4.bb
similarity index 78%
rename from meta/recipes-support/lz4/lz4_1.9.3.bb
rename to meta/recipes-support/lz4/lz4_1.9.4.bb
index 129a86b681..a2a178bab5 100644
--- a/meta/recipes-support/lz4/lz4_1.9.3.bb
+++ b/meta/recipes-support/lz4/lz4_1.9.4.bb
@@ -3,18 +3,16 @@ DESCRIPTION = "LZ4 is a very fast lossless compression 
algorithm, providing comp
 HOMEPAGE = "https://github.com/lz4/lz4";
 
 LICENSE = "BSD-2-Clause | GPL-2.0-only"
-LIC_FILES_CHKSUM = "file://lib/LICENSE;md5=ebc2ea4814a64de7708f1571904b32cc \
+LIC_FILES_CHKSUM = "file://lib/LICENSE;md5=5cd5f851b52ec832b10eedb3f01f885a \
 
file://programs/COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
-file://LICENSE;md5=d57c0d21cb917fb4e0af2454aa48b956 \
+file://LICENSE;md5=c5cc3cd6f9274b4d32988096df9c3ec3 \
 "
 
 PE = "1"
 
-SRCREV = "d44371841a2f1728a3f36839fd4b7e872d0927d3"
+SRCREV = "5ff839680134437dbf4678f3d0c7b371d84f4964"
 
-SRC_URI = "git://github.com/lz4/lz4.git;branch=release;protocol=https \
-   file://CVE-2021-3520.patch \
-   "
+SRC_URI = "git://github.com/lz4/lz4.git;branch=release;protocol=https"
 UPSTREAM_CHECK_GITTAGREGEX = "v(?P.*)"
 
 S = "${WORKDIR}/git"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170406): 
https://lists.openembedded.org/g/openembedded-core/message/170406
Mute This Topic: https://lists.openembedded.org/mt/93525909/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 09/24] libwpe: upgrade 1.12.2 -> 1.12.3

[Steve Sakoman]

From: wangmy 

Changelog:
  Fix the build when using Clang's libc++ or the Musl libc.

0001-Fix-build-failure-due-to-libc-using-libc-functions.patch
removed since it's included in 1.12.3

Signed-off-by: Wang Mingyu 
Signed-off-by: Alexandre Belloni 
(cherry picked from commit f8d8cc58c9b9c221158414be186bc12aa5d80e91)
Signed-off-by: Steve Sakoman 
---
 ...ure-due-to-libc-using-libc-functions.patch | 42 ---
 .../{libwpe_1.12.2.bb => libwpe_1.12.3.bb}|  6 +--
 2 files changed, 2 insertions(+), 46 deletions(-)
 delete mode 100644 
meta/recipes-sato/webkit/libwpe/0001-Fix-build-failure-due-to-libc-using-libc-functions.patch
 rename meta/recipes-sato/webkit/{libwpe_1.12.2.bb => libwpe_1.12.3.bb} (72%)

diff --git 
a/meta/recipes-sato/webkit/libwpe/0001-Fix-build-failure-due-to-libc-using-libc-functions.patch
 
b/meta/recipes-sato/webkit/libwpe/0001-Fix-build-failure-due-to-libc-using-libc-functions.patch
deleted file mode 100644
index 6d27b4835d..00
--- 
a/meta/recipes-sato/webkit/libwpe/0001-Fix-build-failure-due-to-libc-using-libc-functions.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From ccf8a58c3536ca0e62748e0ea477514e14d821bc Mon Sep 17 00:00:00 2001
-From: Adrian Perez de Castro 
-Date: Thu, 4 Aug 2022 12:19:05 +0300
-Subject: [PATCH] Fix build failure due to libc++ using libc functions
-
-Include the "alloc-private.h" header after the C++ standard library
-headers. This sidesteps build failures caused by implementations of
-std::map and std::string which use libc memory allocation functions
-in expanded templates after they have been marked with the "poison"
-pragma.
-
-Fixes #115
-
-Upstream-Status: Backport
-Signed-off-by: Alexander Kanavin 

- src/pasteboard-generic.cpp | 9 ++---
- 1 file changed, 6 insertions(+), 3 deletions(-)
-
-diff --git a/src/pasteboard-generic.cpp b/src/pasteboard-generic.cpp
-index 86fe4ee..a357027 100644
 a/src/pasteboard-generic.cpp
-+++ b/src/pasteboard-generic.cpp
-@@ -26,12 +26,15 @@
- 
- #include "pasteboard-private.h"
- 
--#include "alloc-private.h"
--#include 
--#include 
- #include 
- #include 
- 
-+// We need to include this header last, in order to avoid template expansions
-+// from the C++ standard library happening after it forbids usage of the libc
-+// memory functions.
-+#include "alloc-private.h"
-+#include 
-+
- namespace Generic {
- using Pasteboard = std::map;
- }
diff --git a/meta/recipes-sato/webkit/libwpe_1.12.2.bb 
b/meta/recipes-sato/webkit/libwpe_1.12.3.bb
similarity index 72%
rename from meta/recipes-sato/webkit/libwpe_1.12.2.bb
rename to meta/recipes-sato/webkit/libwpe_1.12.3.bb
index e23a9ac32d..77ca517ef7 100644
--- a/meta/recipes-sato/webkit/libwpe_1.12.2.bb
+++ b/meta/recipes-sato/webkit/libwpe_1.12.3.bb
@@ -10,10 +10,8 @@ inherit cmake features_check pkgconfig
 
 REQUIRED_DISTRO_FEATURES = "opengl"
 
-SRC_URI = "https://wpewebkit.org/releases/${BPN}-${PV}.tar.xz \
-   
file://0001-Fix-build-failure-due-to-libc-using-libc-functions.patch \
-   "
-SRC_URI[sha256sum] = 
"4ac4fd0a8b562b721bffd0f46ae9f06c2b5a3114407581978be875a9d651642a"
+SRC_URI = "https://wpewebkit.org/releases/${BPN}-${PV}.tar.xz";
+SRC_URI[sha256sum] = 
"b84fdbfbc849ce4fdf084bb28b58e5463b1b4b6cc8f200dc77b41f8545d5329d"
 
 # This is a tweak of upstream-version-is-even needed because
 # ipstream directory contains tarballs for other components as well.
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170404): 
https://lists.openembedded.org/g/openembedded-core/message/170404
Mute This Topic: https://lists.openembedded.org/mt/93525905/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 10/24] libatomic-ops: upgrade 7.6.12 -> 7.6.14

[Steve Sakoman]

From: wangmy 

License-Update:  Adjust/reformat content of LICENSING.txt
=
 "libatomic_ops_gpl.a" changed to "libatomic_ops_gpl.a file"
 "sysdeps" changed to "atomic_ops/sysdeps"
 "This applies only to test code, sample applications," changed to
 "This applies only to the test code"

Changelog:
==
 Add note to README that AO malloc code has same license as AO stack
 Adjust/reformat content of LICENSING.txt
 Avoid AO_stack_t to cross CPU cache line boundary
 Do not assume 'ordered except earlier write' for UWP/arm64
 Do not name GCC intrinsics as C11 ones in ChangeLog and configure
 Eliminate '-pedantic is not option that controls warnings' GCC-6.3 message
 Ensure result of AO_test_and_set is always AO_TS_CLEAR or AO_TS_SET
 Fix 'AO_malloc redefinition' MS VC warning caused by attributes mismatch
 Fix 'use of undeclared SIG_BLOCK' Clang error if -std=c89 on Cygwin
 Fix AO_compare_and_swap_full asm code for clang on sparc
 Fix a typo in comment of AO_stack_push_explicit_aux_release
 Fix code indentation in main() of test_stack.c
 Refine AO_UNIPROCESSOR macro description in configure
 Remove outdated comment about unsupported Win64 in atomic_ops_stack.h
 Repeat black list check on CAS fail in stack_push_explicit_aux_release

Signed-off-by: Wang Mingyu 
Signed-off-by: Alexandre Belloni 
(cherry picked from commit a0f177ef7f52bab06d8fff752ba8390defd71ed5)
Signed-off-by: Steve Sakoman 
---
 .../{libatomic-ops_7.6.12.bb => libatomic-ops_7.6.14.bb}  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-support/libatomic-ops/{libatomic-ops_7.6.12.bb => 
libatomic-ops_7.6.14.bb} (80%)

diff --git a/meta/recipes-support/libatomic-ops/libatomic-ops_7.6.12.bb 
b/meta/recipes-support/libatomic-ops/libatomic-ops_7.6.14.bb
similarity index 80%
rename from meta/recipes-support/libatomic-ops/libatomic-ops_7.6.12.bb
rename to meta/recipes-support/libatomic-ops/libatomic-ops_7.6.14.bb
index 8ea8436977..fad92df507 100644
--- a/meta/recipes-support/libatomic-ops/libatomic-ops_7.6.12.bb
+++ b/meta/recipes-support/libatomic-ops/libatomic-ops_7.6.14.bb
@@ -5,13 +5,13 @@ SECTION = "optional"
 PROVIDES += "libatomics-ops"
 LICENSE = "GPL-2.0-only & MIT"
 LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
-
file://doc/LICENSING.txt;md5=e00dd5c8ac03a14c5ae5225a4525fa2d \
+
file://doc/LICENSING.txt;md5=dfc50c7cea7b66935844587a0f7389e7 \
 "
 
 SRC_URI = 
"https://github.com/ivmai/libatomic_ops/releases/download/v${PV}/libatomic_ops-${PV}.tar.gz";
 UPSTREAM_CHECK_URI = "https://github.com/ivmai/libatomic_ops/releases";
 
-SRC_URI[sha256sum] = 
"f0ab566e25fce08b560e1feab6a3db01db4a38e5bc687804334ef3920c549f3e"
+SRC_URI[sha256sum] = 
"390f244d424714735b7050d056567615b3b8f29008a663c262fb548f1802d292"
 
 S = "${WORKDIR}/libatomic_ops-${PV}"
 
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170405): 
https://lists.openembedded.org/g/openembedded-core/message/170405
Mute This Topic: https://lists.openembedded.org/mt/93525907/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 08/24] liburcu: upgrade 0.13.1 -> 0.13.2

[Steve Sakoman]

From: wangmy 

2022-08-18 Userspace RCU 0.13.2
* Revert "Fix: remove type constness in URCU_FORCE_CAST's C++ version"
* Fix: futex.h: include headers outside extern C
* Fix: add missing unused attribute to _rcu_dereference
* Fix: change method used by _rcu_dereference to strip type constness
* Fix: remove type constness in URCU_FORCE_CAST's C++ version
* Move extern "C" down in include/urcu/urcu-bp.h
* fix: ifdef linux specific cpu count compat
* Set git-review branch to stable-0.13
* fix: sysconf(_SC_NPROCESSORS_CONF) can be less than max cpu id
* Fix: revise obsolete command in README.md
* Fix: workqueue: remove unused variable "ret"
* Fix: urcu-qsbr: futex wait: handle spurious futex wakeups
* Fix: urcu: futex wait: handle spurious futex wakeups
* Fix: urcu-wait: futex wait: handle spurious futex wakeups
* Fix: defer_rcu: futex wait: handle spurious futex wakeups
* Fix: call_rcu: futex wait: handle spurious futex wakeups
* Fix: workqueue: futex wait: handle spurious futex wakeups
* Fix: Use %lu rather than %ld to print count

Signed-off-by: Wang Mingyu 
Signed-off-by: Alexandre Belloni 
(cherry picked from commit b9ce9d9ab53baab7ba84187d17b34e48ff9eb16e)
Signed-off-by: Steve Sakoman 
---
 .../liburcu/{liburcu_0.13.1.bb => liburcu_0.13.2.bb}| 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-support/liburcu/{liburcu_0.13.1.bb => liburcu_0.13.2.bb} 
(91%)

diff --git a/meta/recipes-support/liburcu/liburcu_0.13.1.bb 
b/meta/recipes-support/liburcu/liburcu_0.13.2.bb
similarity index 91%
rename from meta/recipes-support/liburcu/liburcu_0.13.1.bb
rename to meta/recipes-support/liburcu/liburcu_0.13.2.bb
index 66763349d2..6ecf2e21c0 100644
--- a/meta/recipes-support/liburcu/liburcu_0.13.1.bb
+++ b/meta/recipes-support/liburcu/liburcu_0.13.2.bb
@@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = 
"file://LICENSE;md5=e548d28737289d75a8f1e01ba2fd7825 \
 
 SRC_URI = "http://lttng.org/files/urcu/userspace-rcu-${PV}.tar.bz2";
 
-SRC_URI[sha256sum] = 
"3213f33d2b8f710eb920eb1abb279ec04bf8ae6361f44f2513c28c20d3363083"
+SRC_URI[sha256sum] = 
"1213fd9f1b0b74da7de2bb74335b76098db9738fec5d3cdc07c0c524f34fc032"
 
 S = "${WORKDIR}/userspace-rcu-${PV}"
 inherit autotools multilib_header
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170403): 
https://lists.openembedded.org/g/openembedded-core/message/170403
Mute This Topic: https://lists.openembedded.org/mt/93525903/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 07/24] libtasn1: upgrade 4.18.0 -> 4.19.0

[Steve Sakoman]

From: wangmy 

Changelog:
===
- Clarify libtasn1.map license.  Closes: #38.
- Fix ETYPE_OK out of bounds read.  Closes: #32.
- Update gnulib files and various maintenance fixes.

Signed-off-by: Wang Mingyu 
Signed-off-by: Alexandre Belloni 
(cherry picked from commit b8f2c6ec61ffcc607a35bd5c11f5020c9b676226)
Signed-off-by: Steve Sakoman 
---
 .../gnutls/{libtasn1_4.18.0.bb => libtasn1_4.19.0.bb}   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-support/gnutls/{libtasn1_4.18.0.bb => libtasn1_4.19.0.bb} 
(90%)

diff --git a/meta/recipes-support/gnutls/libtasn1_4.18.0.bb 
b/meta/recipes-support/gnutls/libtasn1_4.19.0.bb
similarity index 90%
rename from meta/recipes-support/gnutls/libtasn1_4.18.0.bb
rename to meta/recipes-support/gnutls/libtasn1_4.19.0.bb
index db49adc1c2..5fb8b54c06 100644
--- a/meta/recipes-support/gnutls/libtasn1_4.18.0.bb
+++ b/meta/recipes-support/gnutls/libtasn1_4.19.0.bb
@@ -16,7 +16,7 @@ SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \
 
 DEPENDS = "bison-native"
 
-SRC_URI[sha256sum] = 
"4365c154953563d64c67a024b607d1ee75c6db76e0d0f65709ea80a334cd1898"
+SRC_URI[sha256sum] = 
"1613f0ac1cf484d6ec0ce3b8c06d56263cc7242f1c23b30d82d23de345a63f7a"
 
 inherit autotools texinfo lib_package gtk-doc
 
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170402): 
https://lists.openembedded.org/g/openembedded-core/message/170402
Mute This Topic: https://lists.openembedded.org/mt/93525901/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 06/24] vim: Upgrade 9.0.0242 -> 9.0.0341

[Steve Sakoman]

From: Richard Purdie 

Addresses CVE-2022-2980, CVE-2022-2946 and CVE-2022-2982.

Signed-off-by: Richard Purdie 
Signed-off-by: Alexandre Belloni 
(cherry picked from commit 01c08d47ecfcc7aefacc8280e0055c75b13795b2)
Signed-off-by: Steve Sakoman 
---
 meta/recipes-support/vim/vim.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 5b95ab2625..33a8299243 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -20,8 +20,8 @@ SRC_URI = 
"git://github.com/vim/vim.git;branch=master;protocol=https \
file://no-path-adjust.patch \
"
 
-PV .= ".0242"
-SRCREV = "171c683237149262665135c7d5841a89bb156f53"
+PV .= ".0341"
+SRCREV = "92a3d20682d46359bb50a452b4f831659e799155"
 
 # Remove when 8.3 is out
 UPSTREAM_VERSION_UNKNOWN = "1"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170401): 
https://lists.openembedded.org/g/openembedded-core/message/170401
Mute This Topic: https://lists.openembedded.org/mt/93525899/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 03/24] binutils : CVE-2022-38533

[Steve Sakoman]

From: pgowda 

Upstream-Status: Backport
[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797]

Signed-off-by: pgowda 
Signed-off-by: Steve Sakoman 
---
 .../binutils/binutils-2.38.inc|  1 +
 .../binutils/0015-CVE-2022-38533.patch| 36 +++
 2 files changed, 37 insertions(+)
 create mode 100644 
meta/recipes-devtools/binutils/binutils/0015-CVE-2022-38533.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc 
b/meta/recipes-devtools/binutils/binutils-2.38.inc
index eed252976a..8aa8295881 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -33,5 +33,6 @@ SRC_URI = "\
  file://0012-Check-for-clang-before-checking-gcc-version.patch \
  file://0013-Avoid-as-info-race-condition.patch \
  file://0014-CVE-2019-1010204.patch \
+ file://0015-CVE-2022-38533.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-38533.patch 
b/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-38533.patch
new file mode 100644
index 00..5d9ac2cb1f
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-38533.patch
@@ -0,0 +1,36 @@
+From ef186fe54aa6d281a3ff8a9528417e5cc614c797 Mon Sep 17 00:00:00 2001
+From: Alan Modra 
+Date: Sat, 13 Aug 2022 15:32:47 +0930
+Subject: [PATCH] PR29482 - strip: heap-buffer-overflow
+
+   PR 29482
+   * coffcode.h (coff_set_section_contents): Sanity check _LIB.
+
+Upstream-Status: Backport 
[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797]
+
+Signed-off-by: Pgowda 
+
+---
+ bfd/coffcode.h | 7 +--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/bfd/coffcode.h b/bfd/coffcode.h
+index 67aaf158ca1..52027981c3f 100644
+--- a/bfd/coffcode.h
 b/bfd/coffcode.h
+@@ -4302,10 +4302,13 @@ coff_set_section_contents (bfd * abfd,
+ 
+   rec = (bfd_byte *) location;
+   recend = rec + count;
+-  while (rec < recend)
++  while (recend - rec >= 4)
+ {
++  size_t len = bfd_get_32 (abfd, rec);
++  if (len == 0 || len > (size_t) (recend - rec) / 4)
++break;
++  rec += len * 4;
+   ++section->lma;
+-  rec += bfd_get_32 (abfd, rec) * 4;
+ }
+ 
+   BFD_ASSERT (rec == recend);
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170398): 
https://lists.openembedded.org/g/openembedded-core/message/170398
Mute This Topic: https://lists.openembedded.org/mt/93525896/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 05/24] cve-check: close cursors as soon as possible

[Steve Sakoman]

From: Ross Burton 

We can have multiple processes reading the database at the same time, and
cursors only release their locks when they're garbage collected.

This might be the cause of random sqlite errors on the autobuilder, so
explicitly close the cursors when we're done with them.

Signed-off-by: Ross Burton 
Signed-off-by: Luca Ceresoli 
(cherry picked from commit 5d2e90e4a58217a943ec21140bc2ecdd4357a98a)
Signed-off-by: Steve Sakoman 
---
 meta/classes/cve-check.bbclass| 13 +++--
 .../recipes-core/meta/cve-update-db-native.bb | 51 ++-
 2 files changed, 37 insertions(+), 27 deletions(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index b751c986ef..16466586a7 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -291,7 +291,8 @@ def check_cves(d, patched_cves):
 vendor = "%"
 
 # Find all relevant CVE IDs.
-for cverow in conn.execute("SELECT DISTINCT ID FROM PRODUCTS WHERE 
PRODUCT IS ? AND VENDOR LIKE ?", (product, vendor)):
+cve_cursor = conn.execute("SELECT DISTINCT ID FROM PRODUCTS WHERE 
PRODUCT IS ? AND VENDOR LIKE ?", (product, vendor))
+for cverow in cve_cursor:
 cve = cverow[0]
 
 if cve in cve_ignore:
@@ -310,7 +311,8 @@ def check_cves(d, patched_cves):
 vulnerable = False
 ignored = False
 
-for row in conn.execute("SELECT * FROM PRODUCTS WHERE ID IS ? AND 
PRODUCT IS ? AND VENDOR LIKE ?", (cve, product, vendor)):
+product_cursor = conn.execute("SELECT * FROM PRODUCTS WHERE ID IS 
? AND PRODUCT IS ? AND VENDOR LIKE ?", (cve, product, vendor))
+for row in product_cursor:
 (_, _, _, version_start, operator_start, version_end, 
operator_end) = row
 #bb.debug(2, "Evaluating row " + str(row))
 if cve in cve_ignore:
@@ -354,10 +356,12 @@ def check_cves(d, patched_cves):
 bb.note("%s-%s is vulnerable to %s" % (pn, real_pv, 
cve))
 cves_unpatched.append(cve)
 break
+product_cursor.close()
 
 if not vulnerable:
 bb.note("%s-%s is not vulnerable to %s" % (pn, real_pv, cve))
 patched_cves.add(cve)
+cve_cursor.close()
 
 if not cves_in_product:
 bb.note("No CVE records found for product %s, pn %s" % (product, 
pn))
@@ -382,14 +386,15 @@ def get_cve_info(d, cves):
 conn = sqlite3.connect(db_file, uri=True)
 
 for cve in cves:
-for row in conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,)):
+cursor = conn.execute("SELECT * FROM NVD WHERE ID IS ?", (cve,))
+for row in cursor:
 cve_data[row[0]] = {}
 cve_data[row[0]]["summary"] = row[1]
 cve_data[row[0]]["scorev2"] = row[2]
 cve_data[row[0]]["scorev3"] = row[3]
 cve_data[row[0]]["modified"] = row[4]
 cve_data[row[0]]["vector"] = row[5]
-
+cursor.close()
 conn.close()
 return cve_data
 
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb 
b/meta/recipes-core/meta/cve-update-db-native.bb
index 18af89b53e..944243fce9 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -66,9 +66,7 @@ python do_fetch() {
 
 # Connect to database
 conn = sqlite3.connect(db_file)
-c = conn.cursor()
-
-initialize_db(c)
+initialize_db(conn)
 
 with bb.progress.ProgressHandler(d) as ph, 
open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') as cve_f:
 total_years = date.today().year + 1 - YEAR_START
@@ -98,19 +96,21 @@ python do_fetch() {
 return
 
 # Compare with current db last modified date
-c.execute("select DATE from META where YEAR = ?", (year,))
-meta = c.fetchone()
+cursor = conn.execute("select DATE from META where YEAR = ?", 
(year,))
+meta = cursor.fetchone()
+cursor.close()
+
 if not meta or meta[0] != last_modified:
 bb.debug(2, "Updating entries")
 # Clear products table entries corresponding to current year
-c.execute("delete from PRODUCTS where ID like ?", ('CVE-%d%%' 
% year,))
+conn.execute("delete from PRODUCTS where ID like ?", 
('CVE-%d%%' % year,)).close()
 
 # Update db with current year json file
 try:
 response = urllib.request.urlopen(json_url)
 if response:
-update_db(c, 
gzip.decompress(response.read()).decode('utf-8'))
-c.execute("insert or replace into META values (?, ?)", 
[year, last_modified])
+update_db(conn, 
gzip.decompress(response.read()).decode('utf-8'))
+conn.execute("insert or re

[OE-core][kirkstone 04/24] classes: cve-check: Get shared database lock

[Steve Sakoman]

From: Joshua Watt 

The CVE check database needs to have a shared lock acquired on it before
it is accessed. This to prevent cve-update-db-native from deleting the
database file out from underneath it.

[YOCTO #14899]

Signed-off-by: Joshua Watt 
Signed-off-by: Richard Purdie 
(cherry picked from commit 20a9911b73df62a0d0d1884e57085f13ac5016dd)
Signed-off-by: Steve Sakoman 
---
 meta/classes/cve-check.bbclass | 23 ---
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index da7f93371c..b751c986ef 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -139,17 +139,18 @@ python do_cve_check () {
 """
 from oe.cve_check import get_patched_cves
 
-if os.path.exists(d.getVar("CVE_CHECK_DB_FILE")):
-try:
-patched_cves = get_patched_cves(d)
-except FileNotFoundError:
-bb.fatal("Failure in searching patches")
-ignored, patched, unpatched, status = check_cves(d, patched_cves)
-if patched or unpatched or (d.getVar("CVE_CHECK_COVERAGE") == "1" and 
status):
-cve_data = get_cve_info(d, patched + unpatched + ignored)
-cve_write_data(d, patched, unpatched, ignored, cve_data, status)
-else:
-bb.note("No CVE database found, skipping CVE check")
+with bb.utils.fileslocked([d.getVar("CVE_CHECK_DB_FILE_LOCK")], 
shared=True):
+if os.path.exists(d.getVar("CVE_CHECK_DB_FILE")):
+try:
+patched_cves = get_patched_cves(d)
+except FileNotFoundError:
+bb.fatal("Failure in searching patches")
+ignored, patched, unpatched, status = check_cves(d, patched_cves)
+if patched or unpatched or (d.getVar("CVE_CHECK_COVERAGE") == "1" 
and status):
+cve_data = get_cve_info(d, patched + unpatched + ignored)
+cve_write_data(d, patched, unpatched, ignored, cve_data, 
status)
+else:
+bb.note("No CVE database found, skipping CVE check")
 
 }
 
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170399): 
https://lists.openembedded.org/g/openembedded-core/message/170399
Mute This Topic: https://lists.openembedded.org/mt/93525897/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 02/24] curl: Backport patch for CVE-2022-35252

[Steve Sakoman]

From: Robert Joslyn 

https://curl.se/docs/CVE-2022-35252.html

Signed-off-by: Robert Joslyn 
Signed-off-by: Steve Sakoman 
---
 .../curl/curl/CVE-2022-35252.patch| 72 +++
 meta/recipes-support/curl/curl_7.82.0.bb  |  1 +
 2 files changed, 73 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-35252.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2022-35252.patch 
b/meta/recipes-support/curl/curl/CVE-2022-35252.patch
new file mode 100644
index 00..7b6f81bd02
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2022-35252.patch
@@ -0,0 +1,72 @@
+From 62c09239ac4e08239c8e363b06901fc80637d8c7 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg 
+Date: Mon, 29 Aug 2022 00:09:17 +0200
+Subject: [PATCH] cookie: reject cookies with "control bytes"
+
+Rejects 0x01 - 0x1f (except 0x09) plus 0x7f
+
+Reported-by: Axel Chong
+
+Bug: https://curl.se/docs/CVE-2022-35252.html
+
+CVE-2022-35252
+
+Closes #9381
+
+Upstream-Status: Backport 
[https://github.com/curl/curl/commit/8dfc93e573ca740544a2d79ebb]
+
+Signed-off-by: Robert Joslyn 
+---
+ lib/cookie.c | 29 +
+ 1 file changed, 29 insertions(+)
+
+diff --git a/lib/cookie.c b/lib/cookie.c
+index cb0c03b..e0470a1 100644
+--- a/lib/cookie.c
 b/lib/cookie.c
+@@ -438,6 +438,30 @@ static bool bad_domain(const char *domain)
+   return TRUE;
+ }
+ 
++/*
++  RFC 6265 section 4.1.1 says a server should accept this range:
++
++  cookie-octet= %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
++
++  But Firefox and Chrome as of June 2022 accept space, comma and double-quotes
++  fine. The prime reason for filtering out control bytes is that some HTTP
++  servers return 400 for requests that contain such.
++*/
++static int invalid_octets(const char *p)
++{
++  /* Reject all bytes \x01 - \x1f (*except* \x09, TAB) + \x7f */
++  static const char badoctets[] = {
++"\x01\x02\x03\x04\x05\x06\x07\x08\x0a"
++"\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14"
++"\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x7f"
++  };
++  size_t vlen, len;
++  /* scan for all the octets that are *not* in cookie-octet */
++  len = strcspn(p, badoctets);
++  vlen = strlen(p);
++  return (len != vlen);
++}
++
+ /*
+  * Curl_cookie_add
+  *
+@@ -590,6 +614,11 @@ Curl_cookie_add(struct Curl_easy *data,
+ badcookie = TRUE;
+ break;
+   }
++  if(invalid_octets(whatptr) || invalid_octets(name)) {
++infof(data, "invalid octets in name/value, cookie dropped");
++badcookie = TRUE;
++break;
++  }
+ }
+ else if(!len) {
+   /*
+-- 
+2.35.1
+
diff --git a/meta/recipes-support/curl/curl_7.82.0.bb 
b/meta/recipes-support/curl/curl_7.82.0.bb
index 67de0220c6..5368c91f5c 100644
--- a/meta/recipes-support/curl/curl_7.82.0.bb
+++ b/meta/recipes-support/curl/curl_7.82.0.bb
@@ -28,6 +28,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \
file://CVE-2022-32206.patch \
file://CVE-2022-32207.patch \
file://CVE-2022-32208.patch \
+   file://CVE-2022-35252.patch \
"
 SRC_URI[sha256sum] = 
"0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c"
 
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170397): 
https://lists.openembedded.org/g/openembedded-core/message/170397
Mute This Topic: https://lists.openembedded.org/mt/93525894/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 01/24] sqlite: add CVE-2022-35737 patch to SRC_URI

[Steve Sakoman]

From: Chee Yang Lee 

SRC_URI include patch introduced in oe-core commit
fdc82b2314b580c0135c16b7278ebf8786311dec

Signed-off-by: Chee Yang Lee 
Signed-off-by: Steve Sakoman 
---
 meta/recipes-support/sqlite/sqlite3_3.38.5.bb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb 
b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
index d56a3a0209..628f630657 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
@@ -3,7 +3,9 @@ require sqlite3.inc
 LICENSE = "PD"
 LIC_FILES_CHKSUM = 
"file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66"
 
-SRC_URI = "http://www.sqlite.org/2022/sqlite-autoconf-${SQLITE_PV}.tar.gz";
+SRC_URI = "http://www.sqlite.org/2022/sqlite-autoconf-${SQLITE_PV}.tar.gz \
+   
file://0001-sqlite-Increased-the-size-of-loop-variables-in-the-printf-implementation.patch
 \
+"
 SRC_URI[sha256sum] = 
"5af07de982ba658fd91a03170c945f99c971f6955bc79df3266544373e39869c"
 
 # -19242 is only an issue in specific development branch commits
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170396): 
https://lists.openembedded.org/g/openembedded-core/message/170396
Mute This Topic: https://lists.openembedded.org/mt/93525893/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 00/24] Patch review

[Steve Sakoman]

Please review this set of patches for kirkstone and have comments back by
end of day Friday.

Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4192

The following changes since commit 2363d69d687fc8e53a7c97bf5300e59c9a04f22e:

  gcr: Define _GNU_SOURCE (2022-09-03 13:09:42 +0100)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
  
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

Alex Stewart (1):
  maintainers: update opkg maintainer

Chee Yang Lee (1):
  sqlite: add CVE-2022-35737 patch to SRC_URI

Enrico Scholz (5):
  npm: replace 'npm pack' call by 'tar czf'
  npm: return content of 'package.json' in 'npm_pack'
  npm: take 'version' directly from 'package.json'
  lib:npm_registry: initial checkin
  npm: use npm_registry to cache package

Joshua Watt (1):
  classes: cve-check: Get shared database lock

Khem Raj (1):
  apr: Cache configure tests which use AC_TRY_RUN

LUIS ENRIQUEZ (1):
  kernel-fitimage.bbclass: add padding algorithm property in config
nodes

Ming Liu (1):
  meta: introduce UBOOT_MKIMAGE_KERNEL_TYPE

Rasmus Villemoes (1):
  bitbake.conf: set BB_DEFAULT_UMASK using ??=

Richard Purdie (2):
  vim: Upgrade 9.0.0242 -> 9.0.0341
  pseudo: Update to include recent upstream minor fixes

Robert Joslyn (1):
  curl: Backport patch for CVE-2022-35252

Ross Burton (1):
  cve-check: close cursors as soon as possible

Ulrich Ölmann (1):
  scripts/runqemu.README: fix typos and trailing whitespaces

Yang Xu (1):
  insane.bbclass: Skip patches not in oe-core by full path

pgowda (1):
  binutils : CVE-2022-38533

wangmy (5):
  libtasn1: upgrade 4.18.0 -> 4.19.0
  liburcu: upgrade 0.13.1 -> 0.13.2
  libwpe: upgrade 1.12.2 -> 1.12.3
  libatomic-ops: upgrade 7.6.12 -> 7.6.14
  lz4: upgrade 1.9.3 -> 1.9.4

 meta/classes/cve-check.bbclass|  36 ++--
 meta/classes/insane.bbclass   |   3 +-
 meta/classes/kernel-fitimage.bbclass  |   4 +-
 meta/classes/kernel-uboot.bbclass |   3 +
 meta/classes/kernel-uimage.bbclass|   2 +-
 meta/classes/npm.bbclass  |  63 ---
 meta/classes/uboot-sign.bbclass   |   3 +
 meta/conf/bitbake.conf|   2 +-
 meta/conf/distro/include/maintainers.inc  |   8 +-
 meta/lib/oe/npm_registry.py   | 169 ++
 meta/lib/oeqa/selftest/cases/fitimage.py  |   4 +-
 .../recipes-core/meta/cve-update-db-native.bb |  51 +++---
 .../binutils/binutils-2.38.inc|   1 +
 .../binutils/0015-CVE-2022-38533.patch|  36 
 meta/recipes-devtools/pseudo/pseudo_git.bb|   2 +-
 ...ure-due-to-libc-using-libc-functions.patch |  42 -
 .../{libwpe_1.12.2.bb => libwpe_1.12.3.bb}|   6 +-
 ...-runtime-test-for-mmap-that-can-map-.patch |  62 +++
 meta/recipes-support/apr/apr_1.7.0.bb |  15 +-
 .../curl/curl/CVE-2022-35252.patch|  72 
 meta/recipes-support/curl/curl_7.82.0.bb  |   1 +
 ...{libtasn1_4.18.0.bb => libtasn1_4.19.0.bb} |   2 +-
 ...-ops_7.6.12.bb => libatomic-ops_7.6.14.bb} |   4 +-
 .../{liburcu_0.13.1.bb => liburcu_0.13.2.bb}  |   2 +-
 .../lz4/files/CVE-2021-3520.patch |  27 ---
 .../lz4/{lz4_1.9.3.bb => lz4_1.9.4.bb}|  10 +-
 meta/recipes-support/sqlite/sqlite3_3.38.5.bb |   4 +-
 meta/recipes-support/vim/vim.inc  |   4 +-
 scripts/runqemu.README|  16 +-
 29 files changed, 489 insertions(+), 165 deletions(-)
 create mode 100644 meta/lib/oe/npm_registry.py
 create mode 100644 
meta/recipes-devtools/binutils/binutils/0015-CVE-2022-38533.patch
 delete mode 100644 
meta/recipes-sato/webkit/libwpe/0001-Fix-build-failure-due-to-libc-using-libc-functions.patch
 rename meta/recipes-sato/webkit/{libwpe_1.12.2.bb => libwpe_1.12.3.bb} (72%)
 create mode 100644 
meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-35252.patch
 rename meta/recipes-support/gnutls/{libtasn1_4.18.0.bb => libtasn1_4.19.0.bb} 
(90%)
 rename meta/recipes-support/libatomic-ops/{libatomic-ops_7.6.12.bb => 
libatomic-ops_7.6.14.bb} (80%)
 rename meta/recipes-support/liburcu/{liburcu_0.13.1.bb => liburcu_0.13.2.bb} 
(91%)
 delete mode 100644 meta/recipes-support/lz4/files/CVE-2021-3520.patch
 rename meta/recipes-support/lz4/{lz4_1.9.3.bb => lz4_1.9.4.bb} (78%)

-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170395): 
https://lists.openembedded.org/g/openembedded-core/message/170395
Mute This Topic: https://lists.openembedded.org/mt/93525889/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH v10] Rust Oe-Selftest implementation

[Richard Purdie]

On Mon, 2022-09-05 at 22:56 +0100, Richard Purdie wrote:
> On Mon, 2022-09-05 at 20:25 +0530, pgowda cve wrote:
> > Hi Richard,
> > 
> > Thanks very much for reviewing the patch and your comments regarding it.
> > 
> > > > thread 'main' panicked at 'RUSTDOC_LIBDIR was not set',
> > > > src/bootstrap/bin/rustdoc.rs:15:48
> > > > note: run with `RUST_BACKTRACE=1` environment variable to display a
> > > > backtrace
> > > > error: could not document `core`
> > 
> > I tried on different environments but could not reproduce the error.
> > Can you please share with me the oe-selftest.log file to reproduce and
> > work on it?
> 
> This was on my local build system which shouldn't do anything special
> or interesting, it is a fairly standard OE-Core setup and I doubt the
> selftest will tell you anything more that the piece of it I pasted into
> the email.
> 
> Which MACHINE are you testing using?
> 
> > > > Something is mangling spaces in your patch. There shouldn't be tabs
> > Modified the complete file to remove TABS and use white spaces.
> > 
> > > > I think this can be merged with the RustSelfTestBase class as I don't
> > Merge with RustSelfTestBase.
> > 
> > > > If we want to change grammar, it should be in a separate patch.
> > Removed it from the patch
> > 
> > > > put that alongside the task definition.
> > Done.
> 
> Thanks.
> 
> > All modifications are done as per the review comments.
> > However, I still see that the test PASSes and did not see the mentioned 
> > error.
> > 
> > =
> > rust.RustSelfTestSystemEmulated.test_rust: PASSED (4812.37s)
> > 2022-09-05 13:43:50,332 - oe-selftest - INFO - SUMMARY:
> > 2022-09-05 13:43:50,332 - oe-selftest - INFO - oe-selftest () - Ran 1
> > test in 4875.349s
> > 2022-09-05 13:43:50,332 - oe-selftest - INFO - oe-selftest - OK - All
> > required tests passed (successes=1, skipped=0, failures=0, errors=0)
> > =
> > 
> > I am using the following command to run the rust-testsuite:-
> > oe-selftest -r rust.RustSelfTestSystemEmulated.test_rust
> > Please let me know if I am missing anything to reproduce the error.
> 
> That is what I'm using too. I did try an couple of small changes to
> rust to try and improve things and it did get slightly further but not
> much. It does mean my logs are probably going to confuse things more if
> I share them so I need to undo those before I can do that.
> 
> I don't know why we're seeing different results but it is a concern.
> 
> Were you able to work out if there is anything we can do about the
> hardcoded buildpaths/reproducibility issue?

I was able to debug this. Adding:

--exclude src/tools/lint-docs --exclude src/test/rustdoc-js-std

to the test run stops it trying to build the docs for Std.

Cheers,

Richard

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170394): 
https://lists.openembedded.org/g/openembedded-core/message/170394
Mute This Topic: https://lists.openembedded.org/mt/93454351/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 3/3] gcc: remove obsolete 0012-export-CPP.patch

[Richard Purdie]

On Wed, 2022-09-07 at 14:02 +0100, Ross Burton wrote:
> This patch is no longer needed, the upstream Makefile exports CPP from
> CPP_FOR_BUILD since 12.1.
> 
> Signed-off-by: Ross Burton 
> ---
>  meta/recipes-devtools/gcc/gcc-12.2.inc|  1 -
>  .../gcc/gcc/0012-export-CPP.patch | 50 ---
>  2 files changed, 51 deletions(-)
>  delete mode 100644 meta/recipes-devtools/gcc/gcc/0012-export-CPP.patch

Someone convinced upstream to fix that:

https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=84401ce5fb4ecab55decb472b168100e7593e01f

:)

Cheers,

Richard

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170393): 
https://lists.openembedded.org/g/openembedded-core/message/170393
Mute This Topic: https://lists.openembedded.org/mt/93524139/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] sstate: Fix sstate file mirroring checksum issue

[Richard Purdie]

After a recent fix in bitbake, the checksums may be checked for local file
fetches at an earlier code point. The underlying recipe checksums won't
match sstate values so ensure these aren't set via SRC_URI flags when
reconfiguring the fetch for sstate.

Signed-off-by: Richard Purdie 
---
 meta/classes-global/sstate.bbclass | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/classes-global/sstate.bbclass 
b/meta/classes-global/sstate.bbclass
index cd77c58dbf8..2c8e7b8cc23 100644
--- a/meta/classes-global/sstate.bbclass
+++ b/meta/classes-global/sstate.bbclass
@@ -784,6 +784,7 @@ def pstaging_fetch(sstatefetch, d):
 uris += ['file://{0}.sig;downloadfilename={0}.sig'.format(sstatefetch)]
 
 for srcuri in uris:
+localdata.delVar('SRC_URI')
 localdata.setVar('SRC_URI', srcuri)
 try:
 fetcher = bb.fetch2.Fetch([srcuri], localdata, cache=False)
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170392): 
https://lists.openembedded.org/g/openembedded-core/message/170392
Mute This Topic: https://lists.openembedded.org/mt/93525097/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 3/3] gcc: remove obsolete 0012-export-CPP.patch

[Ross Burton]

This patch is no longer needed, the upstream Makefile exports CPP from
CPP_FOR_BUILD since 12.1.

Signed-off-by: Ross Burton 
---
 meta/recipes-devtools/gcc/gcc-12.2.inc|  1 -
 .../gcc/gcc/0012-export-CPP.patch | 50 ---
 2 files changed, 51 deletions(-)
 delete mode 100644 meta/recipes-devtools/gcc/gcc/0012-export-CPP.patch

diff --git a/meta/recipes-devtools/gcc/gcc-12.2.inc 
b/meta/recipes-devtools/gcc/gcc-12.2.inc
index 572fd8b6692..7cc34b26215 100644
--- a/meta/recipes-devtools/gcc/gcc-12.2.inc
+++ b/meta/recipes-devtools/gcc/gcc-12.2.inc
@@ -49,7 +49,6 @@ SRC_URI = "${BASEURI} \
file://0009-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch 
\

file://0010-Use-the-multilib-config-files-from-B-instead-of-usin.patch \

file://0011-Avoid-using-libdir-from-.la-which-usually-points-to-.patch \
-   file://0012-export-CPP.patch \
file://0013-Ensure-target-gcc-headers-can-be-included.patch \

file://0014-Don-t-search-host-directory-during-relink-if-inst_pr.patch \
file://0015-libcc1-fix-libcc1-s-install-path-and-rpath.patch \
diff --git a/meta/recipes-devtools/gcc/gcc/0012-export-CPP.patch 
b/meta/recipes-devtools/gcc/gcc/0012-export-CPP.patch
deleted file mode 100644
index 7e1ebef463a..000
--- a/meta/recipes-devtools/gcc/gcc/0012-export-CPP.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 20afebc61199cd74481b0b831c1b56465cd37fa0 Mon Sep 17 00:00:00 2001
-From: Khem Raj 
-Date: Fri, 20 Feb 2015 09:40:59 +
-Subject: [PATCH] export CPP
-
-The OE environment sets and exports CPP as being the target gcc. When
-building gcc-cross-canadian for a mingw targetted sdk, the following can be 
found
-in 
build.x86_64-pokysdk-mingw32.i586-poky-linux/build-x86_64-linux/libiberty/config.log:
-
-configure:3641: checking for _FILE_OFFSET_BITS value needed for large files
-configure:3666: gcc  -c 
-isystem/media/build1/poky/build/tmp/sysroots/x86_64-linux/usr/include -O2 
-pipe  conftest.c >&5
-configure:3666: $? = 0
-configure:3698: result: no
-configure:3786: checking how to run the C preprocessor
-configure:3856: result: x86_64-pokysdk-mingw32-gcc -E 
--sysroot=/media/build1/poky/build/tmp/sysroots/x86_64-nativesdk-mingw32-pokysdk-mingw32
-configure:3876: x86_64-pokysdk-mingw32-gcc -E 
--sysroot=/media/build1/poky/build/tmp/sysroots/x86_64-nativesdk-mingw32-pokysdk-mingw32
 conftest.c
-configure:3876: $? = 0
-
-Note this is a *build* target (in build-x86_64-linux) so it should be
-using the host "gcc", not x86_64-pokysdk-mingw32-gcc. Since the mingw32
-headers are very different, using the wrong cpp is a real problem. It is 
leaking
-into configure through the CPP variable. Ultimately this leads to build
-failures related to not being able to include a process.h file for pem-unix.c.
-
-The fix is to ensure we export a sane CPP value into the build
-environment when using build targets. We could define a CPP_FOR_BUILD value 
which may be
-the version which needs to be upstreamed but for now, this fix is good enough 
to
-avoid the problem.
-
-RP 22/08/2013
-
-Upstream-Status: Pending
-
-Signed-off-by: Khem Raj 

- Makefile.in | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/Makefile.in b/Makefile.in
-index 1d9c83cc566..11819667751 100644
 a/Makefile.in
-+++ b/Makefile.in
-@@ -152,6 +152,7 @@ BUILD_EXPORTS = \
-   AR="$(AR_FOR_BUILD)"; export AR; \
-   AS="$(AS_FOR_BUILD)"; export AS; \
-   CC="$(CC_FOR_BUILD)"; export CC; \
-+  CPP="$(CC_FOR_BUILD) -E"; export CPP; \
-   CFLAGS="$(CFLAGS_FOR_BUILD)"; export CFLAGS; \
-   CONFIG_SHELL="$(SHELL)"; export CONFIG_SHELL; \
-   CPP="$(CPP_FOR_BUILD)"; export CPP; \
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170391): 
https://lists.openembedded.org/g/openembedded-core/message/170391
Mute This Topic: https://lists.openembedded.org/mt/93524139/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 1/3] meta-selftest/poison: improve sysroot poisoning test case

[Ross Burton]

It was discovered by Martin Jansa that the sysroot poisoning errors are
not functioning as they should. Due to either a bug from day 1 or a
bad rebase, -Werror=poison-system-directories is only passed when GCC
is invoking _just_ the preprocessor, not the compiler.

Demonstrate this by expanding the test case to exercise not just $CPP,
but also $CC for both C and C++ languages. This improved test case now
fails.

Signed-off-by: Ross Burton 
---
 meta-selftest/recipes-test/poison/poison.bb | 8 ++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/meta-selftest/recipes-test/poison/poison.bb 
b/meta-selftest/recipes-test/poison/poison.bb
index 7ace901cc3a..e9eee0cdbab 100644
--- a/meta-selftest/recipes-test/poison/poison.bb
+++ b/meta-selftest/recipes-test/poison/poison.bb
@@ -9,8 +9,12 @@ inherit nopackages
 # will result in compiler errors.  This recipe should will fail to build and
 # oe-selftest has a test that verifies that.
 do_compile() {
-touch empty.c
-${CPP} ${CFLAGS} -I/usr/include empty.c
+bbnote Testing preprocessor
+echo "int main(int argc, char** argv) {}" | ${CPP} -I/usr/include -
+bbnote Testing C compiler
+echo "int main(int argc, char** argv) {}" | ${CC} -x c -I/usr/include -
+bbnote Testing C++ compiler
+echo "int main(int argc, char** argv) {}" | ${CC} -x c++ -I/usr/include -
 }
 
 EXCLUDE_FROM_WORLD = "1"
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170389): 
https://lists.openembedded.org/g/openembedded-core/message/170389
Mute This Topic: https://lists.openembedded.org/mt/93524137/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 2/3] gcc-cross: pass -Werror=poison-system-directories to compiler stages

[Ross Burton]

The -Werror=poison-system-directories argument was being passed to runs
where _just_ CPP was being invoked, so it wasn't passed to runs which
also compile.  Add the options to cc1_options so that compile runs also
have fatal poisoning errors.

Signed-off-by: Ross Burton 
---
 .../gcc/0002-gcc-poison-system-directories.patch| 13 +
 1 file changed, 13 insertions(+)

diff --git 
a/meta/recipes-devtools/gcc/gcc/0002-gcc-poison-system-directories.patch 
b/meta/recipes-devtools/gcc/gcc/0002-gcc-poison-system-directories.patch
index 5a51ae7d960..bfec4477c1e 100644
--- a/meta/recipes-devtools/gcc/gcc/0002-gcc-poison-system-directories.patch
+++ b/meta/recipes-devtools/gcc/gcc/0002-gcc-poison-system-directories.patch
@@ -185,6 +185,19 @@ index bb07cc244e3..ce161d3c853 100644
  
  /* Pass -d* flags, possibly modifying -dumpdir, -dumpbase et al.
  
+@@ -1265,7 +1270,11 @@ static const char *cc1_options =
+  %{coverage:-fprofile-arcs -ftest-coverage}\
+  %{fprofile-arcs|fprofile-generate*|coverage:\
+%{!fprofile-update=single:\
+- %{pthread:-fprofile-update=prefer-atomic}}}";
++ %{pthread:-fprofile-update=prefer-atomic}}}"
++#ifdef POISON_BY_DEFAULT
++ " -Werror=poison-system-directories"
++#endif
++  ;
+
+ static const char *asm_options =
+ "%{-target-help:%:print-asm-header()} "
 diff --git a/gcc/incpath.cc b/gcc/incpath.cc
 index bd2a97938eb..c80f100f476 100644
 --- a/gcc/incpath.cc
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170390): 
https://lists.openembedded.org/g/openembedded-core/message/170390
Mute This Topic: https://lists.openembedded.org/mt/93524138/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH 2/2] libxml2: Port gentest.py to Python-3

[Martin Jansa]

From: Martin Jansa 

* but it still won't work well on hosts without libxml2, make
  sure to use pre-generated testapi.c in do_compile_ptest

* this is reproducible with SOURCE_DATE_EPOCH set to 0 which
  e.g. meta-updater still sets by default for DISTROs which
  use it :(, see https://github.com/uptane/meta-updater/pull/35

Signed-off-by: Steve Sakoman 
Signed-off-by: Martin Jansa 
---
 .../0001-Port-gentest.py-to-Python-3.patch| 814 ++
 meta/recipes-core/libxml/libxml2_2.9.14.bb|  11 +
 2 files changed, 825 insertions(+)
 create mode 100644 
meta/recipes-core/libxml/libxml2/0001-Port-gentest.py-to-Python-3.patch

diff --git 
a/meta/recipes-core/libxml/libxml2/0001-Port-gentest.py-to-Python-3.patch 
b/meta/recipes-core/libxml/libxml2/0001-Port-gentest.py-to-Python-3.patch
new file mode 100644
index 00..c6567ac878
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/0001-Port-gentest.py-to-Python-3.patch
@@ -0,0 +1,814 @@
+From 2c20198b1ddb1bfb47269b8caf929ffb83748f78 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer 
+Date: Thu, 21 Apr 2022 00:45:58 +0200
+Subject: [PATCH] Port gentest.py to Python 3
+
+Upstream-Status: Backport 
[https://gitlab.gnome.org/GNOME/libxml2/-/commit/343fc1421cdae097fa6c4cffeb1a065a40be6bbb]
+
+* fixes:
+
+make[1]: 'testReader' is up to date.
+  File "../libxml2-2.9.10/gentest.py", line 11
+print "libxml2 python bindings not available, skipping testapi.c 
generation"
+  ^
+SyntaxError: Missing parentheses in call to 'print'. Did you mean 
print("libxml2 python bindings not available, skipping testapi.c generation")?
+make[1]: [Makefile:2078: testapi.c] Error 1 (ignored)
+
+...
+
+make[1]: 'testReader' is up to date.
+  File "../libxml2-2.9.10/gentest.py", line 271
+return 1
+   ^
+TabError: inconsistent use of tabs and spaces in indentation
+make[1]: [Makefile:2078: testapi.c] Error 1 (ignored)
+
+...
+
+aarch64-oe-linux-gcc: error: testapi.c: No such file or directory
+aarch64-oe-linux-gcc: fatal error: no input files
+compilation terminated.
+make[1]: *** [Makefile:1275: testapi.o] Error 1
+
+But there is still a bit mystery why it worked before, because check-am
+calls gentest.py with $(PYTHON), so it ignores the shebang in the script
+and libxml2 is using python3native (through python3targetconfig.bbclass)
+so something like:
+
+libxml2/2.9.10-r0/recipe-sysroot-native/usr/bin/python3-native/python3 
gentest.py
+
+But that still fails (now without SyntaxError) with:
+libxml2 python bindings not available, skipping testapi.c generation
+
+because we don't have dependency on libxml2-native (to provide libxml2
+python bindings form python3native) and exported PYTHON_SITE_PACKAGES
+might be useless (e.g. /usr/lib/python3.8/site-packages on Ubuntu-22.10
+which uses python 3.10 and there is no site-packages with libxml2)
+
+Signed-off-by: Martin Jansa 
+
+---
+ gentest.py | 421 ++---
+ 1 file changed, 209 insertions(+), 212 deletions(-)
+
+diff --git a/gentest.py b/gentest.py
+index b6cd866..af15a4f 100755
+--- a/gentest.py
 b/gentest.py
+@@ -8,7 +8,7 @@ import string
+ try:
+ import libxml2
+ except:
+-print "libxml2 python bindings not available, skipping testapi.c 
generation"
++print("libxml2 python bindings not available, skipping testapi.c 
generation")
+ sys.exit(0)
+ 
+ if len(sys.argv) > 1:
+@@ -227,7 +227,7 @@ extra_post_call = {
+   if (old != NULL) {
+   xmlUnlinkNode(old);
+   xmlFreeNode(old) ; old = NULL ; }
+-ret_val = NULL;""",
++\t  ret_val = NULL;""",
+"xmlTextMerge": 
+"""if ((first != NULL) && (first->type != XML_TEXT_NODE)) {
+   xmlUnlinkNode(second);
+@@ -236,7 +236,7 @@ extra_post_call = {
+"""if ((ret_val != NULL) && (ret_val != ncname) &&
+   (ret_val != prefix) && (ret_val != memory))
+   xmlFree(ret_val);
+-ret_val = NULL;""",
++\t  ret_val = NULL;""",
+"xmlNewDocElementContent":
+"""xmlFreeDocElementContent(doc, ret_val); ret_val = NULL;""",
+"xmlDictReference": "xmlDictFree(dict);",
+@@ -268,29 +268,29 @@ modules = []
+ def is_skipped_module(name):
+ for mod in skipped_modules:
+ if mod == name:
+-  return 1
++return 1
+ return 0
+ 
+ def is_skipped_function(name):
+ for fun in skipped_functions:
+ if fun == name:
+-  return 1
++return 1
+ # Do not test destructors
+-if string.find(name, 'Free') != -1:
++if name.find('Free') != -1:
+ return 1
+ return 0
+ 
+ def is_skipped_memcheck(name):
+ for fun in skipped_memcheck:
+ if fun == name:
+-  return 1
++return 1
+ return 0
+ 
+ missing_types = {}
+ def add_missing_type(name, func):
+ try:
+ list = missing_types[name]
+-  list.append(func)
++list.append(func)
+ except:
+ missing_types[name] = [func]
+ 
+

[OE-core] [PATCH 1/2] webkitgtk: fix gstreamer include paths

[Martin Jansa]

* fixes:
  http://errors.yoctoproject.org/Errors/Details/671441/

  cc1plus: error: include location "/usr/include/gstreamer-1.0" is unsafe for 
cross-compilation [-Werror=poison-system-directories]

Signed-off-by: Martin Jansa 
---
 .../fix-gstreamer-include-paths.patch | 51 +++
 meta/recipes-sato/webkit/webkitgtk_2.36.7.bb  |  1 +
 2 files changed, 52 insertions(+)
 create mode 100644 
meta/recipes-sato/webkit/webkitgtk/fix-gstreamer-include-paths.patch

diff --git 
a/meta/recipes-sato/webkit/webkitgtk/fix-gstreamer-include-paths.patch 
b/meta/recipes-sato/webkit/webkitgtk/fix-gstreamer-include-paths.patch
new file mode 100644
index 00..2c6be87902
--- /dev/null
+++ b/meta/recipes-sato/webkit/webkitgtk/fix-gstreamer-include-paths.patch
@@ -0,0 +1,51 @@
+From 25efd1478b48b5406fdab3b7b9c1f7e0ef95a7ed Mon Sep 17 00:00:00 2001
+From: Pablo Saavedra 
+Date: Mon, 27 Jun 2022 16:56:04 -0700
+Subject: [PATCH] Fix include gstreamer path on cross compiler toolchains
+ https://bugs.webkit.org/show_bug.cgi?id=241483
+
+Reviewed by Adrian Perez de Castro.
+
+Set the include paths for the gstreamer components to the full path
+using the find_path(). This function relies in CMAKE_FIND_ROOT_PATH to
+find the right place where the includes they are. This fixes possible
+warnings/errors on cross toolchains using -Wpoison-system-directories
+and -Werror=poison-system-directories.
+
+* Source/cmake/FindGStreamer.cmake:
+
+Canonical link: https://commits.webkit.org/251895@main
+
+Upstream-Status: Backport [2.37.1 
https://github.com/WebKit/WebKit/commit/25efd1478b48b5406fdab3b7b9c1f7e0ef95a7ed]
+---
+ Source/cmake/FindGStreamer.cmake | 14 +++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/Source/cmake/FindGStreamer.cmake 
b/Source/cmake/FindGStreamer.cmake
+index 3216f6974b53..b65a11f30871 100644
+--- a/Source/cmake/FindGStreamer.cmake
 b/Source/cmake/FindGStreamer.cmake
+@@ -75,12 +75,20 @@ macro(FIND_GSTREAMER_COMPONENT _component_prefix 
_pkgconfig_name _library)
+ # ${includedir}/gstreamer-1.0 which remains correct. The issue here is 
that
+ # we don't rely on the `Cflags`, cmake fails to generate a proper
+ # `.._INCLUDE_DIRS` variable in this case. So we need to do it here...
++
++# Populate the list initially from the _INCLUDE_DIRS result variable.
++set(${_component_prefix}_INCLUDE_DIRS 
${PC_${_component_prefix}_INCLUDE_DIRS})
++
+ set(_include_dir "${PC_${_component_prefix}_INCLUDEDIR}")
+ string(REGEX MATCH "(.*)/gstreamer-1.0" _dummy "${_include_dir}")
++
+ if ("${CMAKE_MATCH_1}" STREQUAL "")
+-set(${_component_prefix}_INCLUDE_DIRS 
"${_include_dir}/gstreamer-1.0;${PC_${_component_prefix}_INCLUDE_DIRS}")
+-else ()
+-set(${_component_prefix}_INCLUDE_DIRS 
"${PC_${_component_prefix}_INCLUDE_DIRS}")
++find_path(${_component_prefix}_RESOLVED_INCLUDEDIR NAMES 
"${_include_dir}/gstreamer-1.0")
++# Only add the resolved path from `_INCLUDEDIR` if found.
++if (${_component_prefix}_RESOLVED_INCLUDEDIR)
++list(APPEND ${_component_prefix}_INCLUDE_DIRS
++ "${${_component_prefix}_RESOLVED_INCLUDEDIR}")
++endif ()
+ endif ()
+ 
+ find_library(${_component_prefix}_LIBRARIES
diff --git a/meta/recipes-sato/webkit/webkitgtk_2.36.7.bb 
b/meta/recipes-sato/webkit/webkitgtk_2.36.7.bb
index 026e24ae39..47e52e25da 100644
--- a/meta/recipes-sato/webkit/webkitgtk_2.36.7.bb
+++ b/meta/recipes-sato/webkit/webkitgtk_2.36.7.bb
@@ -15,6 +15,7 @@ SRC_URI = 
"https://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \
file://0001-Fix-build-without-opengl-or-es.patch \
file://reproducibility.patch \

file://0001-When-building-introspection-files-do-not-quote-CFLAG.patch \
+   file://fix-gstreamer-include-paths.patch \
"
 SRC_URI[sha256sum] = 
"0c260cf2b32f0481d017670dfed1b61e554967cd067195606c9f9eb5fe731743"
 
-- 
2.37.3


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170387): 
https://lists.openembedded.org/g/openembedded-core/message/170387
Mute This Topic: https://lists.openembedded.org/mt/93523579/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-Core][dunfell][PATCH 1/2] libarchive: Fix CVE-2021-23177 issue

[Ranjitsinh Rathod via lists.openembedded.org]

Hi Steve,

I have tested this and it seems the patch is working fine.
I'm attaching the patch file as an attachment, please use this and let me know 
if that works.

It seems like something went wrong during sending using kpit email ID and 
currently using my gmail account I am facing the issues so I cannot send using 
gamil account.


Also, attaching logs of do_patch task.


Thanks,

Best Regards,

Ranjitsinh Rathod
Technical Leader |  | KPIT Technologies Ltd.
Cellphone: +91-84606 92403
__
KPIT | Follow us on LinkedIn

[cid:824f139b-dc78-4d88-b54c-19031b89b310]


From: Steve Sakoman 
Sent: Wednesday, September 7, 2022 4:48 AM
To: Ranjitsinh Rathod 
Cc: openembedded-core@lists.openembedded.org 

Subject: Re: [OE-Core][dunfell][PATCH 1/2] libarchive: Fix CVE-2021-23177 issue

Caution: This email originated from outside of the KPIT. Do not click links or 
open attachments unless you recognize the sender and know the content is safe.

On Mon, Sep 5, 2022 at 3:06 AM Ranjitsinh Rathod via
lists.openembedded.org
 wrote:
>
> Add patch to fix CVE-2021-23177 issue for libarchive
> Link: 
> https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdeb.debian.org%2Fdebian%2Fpool%2Fmain%2Fliba%2Flibarchive%2Flibarchive_3.4.3-2%2Bdeb11u1.debian.tar.xz&data=05%7C01%7Cranjitsinh.rathod%40kpit.com%7Ce7011a052c724605e9c008da905e13f4%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637981031500145401%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=TkHxhOMThtixBaY%2FBNYDPPje1vMASk3%2FPNdQAoHQd7o%3D&reserved=0

Fails to build with this patch:

NOTE: Applying patch 'CVE-2021-23177.patch'
(../meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch)
ERROR: Applying patch 'CVE-2021-23177.patch' on target directory
'TOPDIR/tmp/work/x86_64-linux/libarchive-native/3.4.2-r0/libarchive-3.4.2'
Command Error: 'quilt --quiltrc
TOPDIR/tmp/work/x86_64-linux/libarchive-native/3.4.2-r0/recipe-sysroot-native/etc/quiltrc
push' exited with 0  Output:
Applying patch CVE-2021-23177.patch
patching file libarchive/archive_disk_acl_freebsd.c
Hunk #1 succeeded at 319 with fuzz 1.
Hunk #2 FAILED at 364.
Hunk #3 FAILED at 542.
Hunk #4 FAILED at 677.
Hunk #5 FAILED at 693.
4 out of 5 hunks FAILED -- rejects in file libarchive/archive_disk_acl_freebsd.c
patching file libarchive/archive_disk_acl_linux.c
Hunk #1 FAILED at 343.
Hunk #2 succeeded at 455 with fuzz 1.
Hunk #3 FAILED at 488.
Hunk #4 FAILED at 727.
3 out of 4 hunks FAILED -- rejects in file libarchive/archive_disk_acl_linux.c
patching file libarchive/archive_disk_acl_sunos.c
Hunk #1 succeeded at 443 with fuzz 1.
Hunk #2 FAILED at 467.
Hunk #3 FAILED at 492.
Hunk #4 FAILED at 801.
Hunk #5 FAILED at 810.
4 out of 5 hunks FAILED -- rejects in file libarchive/archive_disk_acl_sunos.c
Patch CVE-2021-23177.patch does not apply (enforce with -f)
DEBUG: Python function patch_do_patch finished
DEBUG: Python function do_patch finished

I'm going to drop both patches in the series and await a v2.

Steve

> Signed-off-by: Ranjitsinh Rathod 
> ---
>  .../libarchive/CVE-2021-23177.patch   | 183 ++
>  .../libarchive/libarchive_3.4.2.bb|   1 +
>  2 files changed, 184 insertions(+)
>  create mode 100644 
> meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch
>
> diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch 
> b/meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch
> new file mode 100644
> index 00..555c7a47f7
> --- /dev/null
> +++ b/meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch
> @@ -0,0 +1,183 @@
> +Description: Fix handling of symbolic link ACLs
> + Published as CVE-2021-23177
> +Origin: upstream, 
> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Flibarchive%2Flibarchive%2Fcommit%2Ffba4f123cc456d2b2538f811bb831483bf336bad&data=05%7C01%7Cranjitsinh.rathod%40kpit.com%7Ce7011a052c724605e9c008da905e13f4%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637981031500145401%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=gvioBQMQ2EoCWnEZqMzDGb2QP3Cpe0nyt8nHZXDXbCU%3D&reserved=0
> +Bug-Debian: 
> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugs.debian.org%2F1001986&data=05%7C01%7Cranjitsinh.rathod%40kpit.com%7Ce7011a052c724605e9c008da905e13f4%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637981031500301630%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=AZAP5EPxLqEOTWQrrQqBLKB28h2F%2FzfnHrM9DdecYVo%3D&reserved=0
> +Author: Martin Matuska 
> +Last-Updated: 2021-12-20
> +
> +CVE: CVE-2021-23177
> +Upstream-Status: Backport 
> [https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdeb.debi

[OE-core] [PATCH 1/2] icecc.bbclass: fix typos

[Ulrich Ölmann]

Signed-off-by: Ulrich Ölmann 
---
 meta/classes/icecc.bbclass | 46 +++---
 1 file changed, 23 insertions(+), 23 deletions(-)

diff --git a/meta/classes/icecc.bbclass b/meta/classes/icecc.bbclass
index a11e781f00f7..8f06e9dd7082 100644
--- a/meta/classes/icecc.bbclass
+++ b/meta/classes/icecc.bbclass
@@ -4,35 +4,35 @@
 # SPDX-License-Identifier: MIT
 #
 
-# IceCream distributed compiling support
+# Icecream distributed compiling support
 #
 # Stages directories with symlinks from gcc/g++ to icecc, for both
 # native and cross compilers. Depending on each configure or compile,
 # the directories are added at the head of the PATH list and ICECC_CXX
-# and ICEC_CC are set.
+# and ICECC_CC are set.
 #
 # For the cross compiler, creates a tar.gz of our toolchain and sets
 # ICECC_VERSION accordingly.
 #
 # The class now handles all 3 different compile 'stages' (i.e native 
,cross-kernel and target) creating the
 # necessary environment tar.gz file to be used by the remote machines.
-# It also supports meta-toolchain generation
+# It also supports meta-toolchain generation.
 #
 # If ICECC_PATH is not set in local.conf then the class will try to locate it 
using 'bb.utils.which'
-# but nothing is sure ;)
+# but nothing is sure. ;)
 #
 # If ICECC_ENV_EXEC is set in local.conf, then it should point to the 
icecc-create-env script provided by the user
-# or the default one provided by icecc-create-env.bb will be used
-# (NOTE that this is a modified version of the script need it and *not the one 
that comes with icecc*
+# or the default one provided by icecc-create-env_%.bb will be used.
+# (NOTE that this is a modified version of the needed script and *not the one 
that comes with icecream*).
 #
-# User can specify if specific recipes or recipes belonging to class should 
not use icecc to distribute
-# compile jobs to remote machines, but handled locally, by defining 
ICECC_CLASS_DISABLE and ICECC_RECIPE_DISABLE
+# User can specify if specific recipes or recipes inheriting specific classes 
should not use icecc to distribute
+# compile jobs to remote machines, but handle them locally by defining 
ICECC_CLASS_DISABLE and ICECC_RECIPE_DISABLE
 # with the appropriate values in local.conf. In addition the user can force to 
enable icecc for recipes
 # which set an empty PARALLEL_MAKE variable by defining ICECC_RECIPE_ENABLE.
 #
 
#
-#Error checking is kept to minimum so double check any parameters you pass to 
the class
-###
+# Error checking is kept to minimum so double check any parameters you pass to 
the class
+#
 
 BB_BASEHASH_IGNORE_VARS += "ICECC_PARALLEL_MAKE ICECC_DISABLED 
ICECC_RECIPE_DISABLE \
 ICECC_CLASS_DISABLE ICECC_RECIPE_ENABLE ICECC_PATH ICECC_ENV_EXEC \
@@ -50,7 +50,7 @@ HOSTTOOLS_NONFATAL += "icecc patchelf"
 # invalidate the version on the compile nodes. Changing it will cause a new
 # environment to be created.
 #
-# A useful thing to do for testing Icecream changes locally is to add a
+# A useful thing to do for testing icecream changes locally is to add a
 # subversion in local.conf:
 #  ICECC_ENV_VERSION:append = "-my-ver-1"
 ICECC_ENV_VERSION = "2"
@@ -72,16 +72,16 @@ CXXFLAGS += "${ICECC_CFLAGS}"
 ICECC_ENV_DEBUG ??= ""
 
 # Disable recipe list contains a list of recipes that can not distribute
-# compile tasks for one reason or the other. When adding new entry, please
+# compile tasks for one reason or the other. When adding a new entry, please
 # document why (how it failed) so that we can re-evaluate it later e.g. when
-# there is new version
+# there is a new version.
 #
 # libgcc-initial - fails with CPP sanity check error if host sysroot contains
-#  cross gcc built for another target tune/variant
+#  cross gcc built for another target tune/variant.
 # pixman - prng_state: TLS reference mismatches non-TLS reference, possibly 
due to
-#  pragma omp threadprivate(prng_state)
+#  pragma omp threadprivate(prng_state).
 # systemtap - _HelperSDT.c undefs macros and uses the identifiers in macros 
emitting
-# inline assembly
+# inline assembly.
 # target-sdk-provides-dummy - ${HOST_PREFIX} is empty which triggers the "NULL
 # prefix" error.
 ICECC_RECIPE_DISABLE += "\
@@ -91,10 +91,10 @@ ICECC_RECIPE_DISABLE += "\
 target-sdk-provides-dummy \
 "
 
-# Classes that should not use icecc. When adding new entry, please
-# document why (how it failed) so that we can re-evaluate it later
+# Classes that should not use icecc. When adding a new entry, please
+# document why (how it failed) so that we can re-evaluate it later.
 #
-# image - Image aren't compiling, but the testing framework for images ca

[OE-core] [PATCH 2/2] icecc.bbclass: delete 'rm' command

[Ulrich Ölmann]

The removed command was explicitly marked as transitional in commit [1] roughly
three years ago, so finally clean up.

[1] 40d74cb1d0dd ("icecc: Export ICECC_CC and friends via wrapper-script")

Signed-off-by: Ulrich Ölmann 
---
 meta/classes/icecc.bbclass | 1 -
 1 file changed, 1 deletion(-)

diff --git a/meta/classes/icecc.bbclass b/meta/classes/icecc.bbclass
index 8f06e9dd7082..e478ba488ce0 100644
--- a/meta/classes/icecc.bbclass
+++ b/meta/classes/icecc.bbclass
@@ -380,7 +380,6 @@ set_icecc_env() {
 fi
 for compiler in $compilers; do
 ln -sf $ICECC_BIN $ICE_PATH/symlinks/$compiler
-rm -f $ICE_PATH/$compiler
 cat <<-__EOF__ > $ICE_PATH/$compiler
#!/bin/sh -e
export ICECC_VERSION=$ICECC_VERSION
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170384): 
https://lists.openembedded.org/g/openembedded-core/message/170384
Mute This Topic: https://lists.openembedded.org/mt/93522114/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] systemd: Add 'default-dns-fallback' PACKAGECONFIG option

[Richard Purdie]

On Wed, 2022-09-07 at 11:34 +0200, Alexander Kanavin wrote:
> Thanks, I think it's more clear this way. PACKAGECONFIGs that do
> nothing when on, and something when off are harder to grasp.

Thanks, I agree this looks better FWIW :)

Cheers,

Richard

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170383): 
https://lists.openembedded.org/g/openembedded-core/message/170383
Mute This Topic: https://lists.openembedded.org/mt/93520181/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] systemd: Add 'default-dns-fallback' PACKAGECONFIG option

[Alexander Kanavin]

Thanks, I think it's more clear this way. PACKAGECONFIGs that do
nothing when on, and something when off are harder to grasp.

Alex

On Wed, 7 Sept 2022 at 11:28, Niko Mauno  wrote:
>
> Thanks, felt ambiguous first about using negation.
> Fixed in v3:
> https://patchwork.yoctoproject.org/project/oe-core/patch/20220907092333.3248421-1-niko.ma...@vaisala.com/
>
> -Niko
>
> On 7.9.2022 10.26, Alexander Kanavin wrote:
> > I would rather invert this, and define 'no-dns-fallback', off by default.
> >
> > Alex
> >
> > On Wed, 7 Sept 2022 at 09:12, niko.ma...@vaisala.com via
> > lists.openembedded.org 
> > wrote:
> >>
> >> systemd defines a default set of fallback DNS servers in
> >> https://github.com/systemd/systemd/blob/v251/meson_options.txt#L328-L330
> >>
> >> By adding a PACKAGECONFIG knob providing a convenient way to opt out,
> >> and then removing that value from systemd's PACKAGECONFIG, the output
> >> from runtime 'resolvectl status' command no longer contains the
> >> following line:
> >>
> >>Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 8.8.8.8#dns.google 
> >> 1.0.0.1#cloudflare-dns.com 8.8.4.4#dns.google 
> >> 2606:4700:4700::#cloudflare-dns.com 2001:4860:4860::#dns.google 
> >> 2606:4700:4700::1001#cloudflare-dns.com 2001:4860:4860::8844#dns.google
> >>
> >> Signed-off-by: Niko Mauno 
> >> ---
> >>   meta/recipes-core/systemd/systemd_251.4.bb | 2 ++
> >>   1 file changed, 2 insertions(+)
> >>
> >> diff --git a/meta/recipes-core/systemd/systemd_251.4.bb 
> >> b/meta/recipes-core/systemd/systemd_251.4.bb
> >> index 8497e24af9..0f30b7dbb3 100644
> >> --- a/meta/recipes-core/systemd/systemd_251.4.bb
> >> +++ b/meta/recipes-core/systemd/systemd_251.4.bb
> >> @@ -64,6 +64,7 @@ PACKAGECONFIG ??= " \
> >>   ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', '', 
> >> 'link-udev-shared', d)} \
> >>   backlight \
> >>   binfmt \
> >> +default-dns-fallback \
> >>   gshadow \
> >>   hibernate \
> >>   hostnamed \
> >> @@ -129,6 +130,7 @@ PACKAGECONFIG[coredump] = 
> >> "-Dcoredump=true,-Dcoredump=false"
> >>   PACKAGECONFIG[cryptsetup] = 
> >> "-Dlibcryptsetup=true,-Dlibcryptsetup=false,cryptsetup,,cryptsetup"
> >>   PACKAGECONFIG[tpm2] = "-Dtpm2=true,-Dtpm2=false,tpm2-tss,tpm2-tss 
> >> libtss2 libtss2-tcti-device"
> >>   PACKAGECONFIG[dbus] = "-Ddbus=true,-Ddbus=false,dbus"
> >> +PACKAGECONFIG[default-dns-fallback] = ",-Ddns-servers="
> >>   PACKAGECONFIG[efi] = "-Defi=true,-Defi=false"
> >>   PACKAGECONFIG[gnu-efi] = "-Dgnu-efi=true -Defi-libdir=${STAGING_LIBDIR} 
> >> -Defi-includedir=${STAGING_INCDIR}/efi,-Dgnu-efi=false,gnu-efi"
> >>   PACKAGECONFIG[elfutils] = "-Delfutils=true,-Delfutils=false,elfutils"
> >> --
> >> 2.35.1
> >>
> >>
> >> 
> >>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170382): 
https://lists.openembedded.org/g/openembedded-core/message/170382
Mute This Topic: https://lists.openembedded.org/mt/93520181/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] systemd: Add 'default-dns-fallback' PACKAGECONFIG option

[niko.ma...@vaisala.com via lists.openembedded.org]

Thanks, felt ambiguous first about using negation.
Fixed in v3: 
https://patchwork.yoctoproject.org/project/oe-core/patch/20220907092333.3248421-1-niko.ma...@vaisala.com/


-Niko

On 7.9.2022 10.26, Alexander Kanavin wrote:

I would rather invert this, and define 'no-dns-fallback', off by default.

Alex

On Wed, 7 Sept 2022 at 09:12, niko.ma...@vaisala.com via
lists.openembedded.org 
wrote:


systemd defines a default set of fallback DNS servers in
https://github.com/systemd/systemd/blob/v251/meson_options.txt#L328-L330

By adding a PACKAGECONFIG knob providing a convenient way to opt out,
and then removing that value from systemd's PACKAGECONFIG, the output
from runtime 'resolvectl status' command no longer contains the
following line:

   Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 8.8.8.8#dns.google 
1.0.0.1#cloudflare-dns.com 8.8.4.4#dns.google 
2606:4700:4700::#cloudflare-dns.com 2001:4860:4860::#dns.google 
2606:4700:4700::1001#cloudflare-dns.com 2001:4860:4860::8844#dns.google

Signed-off-by: Niko Mauno 
---
  meta/recipes-core/systemd/systemd_251.4.bb | 2 ++
  1 file changed, 2 insertions(+)

diff --git a/meta/recipes-core/systemd/systemd_251.4.bb 
b/meta/recipes-core/systemd/systemd_251.4.bb
index 8497e24af9..0f30b7dbb3 100644
--- a/meta/recipes-core/systemd/systemd_251.4.bb
+++ b/meta/recipes-core/systemd/systemd_251.4.bb
@@ -64,6 +64,7 @@ PACKAGECONFIG ??= " \
  ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', '', 
'link-udev-shared', d)} \
  backlight \
  binfmt \
+default-dns-fallback \
  gshadow \
  hibernate \
  hostnamed \
@@ -129,6 +130,7 @@ PACKAGECONFIG[coredump] = "-Dcoredump=true,-Dcoredump=false"
  PACKAGECONFIG[cryptsetup] = 
"-Dlibcryptsetup=true,-Dlibcryptsetup=false,cryptsetup,,cryptsetup"
  PACKAGECONFIG[tpm2] = "-Dtpm2=true,-Dtpm2=false,tpm2-tss,tpm2-tss libtss2 
libtss2-tcti-device"
  PACKAGECONFIG[dbus] = "-Ddbus=true,-Ddbus=false,dbus"
+PACKAGECONFIG[default-dns-fallback] = ",-Ddns-servers="
  PACKAGECONFIG[efi] = "-Defi=true,-Defi=false"
  PACKAGECONFIG[gnu-efi] = "-Dgnu-efi=true -Defi-libdir=${STAGING_LIBDIR} 
-Defi-includedir=${STAGING_INCDIR}/efi,-Dgnu-efi=false,gnu-efi"
  PACKAGECONFIG[elfutils] = "-Delfutils=true,-Delfutils=false,elfutils"
--
2.35.1





-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170381): 
https://lists.openembedded.org/g/openembedded-core/message/170381
Mute This Topic: https://lists.openembedded.org/mt/93520181/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCHv3] systemd: Add 'no-dns-fallback' PACKAGECONFIG option

[niko.ma...@vaisala.com via lists.openembedded.org]

systemd defines a default set of fallback DNS servers in
https://github.com/systemd/systemd/blob/v251/meson_options.txt#L328-L330

By adding a PACKAGECONFIG knob providing a convenient way to opt out,
and then adding that value to systemd's PACKAGECONFIG, the output from
runtime 'resolvectl status' command no longer contains the following
line:

  Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 8.8.8.8#dns.google 
1.0.0.1#cloudflare-dns.com 8.8.4.4#dns.google 
2606:4700:4700::#cloudflare-dns.com 2001:4860:4860::#dns.google 
2606:4700:4700::1001#cloudflare-dns.com 2001:4860:4860::8844#dns.google

Signed-off-by: Niko Mauno 
---
 meta/recipes-core/systemd/systemd_251.4.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-core/systemd/systemd_251.4.bb 
b/meta/recipes-core/systemd/systemd_251.4.bb
index 8497e24af9..910ea71bf6 100644
--- a/meta/recipes-core/systemd/systemd_251.4.bb
+++ b/meta/recipes-core/systemd/systemd_251.4.bb
@@ -163,6 +163,7 @@ PACKAGECONFIG[manpages] = 
"-Dman=true,-Dman=false,libxslt-native xmlto-native do
 PACKAGECONFIG[microhttpd] = 
"-Dmicrohttpd=true,-Dmicrohttpd=false,libmicrohttpd"
 PACKAGECONFIG[myhostname] = 
"-Dnss-myhostname=true,-Dnss-myhostname=false,,libnss-myhostname"
 PACKAGECONFIG[networkd] = "-Dnetworkd=true,-Dnetworkd=false"
+PACKAGECONFIG[no-dns-fallback] = "-Ddns-servers="
 PACKAGECONFIG[nss] = "-Dnss-systemd=true,-Dnss-systemd=false"
 PACKAGECONFIG[nss-mymachines] = "-Dnss-mymachines=true,-Dnss-mymachines=false"
 PACKAGECONFIG[nss-resolve] = "-Dnss-resolve=true,-Dnss-resolve=false"
-- 
2.35.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170380): 
https://lists.openembedded.org/g/openembedded-core/message/170380
Mute This Topic: https://lists.openembedded.org/mt/93521199/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCHv2] systemd: Add 'no-dns-fallback' PACKAGECONFIG option

[niko.ma...@vaisala.com via lists.openembedded.org]

systemd defines a default set of fallback DNS servers in
https://github.com/systemd/systemd/blob/v251/meson_options.txt#L328-L330

By adding a PACKAGECONFIG knob providing a convenient way to opt out,
and then adding that value to systemd's PACKAGECONFIG, the output from
runtime 'resolvectl status' command no longer contains the following
line:

  Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 8.8.8.8#dns.google 
1.0.0.1#cloudflare-dns.com 8.8.4.4#dns.google 
2606:4700:4700::#cloudflare-dns.com 2001:4860:4860::#dns.google 
2606:4700:4700::1001#cloudflare-dns.com 2001:4860:4860::8844#dns.google

Signed-off-by: Niko Mauno 
---
 meta/recipes-core/systemd/systemd_251.4.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-core/systemd/systemd_251.4.bb 
b/meta/recipes-core/systemd/systemd_251.4.bb
index 8497e24af9..4f684aea14 100644
--- a/meta/recipes-core/systemd/systemd_251.4.bb
+++ b/meta/recipes-core/systemd/systemd_251.4.bb
@@ -129,6 +129,7 @@ PACKAGECONFIG[coredump] = "-Dcoredump=true,-Dcoredump=false"
 PACKAGECONFIG[cryptsetup] = 
"-Dlibcryptsetup=true,-Dlibcryptsetup=false,cryptsetup,,cryptsetup"
 PACKAGECONFIG[tpm2] = "-Dtpm2=true,-Dtpm2=false,tpm2-tss,tpm2-tss libtss2 
libtss2-tcti-device"
 PACKAGECONFIG[dbus] = "-Ddbus=true,-Ddbus=false,dbus"
+PACKAGECONFIG[no-dns-fallback] = "-Ddns-servers="
 PACKAGECONFIG[efi] = "-Defi=true,-Defi=false"
 PACKAGECONFIG[gnu-efi] = "-Dgnu-efi=true -Defi-libdir=${STAGING_LIBDIR} 
-Defi-includedir=${STAGING_INCDIR}/efi,-Dgnu-efi=false,gnu-efi"
 PACKAGECONFIG[elfutils] = "-Delfutils=true,-Delfutils=false,elfutils"
-- 
2.35.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170379): 
https://lists.openembedded.org/g/openembedded-core/message/170379
Mute This Topic: https://lists.openembedded.org/mt/93521171/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 1/2] oe-setup-build: add a tool for discovering config templates and setting up builds

[Alexander Kanavin]

On Wed, 7 Sept 2022 at 11:15, Richard Purdie
 wrote:
> To set expectations, I'm probably not going to merge this for 4.1. I
> think we've taken some really good steps in the direction we need so
> far but we don't want to rush this. I haven't had the time needed to
> look at these patches properly due to everything else that was
> breaking.
>
> That doesn't stop review ad refining the patches ready for 4.2 opening.
> I'm open to representations if everyone thinks this is ready but I get
> the feeling many are distracted atm.

I'm fine with that; I'd like to add config fragments to it as well, to
make the case for this tool stronger. The plan is to split up
local.conf.sample.extended into those fragments as a showcase/testbed
for the feature.

The other two patches should be trivial to merge.

Alex

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170378): 
https://lists.openembedded.org/g/openembedded-core/message/170378
Mute This Topic: https://lists.openembedded.org/mt/93485066/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 1/2] oe-setup-build: add a tool for discovering config templates and setting up builds

[Richard Purdie]

On Mon, 2022-09-05 at 20:21 +0200, Alexander Kanavin wrote:
> This is the last (I believe) piece of the puzzle in setting up builds
> from nothing without having to write custom scripts or use external
> tools.
> 
> After layers have been fetched and placed into their respective 
> locations, one would surely want to proceed to the actual build, and 
> here's how:

To set expectations, I'm probably not going to merge this for 4.1. I
think we've taken some really good steps in the direction we need so
far but we don't want to rush this. I haven't had the time needed to
look at these patches properly due to everything else that was
breaking.

That doesn't stop review ad refining the patches ready for 4.2 opening.
I'm open to representations if everyone thinks this is ready but I get
the feeling many are distracted atm.

Cheers,

Richard

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170377): 
https://lists.openembedded.org/g/openembedded-core/message/170377
Mute This Topic: https://lists.openembedded.org/mt/93485066/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH 1/2] oe-setup-build: add a tool for discovering config templates and setting up builds

[Alexander Kanavin]

Alright, v2 is out. Changes are: switch to subcommands, and use 'build
environment' or 'build directory' in place of ambigous 'build'.

Alex

On Tue, 6 Sept 2022 at 14:35, Alexander Kanavin via
lists.openembedded.org 
wrote:
>
> On Tue, 6 Sept 2022 at 14:25, Peter Kjellerstedt
>  wrote:
>
> > Given that the tool is called oe-setup-build and not oe-discover-build,
> > making the discovery mode the default is actually a bit weird.
> > Subcommands sounds fine to me though. Maybe you should call it
> > oe-build-env instead, since it has multiple modes?
>
> I'd like to keep it within 'oe-setup-..' family though:
> oe-setup-layers, oe-setup-build, and then later oe-setup as a general
> integrated one-stop thing that ties it all together:
>
> oe-setup kirkstone
> oe-setup master +docker +systemd
> oe-setup yoe riscv64
> oe-setup webos
> oe-setup some-custom.json
>
> Like RP suggested.
>
> I think having discovery functionality in something called 'setup' is
> actually fine, as the setup actually happens from the available
> choices, and one would want to know about them first.
>
> I'll certainly switch to subcommands; this will allow adding config
> fragment management as well.
>
> Alex
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170376): 
https://lists.openembedded.org/g/openembedded-core/message/170376
Mute This Topic: https://lists.openembedded.org/mt/93485066/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH v2 1/3] oe-setup-build: add a tool for discovering config templates and setting up builds

[Alexander Kanavin]

This is the last (I believe) piece of the puzzle in setting up builds from 
nothing
without having to write custom scripts or use external tools.

After layers have been fetched and placed into their respective locations, one 
would
surely want to proceed to the actual build, and here's how:

1. Without arguments or with 'list-config-templates', the tool simply walks the 
../..
of its location (which is the parent dir of poky/oe-core), and prints what 
templates it
has found, as seen below. If the following is not enough information,
adding '-v' will also print conf-notes.txt for each of the templates:

$ oe-setup-build
Available build configuration templates (re-run with -v to see their 
descriptions):

/srv/work/alex/poky/scripts/oe-setup-build setup-build-env -c 
/srv/work/alex/poky/meta-poky/conf/templates/default
will create a build configuration in /srv/work/alex/build-meta-poky-default

/srv/work/alex/poky/scripts/oe-setup-build setup-build-env -c 
/srv/work/alex/meta-alex/conf/templates/configuration-gizmo
will create a build configuration in 
/srv/work/alex/build-meta-alex-configuration-gizmo

/srv/work/alex/poky/scripts/oe-setup-build setup-build-env -c 
/srv/work/alex/meta-alex/conf/templates/configuration-gadget
will create a build configuration in 
/srv/work/alex/build-meta-alex-configuration-gadget

2. Then the user picks one command of the above and runs it. This will land 
them in a shell ready to run bitbake:

$ oe-setup-build setup-build-env -c 
/srv/work/alex/meta-alex/conf/templates/configuration-gizmo
Running: 
TEMPLATECONF=/srv/work/alex/meta-alex/conf/templates/configuration-gizmo . 
/srv/work/alex/poky/oe-init-build-env 
/srv/work/alex/build-meta-alex-configuration-gizmo && /bin/bash
You had no conf/local.conf file. This configuration file has therefore been
created for you from 
/srv/work/alex/meta-alex/conf/templates/configuration-gizmo/local.conf.sample
You may wish to edit it to, for example, select a different MACHINE (target
hardware). See conf/local.conf for more information as common configuration
options are commented.

You had no conf/bblayers.conf file. This configuration file has therefore been
created for you from 
/srv/work/alex/meta-alex/conf/templates/configuration-gizmo/bblayers.conf.sample
To add additional metadata layers into your configuration please add entries
to conf/bblayers.conf.

The Yocto Project has extensive documentation about OE including a reference
manual which can be found at:
https://docs.yoctoproject.org

For more information about OpenEmbedded see the website:
https://www.openembedded.org/

This configuration template will set up a build for the purposes of supporting 
gizmo.
Please refer to meta-alex/README for additional details and available bitbake 
targets.

3. The full set of command line options is:

$ oe-setup-build -h
usage: oe-setup-build [-h] {list-config-templates,setup-build-env} ...

A script that discovers available build configuration templates and sets up a 
build environment based on one of them

positional arguments:
  {list-config-templates,setup-build-env}
list-config-templates
List available configuration templates
setup-build-env Set up a build environment and open a shell session 
with it, ready to run builds.

optional arguments:
  -h, --helpshow this help message and exit

$ oe-setup-build list-config-templates -h
usage: oe-setup-build list-config-templates [-h] [--topdir TOPDIR] [-v]

optional arguments:
  -h, --help   show this help message and exit
  --topdir TOPDIR  Where to look for available build configuration templates 
(default is /srv/work/alex).
  -v   Print a description for each available build configuration 
template.

$ oe-setup-build setup-build-env -h
usage: oe-setup-build setup-build-env [-h] -c template_path [-b build_path] 
[--no-shell]

optional arguments:
  -h, --helpshow this help message and exit
  -c template_path  Use a build configuration template in template_path to set 
up a build environment (run this script with 'list-config-templates' to see 
what is available)
  -b build_path Set up a build directory in build_path (run this script 
with 'list-config-templates' to see where it would be by default)
  --no-shellCreate a build directory but do not start a shell session 
with the build environment from it.

4. There's also a selftest that runs a basic check for template discovery and 
build setup,
and an added hint in oe-setup-layers about how to proceed (as it is really not 
user-friendly
to fetch the layer repos successfully and then exit without a word).

Signed-off-by: Alexander Kanavin 
---
 meta/lib/oeqa/selftest/cases/bblayers.py | 12 
 scripts/oe-setup-build   | 79 
 scripts/oe-setup-layers  |  7 +++
 3 files changed, 98 insertions(+)
 create mode 100755 scripts/oe-setup-build

diff --git a/meta/lib/oeqa/selftest/cases/bblayers.py 
b/m

[OE-core] [PATCH v2 3/3] oe-setup-builddir: do not suggest local.conf as a source of examples

[Alexander Kanavin]

This holds true for the default core/poky template, but not
anything else. Eventually there will be fragments and associated
tooling.

Signed-off-by: Alexander Kanavin 
---
 scripts/oe-setup-builddir | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/scripts/oe-setup-builddir b/scripts/oe-setup-builddir
index d3c7f943e7..c4fd253d36 100755
--- a/scripts/oe-setup-builddir
+++ b/scripts/oe-setup-builddir
@@ -83,8 +83,7 @@ if [ ! -r "$BUILDDIR/conf/local.conf" ]; then
 You had no conf/local.conf file. This configuration file has therefore been
 created for you from $OECORELOCALCONF
 You may wish to edit it to, for example, select a different MACHINE (target
-hardware). See conf/local.conf for more information as common configuration
-options are commented.
+hardware).
 
 EOM
 cp -f "$OECORELOCALCONF" "$BUILDDIR/conf/local.conf"
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170375): 
https://lists.openembedded.org/g/openembedded-core/message/170375
Mute This Topic: https://lists.openembedded.org/mt/93520949/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH v2 2/3] selftest/cases/bblayers.py: build python3-jsonschema only once

[Alexander Kanavin]

setUpLocal runs before every testcase, setUpClass runs only once in
the beginning.

Signed-off-by: Alexander Kanavin 
---
 meta/lib/oeqa/selftest/cases/bblayers.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/meta/lib/oeqa/selftest/cases/bblayers.py 
b/meta/lib/oeqa/selftest/cases/bblayers.py
index 37b92f19c3..328af91532 100644
--- a/meta/lib/oeqa/selftest/cases/bblayers.py
+++ b/meta/lib/oeqa/selftest/cases/bblayers.py
@@ -14,7 +14,9 @@ from oeqa.selftest.case import OESelftestTestCase
 
 class BitbakeLayers(OESelftestTestCase):
 
-def setUpLocal(self):
+@classmethod
+def setUpClass(cls):
+super(BitbakeLayers, cls).setUpClass()
 bitbake("python3-jsonschema-native")
 bitbake("-c addto_recipe_sysroot python3-jsonschema-native")
 
-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170374): 
https://lists.openembedded.org/g/openembedded-core/message/170374
Mute This Topic: https://lists.openembedded.org/mt/93520948/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH V2] rust-cross-canadian: Fix for the issue caused by using sdk shell

[Richard Purdie]

On Wed, 2022-09-07 at 07:48 +0530, Sundeep KOKKONDA wrote:
> [YOCTO #14892]
> This is a fix for the fix in YOCTO #14878. When the shebang is more than
> 128 characters the default shell /bin/sh is used instead of SDK shell as
> a fallback, which causes problems with LD_LIBRARY_PATH. With this patch
> shell usage is avoided as we use a C wrapper and unset LD_LIBRARY_PATH
> that way.
> 
> Signed-off-by: Sundeep KOKKONDA 
> ---
>  .../rust/files/target-rust-ccld.c | 21 +++
>  .../rust/rust-cross-canadian.inc  | 20 +++---
>  2 files changed, 38 insertions(+), 3 deletions(-)
>  create mode 100644 meta/recipes-devtools/rust/files/target-rust-ccld.c
> 
> diff --git a/meta/recipes-devtools/rust/files/target-rust-ccld.c 
> b/meta/recipes-devtools/rust/files/target-rust-ccld.c
> new file mode 100644
> index 00..fa98c1dbd7
> --- /dev/null
> +++ b/meta/recipes-devtools/rust/files/target-rust-ccld.c
> @@ -0,0 +1,21 @@
> +/*
> +*
> +* Copyright (C) 2022  Wind River Systems
> +*
> +* SPDX-License-Identifier: MIT
> +*
> +*/
> +
> +#include 
> +#include 
> +#include 
> +
> +int main (int argc, char *argv[])
> +{
> +unsetenv("LD_LIBRARY_PATH");
> +execvp("target-rust-ccld-wrapper", argv);
> +
> +return 0;
> +}
> +
> +
> diff --git a/meta/recipes-devtools/rust/rust-cross-canadian.inc 
> b/meta/recipes-devtools/rust/rust-cross-canadian.inc
> index 7bf75a4712..7536579313 100644
> --- a/meta/recipes-devtools/rust/rust-cross-canadian.inc
> +++ b/meta/recipes-devtools/rust/rust-cross-canadian.inc
> @@ -7,13 +7,18 @@ LICENSE = "MIT"
>  
>  MODIFYTOS = "0"
>  
> +DEPENDS += "virtual/${SDK_PREFIX}gcc-crosssdk virtual/nativesdk-libc 
> virtual/nativesdk-${SDK_PREFIX}compilerlibs"
> +
> +SRC_URI += "file://target-rust-ccld.c"
> +LIC_FILES_CHKSUM = 
> "file://target-rust-ccld.c;md5=b6bc5662440675fd7d64688087a2f679;endline=7"
> +S = "${WORKDIR}"

Thanks. This patch changes the license which is good but it doesn't
update the LIC_FILES_CHKSUM. Since this is blocking the release build,
I've fixed that. Please work out why that didn't show up in your local
testing though!

Cheers,

Richard

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170372): 
https://lists.openembedded.org/g/openembedded-core/message/170372
Mute This Topic: https://lists.openembedded.org/mt/93517296/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [PATCH] systemd: Add 'default-dns-fallback' PACKAGECONFIG option

[Alexander Kanavin]

I would rather invert this, and define 'no-dns-fallback', off by default.

Alex

On Wed, 7 Sept 2022 at 09:12, niko.ma...@vaisala.com via
lists.openembedded.org 
wrote:
>
> systemd defines a default set of fallback DNS servers in
> https://github.com/systemd/systemd/blob/v251/meson_options.txt#L328-L330
>
> By adding a PACKAGECONFIG knob providing a convenient way to opt out,
> and then removing that value from systemd's PACKAGECONFIG, the output
> from runtime 'resolvectl status' command no longer contains the
> following line:
>
>   Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 8.8.8.8#dns.google 
> 1.0.0.1#cloudflare-dns.com 8.8.4.4#dns.google 
> 2606:4700:4700::#cloudflare-dns.com 2001:4860:4860::#dns.google 
> 2606:4700:4700::1001#cloudflare-dns.com 2001:4860:4860::8844#dns.google
>
> Signed-off-by: Niko Mauno 
> ---
>  meta/recipes-core/systemd/systemd_251.4.bb | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/meta/recipes-core/systemd/systemd_251.4.bb 
> b/meta/recipes-core/systemd/systemd_251.4.bb
> index 8497e24af9..0f30b7dbb3 100644
> --- a/meta/recipes-core/systemd/systemd_251.4.bb
> +++ b/meta/recipes-core/systemd/systemd_251.4.bb
> @@ -64,6 +64,7 @@ PACKAGECONFIG ??= " \
>  ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', '', 
> 'link-udev-shared', d)} \
>  backlight \
>  binfmt \
> +default-dns-fallback \
>  gshadow \
>  hibernate \
>  hostnamed \
> @@ -129,6 +130,7 @@ PACKAGECONFIG[coredump] = 
> "-Dcoredump=true,-Dcoredump=false"
>  PACKAGECONFIG[cryptsetup] = 
> "-Dlibcryptsetup=true,-Dlibcryptsetup=false,cryptsetup,,cryptsetup"
>  PACKAGECONFIG[tpm2] = "-Dtpm2=true,-Dtpm2=false,tpm2-tss,tpm2-tss libtss2 
> libtss2-tcti-device"
>  PACKAGECONFIG[dbus] = "-Ddbus=true,-Ddbus=false,dbus"
> +PACKAGECONFIG[default-dns-fallback] = ",-Ddns-servers="
>  PACKAGECONFIG[efi] = "-Defi=true,-Defi=false"
>  PACKAGECONFIG[gnu-efi] = "-Dgnu-efi=true -Defi-libdir=${STAGING_LIBDIR} 
> -Defi-includedir=${STAGING_INCDIR}/efi,-Dgnu-efi=false,gnu-efi"
>  PACKAGECONFIG[elfutils] = "-Delfutils=true,-Delfutils=false,elfutils"
> --
> 2.35.1
>
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170371): 
https://lists.openembedded.org/g/openembedded-core/message/170371
Mute This Topic: https://lists.openembedded.org/mt/93520181/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] systemd: Add 'default-dns-fallback' PACKAGECONFIG option

[niko.ma...@vaisala.com via lists.openembedded.org]

systemd defines a default set of fallback DNS servers in
https://github.com/systemd/systemd/blob/v251/meson_options.txt#L328-L330

By adding a PACKAGECONFIG knob providing a convenient way to opt out,
and then removing that value from systemd's PACKAGECONFIG, the output
from runtime 'resolvectl status' command no longer contains the
following line:

  Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 8.8.8.8#dns.google 
1.0.0.1#cloudflare-dns.com 8.8.4.4#dns.google 
2606:4700:4700::#cloudflare-dns.com 2001:4860:4860::#dns.google 
2606:4700:4700::1001#cloudflare-dns.com 2001:4860:4860::8844#dns.google

Signed-off-by: Niko Mauno 
---
 meta/recipes-core/systemd/systemd_251.4.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-core/systemd/systemd_251.4.bb 
b/meta/recipes-core/systemd/systemd_251.4.bb
index 8497e24af9..0f30b7dbb3 100644
--- a/meta/recipes-core/systemd/systemd_251.4.bb
+++ b/meta/recipes-core/systemd/systemd_251.4.bb
@@ -64,6 +64,7 @@ PACKAGECONFIG ??= " \
 ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', '', 
'link-udev-shared', d)} \
 backlight \
 binfmt \
+default-dns-fallback \
 gshadow \
 hibernate \
 hostnamed \
@@ -129,6 +130,7 @@ PACKAGECONFIG[coredump] = "-Dcoredump=true,-Dcoredump=false"
 PACKAGECONFIG[cryptsetup] = 
"-Dlibcryptsetup=true,-Dlibcryptsetup=false,cryptsetup,,cryptsetup"
 PACKAGECONFIG[tpm2] = "-Dtpm2=true,-Dtpm2=false,tpm2-tss,tpm2-tss libtss2 
libtss2-tcti-device"
 PACKAGECONFIG[dbus] = "-Ddbus=true,-Ddbus=false,dbus"
+PACKAGECONFIG[default-dns-fallback] = ",-Ddns-servers="
 PACKAGECONFIG[efi] = "-Defi=true,-Defi=false"
 PACKAGECONFIG[gnu-efi] = "-Dgnu-efi=true -Defi-libdir=${STAGING_LIBDIR} 
-Defi-includedir=${STAGING_INCDIR}/efi,-Dgnu-efi=false,gnu-efi"
 PACKAGECONFIG[elfutils] = "-Delfutils=true,-Delfutils=false,elfutils"
-- 
2.35.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170370): 
https://lists.openembedded.org/g/openembedded-core/message/170370
Mute This Topic: https://lists.openembedded.org/mt/93520181/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-